Nessus Report

Nessus Scan Report 08/Aug/2013:13:22:55

HomeFeed: Commercial use of the report is prohibited
Any time Nessus is used in a commercial environment you MUST maintain an active subscription to the ProfessionalFeed in order to be compliant with our license agreement: http://www.nessus.org/products/nessus-professionalfeed

Table Of Contents
Hosts Summary (Executive).................................................................................................3

ascultimuzica.com........................................................................................................................................................4
Vulnerabilities By Host......................................................................................................... 6

ascultimuzica.com........................................................................................................................................................7
Vulnerabilities By Plugin.....................................................................................................25

58987 (1) - PHP Unsupported Version Detection.................................................................................................... 26 57537 (1) - PHP < 5.3.9 Multiple Vulnerabilities...................................................................................................... 27 58966 (1) - PHP < 5.3.11 Multiple Vulnerabilities.................................................................................................... 29 58988 (1) - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution.......................................................................31 10079 (1) - Anonymous FTP Enabled......................................................................................................................32 11213 (1) - HTTP TRACE / TRACK Methods Allowed............................................................................................ 33 26194 (1) - Web Server Uses Plain Text Authentication Forms.............................................................................. 35 34324 (1) - FTP Supports Clear Text Authentication............................................................................................... 36 11219 (2) - Nessus SYN scanner.............................................................................................................................37 10092 (1) - FTP Server Detection............................................................................................................................ 38 10107 (1) - HTTP Server Type and Version............................................................................................................ 39 10287 (1) - Traceroute Information...........................................................................................................................40 10662 (1) - Web mirroring........................................................................................................................................ 41 11032 (1) - Web Server Directory Enumeration....................................................................................................... 42 12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution........................................................................ 43 19506 (1) - Nessus Scan Information.......................................................................................................................44 21642 (1) - Session Initiation Protocol Detection..................................................................................................... 45 22964 (1) - Service Detection...................................................................................................................................46 24260 (1) - HyperText Transfer Protocol (HTTP) Information.................................................................................. 47 39463 (1) - HTTP Server Cookies Set..................................................................................................................... 48 42057 (1) - Web Server Allows Password Auto-Completion....................................................................................49 43111 (1) - HTTP Methods Allowed (per directory)................................................................................................. 50 45590 (1) - Common Platform Enumeration (CPE)..................................................................................................51 46180 (1) - Additional DNS Hostnames................................................................................................................... 52 49704 (1) - External URLs........................................................................................................................................53 50350 (1) - OS Identification Failed..........................................................................................................................54 59861 (1) - Remote web server screenshot.............................................................................................................55 66334 (1) - Patch Report.......................................................................................................................................... 56

Hosts Summary (Executive)

ascultimuzica.com Summary
Critical 1 High 3 Medium 2 Low 2 Info 20 Total 28

Details
Severity Critical (10.0) High (8.3) High (7.5) High (7.5) Medium (5.0) Medium (4.3) Low (2.6) Low (2.6) Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Info Plugin Id 58987 58988 57537 58966 10079 11213 26194 34324 10092 10107 10287 10662 11032 11219 12053 19506 21642 22964 24260 39463 42057 43111 45590 46180 49704 50350 Name PHP Unsupported Version Detection PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution PHP < 5.3.9 Multiple Vulnerabilities PHP < 5.3.11 Multiple Vulnerabilities Anonymous FTP Enabled HTTP TRACE / TRACK Methods Allowed Web Server Uses Plain Text Authentication Forms FTP Supports Clear Text Authentication FTP Server Detection HTTP Server Type and Version Traceroute Information Web mirroring Web Server Directory Enumeration Nessus SYN scanner Host Fully Qualified Domain Name (FQDN) Resolution Nessus Scan Information Session Initiation Protocol Detection Service Detection HyperText Transfer Protocol (HTTP) Information HTTP Server Cookies Set Web Server Allows Password Auto-Completion HTTP Methods Allowed (per directory) Common Platform Enumeration (CPE) Additional DNS Hostnames External URLs OS Identification Failed

Info Info

59861 66334

Remote web server screenshot Patch Report

Vulnerabilities By Host

ascultimuzica.com Scan Information

Start time: End time: Thu Aug 8 13:13:20 2013 Thu Aug 8 13:22:48 2013

Host Information
DNS Name: IP: ascultimuzica.com 81.169.145.154

Results Summary
Critical 1 High 3 Medium 2 Low 2 Info 21 Total 29

Results Details 0/tcp 12053 - Host Fully Qualified Domain Name (FQDN) Resolution Synopsis
It was possible to resolve the name of the remote host.

Description
Nessus was able to resolve the FQDN of the remote host.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2004/02/11, Modification date: 2012/09/28

Ports tcp/0
81.169.145.154 resolves as ascultimuzica.com.

46180 - Additional DNS Hostnames Synopsis

Potential virtual hosts have been detected.

Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web servers may be hosted on name- based virtual hosts.

See Also
http://en.wikipedia.org/wiki/Virtual_hosting

Solution
If you want to test them, re-scan using the special vhost syntax, such as : www.example.com[192.0.32.10]

Risk Factor
None

Plugin Information:
Publication date: 2010/04/29, Modification date: 2013/01/21

Ports tcp/0
The following hostnames point to the remote host:

- www.ascultimuzica.com

50350 - OS Identification Failed Synopsis

It was not possible to determine the remote operating system.

Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to use them to identify the overall system.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2010/10/26, Modification date: 2012/02/23

Ports tcp/0
Help us improve OS fingerprinting by sending the following signatures to : [email protected] Be sure to include a brief description of the device itself, such as the actual operating system or product / model names. HTTP:!:Server: Apache/2.2.25 (Unix) SinFP:!: P1:B11113:F0x12:W1608:O0:M0: P2:B11113:F0x12:W4236:O0204ffff0103030004020000:M1412: P3:B00000:F0x00:W0:O0:M0 P4:5200_7_p=21R

45590 - Common Platform Enumeration (CPE) Synopsis

It is possible to enumerate CPE names that matched on the remote system.

Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

See Also
http://cpe.mitre.org/

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2010/04/21, Modification date: 2013/05/13

Ports tcp/0
Following application CPE's matched on the remote system : cpe:/a:apache:http_server:2.2.25 -> Apache Software Foundation Apache HTTP Server 2.2.25 cpe:/a:php:php:5.2.17 -> PHP 5.2.17

66334 - Patch Report 8

Synopsis
The remote host is missing several patches

Description
The remote host is missing one or several security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Solution
Install the patches listed below

Risk Factor
None

Plugin Information:
Publication date: 2013/05/07, Modification date: 2013/07/17

Ports tcp/0

. You need to take the following action: [ PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution (58988) ] + Action to take: Upgrade to PHP version 5.3.12 / 5.4.2 or later. available as well. A 'mod_rewrite' workaround is

+ Impact: Taking this action will resolve 11 different vulnerabilities (CVEs).

19506 - Nessus Scan Information Synopsis

Information about the Nessus scan.

Description
This script displays, for each tested host, information about the scan itself : - The version of the plugin set - The type of plugin feed (HomeFeed or ProfessionalFeed) - The version of the Nessus Engine - The port scanner(s) used - The port range scanned - Whether credentialed or third-party patch management checks are possible - The date of the scan - The duration of the scan - The number of hosts scanned in parallel - The number of checks done in parallel

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2005/08/26, Modification date: 2013/05/31

Ports tcp/0
Information about this scan : Nessus version : 5.2.1 Plugin feed version : 201308080515 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 192.168.1.3 Port scanner(s) : nessus_syn_scanner Port range : 1-65535 Thorough tests : no

Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : enabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2013/8/8 13:13 Scan duration : 564 sec

0/udp 10287 - Traceroute Information Synopsis

It was possible to obtain traceroute information.

Description
Makes a traceroute to the remote host.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11

Ports udp/0
For your information, here is the traceroute from 192.168.1.3 to 81.169.145.154 : 192.168.1.3 192.168.1.1 89.121.147.254 10.0.225.49 10.0.245.201 10.0.240.238 80.81.193.110 81.169.144.34 81.169.145.154

21/tcp 10079 - Anonymous FTP Enabled Synopsis

Anonymous logins are allowed on the remote FTP server.

Description
This FTP service allows anonymous logins. Any remote user may connect and authenticate without providing a password or unique credentials. This allows a user to access any files made available on the FTP server.

Solution
Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure sensitive content is not available.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

References
CVE CVE-1999-0497

10

XREF

OSVDB:69

Plugin Information:
Publication date: 1999/06/22, Modification date: 2013/01/25

Ports tcp/21 34324 - FTP Supports Clear Text Authentication Synopsis

Authentication credentials might be intercepted.

Description
The remote FTP server allows the user's name and password to be transmitted in clear text, which could be intercepted by a network sniffer or a man-in-the-middle attack.

Solution
Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so that control connections are encrypted.

Risk Factor
Low

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
XREF XREF CWE:522 CWE:523

Plugin Information:
Publication date: 2008/10/01, Modification date: 2013/01/25

Ports tcp/21
This FTP server does not support 'AUTH TLS'.

11219 - Nessus SYN scanner Synopsis

It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/08/07

Ports tcp/21
Port 21/tcp was found to be open

10092 - FTP Server Detection Synopsis

An FTP server is listening on this port.

Description 11

It is possible to obtain the banner of the remote FTP server by connecting to the remote port.

Solution
N/A

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2013/03/08

Ports tcp/21
The remote FTP banner is : 220 Speak friend, and enter

80/tcp 58987 - PHP Unsupported Version Detection Synopsis

The remote host contains an unsupported version of a web application scripting language.

Description
According to its version, the installation of PHP on the remote host is no longer supported. As a result, it is likely to contain security vulnerabilities.

See Also
https://wiki.php.net/rfc/releaseprocess

Solution
Upgrade to a version of PHP that is currently supported.

Risk Factor
Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Plugin Information:
Publication date: 2012/05/04, Modification date: 2012/08/28

Ports tcp/80
Source Installed version End of support date Announcement Supported versions : : : : : X-Powered-By: PHP/5.2.17 5.2.17 2011/12/16 http://www.php.net/archive/2010.php 5.3.x / 5.4.x

58966 - PHP < 5.3.11 Multiple Vulnerabilities Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handled properly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831) - The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated. (CVE-2012-1172) - The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and 'readline_read_history'. - The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)

See Also 12

http://www.nessus.org/u?e81d4026 https://bugs.php.net/bug.php?id=61043 https://bugs.php.net/bug.php?id=54374 https://bugs.php.net/bug.php?id=60227 http://marc.info/?l=oss-security&m=134626481806571&w=2 http://www.php.net/archive/2012.php#id2012-04-26-1 http://www.php.net/ChangeLog-5.php#5.3.11

Solution
Upgrade to PHP version 5.3.11 or later.

Risk Factor
High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

6.2 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

References
BID BID BID CVE CVE CVE XREF XREF XREF 51954 53403 55297 CVE-2011-1398 CVE-2012-0831 CVE-2012-1172 OSVDB:79017 OSVDB:81791 OSVDB:85086

Plugin Information:
Publication date: 2012/05/02, Modification date: 2013/08/06

Ports tcp/80
Version source Installed version Fixed version : X-Powered-By: PHP/5.2.17 : 5.2.17 : 5.3.11

58988 - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution Synopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.

Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such is potentially affected by a remote code execution and information disclosure vulnerability. An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web server or to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string parameters as command line arguments including switches such as '-s', '-d', and '-c'.

13

Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration.

See Also
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ https://bugs.php.net/bug.php?id=61910 http://www.php.net/archive/2012.php#id2012-05-03-1 http://www.php.net/ChangeLog-5.php#5.3.12 http://www.php.net/ChangeLog-5.php#5.4.2

Solution
Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is available as well.

Risk Factor
High

CVSS Base Score

8.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)

CVSS Temporal Score

6.9 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)

References
BID CVE XREF XREF 53388 CVE-2012-1823 OSVDB:81633 CERT:520827

Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)

Plugin Information:
Publication date: 2012/05/04, Modification date: 2012/12/28

Ports tcp/80
Version source Installed version Fixed version : X-Powered-By: PHP/5.2.17 : 5.2.17 : 5.3.12 / 5.4.2

57537 - PHP < 5.3.9 Multiple Vulnerabilities Synopsis

The remote web server uses a version of PHP that is affected by multiple flaws.

