&size=160 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit
197
Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:11 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /showimage.php Details
Request GET /showimage.php?file=
HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:13 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:12 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /showimage.php Details
Request GET /showimage.php?file=
HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Acunetix Website Audit
212
Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:12 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /showimage.php Details Request GET /showimage.php?file=
&size=160 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:12 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /showimage.php Details Request GET /showimage.php?file= HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:12 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /showimage.php Details
Request GET /showimage.php?file=&size=160 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:12 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
PHP code injection Severity High Type Validation Reported by module Parameter manipulation Description
Acunetix Website Audit
214
Impact
Recommendation
Affected items /comment.php Details Request POST /comment.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 153 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm name=%26lt%3Byour%20name%20here%26gt%
[email protected]&Submit=Sub mit&phpaction=printf(md5(acunetix_wvs_security_test))%3Bexit%3B// Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:51:13 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /comment.php Details Request POST /comment.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 127 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
[email protected]&Submit=Submit&phpaction=printf(md5(a cunetix_wvs_security_test))%3Bexit%3B// Response HTTP/1.1 200 OK Server: nginx/1.4.1 Acunetix Website Audit
215
Date: Mon, 21 Aug 2017 08:51:13 GMT Content-Type: text/html Connection: close
Proxy accepts CONNECT requests Severity High Type Configuration Reported by module Scripting Description
Impact
Recommendation
Affected items Server Details
Script source code disclosure Severity High Type Validation Reported by module Parameter manipulation Description
Impact
Recommendation
Affected items /showimage.php Details Request GET /showimage.php?file=showimage.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit
216
Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:43 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
SQL injection Severity High Type Validation Reported by module Parameter manipulation Description
Impact
Recommendation
Affected items /listproducts.php Details Request GET /listproducts.php?artist=\' HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix Website Audit
217
Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?artist=\" HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?artist=JyI%3D HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?artist=acunetix'" HTTP/1.0 Acunetix Website Audit
218
Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?artist=' HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?artist=%2527 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Acunetix Website Audit
219
/listproducts.php Details Request GET /listproducts.php?artist=%00' HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=%00' HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:19 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=%2527 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response Acunetix Website Audit
220
HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:19 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=' HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:19 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=acunetix'" HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:19 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=JyI%3D HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Acunetix Website Audit
221
Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=\" HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:20 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=\' HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:19 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /secured/newuser.php Details Request Acunetix Website Audit
222
POST /secured/newuser.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 279 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm uuname='
[email protected][email protected]&urname
[email protected][email protected]&uemail=111-222-1933emai
[email protected][email protected][email protected] t&signup=signup Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:47:16 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /secured/newuser.php Details Request POST /secured/newuser.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 282 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm uuname=%00'
[email protected][email protected]&urn
[email protected][email protected]&uemail=111-222-1933e
[email protected][email protected]&uaddress=111-222-1933email@address .tst&signup=signup Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:47:16 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /secured/newuser.php Details Request POST /secured/newuser.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit
223
Host: testphp.vulnweb.com Content-Length: 288 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm uuname=acunetix'"
[email protected][email protected] [email protected][email protected]&uemail=111-222
[email protected][email protected]&uaddress=111-222-1933email@ Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:47:16 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Backup files Severity Medium Type Validation Reported by module File checks Description
Impact
Recommendation
Affected items /index.bak Details Request GET /index.bak HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:54:42 GMT Content-Type: text/plain Acunetix Website Audit
224
Content-Length: 3265 Last-Modified: Wed, 11 May 2011 10:27:48 GMT Connection: close ETag: "4dca64a4-cc1" /index.zip Details Request GET /index.zip HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:54:42 GMT Content-Type: application/zip Content-Length: 3265 Last-Modified: Mon, 09 Jul 2007 10:42:54 GMT Connection: close ETag: "4692112e-cc1" Accept-Ranges: bytes
Cookie manipulation Severity Medium Type Validation Reported by module Parameter manipulation Description
Impact
Recommendation
Affected items /comment.php Details Request POST /comment.php HTTP/1.0 Accept: */* Acunetix Website Audit
225
Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 162 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm name=
&comment=111-222-19 Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:50:47 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /guestbook.php Details Request POST /guestbook.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 124 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm name=
&text=111-222-1933em
[email protected]&submit=add%20message Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:43:23 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /guestbook.php Details Request POST /guestbook.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 111 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix Website Audit
226
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm name=anonymous%20user&text=
&submi t=add%20message Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:43:23 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /guestbook.php Details Request POST /guestbook.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 99 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm name=test&text=
&submit=ad d%20message Response HTTP/1.1 200 OK Acunetix Website Audit
227
Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:43:23 GMT Content-Type: text/html Connection: close /hpp/params.php Details Request GET /hpp/params.php?p=
&pp=12 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:49:42 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /hpp/params.php Details Request GET /hpp/params.php?p=valid&pp=
HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:49:42 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?artist=
HTTP/1.0 Acunetix Website Audit
228
Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:58 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=
HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:44:58 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /search.php Details
Request POST /search.php?test=query HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 85 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm searchFor=
&goButton=go Response Acunetix Website Audit
229
HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:40:02 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /secured/newuser.php Details Request POST /secured/newuser.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 341 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
[email protected][email protected][email protected][email protected]&ucc=111-222-1933email@address
[email protected][email protected]&uaddress=
&signup=signup Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:48:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /secured/newuser.php Details Request POST /secured/newuser.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 341 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
[email protected][email protected][email protected][email protected]&ucc=
[email protected]&uphone=111-2
[email protected][email protected]&signup=signup Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:48:18 GMT Content-Type: text/html Acunetix Website Audit
230
Connection: close /secured/newuser.php Details Request POST /secured/newuser.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 341 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
[email protected][email protected][email protected][email protected]&ucc=111-222-1933email@address .tst&uemail=
&uphone=111-2
[email protected][email protected]&signup=signup Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:48:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /secured/newuser.php Details Request POST /secured/newuser.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 341 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
[email protected][email protected][email protected][email protected]&ucc=111-222-1933email@address
[email protected]&uphone=
[email protected]&signup=signup Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:48:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Acunetix Website Audit
231
/secured/newuser.php Details Request POST /secured/newuser.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 341 Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
[email protected][email protected][email protected]&urname=
[email protected][email protected]&uphone=111-2
[email protected][email protected]&signup=signup Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:48:18 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /showimage.php Details Request GET /showimage.php?file=
HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:52 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /showimage.php Details Request GET /showimage.php?file=
&size =160 HTTP/1.0 Accept: */* Acunetix Website Audit
232
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:52 GMT Content-Type: image/jpeg Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Insecure crossdomain.xml Severity Medium Type Configuration Reported by module Scripting Description
Impact
Recommendation
Affected items Server Details Server Details
PHPinfo page found Acunetix Website Audit
233
Severity Medium Type Validation Reported by module Directory checks Description
Impact
Recommendation
Affected items /secured/phpinfo.php Details Request GET /secured/phpinfo.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:58:02 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /secured/phpinfo.php Details
Request GET /secured/phpinfo.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/ Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response Acunetix Website Audit
234
HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 09:01:50 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /secured/phpinfo.php Details
Request GET /secured/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/secured/phpinfo.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 09:01:51 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Source code disclosure Severity Medium Type Validation Reported by module Text search Description
Impact
Recommendation
Affected items /index.bak Details
Request Acunetix Website Audit
235
GET /index.bak HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:54:42 GMT Content-Type: text/plain Content-Length: 3265 Last-Modified: Wed, 11 May 2011 10:27:48 GMT Connection: close ETag: "4dca64a4-cc1" Accept-Ranges: bytes
Application error message Severity Low Type Validation Reported by module Parameter manipulation Description
Impact
Recommendation
Affected items /listproducts.php Details Request GET /listproducts.php?artist=\'\");|]*{%0d%0a<%00 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:00 GMT Acunetix Website Audit
236
Content-Type: text/html Connection: close /listproducts.php Details Request GET /listproducts.php?artist= HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:00 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat=\'\");|]*{%0d%0a<%00 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:00 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details Request GET /listproducts.php?cat= HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix Website Audit
237
Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:45:00 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
CVS files found Severity Low Type Validation Reported by module Directory checks Description
Impact
Recommendation
Affected items /CVS/Entries Details Request GET /CVS/Entries HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:56:14 GMT Content-Type: text/plain Content-Length: 1 Last-Modified: Wed, 11 May 2011 10:27:48 GMT Connection: close ETag: "4dca64a4-1" Accept-Ranges: bytes /CVS/Repository Details Request GET /CVS/Repository HTTP/1.0 Accept: */* Acunetix Website Audit
238
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:56:14 GMT Content-Type: text/plain Content-Length: 8 Last-Modified: Wed, 11 May 2011 10:27:48 GMT Connection: close ETag: "4dca64a4-8" Accept-Ranges: bytes /CVS/Root Details Request GET /CVS/Root HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:56:14 GMT Content-Type: text/plain Content-Length: 1 Last-Modified: Wed, 11 May 2011 10:27:48 GMT Connection: close ETag: "4dca64a4-1" Accept-Ranges: bytes
