Executive Report

March 19, 2018 | Author: JamyJames | Category: Http Cookie, Websites, Java Script, Information Technology Management, Computer Data
Share
Report this link


Comments



Description

Acunetix Website Audit1 August, 2015 Developer Report Generated by Acunetix WVS Reporter (v9.5 Build 20140505) Scan of http://demo.testfire.net:80/ Scan details Scan information Start time Finish time Scan time Profile 8/1/2015 9:32:48 PM 8/1/2015 9:54:17 PM 21 minutes, 29 seconds Default Server information Responsive Server banner Server OS Server technologies True Microsoft-IIS/8.0 Windows ASP.NET Threat level Acunetix Threat Level 3 One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website. Alerts distribution Total alerts found 72 High 12 Medium 11 Low 16 Informational 33 Knowledge base List of file extensions File extensions can provide information on what technologies are being used on this website. List of file extensions detected: - aspx => 28 file(s) - css => 1 file(s) - asmx => 1 file(s) - js => 1 file(s) - txt => 2 file(s) - swf => 1 file(s) - htm => 6 file(s) - xml => 1 file(s) - rtf => 2 file(s) Top 10 response times The files listed below had the slowest response times measured during the crawling process. The average response time for this site was 499.50 ms. These files could be targetted in denial of service attacks. 1. /bank/queryxpath.aspx, response time 1264 ms GET /bank/queryxpath.aspx HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/bank/ Acunetix Website Audit 2 Acunetix-Aspect: enabled Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468; lang= Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* 2. /default.aspx, response time 592 ms GET /default.aspx HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468 Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* 3. /comment.aspx, response time 577 ms POST /comment.aspx HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/feedback.aspx Content-Length: 101 Content-Type: application/x-www-form-urlencoded Acunetix-Aspect: enabled Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468 Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* cfile=comments.txt&comments=1&email_addr=3137%20Laguna%20Street&name=scugpasj&subject=1&submit=Submit4 . /bank/ws.asmx, response time 577 ms GET /bank/ws.asmx?op=IsValidUser HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/bank/ws.asmx Acunetix-Aspect: enabled Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468; lang= Acunetix Website Audit 3 Access Vector: Network .deflate User-Agent: Mozilla/5./default.aspx .Availability Impact: Partial CWE-89 CWE Affected items /bank/login.aspx ./bank/login.www./bank/members List of external hosts These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts allowed.aspx .www.cert.aspx ./subscribe.org .macromedia./disclaimer.0 (Windows NT 6.2 inputs .Host: demo./survey_questions.htm Accept: */* List of files with inputs These files have at least one input (GET or POST). WOW64) AppleWebKit/537./bank/ws.netscape.(Settings->Scanners settings->Scanner->List of hosts allowed).com .com List of email addresses List of all email addresses found on this [email protected] .com Alerts summary Blind SQL Injection Classification Base Score: 6./search.www.tv . .1.htm .36 (KHTML.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.1 inputs List of authentication pages This is a list of pages that require HTTP authentication.Access Complexity: Medium .1 inputs .com/wvs/disc.Integrity Impact: Partial .fpdownload.aspx Acunetix Website Audit Variation s2 4 .com .0 (Acunetix Web Vulnerability Scanner .aspx .5 inputs .1 inputs .Authentication: None .watchfire.36 Acunetix-Product: WVS/9.63 Safari/537.Confidentiality Impact: Partial .1500.www./comment.1 inputs .www.www.asmx . . .acunetix.altoromutual.testfire. . like Gecko) Chrome/28.newspapersyndications.1 inputs .8 CVSS .1 inputs .com .aspx ./ .net Connection: Keep-alive Accept-Encoding: gzip.microsoft.1 inputs .0. Access Complexity: Medium .Confidentiality Impact: Partial .Availability Impact: None CWE-79 CWE Affected items /disclaimer.aspx Variation s1 DOM-based cross site scripting Classification Base Score: 4.Authentication: None .Access Complexity: Medium .Authentication: None .aspx /comment.aspx Variation