Description
According to its banner, the version of PHP installed on the remote host is older than 5.3.9. As such, it may be affected by the following security issues : - The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. (CVE-2011-3379) - It is possible to create a denial of service condition by sending multiple, specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table. (CVE-2011-4885) - An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to read arbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32bit platforms. (CVE-2011-4566) - Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite files, resulting in arbitrary code execution. (CVE-2012-0057)

14

- An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a null pointer. This causes the application to crash. (CVE-2012-0781) - The 'PDORow' implementation contains an error that can cause application crashes when interacting with the session feature. (CVE-2012-0788) - An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial of service attack via memory consumption. (CVE-2012-0789)

See Also
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5 http://www.php.net/archive/2012.php#id2012-01-11-1 http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html https://bugs.php.net/bug.php?id=55475 https://bugs.php.net/bug.php?id=55776 https://bugs.php.net/bug.php?id=53502 http://www.php.net/ChangeLog-5.php#5.3.9

Solution
Upgrade to PHP version 5.3.9 or later.

Risk Factor
High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

6.2 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

References
BID BID BID BID BID BID BID CVE CVE CVE CVE CVE CVE CVE 49754 50907 51193 51806 51952 51992 52043 CVE-2011-3379 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0781 CVE-2012-0788 CVE-2012-0789

15

XREF XREF XREF XREF XREF XREF XREF

OSVDB:75713 OSVDB:77446 OSVDB:78115 OSVDB:78571 OSVDB:78676 OSVDB:79016 OSVDB:79332

Plugin Information:
Publication date: 2012/01/13, Modification date: 2013/08/06

Ports tcp/80
Version source Installed version Fixed version : X-Powered-By: PHP/5.2.17 : 5.2.17 : 5.3.9

11213 - HTTP TRACE / TRACK Methods Allowed Synopsis

Debugging functions are enabled on the remote web server.

Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf http://www.apacheweek.com/issues/03-01-24 http://download.oracle.com/sunalerts/1000718.1.html

Solution
Disable these methods. Refer to the plugin output for more information.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.9 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
BID BID BID BID BID CVE 9506 9561 11604 33374 37995 CVE-2003-1567

16

CVE CVE XREF XREF XREF XREF XREF XREF XREF

CVE-2004-2320 CVE-2010-0386 OSVDB:877 OSVDB:3726 OSVDB:5648 OSVDB:50485 CERT:288308 CERT:867593 CWE:16

Exploitable with
Metasploit (true)

Plugin Information:
Publication date: 2003/01/23, Modification date: 2013/03/29

Ports tcp/80
To disable these methods, add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2 support disabling the TRACE method natively via the 'TraceEnable' directive. Nessus sent the following TRACE request : ------------------------------ snip -----------------------------TRACE /Nessus1625581356.html HTTP/1.1 Connection: Close Host: ascultimuzica.com Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip -----------------------------and received the following response from the remote server : ------------------------------ snip -----------------------------HTTP/1.1 200 OK Date: Thu, 08 Aug 2013 10:19:09 GMT Server: Apache/2.2.25 (Unix) Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: message/http

TRACE /Nessus1625581356.html HTTP/1.1 Connection: Keep-Alive Host: ascultimuzica.com Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

17

Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------

26194 - Web Server Uses Plain Text Authentication Forms Synopsis

The remote web server might transmit credentials in cleartext.

Description
The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users.

Solution
Make sure that every sensitive form transmits content over HTTPS.

Risk Factor
Low

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
XREF XREF XREF XREF CWE:522 CWE:523 CWE:718 CWE:724

Plugin Information:
Publication date: 2007/09/28, Modification date: 2011/09/15

Ports tcp/80
Page : / Destination page : http://www.ascultimuzica.com/login.php Input name : pass

Page : /articles Destination page : http://www.ascultimuzica.com/login.php Input name : pass

Page : /register.php Destination page : register.html Input name : pass Input name : confirm_pass

Page : /test/ Destination page : http://www.ascultimuzica.com/test/login.php Input name : pass

Page : /test/?D=A Destination page : http://www.ascultimuzica.com/test/login.php Input name : pass

11219 - Nessus SYN scanner Synopsis

It is possible to determine which TCP ports are open.

Description 18

This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/08/07

Ports tcp/80
Port 80/tcp was found to be open

22964 - Service Detection Synopsis

The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2013/07/02

Ports tcp/80
A web server is running on this port.

11032 - Web Server Directory Enumeration Synopsis

It is possible to enumerate directories on the web server.

Description
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not.

See Also
http://projects.webappsec.org/Predictable-Resource-Location

Solution
n/a

Risk Factor
None

References
XREF OWASP:OWASP-CM-006

Plugin Information:
Publication date: 2002/06/26, Modification date: 2013/04/02

Ports tcp/80
The following directories were discovered: /include, /test, /js, /templates, /uploads, /articles

19

While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

10662 - Web mirroring Synopsis

Nessus crawled the remote web site.

Description
This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the client.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2001/05/04, Modification date: 2013/04/11

Ports tcp/80
The following CGI have been discovered : Syntax : cginame (arguments [default value]) /register.php (PHPSESSID [p86im77tsrvag1srm2hfsgn377] ) /register.html (name [] gender [female] country [256] username [] pass [] confirm_pass...) /www.facebook.com/plugins/likebox.php (href [https://www.facebook.com/pages/Ascul%C8%9Bi-Muzic %C4%83/33421213...)

39463 - HTTP Server Cookies Set Synopsis

Some cookies have been set by the web server.

Description
HTTP cookies are pieces of information that are presented by web servers and are sent back by the browser. As HTTP is a stateless protocol, cookies are a possible mechanism to keep track of sessions. This plugin displays the list of the HTTP cookies that were set by the web server when it was crawled.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2009/06/19, Modification date: 2011/03/15

Ports tcp/80
path name value version expires secure httponly path name value version expires secure = = = = = = = = = = = = = /test/ watched_video_list MzczLDIyLDk%3D 1 Fri, 09-Aug-2013 10:17:41 GMT 0 0 / watched_video_list Mzcz 1 Fri, 09-Aug-2013 10:17:39 GMT 0

20

httponly = 0 path name value version secure httponly = = = = = = / PHPSESSID p86im77tsrvag1srm2hfsgn377 1 0 0

49704 - External URLs Synopsis

Links to external sites were gathered.