Directory listing found Severity Low Type Information Reported by module Text search Description
Impact
Acunetix Website Audit
239
Recommendation
Affected items /admin Details
Request GET /admin/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com:80/admin/ Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 09:01:51 GMT Content-Type: text/html Connection: close /CVS Details
Request GET /CVS/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 09:01:50 GMT Content-Type: text/html Connection: close
Acunetix Website Audit
240
/Flash Details
Request GET /Flash/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close /images Details
Request GET /images/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close /Mod_Rewrite_Shop/images Details
Request GET /Mod_Rewrite_Shop/images/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Acunetix Website Audit
241
Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close
Hidden form input named price was found Severity Low Type Informational Reported by module Crawler Description
Impact
Recommendation
Affected items /product.php Details
Request GET /product.php?pic=6 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Acunetix Website Audit
242
/product.php Details
Request GET /product.php?pic=4 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=2 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=3 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Acunetix Website Audit
243
Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=5 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=7 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit
244
Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=1 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Possible sensitive directories Severity Low Type Validation Reported by module Directory checks Description
Impact
Recommendation
Affected items /admin Details Request GET /admin HTTP/1.0 Accept: */* Acunetix Website Audit
245
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 301 Moved Permanently Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:56:26 GMT Content-Type: text/html Content-Length: 184 Location: http://testphp.vulnweb.com/admin/ Connection: close /secured Details Request GET /secured HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 301 Moved Permanently Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:56:22 GMT Content-Type: text/html Content-Length: 184 Location: http://testphp.vulnweb.com/secured/ Connection: close
Possible sensitive files Severity Low Type Validation Reported by module Directory checks Description
Impact
Recommendation
Affected items
Acunetix Website Audit
246
/hpp/test.php Details Request GET /hpp/test.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:57:50 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
URL redirection Severity Low Type Validation Reported by module Parameter manipulation Description
Impact
Recommendation
Affected items /redir.php Details Request GET /redir.php?r=http://www.acunetix.com HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response Acunetix Website Audit
247
HTTP/1.1 302 Moved Temporarily Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:49:09 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 Location: http://www.acunetix.com
User credentials are sent in clear text Severity Low Type Informational Reported by module Crawler Description
Impact
Recommendation
Affected items /login.php Details Request GET /login.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /signup.php Details Request GET /signup.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix Website Audit
248
Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Broken links Severity Informational Type Informational Reported by module Crawler Description
Impact
Recommendation
Affected items /Mod_Rewrite_Shop/Details/color-printer/3 Details Request GET /Mod_Rewrite_Shop/Details/color-printer/3/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/Mod_Rewrite_Shop/ Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 404 Not Found Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Content-Length: 570 Connection: close /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1 Details
Acunetix Website Audit
249
Request GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/Mod_Rewrite_Shop/ Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 404 Not Found Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Content-Length: 570 Connection: close /Mod_Rewrite_Shop/Details/web-camera-a4tech/2 Details Request GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/Mod_Rewrite_Shop/ Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 404 Not Found Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Content-Length: 570 Connection: close /privacy.php Details Request GET /privacy.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Acunetix Website Audit
250
Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 404 Not Found Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Email address found Severity Informational Type Informational Reported by module Text search Description
Impact
Recommendation
Affected items / Details
Request GET / HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Acunetix Website Audit
251
/artists.php Details
Request GET /artists.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /artists.php Details
Request GET /artists.php?artist=3 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/artists.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /artists.php Details
Request Acunetix Website Audit
252
GET /artists.php?artist=1 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/artists.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /artists.php Details
Request GET /artists.php?artist=2 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/artists.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /cart.php Details
Request POST /cart.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 19 Connection: Close Acunetix-Aspect: enabled Acunetix Website Audit
253
Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/product.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /cart.php Details
Request POST /cart.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 20 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/product.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /cart.php Details
Request POST /cart.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 19 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/product.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix Website Audit
254
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /cart.php Details
Request POST /cart.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 19 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/product.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /cart.php Details
Request POST /cart.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 21 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/product.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Acunetix Website Audit
255
Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:42 GMT Content-Type: text/html Connection: close /cart.php Details
Request POST /cart.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 19 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/product.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /cart.php Details
Request POST /cart.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 21 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/product.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 Acunetix Website Audit
256
/cart.php Details
Request GET /cart.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /categories.php Details
Request GET /categories.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /disclaimer.php Details
Acunetix Website Audit
257
Request GET /disclaimer.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /guestbook.php Details
Request POST /guestbook.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 40 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/guestbook.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /guestbook.php Details
Request GET /guestbook.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Acunetix Website Audit
258
Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /index.bak Details
Request GET /index.bak HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Pragma: no-cache Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:54:42 GMT Content-Type: text/plain Content-Length: 3265 Last-Modified: Wed, 11 May 2011 10:27:48 GMT Connection: close ETag: "4dca64a4-cc1" Accept-Ranges: bytes /index.php Details
Request GET /index.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix Website Audit
259
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details
Request GET /listproducts.php?artist=2 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/artists.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details
Request GET /listproducts.php?artist=3 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/artists.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Acunetix Website Audit
260
Connection: close /listproducts.php Details
Request GET /listproducts.php?artist=1 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/artists.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:41 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details
Request GET /listproducts.php?cat=2 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/categories.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details
Acunetix Website Audit
261
Request GET /listproducts.php?cat=3 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/categories.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details
Request GET /listproducts.php?cat=4 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/categories.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details
Request GET /listproducts.php?cat=1 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix Website Audit
262
Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/categories.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /listproducts.php Details
Request GET /listproducts.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/categories.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /login.php Details
Request GET /login.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close Acunetix Website Audit
263
/logout.php Details
Request GET /logout.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/userinfo.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 Set-Cookie: login=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT /product.php Details
Request GET /product.php?pic=4 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Acunetix Website Audit
264
/product.php Details
Request GET /product.php?pic=5 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=2 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=3 HTTP/1.0 Acunetix Website Audit
265
Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=1 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Acunetix Website Audit
266
Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:39 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=7 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /product.php Details
Request GET /product.php?pic=6 HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/search.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:40 GMT Acunetix Website Audit
267
Content-Type: text/html Connection: close /search.php Details
Request GET /search.php?test=query HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /search.php Details
Request POST /search.php?test=query HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 22 Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Acunetix Website Audit
268
/secured/phpinfo.php Details
Request GET /secured/phpinfo.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/ Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 09:01:50 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /signup.php Details
Request GET /signup.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /userinfo.php Details
Acunetix Website Audit
269
Request POST /userinfo.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 158 Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/userinfo.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /userinfo.php Details
Request POST /userinfo.php HTTP/1.0 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Content-Length: 20 Connection: Close Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 Set-Cookie: login=test%2Ftest /userinfo.php Details
Request GET /userinfo.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix Website Audit
270
Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/userinfo.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
GHDB: Default phpinfo page Severity Informational Type Informational Reported by module GHDB - Google hacking database Description
Impact
Recommendation
Affected items /secured/phpinfo.php Details
Request GET /secured/phpinfo.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/ Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Acunetix Website Audit
271
Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 09:01:50 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
GHDB: phpinfo() Severity Informational Type Informational Reported by module GHDB - Google hacking database Description
Impact
Recommendation
Affected items /secured/phpinfo.php Details
Request GET /secured/phpinfo.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: mycookie=3 Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/ Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 09:01:50 GMT Content-Type: text/html Connection: close Acunetix Website Audit
272
Password type input with autocomplete enabled Severity Informational Type Informational Reported by module Crawler Description
Impact
Recommendation
Affected items /login.php Details Request GET /login.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Connection: Close Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:37 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /signup.php Details
Request GET /signup.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix Website Audit
273
Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2 /signup.php Details
Request GET /signup.php HTTP/1.0 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) Host: testphp.vulnweb.com Cookie: login=test%2Ftest Connection: Close Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Pragma: no-cache Acunetix-aspect-queries: filelist;aspectalerts Referer: http://testphp.vulnweb.com/login.php Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Response HTTP/1.1 200 OK Server: nginx/1.4.1 Date: Mon, 21 Aug 2017 08:34:38 GMT Content-Type: text/html Connection: close X-Powered-By: PHP/5.3.10-1~lucid+2uwsgi2
Acunetix Website Audit
274