+ OSVDB-5292: /info.php?file =: RFI from RSnake's list ( ) or from + OSVDB-3233: /icons/README: Apache default file found. + OSVDB-3268: /icons/: Directory indexing found. + OSVDB-3233: /info.php: PHP is installed, and a test script which runs phpinfo ( ) was found. + /info.php: Output from the phpinfo ( ) function was found. + OSVDB-3093: /squirrelmail/src/read_body.php: SquirrelMail found + OSVDB-3093: /mail/src/read_body.php: SquirrelMail found + Cookie SQMSESSID created without the httponly flag + OSVDB-3092: /phpmyadmin/ChangeLog: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized hosts. + Server may leak inodes via ETags, header found with file /phpmyadmin/ChangeLog, inode: 558008, size: 22676, mtime: Tue Aug 21 + OSVDB-3092: /phpmyadmin/changelog.php: phpMyAdmin is for managing MySQL databases, and should be protected or limited to authorized + OSVDB-12184: /? =PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that + OSVDB-12184: /? =PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests that + OSVDB-12184: /? =PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that + /index.php: PHP include error may indicate local or remote file inclusion is possible. + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST + Web Server returns a valid response with junk HTTP methods, this may cause false positives. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE Apache 2.2.34 is the EOL for the 2.x branch. + Apache/2.2.6 appears to be outdated (current is at least Apache/2.4.37 ). This could allow the user agent to render the content of the site in a different fashion to + The X-Content-Type-Options header is not set. This header can hint to the user agent to protect against some forms of XSS + The X-XSS-Protection header is not defined. + The anti-clickjacking X-Frame-Options header is not present. + Retrieved x-powered-by header: PHP/5.2.4 Hack the LAMPSecurity: CTF 5 (CTF Challenge)