Description
Nessus gathered HREF links to external sites by crawling the remote web server.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2010/10/04, Modification date: 2011/08/19

Ports tcp/80
108 external URLs were gathered on this web server : URL... - Seen on...

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js - / http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js - /test/ http://dj-darky.com/wp-content/uploads/2013/08/reclama-ta.png - / http://dj-darky.com/wp-content/uploads/2013/08/reclama_ta_aici.gif - / http://i.ytimg.com/vi/BpWM0FNPZSs/0.jpg - /test/ http://i.ytimg.com/vi/TuBMXS6vU3o/0.jpg - /test/ http://i1.ytimg.com/vi/N06t7jOt-po/0.jpg - / http://i1.ytimg.com/vi/PUz-GF3Espc/0.jpg - / http://i1.ytimg.com/vi/U26CMLWPT14/0.jpg - / http://i1.ytimg.com/vi/fAkFo_vA2zM/0.jpg - / http://i1.ytimg.com/vi/o9qe1gEMoWU/0.jpg - / http://images.top66.ro/vote/9.gif - / http://img.youtube.com/vi/1NtHGg558s0/mqdefault.jpg - /test/ http://img.youtube.com/vi/4U8EMvwsXbY/mqdefault.jpg - /test/ http://img.youtube.com/vi/5KyAJeut3pI/mqdefault.jpg - /test/ http://img.youtube.com/vi/614SeKAPN_A/1.jpg - / http://img.youtube.com/vi/63Gb5mng6mg/mqdefault.jpg - /test/ http://img.youtube.com/vi/6Y5GUWOZl7o/1.jpg - / http://img.youtube.com/vi/71jBcH_MXXc/mqdefault.jpg - /test/ http://img.youtube.com/vi/9RMdehcw9Jo/1.jpg - / http://img.youtube.com/vi/CKvzkrcBDuM/mqdefault.jpg - /test/ http://img.youtube.com/vi/CQ0xSySTl6I/mqdefault.jpg - /test/ http://img.youtube.com/vi/DQfBJsDD30c/1.jpg - / http://img.youtube.com/vi/GwkbEhAvNRY/1.jpg - / http://img.youtube.com/vi/IezSOT-trR4/1.jpg - / http://img.youtube.com/vi/Levc-PFeUcg/mqdefault.jpg - /test/ http://img.youtube.com/vi/LjwPZdj-z4A/mqdefault.jpg - /test/ http://img.youtube.com/vi/LpwNwzypZQ4/mqdefault.jpg - /test/ http://img.youtube.com/vi/NGka248okZU/1.jpg - / http://img.youtube.com/vi/OopYn4DnHfM/1.jpg - / http://img.youtube.com/vi/PxdqMd1fa80/1.jpg - / http://img.youtube.com/vi/QYU3SFL1ybw/1.jpg - / http://img.youtube.com/vi/R4UOteuzkjM/1.jpg - / http://img.youtube.com/vi/RH2lko-9M6g/mqdefault.jpg - /test/ http://img.youtube.com/vi/X3yAmFb99z4/mqdefault.jpg - /test/ http://img.youtube.com/vi/Xg5KjmSV [...]

42057 - Web Server Allows Password Auto-Completion Synopsis

21

Auto-complete is not disabled on password fields.

Description
The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete' is not set to 'off'. While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or their machine is compromised at some point.

Solution
Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.

Risk Factor
None

Plugin Information:
Publication date: 2009/10/07, Modification date: 2011/09/28

Ports tcp/80
Page : / Destination Page : http://www.ascultimuzica.com/login.php Input name : pass

Page : /articles Destination Page : http://www.ascultimuzica.com/login.php Input name : pass

Page : /register.php Destination Page : register.html Input name : pass Input name : confirm_pass

10107 - HTTP Server Type and Version Synopsis

A web server is running on the remote host.

Description
This plugin attempts to determine the type and the version of the remote web server.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2000/01/04, Modification date: 2013/06/03

Ports tcp/80
The remote web server type is : Apache/2.2.25 (Unix) You can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

43111 - HTTP Methods Allowed (per directory) 22

Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.

Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09

Ports tcp/80
Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST TRACE are allowed on : /include /js /templates /uploads /www.facebook.com/plugins

24260 - HyperText Transfer Protocol (HTTP) Information Synopsis

Some information about the remote HTTP configuration can be extracted.

Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31

Ports tcp/80
Protocol version : HTTP/1.1 SSL : no Keep-Alive : yes Options allowed : (Not implemented) Headers : Date: Thu, 08 Aug 2013 10:19:14 GMT Server: Apache/2.2.25 (Unix) X-Powered-By: PHP/5.2.17 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: watched_video_list=MTM5LDQ4; expires=Fri, 09-Aug-2013 10:19:14 GMT; path=/

23

Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

59861 - Remote web server screenshot Synopsis

It was possible to take a 'screenshot' of the remote web server.

Description
This test renders the view of the remote web site's main page, as seen from within a web browser. This test is informational only and does not denote any security problem.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2013/03/29, Modification date: 2013/07/11

Ports tcp/80
It was possible to gather the following screenshot of the remote web site.

5060/udp 21642 - Session Initiation Protocol Detection Synopsis

The remote system is a SIP signaling device.

Description
The remote system is running software that speaks the Session Initiation Protocol (SIP). SIP is a messaging protocol to initiate communication sessions between systems. It is a protocol used mostly in IP Telephony networks / systems to setup, control, and teardown sessions between two or more systems.

See Also
http://en.wikipedia.org/wiki/Session_Initiation_Protocol

Solution
If possible, filter incoming connections to the port so that it is used by trusted sources only.

Risk Factor
None

Plugin Information:
Publication date: 2003/12/29, Modification date: 2013/02/14

Ports udp/5060
Nessus found an unidentified SIP service.

24

Vulnerabilities By Plugin

58987 (1) - PHP Unsupported Version Detection Synopsis

The remote host contains an unsupported version of a web application scripting language.

Description
According to its version, the installation of PHP on the remote host is no longer supported. As a result, it is likely to contain security vulnerabilities.

See Also
https://wiki.php.net/rfc/releaseprocess

Solution
Upgrade to a version of PHP that is currently supported.

