search

sullo / nikto

Nikto web server scanner
Other
8.36k stars 1.21k forks source link

cfcache.map false positives #355

Closed digininja closed 8 years ago

digininja commented 8 years ago

These are from the save file, obviously a 404 but still reported:

-----------------------------------------------------------------------
                          Information
-----------------------------------------------------------------------
Test ID:        000403
OSVDB ID:       0
Message:        /cfcache.map: May leak directory listing, may also leave server open to a DOS. http://www.securiteam.com/windowsntfocus/ColdFusion_Information_Exposure__CFCACHE_Tag_.html
Reason:         Content Match
-----------------------------------------------------------------------
                          Request
-----------------------------------------------------------------------
GET /cfcache.map HTTP/1.1
User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000403)
Host: aaa.xxx.co.uk
Connection: Keep-Alive

-----------------------------------------------------------------------
                          Response
-----------------------------------------------------------------------
HTTP/1.1 404 Not Found
cache-control: private
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/7.5
set-cookie: ASP.NET_SessionId=vgzbgf55hkpklc45mecqsu32; path=/; HttpOnly
x-aspnet-version: 2.0.50727
x-powered-by: ASP.NET
date: Tue, 12 Apr 2016 22:35:35 GMT
content-length: 24604
Test ID:        000404
OSVDB ID:       0
Message:        /cfdocs/cfcache.map: May leak directory listing, may also leave server open to a DOS
Reason:         Content Match
-----------------------------------------------------------------------
                          Request
-----------------------------------------------------------------------
GET /cfdocs/cfcache.map HTTP/1.1
User-Agent: Mozilla/5.00 (Nikto/2.1.6) (Evasions:None) (Test:000404)
Host: aaa.xxx.co.uk
Connection: Keep-Alive

-----------------------------------------------------------------------
                          Response
-----------------------------------------------------------------------
HTTP/1.1 404 Not Found
cache-control: private
content-type: text/html; charset=UTF-8
server: Microsoft-IIS/7.5
set-cookie: ASP.NET_SessionId=prcybv45kyoy1355mshpcdif; path=/; HttpOnly
x-aspnet-version: 2.0.50727
x-powered-by: ASP.NET
date: Tue, 12 Apr 2016 22:35:35 GMT
content-length: 24604
sullo commented 8 years ago

So you didn't include the full response, which is fine, but it should only have triggered if 'Mapping' was in the response page. Can you check to see if it is?

opt9 commented 8 years ago

It's very rare case.

False Positive Condition

  1. 404 not found (or other error code).
  2. Target site has "Mapping" related contents - ex) "Partner Mapping", "Customer Mapping", etc.
  3. Error page returns site header, or footer, or menu or other contents, and there is "Mapping".

Workaround

  1. Change "Mapping" to "Mapping="
  2. Add "SourceTimeStamp" to "Match1 and" condition

I'll request a PR to fix it soon.