nikto и уязвимости

Всем доброго.
Запустил nikto, получил огромное кол-во ошибок:

Spoiler: Например такие

+ /kboard/: KBoard Forum 0.3.0 and prior have a security problem in forum_edit_post.php, forum_post.php and forum_reply.php
+ /lists/admin/: PHPList pre 2.6.4 contains a number of vulnerabilities including remote administrative access, harvesting user info and more. Default login to admin interface is admin/phplist
+ /splashAdmin.php: Cobalt Qube 3 admin is running. This may have multiple security problems as described by www.scan-associates.net. These could not be tested remotely.
+ /ssdefs/: Siteseed pre 1.4.2 has 'major' security problems.
+ /sshome/: Siteseed pre 1.4.2 has 'major' security problems.
+ /tiki/: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
+ /tiki/tiki-install.php: Tiki 1.7.2 and previous allowed restricted Wiki pages to be viewed via a 'URL trick'. Default login/pass could be admin/admin
+ OSVDB-396: /_vti_bin/shtml.exe: Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a DoS was not attempted.
+ OSVDB-637: /~root/: Allowed to browse root's home directory.
+ /forums//admin/config.php: PHP Config file may contain database IDs and passwords.
+ /forums//adm/config.php: PHP Config file may contain database IDs and passwords.
+ /forums//administrator/config.php: PHP Config file may contain database IDs and passwords.
+ /guestbook/guestbookdat: PHP-Gastebuch 1.60 Beta reveals sensitive information about its configuration.
+ /guestbook/pwd: PHP-Gastebuch 1.60 Beta reveals the md5 hash of the admin password.
+ /help/: Help directory should not be accessible
+ OSVDB-2411: /hola/admin/cms/htmltags.php?datei=./sec/data.php: hola-cms-1.2.9-10 may reveal the administrator ID and password.
+ OSVDB-8103: /global.inc: PHP-Survey's include file should not be available via the web. Configure the web server to ignore .inc files or change this to global.inc.php
+ OSVDB-59620: /inc/common.load.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
+ OSVDB-59619: /inc/config.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
+ OSVDB-59618: /inc/dbase.php: Bookmark4U v1.8.3 include files are not protected and may contain remote source injection by using the 'prefix' variable.
+ OSVDB-2703: /geeklog/users.php: Geeklog prior to 1.3.8-1sr2 contains a SQL injection vulnerability that lets a remote attacker reset admin password.
+ OSVDB-8204: /gb/index.php?login=true: gBook may allow admin login by setting the value 'login' equal to 'true'.
+ /guestbook/admin.php: Guestbook admin page available without authentication.
........
OSVDB-5034: /admin/login.php?action=insert&username=test&password=test: phpAuction may allow user admin accounts to be inserted without proper authentication. Attempt to log in with user 'test' password 'test' to verify.
+ OSVDB-5088: /accounts/getuserdesc.asp: Hosting Controller 2002 administration page is available. This should be protected.
+ OSVDB-35876: /agentadmin.php: Immobilier agentadmin.php contains multiple SQL injection vulnerabilities.
+ /sqldump.sql: Database SQL?
+ /structure.sql: Database SQL?
+ /servlet/SessionManager: IBM WebSphere reconfigure servlet (user=servlet, password=manager). All default code should be removed from servers.
+ /ip.txt: This may be User Online from http://www.elpar.net version 2.0, which has a remotely accessible log file.
+ /level/42/exec/show%20conf: Retrieved Cisco configuration file.
+ /livehelp/: LiveHelp may reveal system information.
+ /LiveHelp/: LiveHelp may reveal system information.
+ OSVDB-59536: /logicworks.ini: web-erp 0.1.4 and earlier allow .ini files to be read remotely.
+ /logs/str_err.log: Bmedia error log, contains invalid login attempts which include the invalid usernames and passwords entered (could just be typos & be very close to the right entries).
+ OSVDB-6465: /mall_log_files/order.log: EZMall2000 exposes order information, http://www.ezmall2000.com/, see http://www.mindsec.com/advisories/post2.txt for details.
+ OSVDB-3204: /megabook/files/20/setup.db: Megabook guestbook configuration available remotely.

Но при обращении к любому файлу или директории получаю 404

Дальше нашел такую ошибку.

Spoiler: Вот

OSVDB-578: /level/16/exec/-///pwd: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/exec/-///show/configuration: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/exec/: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/exec//show/access-lists: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/level/16/exec//show/configuration: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/level/16/exec//show/interfaces: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/level/16/exec//show/interfaces/status: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/level/16/exec//show/version: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/level/16/exec//show/running-config/interface/FastEthernet: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/16/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/17/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/18/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/19/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/20/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/21/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/22/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/23/exec//show: CISCO HTTP service allows remote execution of commands
+ OSVDB-578: /level/24/exec//show: CISCO HTTP service allows remote execution of commands

Скачал експлоит, получил результат:
Vulnerability successful exploited with [http://site.com/level/17/exec/....] ...

Открываю браузером, пробую curl-ом - результат 404.
В мануале четко указано:
This vulnerability is particularly dangerous not only because the attacker can gain full administrative access, but also because the vulnerability is extremely easy to exploit. Typically, you would expect to see the Cisco device’s HTTP server accessed through URLs like the following:http://10.1.2.3/level/15/exec/show/config

Ночь, туплю. Подскажите, где моя ошибка в использовании эксплоита? И почему я получаю 404, а сканер нет?
Заранее благодарю!

 

потому что nikto славится своими false positives

 

юзайте burp suite