Risk Factor
Critical

CVSS Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Plugin Information:
Publication date: 2012/05/04, Modification date: 2012/08/28

Hosts ascultimuzica.com (tcp/80)

Source Installed version End of support date Announcement Supported versions : : : : : X-Powered-By: PHP/5.2.17 5.2.17 2011/12/16 http://www.php.net/archive/2010.php 5.3.x / 5.4.x

26

57537 (1) - PHP < 5.3.9 Multiple Vulnerabilities Synopsis

The remote web server uses a version of PHP that is affected by multiple flaws.

Description
According to its banner, the version of PHP installed on the remote host is older than 5.3.9. As such, it may be affected by the following security issues : - The 'is_a()' function in PHP 5.3.7 and 5.3.8 triggers a call to '__autoload()'. (CVE-2011-3379) - It is possible to create a denial of service condition by sending multiple, specially crafted requests containing parameter values that cause hash collisions when computing the hash values for storage in a hash table. (CVE-2011-4885) - An integer overflow exists in the exif_process_IFD_TAG function in exif.c that can allow a remote attacker to read arbitrary memory locations or cause a denial of service condition. This vulnerability only affects PHP 5.4.0beta2 on 32bit platforms. (CVE-2011-4566) - Calls to libxslt are not restricted via xsltSetSecurityPrefs(), which could allow an attacker to create or overwrite files, resulting in arbitrary code execution. (CVE-2012-0057) - An error exists in the function 'tidy_diagnose' that can allow an attacker to cause the application to dereference a null pointer. This causes the application to crash. (CVE-2012-0781) - The 'PDORow' implementation contains an error that can cause application crashes when interacting with the session feature. (CVE-2012-0788) - An error exists in the timezone handling such that repeated calls to the function 'strtotime' can allow a denial of service attack via memory consumption. (CVE-2012-0789)

See Also
http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_PHP5 http://www.php.net/archive/2012.php#id2012-01-11-1 http://archives.neohapsis.com/archives/bugtraq/2012-01/0092.html https://bugs.php.net/bug.php?id=55475 https://bugs.php.net/bug.php?id=55776 https://bugs.php.net/bug.php?id=53502 http://www.php.net/ChangeLog-5.php#5.3.9

Solution
Upgrade to PHP version 5.3.9 or later.

Risk Factor
High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

6.2 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

References
BID BID BID BID BID 49754 50907 51193 51806 51952

27

BID BID CVE CVE CVE CVE CVE CVE CVE XREF XREF XREF XREF XREF XREF XREF

51992 52043 CVE-2011-3379 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0781 CVE-2012-0788 CVE-2012-0789 OSVDB:75713 OSVDB:77446 OSVDB:78115 OSVDB:78571 OSVDB:78676 OSVDB:79016 OSVDB:79332

Plugin Information:
Publication date: 2012/01/13, Modification date: 2013/08/06

Hosts ascultimuzica.com (tcp/80)

Version source Installed version Fixed version : X-Powered-By: PHP/5.2.17 : 5.2.17 : 5.3.9

28

58966 (1) - PHP < 5.3.11 Multiple Vulnerabilities Synopsis

The remote web server uses a version of PHP that is affected by multiple vulnerabilities.

Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magic_quotes_gpc' directive are not handled properly. This can lower the difficulty for SQL injection attacks. (CVE-2012-0831) - The '$_FILES' variable can be corrupted because the names of uploaded files are not properly validated. (CVE-2012-1172) - The 'open_basedir' directive is not properly handled by the functions 'readline_write_history' and 'readline_read_history'. - The 'header()' function does not detect multi-line headers with a CR. (Bug #60227 / CVE-2011-1398)

See Also
http://www.nessus.org/u?e81d4026 https://bugs.php.net/bug.php?id=61043 https://bugs.php.net/bug.php?id=54374 https://bugs.php.net/bug.php?id=60227 http://marc.info/?l=oss-security&m=134626481806571&w=2 http://www.php.net/archive/2012.php#id2012-04-26-1 http://www.php.net/ChangeLog-5.php#5.3.11

Solution
Upgrade to PHP version 5.3.11 or later.

Risk Factor
High

CVSS Base Score

7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Temporal Score

6.2 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

References
BID BID BID CVE CVE CVE XREF XREF XREF 51954 53403 55297 CVE-2011-1398 CVE-2012-0831 CVE-2012-1172 OSVDB:79017 OSVDB:81791 OSVDB:85086

Plugin Information:

29

Publication date: 2012/05/02, Modification date: 2013/08/06

Hosts ascultimuzica.com (tcp/80)

Version source Installed version Fixed version : X-Powered-By: PHP/5.2.17 : 5.2.17 : 5.3.11

30

58988 (1) - PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution Synopsis
The remote web server uses a version of PHP that is affected by a remote code execution vulnerability.

Description
According to its banner, the version of PHP installed on the remote host is earlier than 5.3.12 / 5.4.2, and as such is potentially affected by a remote code execution and information disclosure vulnerability. An error in the file 'sapi/cgi/cgi_main.c' can allow a remote attacker to obtain PHP source code from the web server or to potentially execute arbitrary code. In vulnerable configurations, PHP treats certain query string parameters as command line arguments including switches such as '-s', '-d', and '-c'. Note that this vulnerability is exploitable only when PHP is used in CGI-based configurations. Apache with 'mod_php' is not an exploitable configuration.

See Also
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ https://bugs.php.net/bug.php?id=61910 http://www.php.net/archive/2012.php#id2012-05-03-1 http://www.php.net/ChangeLog-5.php#5.3.12 http://www.php.net/ChangeLog-5.php#5.4.2

Solution
Upgrade to PHP version 5.3.12 / 5.4.2 or later. A 'mod_rewrite' workaround is available as well.

Risk Factor
High

CVSS Base Score

8.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)

CVSS Temporal Score

6.9 (CVSS2#AV:N/AC:M/Au:N/C:C/I:P/A:P)

References
BID CVE XREF XREF 53388 CVE-2012-1823 OSVDB:81633 CERT:520827

Exploitable with
CANVAS (true)Core Impact (true)Metasploit (true)

Plugin Information:
Publication date: 2012/05/04, Modification date: 2012/12/28

Hosts ascultimuzica.com (tcp/80)

Version source Installed version Fixed version : X-Powered-By: PHP/5.2.17 : 5.2.17 : 5.3.12 / 5.4.2

31

10079 (1) - Anonymous FTP Enabled Synopsis

Anonymous logins are allowed on the remote FTP server.

Description
This FTP service allows anonymous logins. Any remote user may connect and authenticate without providing a password or unique credentials. This allows a user to access any files made available on the FTP server.

Solution
Disable anonymous FTP if it is not required. Routinely check the FTP server to ensure sensitive content is not available.

Risk Factor
Medium

CVSS Base Score

5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

References
CVE XREF CVE-1999-0497 OSVDB:69

Plugin Information:
Publication date: 1999/06/22, Modification date: 2013/01/25

Hosts ascultimuzica.com (tcp/21)

32

11213 (1) - HTTP TRACE / TRACK Methods Allowed Synopsis

Debugging functions are enabled on the remote web server.

Description
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods that are used to debug web server connections.

See Also
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf http://www.apacheweek.com/issues/03-01-24 http://download.oracle.com/sunalerts/1000718.1.html

Solution
Disable these methods. Refer to the plugin output for more information.

Risk Factor
Medium

CVSS Base Score

4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Temporal Score

3.9 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)

References
BID BID BID BID BID CVE CVE CVE XREF XREF XREF XREF XREF XREF XREF 9506 9561 11604 33374 37995 CVE-2003-1567 CVE-2004-2320 CVE-2010-0386 OSVDB:877 OSVDB:3726 OSVDB:5648 OSVDB:50485 CERT:288308 CERT:867593 CWE:16

Exploitable with
Metasploit (true)

Plugin Information: 33

Publication date: 2003/01/23, Modification date: 2013/03/29

Hosts ascultimuzica.com (tcp/80)

To disable these methods, add the following lines for each virtual host in your configuration file : RewriteEngine on RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] Alternatively, note that Apache versions 1.3.34, 2.0.55, and 2.2 support disabling the TRACE method natively via the 'TraceEnable' directive. Nessus sent the following TRACE request : ------------------------------ snip -----------------------------TRACE /Nessus1625581356.html HTTP/1.1 Connection: Close Host: ascultimuzica.com Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip -----------------------------and received the following response from the remote server : ------------------------------ snip -----------------------------HTTP/1.1 200 OK Date: Thu, 08 Aug 2013 10:19:09 GMT Server: Apache/2.2.25 (Unix) Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: message/http

TRACE /Nessus1625581356.html HTTP/1.1 Connection: Keep-Alive Host: ascultimuzica.com Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Accept-Language: en Accept-Charset: iso-8859-1,*,utf-8 ------------------------------ snip ------------------------------

34

26194 (1) - Web Server Uses Plain Text Authentication Forms Synopsis
The remote web server might transmit credentials in cleartext.

Description
The remote web server contains several HTML form fields containing an input of type 'password' which transmit their information to a remote web server in cleartext. An attacker eavesdropping the traffic between web browser and server may obtain logins and passwords of valid users.

Solution
Make sure that every sensitive form transmits content over HTTPS.

Risk Factor
Low

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
XREF XREF XREF XREF CWE:522 CWE:523 CWE:718 CWE:724

Plugin Information:
Publication date: 2007/09/28, Modification date: 2011/09/15

Hosts ascultimuzica.com (tcp/80)

Page : / Destination page : http://www.ascultimuzica.com/login.php Input name : pass

Page : /articles Destination page : http://www.ascultimuzica.com/login.php Input name : pass

Page : /register.php Destination page : register.html Input name : pass Input name : confirm_pass

Page : /test/ Destination page : http://www.ascultimuzica.com/test/login.php Input name : pass

Page : /test/?D=A Destination page : http://www.ascultimuzica.com/test/login.php Input name : pass

35

34324 (1) - FTP Supports Clear Text Authentication Synopsis

Authentication credentials might be intercepted.

Description
The remote FTP server allows the user's name and password to be transmitted in clear text, which could be intercepted by a network sniffer or a man-in-the-middle attack.

Solution
Switch to SFTP (part of the SSH suite) or FTPS (FTP over SSL/TLS). In the latter case, configure the server so that control connections are encrypted.

Risk Factor
Low

CVSS Base Score

2.6 (CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)

References
XREF XREF CWE:522 CWE:523

Plugin Information:
Publication date: 2008/10/01, Modification date: 2013/01/25

Hosts ascultimuzica.com (tcp/21)

This FTP server does not support 'AUTH TLS'.

36

11219 (2) - Nessus SYN scanner Synopsis

It is possible to determine which TCP ports are open.

Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target. Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.

Solution
Protect your target with an IP filter.

Risk Factor
None

Plugin Information:
Publication date: 2009/02/04, Modification date: 2013/08/07

Hosts ascultimuzica.com (tcp/21)

Port 21/tcp was found to be open

ascultimuzica.com (tcp/80)
Port 80/tcp was found to be open

37

10092 (1) - FTP Server Detection Synopsis

An FTP server is listening on this port.

Description
It is possible to obtain the banner of the remote FTP server by connecting to the remote port.

Solution
N/A

Risk Factor
None

Plugin Information:
Publication date: 1999/10/12, Modification date: 2013/03/08

Hosts ascultimuzica.com (tcp/21)

The remote FTP banner is : 220 Speak friend, and enter

38

10107 (1) - HTTP Server Type and Version Synopsis

A web server is running on the remote host.

Description
This plugin attempts to determine the type and the version of the remote web server.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2000/01/04, Modification date: 2013/06/03

Hosts ascultimuzica.com (tcp/80)

The remote web server type is : Apache/2.2.25 (Unix) You can set the directive 'ServerTokens Prod' to limit the information emanating from the server in its response headers.

39

10287 (1) - Traceroute Information Synopsis

It was possible to obtain traceroute information.

Description
Makes a traceroute to the remote host.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 1999/11/27, Modification date: 2013/04/11

Hosts ascultimuzica.com (udp/0)

For your information, here is the traceroute from 192.168.1.3 to 81.169.145.154 : 192.168.1.3 192.168.1.1 89.121.147.254 10.0.225.49 10.0.245.201 10.0.240.238 80.81.193.110 81.169.144.34 81.169.145.154

40

10662 (1) - Web mirroring Synopsis

Nessus crawled the remote web site.

