Scribd Logo
Upload

Welcome to Scribd!

  • Nikto Output

    Uploaded by

    banjohacker8
    106 views1 page
    Nikto scans identified several security issues across three websites. For www.pulsain.com, it found cookies set without the secure flag and server leaks information via ETags. For id.priceprice.com, it found missing security headers could enable XSS and cookies set without flags. For www.opulsa.com, it found missing security headers, cookies set without flags, and the server may be vulnerable to BREACH attacks.

    Original Description:

    W

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Nikto scans identified several security issues across three websites. For www.pulsain.com, it found cookies set without the secure flag and server leaks information via ETags. For id.priceprice.com, it found missing security headers could enable XSS and cookies set without flags. For www.opulsa.com, it found missing security headers, cookies set without flags, and the server may be vulnerable to BREACH attacks.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    106 views1 page

    Nikto Output

    Uploaded by

    banjohacker8
    Nikto scans identified several security issues across three websites. For www.pulsain.com, it found cookies set without the secure flag and server leaks information via ETags. For id.priceprice.com, it found missing security headers could enable XSS and cookies set without flags. For www.opulsa.com, it found missing security headers, cookies set without flags, and the server may be vulnerable to BREACH attacks.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    - Nikto v2.1.6/2.1.

    5
    + Target Host: www.pulsain.com
    + Target Port: 443
    + GET Cookie pulsain_session created without the secure flag
    + GET Server leaks inodes via ETags, header found with file /indosat/, fields:
    0x57a95188 0x29a
    + GET The Content-Encoding header is set to "deflate" this may mean that the server
    is vulnerable to the BREACH attack.
    - Nikto v2.1.6/2.1.5
    + Target Host: id.priceprice.com
    + Target Port: 443
    + GET The X-XSS-Protection header is not defined. This header can hint to the user
    agent to protect against some forms of XSS
    + GET The site uses SSL and the Strict-Transport-Security HTTP header is not
    defined.
    + GET The X-Content-Type-Options header is not set. This could allow the user agent
    to render the content of the site in a different fashion to the MIME type
    + GET Cookie kid_f_sid created without the secure flag
    + GET Cookie c_view_mode created without the secure flag
    + GET Cookie c_view_mode created without the httponly flag
    - Nikto v2.1.6/2.1.5
    - Nikto v2.1.6/2.1.5
    + Target Host: www.opulsa.com
    + Target Port: 443
    + GET Retrieved x-powered-by header: PHP/5.6.32
    + GET The anti-clickjacking X-Frame-Options header is not present.
    + GET The X-XSS-Protection header is not defined. This header can hint to the user
    agent to protect against some forms of XSS
    + GET The site uses SSL and the Strict-Transport-Security HTTP header is not
    defined.
    + GET The X-Content-Type-Options header is not set. This could allow the user agent
    to render the content of the site in a different fashion to the MIME type
    + GET Cookie PHPSESSID created without the secure flag
    + GET Cookie PHPSESSID created without the httponly flag
    + GET The Content-Encoding header is set to "deflate" this may mean that the server
    is vulnerable to the BREACH attack.
    + DZSZNJQY Web Server returns a valid response with junk HTTP methods, this may
    cause false positives.
    - Nikto v2.1.6/2.1.5
    + Target Host: www.opulsa.com
    + Target Port: 443
    + GET The anti-clickjacking X-Frame-Options header is not present.
    + GET The X-XSS-Protection header is not defined. This header can hint to the user
    agent to protect against some forms of XSS
    + GET The site uses SSL and the Strict-Transport-Security HTTP header is not
    defined.
    + GET The X-Content-Type-Options header is not set. This could allow the user agent
    to render the content of the site in a different fashion to the MIME type
    - Nikto v2.1.6/2.1.5

    You might also like