Scribd
Upload
137 views

Nikto Output

Nikto scans identified several security issues across three websites. For www.pulsain.com, it found cookies set without the secure flag and server leaks information via ETags. For id.priceprice.com, it found missing security headers could enable XSS and cookies set without flags. For www.opulsa.com, it found missing security headers, cookies set without flags, and the server may be vulnerable to BREACH attacks.

Uploaded by

banjohacker8
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
137 views

Nikto Output

Nikto scans identified several security issues across three websites. For www.pulsain.com, it found cookies set without the secure flag and server leaks information via ETags. For id.priceprice.com, it found missing security headers could enable XSS and cookies set without flags. For www.opulsa.com, it found missing security headers, cookies set without flags, and the server may be vulnerable to BREACH attacks.

Uploaded by

banjohacker8
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

- Nikto v2.1.6/2.1.

5
+ Target Host: www.pulsain.com
+ Target Port: 443
+ GET Cookie pulsain_session created without the secure flag
+ GET Server leaks inodes via ETags, header found with file /indosat/, fields:
0x57a95188 0x29a
+ GET The Content-Encoding header is set to "deflate" this may mean that the server
is vulnerable to the BREACH attack.
- Nikto v2.1.6/2.1.5
+ Target Host: id.priceprice.com
+ Target Port: 443
+ GET The X-XSS-Protection header is not defined. This header can hint to the user
agent to protect against some forms of XSS
+ GET The site uses SSL and the Strict-Transport-Security HTTP header is not
defined.
+ GET The X-Content-Type-Options header is not set. This could allow the user agent
to render the content of the site in a different fashion to the MIME type
+ GET Cookie kid_f_sid created without the secure flag
+ GET Cookie c_view_mode created without the secure flag
+ GET Cookie c_view_mode created without the httponly flag
- Nikto v2.1.6/2.1.5
- Nikto v2.1.6/2.1.5
+ Target Host: www.opulsa.com
+ Target Port: 443
+ GET Retrieved x-powered-by header: PHP/5.6.32
+ GET The anti-clickjacking X-Frame-Options header is not present.
+ GET The X-XSS-Protection header is not defined. This header can hint to the user
agent to protect against some forms of XSS
+ GET The site uses SSL and the Strict-Transport-Security HTTP header is not
defined.
+ GET The X-Content-Type-Options header is not set. This could allow the user agent
to render the content of the site in a different fashion to the MIME type
+ GET Cookie PHPSESSID created without the secure flag
+ GET Cookie PHPSESSID created without the httponly flag
+ GET The Content-Encoding header is set to "deflate" this may mean that the server
is vulnerable to the BREACH attack.
+ DZSZNJQY Web Server returns a valid response with junk HTTP methods, this may
cause false positives.
- Nikto v2.1.6/2.1.5
+ Target Host: www.opulsa.com
+ Target Port: 443
+ GET The anti-clickjacking X-Frame-Options header is not present.
+ GET The X-XSS-Protection header is not defined. This header can hint to the user
agent to protect against some forms of XSS
+ GET The site uses SSL and the Strict-Transport-Security HTTP header is not
defined.
+ GET The X-Content-Type-Options header is not set. This could allow the user agent
to render the content of the site in a different fashion to the MIME type
- Nikto v2.1.6/2.1.5

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy