Acunetix Website Audit 13 October, 2017

Developer Report

Generated by Acunetix WVS Reporter (v6.0 Build 20081124)

Scan of http://testphp.vulnweb.com:80/ Scan details Scan information Starttime Finish time Scan time Profile

8/21/2017 2:04:33 PM 8/21/2017 2:36:37 PM 32 minutes, 4 seconds default

Server information Responsive Server banner Server OS Server technologies

True nginx/1.4.1 Unknown PHP

Threat level

Alerts distribution Total alerts found

595

High

492

Medium

25

Low

25

Informational

53

Affected items / Parameter Alert group Severity Description

Email address found Informational

Recommendations /admin Parameter Alert group Severity Description

Directory listing found Low

Recommendations Detailed Acunetix Website Audit

2

Alert group Severity Description

Possible sensitive directories Low

Recommendations /AJAX/infoartist.php Parameter id Alert group Blind SQL/XPath injection Severity High Description

Recommendations Detailed

Acunetix Website Audit

3

Acunetix Website Audit

4

Acunetix Website Audit

5

/AJAX/infocateg.php Parameter id Alert group Blind SQL/XPath injection Severity High Description

Recommendations Detailed

Acunetix Website Audit

6

Acunetix Website Audit

7

Acunetix Website Audit

8

/AJAX/infotitle.php Parameter id Alert group Blind SQL/XPath injection Severity High Description

Recommendations Detailed

Acunetix Website Audit

9

Acunetix Website Audit

10

Acunetix Website Audit

11

/artists.php Parameter Alert group Severity Description

artist Blind SQL/XPath injection High

Recommendations Acunetix Website Audit

12

Detailed

Acunetix Website Audit

13

Acunetix Website Audit

14

Parameter Alert group Severity Description

Email address found Informational

Recommendations /cart.php Acunetix Website Audit

15

Parameter Alert group Severity Description

Email address found Informational

Recommendations /categories.php Parameter Alert group Severity Description

Email address found Informational

Recommendations /comment.php Parameter Alert group Severity Description

name Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

16

Acunetix Website Audit

17

Parameter Alert group Severity Description

Recommendations Parameter Alert group Severity Description

phpaction PHP code injection High

name Cookie manipulation Medium

Recommendations /CVS Parameter Alert group Severity Description

Directory listing found Low

Recommendations Detailed

/CVS/Entries Parameter Alert group Severity Description

CVS files found Low

Recommendations Acunetix Website Audit

18

/CVS/Repository Parameter Alert group Severity Description

CVS files found Low

Recommendations /CVS/Root Parameter Alert group Severity Description

CVS files found Low

Recommendations /disclaimer.php Parameter Alert group Severity Description

Email address found Informational

Recommendations /Flash Parameter Alert group Severity Description

Directory listing found Low

Recommendations Detailed

/guestbook.php Parameter Alert group Severity

login Cross Site Scripting High

Acunetix Website Audit

19

Description

Recommendations Detailed

Acunetix Website Audit

20

Parameter Alert group Severity Description

name Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

21

Acunetix Website Audit

22

Parameter Alert group Severity Description

text Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

23

Acunetix Website Audit

24

Parameter Alert group Severity Description

name Cookie manipulation Medium

Recommendations Parameter Alert group Severity Description

text Cookie manipulation Medium

Recommendations Parameter Alert group Severity Description

Email address found Informational

Recommendations /hpp/ Parameter Alert group Severity Description

pp Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

25

Acunetix Website Audit

26

/hpp/params.php Parameter Alert group Severity Description

p Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

27

Acunetix Website Audit

28

Parameter Alert group Severity Description

pp Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

29

Parameter Alert group Severity Description

p Cookie manipulation Medium

Recommendations Parameter Alert group

pp Cookie manipulation

Acunetix Website Audit

30

Severity Description

Medium

Recommendations /hpp/test.php Parameter Alert group Severity Description

Possible sensitive files Low

Recommendations /images Parameter Alert group Severity Description

Directory listing found Low

Recommendations Detailed

/index.bak Parameter Alert group Severity Description

Backup files Medium

Recommendations

Alert group Severity Description Recommendations Alert group Severity

Source code disclosure Medium

Email address found Informational

Acunetix Website Audit

31

Description

Recommendations /index.php Parameter Alert group Severity Description

Email address found Informational

Recommendations /index.zip Parameter Alert group Severity Description

Backup files Medium

Recommendations

/listproducts.php Parameter Alert group Severity Description

artist Blind SQL/XPath injection High

Recommendations Detailed

Acunetix Website Audit

32

Acunetix Website Audit

33

Acunetix Website Audit

34

Parameter Alert group Severity Description

cat Blind SQL/XPath injection High

Recommendations Detailed

Acunetix Website Audit

35

Acunetix Website Audit

36

Acunetix Website Audit

37

Parameter Alert group Severity Description

artist Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

38

Acunetix Website Audit

39

Parameter Alert group Severity Description

cat Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

40

Acunetix Website Audit

41

Parameter Alert group Severity Description

artist SQL injection High

Recommendations Detailed

Acunetix Website Audit

42

Acunetix Website Audit

43

Acunetix Website Audit

44

Parameter Alert group Severity Description

cat SQL injection High

Recommendations Detailed

Acunetix Website Audit

45

Acunetix Website Audit

46

Acunetix Website Audit

47

Parameter Alert group Severity Description

artist Cookie manipulation Medium

Recommendations Parameter Alert group Severity Description

cat Cookie manipulation Medium

Recommendations Parameter Alert group Severity Description

Recommendations Parameter Alert group Severity Description

Recommendations Parameter Alert group Severity Description

artist Application error message Low

cat Application error message Low

Email address found Informational

Recommendations /login.php Parameter Acunetix Website Audit

48

Alert group Severity Description Recommendations

User credentials are sent in clear text Low

Alert group Severity Description

Email address found Informational

Recommendations Alert group Severity Description

Password type input with autocomplete enabled Informational

Recommendations

/logout.php Parameter Alert group Severity Description

Email address found Informational

Recommendations /Mod_Rewrite_Shop/Details/color-printer/3 Parameter Alert group Broken links Severity Informational Description Recommendations /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1 Parameter Alert group Broken links Severity Informational Description Recommendations /Mod_Rewrite_Shop/Details/web-camera-a4tech/2 Parameter Alert group Broken links Severity Informational Description Recommendations Acunetix Website Audit

49

/Mod_Rewrite_Shop/images Parameter Alert group Directory listing found Severity Low Description

Recommendations Detailed

/privacy.php Parameter Alert group Severity Description

Broken links Informational

Recommendations /product.php Parameter Alert group Severity Description

pic Blind SQL/XPath injection High

Recommendations Detailed

Acunetix Website Audit

50

Acunetix Website Audit

51

Acunetix Website Audit

52

Parameter Alert group Severity Description

Hidden form input named price was found Low

Recommendations Alert group Severity Description

Email address found Informational

Recommendations /redir.php Parameter Alert group Severity

r URL redirection Low

Acunetix Website Audit

53

Description

Recommendations /search.php Parameter Alert group Severity Description

searchFor Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

54

Alert group Severity Description

Cookie manipulation Medium

Recommendations Parameter Acunetix Website Audit

55

Alert group Severity Description

Email address found Informational

Recommendations /secured Parameter Alert group Severity Description

Possible sensitive directories Low

Recommendations /secured/newuser.php Parameter uaddress Alert group Cross Site Scripting Severity High Description

Recommendations Detailed

Acunetix Website Audit

56

Acunetix Website Audit

57

Parameter Alert group Severity Description

ucc Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

58

Parameter Alert group Severity Description

uemail Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

59

Acunetix Website Audit

60

Parameter Alert group Severity Description

uphone Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

61

Acunetix Website Audit

62

Parameter Alert group Severity Description

urname Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

63

Parameter Alert group Severity

uuname Cross Site Scripting High

Acunetix Website Audit

64

Description

Recommendations Detailed

Acunetix Website Audit

65

Alert group Severity Description

SQL injection High

Recommendations Detailed

Acunetix Website Audit

66

Acunetix Website Audit

67

Acunetix Website Audit

68

Parameter Alert group Severity Description

uaddress Cookie manipulation Medium

Recommendations Parameter Alert group Severity Description

ucc Cookie manipulation Medium

Acunetix Website Audit

69

Recommendations Parameter Alert group Severity Description

uemail Cookie manipulation Medium

Recommendations Parameter Alert group Severity Description

uphone Cookie manipulation Medium

Recommendations Parameter Alert group Severity Description

urname Cookie manipulation Medium

Recommendations /secured/phpinfo.php Parameter Alert group PHPinfo page found Severity Medium Description

Recommendations Alert group Severity Description

Recommendations Alert group Severity

Email address found Informational

GHDB: Default phpinfo page Informational

Acunetix Website Audit

70

Description

Recommendations Alert group Severity Description

GHDB: phpinfo() Informational

Recommendations /showimage.php Parameter Alert group Severity Description

file Cross Site Scripting High

Recommendations Detailed

Acunetix Website Audit

71

Acunetix Website Audit

72

Alert group Severity Description

Recommendations Alert group Severity Description

Script source code disclosure High

Cookie manipulation Medium

Recommendations /signup.php Parameter Alert group Severity Description Recommendations Alert group Severity Description

Recommendations Alert group Severity Description

User credentials are sent in clear text Low

Email address found Informational

Password type input with autocomplete enabled Informational

Recommendations

/userinfo.php Parameter Alert group Severity

Email address found Informational

Acunetix Website Audit

73

Description

Recommendations Server Parameter Alert group Severity Description

Recommendations Alert group Severity Description

Proxy accepts CONNECT requests High

Insecure crossdomain.xml Medium

Recommendations

Acunetix Website Audit

74

Developer Report - WVSSingleScan1.pdf

Recommendations. Detailed. Acunetix Website Audit 3. Page 3 of 15. Developer Report - WVSSingleScan1.pdf. Developer Report - WVSSingleScan1.pdf. Open.
Download PDF
12MB Sizes 1 Downloads 151 Views
Report

