Hi, I just scanned my web with nikto and received this message:
+ /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit
So my question is: how can I turn these detailed messages off?
Jarry
You may get lucky and someone might happen to know the answer to this, but I believe that you've posted to the wrong list. This is a Drupal support list, not Xoops.
On Sun, May 22, 2011 at 3:02 AM, Jarry mr.jarry@gmail.com wrote:
Hi, I just scanned my web with nikto and received this message:
- /userinfo.php?uid=1;: Xoops portal gives detailed error
messages including SQL syntax and may allow an exploit
So my question is: how can I turn these detailed messages off?
Jarry
This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. -- [ Drupal support list | http://lists.drupal.org/ ]
I believe I have posted to the right list, as all I have on my web is Drupal. I suppose, nikto was just wrong in CMS signature detection...
Jarry
On 22. 5. 2011 12:35, William Smith wrote:
You may get lucky and someone might happen to know the answer to this, but I believe that you've posted to the wrong list. This is a Drupal support list, not Xoops.
mailto:mr.jarry@gmail.com> wrote:
Hi, I just scanned my web with nikto and received this message: + /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit So my question is: how can I turn these detailed messages off?
Hmm, well I'm not familiar with nikto, but it has to be more than an issue with signature detection. There is no such Drupal file as userinfo.php, but it is a Xoops file, so something is up.
On Sun, May 22, 2011 at 7:57 AM, Jarry mr.jarry@gmail.com wrote:
I believe I have posted to the right list, as all I have on my web is Drupal. I suppose, nikto was just wrong in CMS signature detection...
Jarry
On 22. 5. 2011 12:35, William Smith wrote:
You may get lucky and someone might happen to know the answer to this, but I believe that you've posted to the wrong list. This is a Drupal support list, not Xoops.
mailto:mr.jarry@gmail.com> wrote:
Hi, I just scanned my web with nikto and received this message: + /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit So my question is: how can I turn these detailed messages off?-- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. -- [ Drupal support list | http://lists.drupal.org/ ]
-
Jarry -
William Smith