s1 1 1 1 Directory traversal Classification Base Score: 6.4 CVSS .Access Vector: Network .Access Vector: Network .8 CVSS .Integrity Impact: Partial .Access Complexity: Low .Integrity Impact: Partial .Integrity Impact: Partial .Confidentiality Impact: None .Availability Impact: None CWE-79 CWE Affected items /bank/login.Cross site scripting (verified) Classification Base Score: 4.Integrity Impact: None .aspx /subscribe.Access Vector: Network .Access Vector: Network .Authentication: None .Availability Impact: Partial CWE-22 CWE Affected items /default.0 CVSS .4 CVSS .Access Complexity: Medium .Authentication: None .Availability Impact: None CWE-20 CWE Affected items / Acunetix Website Audit Variation s1 5 .Confidentiality Impact: Partial .Confidentiality Impact: None .htm Variation s1 Microsoft IIS tilde directory enumeration Classification Base Score: 5.aspx /search. Authentication: None .Access Vector: Network .0 CVSS .Access Vector: Network .Confidentiality Impact: Partial .aspx Variation s2 1 Basic authentication over HTTP Classification Base Score: 5.Integrity Impact: None .Availability Impact: None CWE-200 CWE Affected items /bank/login.aspx /subscribe.Integrity Impact: None .Access Complexity: Low .Integrity Impact: Partial .Authentication: None .aspx Variation s2 1 Application error message Classification Base Score: 5.SQL injection Classification Base Score: 6.Availability Impact: None CWE-538 CWE Affected items /bank /pr Acunetix Website Audit Variation s1 1 6 .Authentication: None .8 CVSS .Confidentiality Impact: Partial .0 CVSS .0 CVSS .Access Complexity: Medium .Access Vector: Network .Access Complexity: Low .Access Complexity: Low .Integrity Impact: None .Confidentiality Impact: Partial .Availability Impact: Partial CWE-89 CWE Affected items /bank/login.Access Vector: Network .Confidentiality Impact: Partial .Authentication: None .aspx /subscribe.Availability Impact: None CWE-16 CWE Affected items /bank/members/ Variation s1 Directory listing Classification Base Score: 5. Integrity Impact: None .Access Complexity: Low .aspx Variation s1 1 1 1 User credentials are sent in clear text Classification Base Score: 5.Confidentiality Impact: Partial .6 CVSS .aspx /feedback.Availability Impact: None CWE-352 CWE Affected items / /bank/login.0 CVSS .Availability Impact: None CWE-16 CWE Affected items / /bank Acunetix Website Audit Variation s1 1 7 .aspx /subscribe.Access Complexity: Low .Authentication: None .Availability Impact: None CWE-310 CWE Affected items /bank/login.Access Vector: Network .HTML form without CSRF protection Classification Base Score: 2.Access Vector: Network .NET debugging enabled Classification Base Score: 5.0 CVSS .Integrity Impact: Partial .Authentication: None .Access Vector: Network .Integrity Impact: None .Access Complexity: High .aspx Variation s1 ASP.Confidentiality Impact: Partial .Authentication: None .Confidentiality Impact: None . Access Complexity: Low .0 CVSS .Access Complexity: Low .Access Vector: Network .Confidentiality Impact: Partial .Availability Impact: Partial CWE-693 CWE Affected items Web Server Variation s1 Login page password-guessing attack Classification Base Score: 5.Access Complexity: Low .Availability Impact: None CWE-200 CWE Affected items /admin Acunetix Website Audit Variation s1 8 .Confidentiality Impact: Partial .Authentication: None .Access Complexity: Medium .0 CVSS .Access Vector: Network .Availability Impact: None CWE-200 CWE Affected items Web Server Variation s1 Possible sensitive directories Classification Base Score: 5.Clickjacking: X-Frame-Options header missing Classification Base Score: 6.Confidentiality Impact: Partial .Access Vector: Network .Access Vector: Network .8 CVSS .Integrity Impact: None .Authentication: None .Integrity Impact: None .Confidentiality Impact: Partial .Availability Impact: None CWE-307 CWE Affected items /bank/login.0 CVSS .Authentication: None .aspx Variation s1 OPTIONS method is enabled Classification Base Score: 5.Authentication: None .Integrity Impact: Partial .Integrity Impact: None . 