Hmm, well I'm not familiar with nikto, but it has to be more than an issue with signature detection.<br>There is no such Drupal file as userinfo.php, but it is a Xoops file, so something is up.<br><br><div class="gmail_quote">
On Sun, May 22, 2011 at 7:57 AM, Jarry <span dir="ltr"><<a href="mailto:mr.jarry@gmail.com">mr.jarry@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I believe I have posted to the right list, as all I have<br>
on my web is Drupal. I suppose, nikto was just wrong<br>
in CMS signature detection...<br>
<font color="#888888"><br>
Jarry<br>
</font><div class="im"><br>
On 22. 5. 2011 12:35, William Smith wrote:<br>
> You may get lucky and someone might happen to know the answer to this,<br>
> but I believe that you've posted to the wrong list.<br>
> This is a Drupal support list, not Xoops.<br>
><br>
</div><div class="im">> <mailto:<a href="mailto:mr.jarry@gmail.com">mr.jarry@gmail.com</a>>> wrote:<br>
><br>
> Hi,<br>
> I just scanned my web with nikto and received this message:<br>
><br>
> + /userinfo.php?uid=1;: Xoops portal gives detailed error<br>
> messages including SQL syntax and may allow an exploit<br>
><br>
> So my question is: how can I turn these detailed messages off?<br>
<br>
<br>
</div>--<br>
<div><div></div><div class="h5">_______________________________________________________________<br>
This mailbox accepts e-mails only from selected mailing-lists!<br>
Everything else is considered to be spam and therefore deleted.<br>
--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
</div></div></blockquote></div><br>