Description
This script makes a mirror of the remote web site(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the client.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2001/05/04, Modification date: 2013/04/11

Hosts ascultimuzica.com (tcp/80)

The following CGI have been discovered : Syntax : cginame (arguments [default value]) /register.php (PHPSESSID [p86im77tsrvag1srm2hfsgn377] ) /register.html (name [] gender [female] country [256] username [] pass [] confirm_pass...) /www.facebook.com/plugins/likebox.php (href [https://www.facebook.com/pages/Ascul%C8%9Bi-Muzic %C4%83/33421213...)

41

11032 (1) - Web Server Directory Enumeration Synopsis

It is possible to enumerate directories on the web server.

Description
This plugin attempts to determine the presence of various common directories on the remote web server. By sending a request for a directory, the web server response code indicates if it is a valid directory or not.

See Also
http://projects.webappsec.org/Predictable-Resource-Location

Solution
n/a

Risk Factor
None

References
XREF OWASP:OWASP-CM-006

Plugin Information:
Publication date: 2002/06/26, Modification date: 2013/04/02

Hosts ascultimuzica.com (tcp/80)

The following directories were discovered: /include, /test, /js, /templates, /uploads, /articles While this is not, in and of itself, a bug, you should manually inspect these directories to ensure that they are in compliance with company security standards

42

12053 (1) - Host Fully Qualified Domain Name (FQDN) Resolution Synopsis
It was possible to resolve the name of the remote host.

Description
Nessus was able to resolve the FQDN of the remote host.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2004/02/11, Modification date: 2012/09/28

Hosts ascultimuzica.com (tcp/0)

81.169.145.154 resolves as ascultimuzica.com.

43

19506 (1) - Nessus Scan Information Synopsis

Information about the Nessus scan.

Description
This script displays, for each tested host, information about the scan itself : - The version of the plugin set - The type of plugin feed (HomeFeed or ProfessionalFeed) - The version of the Nessus Engine - The port scanner(s) used - The port range scanned - Whether credentialed or third-party patch management checks are possible - The date of the scan - The duration of the scan - The number of hosts scanned in parallel - The number of checks done in parallel

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2005/08/26, Modification date: 2013/05/31

Hosts ascultimuzica.com (tcp/0)

Information about this scan : Nessus version : 5.2.1 Plugin feed version : 201308080515 Type of plugin feed : HomeFeed (Non-commercial use only) Scanner IP : 192.168.1.3 Port scanner(s) : nessus_syn_scanner Port range : 1-65535 Thorough tests : no Experimental tests : no Paranoia level : 1 Report Verbosity : 1 Safe checks : yes Optimize the test : yes Credentialed checks : no Patch management checks : None CGI scanning : enabled Web application tests : disabled Max hosts : 80 Max checks : 5 Recv timeout : 5 Backports : None Allow post-scan editing: Yes Scan Start Date : 2013/8/8 13:13 Scan duration : 564 sec

44

21642 (1) - Session Initiation Protocol Detection Synopsis

The remote system is a SIP signaling device.

Description
The remote system is running software that speaks the Session Initiation Protocol (SIP). SIP is a messaging protocol to initiate communication sessions between systems. It is a protocol used mostly in IP Telephony networks / systems to setup, control, and teardown sessions between two or more systems.

See Also
http://en.wikipedia.org/wiki/Session_Initiation_Protocol

Solution
If possible, filter incoming connections to the port so that it is used by trusted sources only.

Risk Factor
None

Plugin Information:
Publication date: 2003/12/29, Modification date: 2013/02/14

Hosts ascultimuzica.com (udp/5060)

Nessus found an unidentified SIP service.

45

22964 (1) - Service Detection Synopsis

The remote service could be identified.

Description
It was possible to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2007/08/19, Modification date: 2013/07/02

Hosts ascultimuzica.com (tcp/80)

A web server is running on this port.

46

24260 (1) - HyperText Transfer Protocol (HTTP) Information Synopsis

Some information about the remote HTTP configuration can be extracted.

Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2007/01/30, Modification date: 2011/05/31

Hosts ascultimuzica.com (tcp/80)

Protocol version : HTTP/1.1 SSL : no Keep-Alive : yes Options allowed : (Not implemented) Headers : Date: Thu, 08 Aug 2013 10:19:14 GMT Server: Apache/2.2.25 (Unix) X-Powered-By: PHP/5.2.17 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: watched_video_list=MTM5LDQ4; expires=Fri, 09-Aug-2013 10:19:14 GMT; path=/ Keep-Alive: timeout=3, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8

47

39463 (1) - HTTP Server Cookies Set Synopsis

Some cookies have been set by the web server.

Description
HTTP cookies are pieces of information that are presented by web servers and are sent back by the browser. As HTTP is a stateless protocol, cookies are a possible mechanism to keep track of sessions. This plugin displays the list of the HTTP cookies that were set by the web server when it was crawled.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2009/06/19, Modification date: 2011/03/15

Hosts ascultimuzica.com (tcp/80)

path name value version expires secure httponly path name value version expires secure httponly path name value version secure httponly = = = = = = = = = = = = = = = = = = = = /test/ watched_video_list MzczLDIyLDk%3D 1 Fri, 09-Aug-2013 10:17:41 GMT 0 0 / watched_video_list Mzcz 1 Fri, 09-Aug-2013 10:17:39 GMT 0 0 / PHPSESSID p86im77tsrvag1srm2hfsgn377 1 0 0

48

42057 (1) - Web Server Allows Password Auto-Completion Synopsis

Auto-complete is not disabled on password fields.

Description
The remote web server contains at least HTML form field containing an input of type 'password' where 'autocomplete' is not set to 'off'. While this does not represent a risk to this web server per se, it does mean that users who use the affected forms may have their credentials saved in their browsers, which could in turn lead to a loss of confidentiality if any of them use a shared host or their machine is compromised at some point.

Solution
Add the attribute 'autocomplete=off' to these fields to prevent browsers from caching credentials.

Risk Factor
None

Plugin Information:
Publication date: 2009/10/07, Modification date: 2011/09/28

Hosts ascultimuzica.com (tcp/80)

Page : / Destination Page : http://www.ascultimuzica.com/login.php Input name : pass

Page : /articles Destination Page : http://www.ascultimuzica.com/login.php Input name : pass

Page : /register.php Destination Page : register.html Input name : pass Input name : confirm_pass

49

43111 (1) - HTTP Methods Allowed (per directory) Synopsis

This plugin determines which HTTP methods are allowed on various CGI directories.

Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2009/12/10, Modification date: 2013/05/09

Hosts ascultimuzica.com (tcp/80)

Based on the response to an OPTIONS request : - HTTP methods GET HEAD OPTIONS POST TRACE are allowed on : /include /js /templates /uploads /www.facebook.com/plugins

50

45590 (1) - Common Platform Enumeration (CPE) Synopsis

It is possible to enumerate CPE names that matched on the remote system.

Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host. Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.

See Also
http://cpe.mitre.org/

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2010/04/21, Modification date: 2013/05/13

Hosts ascultimuzica.com (tcp/0)

Following application CPE's matched on the remote system : cpe:/a:apache:http_server:2.2.25 -> Apache Software Foundation Apache HTTP Server 2.2.25 cpe:/a:php:php:5.2.17 -> PHP 5.2.17

51

46180 (1) - Additional DNS Hostnames Synopsis

Potential virtual hosts have been detected.

Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Different web servers may be hosted on name- based virtual hosts.

See Also
http://en.wikipedia.org/wiki/Virtual_hosting

Solution
If you want to test them, re-scan using the special vhost syntax, such as : www.example.com[192.0.32.10]

Risk Factor
None

Plugin Information:
Publication date: 2010/04/29, Modification date: 2013/01/21

Hosts ascultimuzica.com (tcp/0)

The following hostnames point to the remote host: - www.ascultimuzica.com

52

49704 (1) - External URLs Synopsis

Links to external sites were gathered.

Description
Nessus gathered HREF links to external sites by crawling the remote web server.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2010/10/04, Modification date: 2011/08/19

Hosts ascultimuzica.com (tcp/80)

108 external URLs were gathered on this web server : URL... - Seen on...

http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js - / http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js - /test/ http://dj-darky.com/wp-content/uploads/2013/08/reclama-ta.png - / http://dj-darky.com/wp-content/uploads/2013/08/reclama_ta_aici.gif - / http://i.ytimg.com/vi/BpWM0FNPZSs/0.jpg - /test/ http://i.ytimg.com/vi/TuBMXS6vU3o/0.jpg - /test/ http://i1.ytimg.com/vi/N06t7jOt-po/0.jpg - / http://i1.ytimg.com/vi/PUz-GF3Espc/0.jpg - / http://i1.ytimg.com/vi/U26CMLWPT14/0.jpg - / http://i1.ytimg.com/vi/fAkFo_vA2zM/0.jpg - / http://i1.ytimg.com/vi/o9qe1gEMoWU/0.jpg - / http://images.top66.ro/vote/9.gif - / http://img.youtube.com/vi/1NtHGg558s0/mqdefault.jpg - /test/ http://img.youtube.com/vi/4U8EMvwsXbY/mqdefault.jpg - /test/ http://img.youtube.com/vi/5KyAJeut3pI/mqdefault.jpg - /test/ http://img.youtube.com/vi/614SeKAPN_A/1.jpg - / http://img.youtube.com/vi/63Gb5mng6mg/mqdefault.jpg - /test/ http://img.youtube.com/vi/6Y5GUWOZl7o/1.jpg - / http://img.youtube.com/vi/71jBcH_MXXc/mqdefault.jpg - /test/ http://img.youtube.com/vi/9RMdehcw9Jo/1.jpg - / http://img.youtube.com/vi/CKvzkrcBDuM/mqdefault.jpg - /test/ http://img.youtube.com/vi/CQ0xSySTl6I/mqdefault.jpg - /test/ http://img.youtube.com/vi/DQfBJsDD30c/1.jpg - / http://img.youtube.com/vi/GwkbEhAvNRY/1.jpg - / http://img.youtube.com/vi/IezSOT-trR4/1.jpg - / http://img.youtube.com/vi/Levc-PFeUcg/mqdefault.jpg - /test/ http://img.youtube.com/vi/LjwPZdj-z4A/mqdefault.jpg - /test/ http://img.youtube.com/vi/LpwNwzypZQ4/mqdefault.jpg - /test/ http://img.youtube.com/vi/NGka248okZU/1.jpg - / http://img.youtube.com/vi/OopYn4DnHfM/1.jpg - / http://img.youtube.com/vi/PxdqMd1fa80/1.jpg - / http://img.youtube.com/vi/QYU3SFL1ybw/1.jpg - / http://img.youtube.com/vi/R4UOteuzkjM/1.jpg - / http://img.youtube.com/vi/RH2lko-9M6g/mqdefault.jpg - /test/ http://img.youtube.com/vi/X3yAmFb99z4/mqdefault.jpg - /test/ http://img.youtube.com/vi/Xg5KjmSV [...]

53

50350 (1) - OS Identification Failed Synopsis

It was not possible to determine the remote operating system.

Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. Unfortunately, though, Nessus does not currently know how to use them to identify the overall system.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2010/10/26, Modification date: 2012/02/23

Hosts ascultimuzica.com (tcp/0)

Help us improve OS fingerprinting by sending the following signatures to : [email protected] Be sure to include a brief description of the device itself, such as the actual operating system or product / model names. HTTP:!:Server: Apache/2.2.25 (Unix) SinFP:!: P1:B11113:F0x12:W1608:O0:M0: P2:B11113:F0x12:W4236:O0204ffff0103030004020000:M1412: P3:B00000:F0x00:W0:O0:M0 P4:5200_7_p=21R

54

59861 (1) - Remote web server screenshot Synopsis

It was possible to take a 'screenshot' of the remote web server.

Description
This test renders the view of the remote web site's main page, as seen from within a web browser. This test is informational only and does not denote any security problem.

Solution
n/a

Risk Factor
None

Plugin Information:
Publication date: 2013/03/29, Modification date: 2013/07/11

Hosts ascultimuzica.com (tcp/80)

It was possible to gather the following screenshot of the remote web site.

55

66334 (1) - Patch Report Synopsis

The remote host is missing several patches

Description
The remote host is missing one or several security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Solution
Install the patches listed below

Risk Factor
None

Plugin Information:
Publication date: 2013/05/07, Modification date: 2013/07/17

Hosts ascultimuzica.com (tcp/0)

. You need to take the following action: [ PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution (58988) ] + Action to take: Upgrade to PHP version 5.3.12 / 5.4.2 or later. available as well. A 'mod_rewrite' workaround is

+ Impact: Taking this action will resolve 11 different vulnerabilities (CVEs).

56