0 CVSS .Access Complexity: Low .Confidentiality Impact: None .Access Complexity: Low .Availability Impact: None CWE-16 CWE Affected items / Variation s4 Session Cookie without Secure flag set Classification Base Score: 0.Availability Impact: None CWE-16 CWE Affected items / Acunetix Website Audit Variation s5 9 .0 CVSS .Possible sensitive files Classification Base Score: 5.Integrity Impact: None .Availability Impact: None CWE-200 CWE Affected items /test.0 CVSS .Authentication: None .Authentication: None .Integrity Impact: None .Access Vector: Network .Access Vector: Network .Confidentiality Impact: None .Confidentiality Impact: Partial .Access Complexity: Low .Integrity Impact: None .aspx Variation s1 Session Cookie without HttpOnly flag set Classification Base Score: 0.Authentication: None .Access Vector: Network . cs /inside_points_of_interest.Integrity Impact: None .cs /bank/transfer.cs /bank/bank.Authentication: None .Availability Impact: None CWE-200 CWE Affected items /business_cards.Access Complexity: Low .cs /bank/apply.htm /log.0 CVSS .aspx /index.aspx.master.cs /bank/main.aspx /header.aspx /info.aspx Acunetix Website Audit Variation s1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 10 .htm /inside_investor.Availability Impact: None CWE-16 CWE Affected items /bank/account.master /bank/bank.Confidentiality Impact: Partial .aspx /home.aspx.txt /security.aspx.cs /bank/transaction.cs /bank/customize.Confidentiality Impact: None .aspx /login.aspx.cs /bank/login.aspx.Access Vector: Network .Access Complexity: Low .aspx /inside_about.Access Vector: Network .cs /bank/logout.Integrity Impact: None .aspx /files.cs /bank/queryxpath.aspx /robots.aspx.htm Variation s1 1 1 1 1 1 1 1 1 1 1 1 Email address found Classification Base Score: 5.aspx.aspx.0 CVSS .aspx /orders.htm /signup.htm /cache.aspx /callback.Broken links Classification Base Score: 0.aspx.Authentication: None . Confidentiality Impact: None .aspx /bank/login.0 CVSS .aspx (825f8b5076aa7df703fc45c8fed863e5) /bank/login.cs /login.Availability Impact: None CWE-200 CWE Affected items /bank/login.Access Complexity: Low .aspx.aspx Acunetix Website Audit Variation s1 11 .aspx Variation s1 1 1 1 Password type input with auto-complete enabled Classification Base Score: 0.Integrity Impact: None .Authentication: None .GHDB: Typical login page Affected items /bank/login.Access Vector: Network . Check detailed information for more information about fixing this vulnerability. This is one of the most common application layer attacks currently being used on the Internet. it may be possible to read in or write out to files.http://www. The language of the web is full of special characters and strange markup (including alternate ways of representing the same characters). so there are three broad approaches that can be applied here. use sub selects. Recommendation Your script should filter metacharacters from user input. This may compromise the integrity of your database and/or expose sensitive information. It may be possible to not only manipulate existing queries.Alert details Blind SQL Injection Severity High Type Validation Reported by module Scripting (Blind_Sql_Injection.net/techtips/sql-injection. there is a large number of web applications vulnerable. Since . and efforts to authoritatively identify all "bad stuff" are unlikely to be successful. Depending on the back-end database in use. References VIDEO: SQL Injection tutorial OWASP PHP Top 5 SQL Injection Walkthrough OWASP Injection Flaws Acunetix SQL Injection Attack How to check for SQL injection vulnerabilities Detailed information Quote from SQL Injection Attacks by Example . but security people do (including the bad guys). Despite the fact that it is relatively easy to protect against.html SQL injection mitigations We believe that web application developers often simply do not think about "surprise inputs". Impact An attacker may execute arbitrary SQL statements on the vulnerable system. or append additional queries. If an attacker can obtain access to these procedures it may be possible to compromise the entire machine. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.an email address can contain only these characters: Acunetix Website Audit 12 . whether to the SQL server or to HTML itself. it's better to "remove everything but known good data": this distinction is crucial. In some cases. Instead. or to execute shell commands on the underlying operating system.unixwiz. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). rather than "remove known bad data". it's harder to point to all of them. SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. but this is a misguided attempt.script) Description This script is possibly vulnerable to SQL Injection attacks. such as quotes or semicolons or escapes. One's first idea is to strip out "bad stuff".in our example . Though it's easy to point out some dangerous characters. but to UNION in arbitrary data. Sanitize the input It's absolutely vital to sanitize user inputs to insure that they do not contain dangerous codes. -. this naive approach can be beaten because most databases support other string escape mechanisms. Getting quotes right is notoriously difficult. and rejecting them early . It doesn't stop with backslashes either: there is Unicode. and the usual SQL shenanigans follow.and it's compiled ("prepared". These methods must be used. a numeric PIN): SELECT fieldlist FROM table WHERE id = 23 OR 1=1. and a much better approach exists: bound parameters. but for any kind of real application. -. One includes an actual single quote in an SQL string by putting two of them together. and parsing oddities all hiding in the weeds to trip up the application designer.but wrong! . which is why many database interface languages provide a function that does it for you. so this suggests the obvious .a question mark for each parameter .is "protected" by doubling the quotes. which are supported by essentially all database programming interfaces. in SQL parlance) into an internal form. Later. we get: SELECT fieldlist FROM customers WHERE name = '\''.-_+ There is really no benefit in allowing characters that could not be valid. For "dates" or "email addresses" or "integers" it may have merit.Boom! The expression '\'' is a complete string (containing just one single quote). also permits \' to escape a quote. In this technique. it's much more likely that the process will be done properly and safely. this approach is highly limited because there are so few fields for which it's possible to outright exclude many of the dangerous characters.technique of preprocessing every string to replicate the single quotes: SELECT fieldlist FROM customers WHERE name = 'Bill O''Reilly'. Escape/Quotesafe the input Even if one might be able to sanitize a phone number or email address. Be aware that "sanitizing the input" doesn't mean merely "remove the quotes". we're still in the area of "considering user input as SQL". DROP TABLE users. because even "regular" characters can be troublesome. DROP TABLE users. MySQL. one simply cannot avoid the other mitigations. an SQL statement string is created with placeholders . for instance. In an example where an integer ID value is being compared against the user input (say.Boom! Always matches! In practice. so after input of \'. other encodings. -. Use bound parameters (the PREPARE statement) Though quotesafing is a good mechanism. --'.works OK However. but also catches mere typos early rather than stores them into the database. When the same internal code is used for "string quoting" and "string parsing". -. Some examples are the MySQL function mysql_real_escape_string() and perl DBD method $dbh->quote($value). however.not only helps forestall SQL Injection. this prepared query is "executed" with a list of parameters: Example in perl Acunetix Website Audit 13 .presumably with an error message .abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 @. one cannot take this approach with a "name" field lest one wishes to exclude the likes of Bill O'Reilly from one's application: a quote is simply a valid character for this field. . but this is minor compared to the enormous security benefits. and then attempt to limit how that can be leveraged to compromise other things. it would then switch that session to a database connection with more rights. There simply is nothing to subvert. Limit database permissions and segregate users In the case at hand. having a single definition for the operation means it's going to be more robust and easier to maintain.setString(1. Once the web application determined that a set of valid credentials had been passed via the login form."). Use stored procedures for database access When the database server supports them. and it