root@bt:~# nikto -h http://www.portal.maxiweb.com.br - Nikto v2.03/2.04 --------------------------------------------------------------------------+ No web server found on 187.49.32.5:Host: 187.49.32.5 (srv-5.specialist.srv.

br) Status: Up --------------------------------------------------------------------------+ Target IP: 187.49.32.5 + Target Hostname: www.portal.maxiweb.com.br + Target Port: 80 + Start Time: 2011-08-28 10:33:51 --------------------------------------------------------------------------+ Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8n PHP/5.2.17 with Suh osin-Patch + ERROR: No auth credentials for "Administracao - USO RESTRITO", please set. + ERROR: No auth credentials for "Administracao - USO RESTRITO", please set. + mod_ssl/2.2.16 appears to be outdated (current is at least 2.8.31) (may depend on server version) + mod_ssl/2.2.16 OpenSSL/0.9.8n PHP/5.2.17 with Suhosin-Patch - mod_ssl 2.8.7 an d lower are vulnerable to a remote buffer overflow which may allow a remote shel l (difficult to exploit). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002 -0082. + OSVDB-0: GET //cgi-bin/formmail.pl : Many versions of FormMail have remote vul nerabilities, including file access, information disclosure and email abuse. For mMail access should be restricted as much as possible or a more secure solution found. + OSVDB-3268: GET //icons/ : Directory indexing is enabled: /icons + OSVDB-6659: GET //8Tbm8b9apKUQucwBteQnTWma2gOsBqL50oqv9JOBkg1q1nIN1raw5Isk02oT sLNnXjQEweb6uW8XYWXM4HiA2o1Aerhrj72yH9wbehVvX1pVwfB4PLQwgNsaqDeBboo9RUFspmcrj5Gs QivpRTSK7jIgYtG0Gz4eMhFI3up0azsjsVaagFJLRrohmPAdg4Vd9ENeJiBbInEZDfrdSFXw53nW6bqH XGE<font%20size=50>DEFACED<!--//-- : MyWebServer 1.0.2 is vulnerable to HTML inj ection. Upgrade to a later version. + OSVDB-3233: GET //icons/README : Apache default file found. + 3577 items checked: 6 item(s) reported on remote host + End Time: 2011-08-28 10:42:30 (519 seconds)