Recommend Documents

Android Developer
Quickly evaluate and learn new technologies, libraries, concepts. ○ Independently drive features from concept and design through to completion. ○ Work remotely with a small, distributed team developing a full-stack application. ○ Plan and ... 2
Python Developer -
www.mpaani.com - [email protected] - twitter @mpaani - facebook/mpaani. Python Developer m.Paani (www.mpaani.com), an award-winning early stage ...
Nicolas Peltier - *adobe.com developer
Page 4. Demo. Page 5. Conclusion. • Lot of unmentioned pipes (ref, auth,..) and things they do,. • Needs usage, share & ideas, so please try & contribute! • Usage needs better distribution: • Could be used as a content aggregator,. • Could
Android Developer -
Experience creating and publishing successful apps to a prominent Android app store (such as Google Play Store or Amazon App Store). -‐ Thorough understanding of core Android concepts. -‐ Experience building apps compatible with Android OS versio
Nicolas Peltier - *adobe.com developer
Assembling sling blocks we
report
Mar 7, 2016 - a cluttered bin, can be performed with hardly any advance planning, relying instead ... attempt, and a large-scale data collection framework for.
report
Mar 7, 2016 - objects by embedding the finger into the center of the ob- ject, while harder objects were .... national Conference on Robotics and Automation, pp. 1316–1322, 2015. ... Contact Wrench Space Metrics. In IEEE International.
adobe pdf developer
... was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. adobe pdf developer.
Geoinformatics scientist / Software developer - VGDH
i.a. Python, Git, Ansible, Docker, Terraform, Jenkins, GitLab Runner, OpenShift, Kubernetes,. OpenStack, OpenNebula, PostgreSQL/PostGIS. Your qualifications. • profound knowledge of relational databases and/or array database management systems. •
pdf developer tools
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. pdf developer ...
Caprolactone ester polyurethane developer roller
Apr 19, 1995 - [21] App] No; 08/423,481. Primary Examiner—D. S. .... method of calculation of the Weight of the polyol is given in the associated product ...
Web Developer Beginner
SLIDESHOW/CAROUSEL. 4. Slideshow container. Caption text. Dots. Page 5. SLIDESHOW/CAROUSEL. 5. . . .
android developer pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. android ...
(Developer Reference (Paperback))
Book synopsis. Build advanced authentication solutions for any cloud or web environment Active Directory has been transformed to reflect the cloud revolution, ...
javascript developer job.pdf
team skilled in entrepreneurship, sales, technology and product. development. Looking forward to meeting you! Contact: Matthias Funk Matthias Posch. [email protected] [email protected]. +43-650-5051567. Page 2 of 2. javascript developer job.pdf. jav
GSA Connectors Developer Guide
Dec 2, 2014 - Advanced Access Control : Fragment ACL .... In the GSA Admin Console, go to Content Sources > Web Crawl > Start and Block URLs. 2.
Software Developer - Java.pdf
SQL. Skills: Development (e.g. .NET Framework, Java Framework, Other IDE). Portal (e.g. HTML, CSS, JAVA. scripting, Portlets with various integrations). Interfacing and Integration (Middleware Technologies). (ISO9001,ISO\IEC12207). Governance Process
Developer Best Practices
Related. Visual Models for Software Requirements (Best Practices (Microsoft)) · Mastering the ... Business Analysis Techniques: 99 Essential Tools for Success.
SPECIAL REPORT
Aug 15, 2017 - after the rising revenues outlook, while the hospital sector will ... 2Q17 aggregate net profit and normalized earnings of stocks under FSS ...
TEST REPORT
Nov 21, 2011 - Test Method: With reference to EN 717-1:2004, analysis was performed by UV-Vis. Test Item(s) ... Notes: (1) mg/m3 = milligram per cubic meter.
download report
Nov 12, 2014 - This would make sense if Ametek had a high degree of customer demand visibility; ...... For a Year Despite “Strong Operating Cash Flows” ...... in a variety of applications, including automotive, aerospace, micro-electronics,.
download report
Nov 12, 2014 - Since 2010, Ametek has acquired 11 companies from private equity (“PE”) .... 2x and 10-11x EV / 2014E Sales and EBITDA, respectively, its share price ...... faced in the new accounting software and steps are being taken to ...
T.P.S. REPORT
. 9. (2 points.) Suppose that David, a guy from Matthews Hall, fills out this form .... Back when David took CS50 in 1996, his laptop had only 4MB of RAM.
Maxime Pinard – Software developer intern - GitHub
Page 1 ... 3rd year student in a program leading to a computer science engineer degree, I am looking for a 6 month internship in development for. September ...