is passed as positional parameter #1 (the first question mark). delete. use stored procedures for performing access on the application's behalf. The effect here is that even a "successful" SQL injection attack is going to have much more limited success. $email is the data obtained from the user's form. Thanks to Stefan Wagner. It should go almost without saying that sa rights should never be used for any web-based application. the "add new order" procedure might reject that order if the customer were over his credit limit). One ought to design the network infrastructure to assume that the bad guy will have full administrator access to the machine. This is probably the single most important step one can take to secure a web application.none of this has any impact. ResultSet rs = ps. because it's "just data". Note: it's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection . For instance. it's nevertheless still possible to miss something and leave the server open to compromise.executeQuery("SELECT email FROM member WHERE name = " + formField). backslashes. etc. but as the operations become more complicated (or are used in more than one place). which can eliminate SQL entirely (assuming the stored procedures themselves are written properly). we observed just two interactions that are made not in the context of a logged-in user: "log in" and "send me password". it can be tested and documented on a standalone basis and business rules enforced (for instance. Here. formField). Isolate the webserver Even having taken all these mitigation steps. For simple queries this might be only a minor benefit. $sth->execute($email). Quotes. putting the machine in a DMZ with extremely limited pinholes "inside" the network means that even getting Acunetix Website Audit 14 . so we'd have had to resort to other avenues. By encapsulating the rules for a certain action . so the application is be largely immune to SQL injection attacks. update.createStatement(). and no access to any other table.into a single procedure. ps. SQL comment notation .query. and at no point do the contents of this variable have anything to do with SQL statement parsing. we'd not have been able to do the UPDATE request that ultimately granted us access. ResultSet rs = s.executeQuery(). userid FROM members WHERE email = ?. The web application ought to use a database connection with the most limited rights possible: query-only access to the members table. There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once). semicolons.prepareStatement( "SELECT email FROM member WHERE name = ?").$sth = $dbh->prepare("SELECT email. // *boom* Secure version PreparedStatement ps = connection. this demonstrates bound parameters in Java: Insecure version Statement s = connection. Here.it's only proper binding with prepare/execute or direct SQL statements with bound variables that provide this protection. => FALSE .-1' OR 3+589-589-1=0+0+0+1 -.aspx HTTP/1.net:80/ Cookie: ASP. This won't stop everything. Configure error reporting The default error reporting for some frameworks includes developer debugging information.-1' OR 2+589-589-1=0+0+0+1 -. This information is useful to developers.testfire.-1' OR 3*2>(0+5+589-589) -.acunetix.0 X-AspNet-Version: 2. and this cannot be shown to outside users.36 (KHTML.NET_SessionId=rx35k455p05mwieaeevyb445.=> FALSE .net Connection: Keep-alive Accept-Encoding: gzip. amSessionId=15731163468. pointing to the syntax error involved.=> TRUE .0 (Acunetix Web Vulnerability Scanner .0. lang= Host: demo.36 Acunetix-Product: WVS/9.NET Date: Thu. 16 Jul 2015 06:59:07 GMT Connection: close Content-Length: 5297 Acunetix Website Audit 15 .50727 X-Powered-By: ASP. but it should be restricted .=> FALSE .deflate User-Agent: Mozilla/5.aspx Details URL encoded POST input passw was set to -1' OR 3*2*1=6 AND 000589=000589 -Tests performed: . WOW64) AppleWebKit/537.-1' OR 000589=000589 AND 3 . of course. Affected items /bank/login.. but it makes it a lot harder.testfire..-1' OR 2+1-1-1=1 AND 000589=000589 -.1 Content-Length: 80 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://demo. Imagine how much easier a time it makes for an attacker if the full query is shown.com/wvs/disc. (line truncated) Request headers POST /bank/login.