Hmm, well I'm not familiar with nikto, but it has to be more than an issue with signature detection. There is no such Drupal file as userinfo.php, but it is a Xoops file, so something is up. On Sun, May 22, 2011 at 7:57 AM, Jarry <mr.jarry@gmail.com> wrote:
I believe I have posted to the right list, as all I have on my web is Drupal. I suppose, nikto was just wrong in CMS signature detection...
Jarry
On 22. 5. 2011 12:35, William Smith wrote:
You may get lucky and someone might happen to know the answer to this, but I believe that you've posted to the wrong list. This is a Drupal support list, not Xoops.
<mailto:mr.jarry@gmail.com>> wrote:
Hi, I just scanned my web with nikto and received this message:
+ /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit
So my question is: how can I turn these detailed messages off?
-- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. -- [ Drupal support list | http://lists.drupal.org/ ]