Board logo

标题: 发现"CGI漏洞怎么解决啊 求高手!!! [打印本页]
作者: 9987679    时间: 2005-2-19 16:25     标题: 发现"CGI漏洞怎么解决啊 求高手!!!

X-Scan 检测报告
------------------

检测结果
- 存活主机 : 1
- 漏洞数量 : 1
- 警告数量 : 10
- 提示数量 : 5

主机列表
XXX.XX.XXX.XXx (发现安全漏洞)
. OS: Windows; PORT/TCP:

详细资料
+ XXX.XX.XXX.XXx :
. 开放端口列表 :
   o www (80/tcp) (发现安全漏洞)
   o ftp (21/tcp) (发现安全提示)
. 端口"www (80/tcp)"发现安全漏洞 :

   
    The following directories have frontpage enabled, but are not password
     protected :
   
    /
   
   
    Anyone can use Microsoft FrontPage to modify them.
   
    Solution : Set a password on the frontpage installation of these directories
    See also : http://www.ciac.org/ciac/bulletins/k-048.shtml
    Risk factor : High
    NESSUS_ID : 11455
. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin/_vti_adm

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin/_vti_aut

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_inf.html

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin/fpcount.exe?Page=default.htm|Image=2|Digits=1

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin/_vti_aut/author.dll

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin/shtml.dll/_vti_rpc

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin/shtml.dll

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin/shtml.dll/nosuch.htm

. 端口"www (80/tcp)"发现安全警告 :

    CGI漏洞:
     http://XXX.XX.XXX.XXx/_vti_bin/shtml.exe

. 端口"www (80/tcp)"发现安全提示 :

    A web server is running on this port
    NESSUS_ID : 10330
. 端口"www (80/tcp)"发现安全提示 :

    该插件试图确认远程主机上存在的各普通目录
    ___________________________________________________________________
   
    The following directories were discovered:
    /_vti_bin, /images, /inc
   
    While this is not, in and of itself, a bug, you should manually inspect
    these directories to ensure that they are in compliance with company
    security standards
   
    The following directories require authentication:
    /printers
    NESSUS_ID : 11032
. 端口"www (80/tcp)"发现安全提示 :

    此脚本将映射远程web站点并提取一份远程主机所用的CGI列表.
   
    建议你给此插件设置一个较高的超时值.
    所要映射的页面需在客户端的'选项'中修改.
   
    风险等级:无
    ___________________________________________________________________
   
    The following CGI have been discovered :
   
    Syntax : cginame (arguments [default value])
   
    /bbs/login.asp (password [] action [chk] username [] )
   
    NESSUS_ID : 10662
. 端口"www (80/tcp)"发现安全提示 :

    The remote web server type is :
   
    Microsoft-IIS/5.1
   
    Solution : You can use urlscan to change reported server for IIS.
    NESSUS_ID : 10107
. 端口"ftp (21/tcp)"发现安全提示 :

    Maybe the "ftp" service running on this port.
   
    NESSUS_ID : 10330





欢迎光临 黑色海岸线论坛 (http://bbs.thysea.com/) Powered by Discuz! 7.2