nikto scan results

From: Juan B (juanbabi_at_yahoo.com)
Date: 11/30/04

• Previous message: Philip Wagenaar: "Betr.: Windows Messenger Pop-up spam"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 30 Nov 2004 01:52:55 -0800 (PST)
To: security-basics@securityfocus.com

Hi,

I scan my web server (IIS)with nikto,

this is the results I got:

Exploit: /?"><script>alert("Vulnerable");</script>
Description: IIS is vulnerable to Cross Site Scriptin
(XSS). Apply MS02-018.

Exploit: /?\"><script>alert('Vulnerable');</script>
Description: IIS is vulnerable to Cross Site Scripting
(XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09

Exploit: /?\><script>alert('Vulnerable');</script>
Description: IIS is vulnerable to Cross Site Scripting
(XSS). See MS02-018, CVE-2002-0075, SNS-49, CA-2002-09

Can someone please explain whats does mean? how I
check if this is not a faulse alarm? maybe there are
links which can explain what does it mean?

thanks !!!

JB

        
                
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail

• Previous message: Philip Wagenaar: "Betr.: Windows Messenger Pop-up spam"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: nikto scan results ... > I scan my web server with nikto, ... IIS is vulnerable to Cross Site Scripting ... (Security-Basics) Cross Site Scripting message? ... Is the error message below being returned by IIS? ... recently switched one of my servers to IIS 5, ... Due to the presence of Cross Site Scripting attacks, ... (microsoft.public.inetserver.iis.security) Re: Cross Site Forbidden Error ... That is not a IIS custom error. ... This posting is provided "AS IS" with no warranties, ... Anyone know if the error message below is being returned by IIS or ... Due to the presence of Cross Site Scripting attacks, ... (microsoft.public.inetserver.iis.security) RE: write permissions for IIS ... I found free and pay solutions for this, ... > Subject: write permissions for IIS ... > given write permissions to a directorz that is readable from the web. ... Do You Yahoo!? ... (Focus-Microsoft) Re: http_head from w2k/win98 ... > connection is trying to use a http_head. ... > There was a suggestion that this could be code blue. ... > systems do not have IIS. ... > Make a great connection at Yahoo! ... (Security-Basics)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint