Всем здарова! Наткнулся на сайт l-union-fait-la-force.info, а там такое ТЫЦ Собственно вопрос, что с этим можно сделать? Так как бездумно тыкая в линки получаем: scgiwrap: Caller must be the nobody user
Судя по всему большая часть выдачи это ошибка сканера. На любой запрос типа http://www.l-union-fait-la-force.info/scgi-bin/blablablaNONEXISTENT выдаётся "scgiwrap: Caller must be the nobody user", а поскольку код ответа 200 сканер думает что всё нормально, такой файл существует и выдаёт инфу об уязвимостях. Google "site:www.l-union-fait-la-force.info inurl:scgi-bin" пусто
Не вижу я там sql inject $ egrep -v 'scgi-bin' /tmp/asd Code: - Nikto v2.1.6 --------------------------------------------------------------------------- + Target IP: 109.234.161.36 + Target Hostname: www.l-union-fait-la-force.info + Target Port: 80 + Start Time: 2014-06-30 16:53:59 (GMT4) --------------------------------------------------------------------------- + Server: Apache + Retrieved x-powered-by header: PHP/5.4.29 + The anti-clickjacking X-Frame-Options header is not present. + Cookie PHPSESSID created without the httponly flag + Cookie newbb_0LV created without the httponly flag + File/dir '/cache/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + File/dir '/class/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + File/dir '/images/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + File/dir '/include/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + File/dir '/kernel/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + File/dir '/language/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + File/dir '/templates_c/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + File/dir '/themes/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + File/dir '/uploads/' in robots.txt returned a non-forbidden or redirect HTTP code (200) + "robots.txt" contains 12 entries which should be manually viewed. + OSVDB-39272: favicon.ico file identifies this server as: XOOPS XOOPS + OSVDB-3233: /mailman/listinfo: Mailman was found on the server. + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content. + OSVDB-12184: /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-12184: /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-12184: /?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-12184: /?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. + OSVDB-3092: /admin.php: This might be interesting... + OSVDB-3268: /download/: Directory indexing found. + OSVDB-3092: /download/: This might be interesting... + OSVDB-3233: /info.php: PHP is installed, and a test script which runs phpinfo() was found. This gives a lot of system information. + OSVDB-3268: /docs/: Directory indexing found. + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found. + Cookie autologin_uname created without the httponly flag + Cookie autologin_pass created without the httponly flag + OSVDB-5292: /info.php?file=http://cirt.net/rfiinc.txt?: RFI from RSnake's list (http://ha.ckers.org/weird/rfi-locations.dat) or from http://osvdb.org/ + 8255 requests: 3 error(s) and 473 item(s) reported on remote host + End Time: 2014-06-30 17:12:25 (GMT4) (1106 seconds) --------------------------------------------------------------------------- + 1 host(s) tested Также например это никакое не RFI, просто phpinfo().
STRESS TESTS А вот тут должна быть Mini Stress Test: Looking for best cost: Cost: [1] http://www.l-union-fait-la-force.info/ Cost: [2] http://www.l-union-fait-la-force.info/modules/newbb/viewtopic.php?post_id=8352 Cost: [3] http://www.l-union-fait-la-force.info/modules/newbb/rss.php?f=38 Cost: [10] http://www.l-union-fait-la-force.info/modules/extgallery/public-photo.php?photoId=472 Using http://www.l-union-fait-la-force.info/modules/extgallery/public-photo.php?photoId=472 as target Mini Stress Test End