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.htm Accept: */* btnSubmit=Login&passw=-1'%20OR%203*2*1%3d6%20AND%20000589%3d000589%20--%20&uid=1 Response headers HTTP/1.0. like Gecko) Chrome/28.to just internal users.-1' OR 3*2<(0+5+589-589) -.complete control of the webserver doesn't automatically grant full access to everything else.if possible .1 500 Internal Server Error Cache-Control: no-cache Pragma: no-cache Content-Type: text/html Expires: -1 Server: Microsoft-IIS/8.63 Safari/537.1.0 (Windows NT 6.=> TRUE .1500. NET_SessionId=rx35k455p05mwieaeevyb445.0 (Acunetix Web Vulnerability Scanner .=> FALSE .Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.com/wvs/disc.=> TRUE ./bank/login.aspx HTTP/1.0 X-AspNet-Version: 2. amSessionId=15731163468.htm Accept: */* btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=-1'%20OR%203*2*1%3d6%20AND%20000373%3d000373% 20--%20 Response headers HTTP/1.-1' OR 2+373-373-1=0+0+0+1 -. lang= Host: demo. path=/ Set-Cookie: amUserId=1.=> TRUE .50727 Set-Cookie: amUserInfo=UserName=LTEnIE9SIDMqMioxPTYgQU5EIDAwMDM3Mz0wMDAzNzMgLS0g&Password=ZzAwZFBhJC R3MHJE.36 Acunetix-Product: WVS/9.net:80/ Cookie: ASP.-1' OR 2+1-1-1=1 AND 000373=000373 -..1500. (line truncated) Request headers POST /bank/login.0 (Windows NT 6.0. path=/ X-Powered-By: ASP. WOW64) AppleWebKit/537.-1' OR 3*2>(0+5+373-373) -.aspx Details URL encoded POST input uid was set to -1' OR 3*2*1=6 AND 000373=000373 -Tests performed: .testfire.deflate User-Agent: Mozilla/5.-1' OR 3*2<(0+5+373-373) -. like Gecko) Chrome/28. 16-Jul-2015 09:59:42 GMT.aspx Server: Microsoft-IIS/8.net Connection: Keep-alive Accept-Encoding: gzip.36 (KHTML. charset=utf-8 Expires: -1 Location: /bank/main.NET Date: Thu.=> FALSE .1 302 Found Cache-Control: no-cache Pragma: no-cache Content-Length: 136 Content-Type: text/html.testfire.-1' OR 3+373-373-1=0+0+0+1 -.63 Safari/537..=> FALSE . 16 Jul 2015 06:59:42 GMT Acunetix Website Audit 16 .acunetix.0.1.-1' OR 000373=000373 AND 3+1 .1 Content-Length: 95 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://demo. expires=Thu. and to give guidance on detection and prevention. Some security people refer to Cross Site Scripting as XSS. Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. Dynamic websites suffer from a threat that static websites don't.cgisecurity. it creates an output page for the user containing the malicious data that was originally sent to it. called "Cross Site Scripting" (or XSS dubbed by other security professionals). Recommendation Your script should filter metacharacters from user input. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. ActiveX. containing a lot of dynamic content making the experience for the user more enjoyable. or simply just reading a web board or email message. If you hear someone say "I found a Acunetix Website Audit 17 .shtml Introduction Websites today are more complex than ever. "What is Cross Site Scripting?" Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user.NET Detailed information Quote from The Cross Site Scripting FAQ . Further details on how attacks like this are accomplished via "cookie theft" are explained in detail below. If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it. The data is usually gathered in the form of a hyperlink which contains malicious content within it. This FAQ was written to provide a better understanding of this emerging threat. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. "What does XSS and CSS mean?" Often people refer to Cross Site Scripting as CSS. HTML or Flash into a vulnerable application to fool a user in order to gather data from them. Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator.script) Description This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Impact Malicious users may inject JavaScript.Cross site scripting (verified) Severity High Type Validation Reported by module Scripting (XSS.http://www. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. instant message. After the data is collected by the web application. it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. References Acunetix Cross Site Scripting Attack VIDEO: How Cross-Site Scripting (XSS) Works The Cross Site Scripting Faq OWASP Cross Site Scripting XSS Annihilation XSS Filter Evasion Cheat Sheet Cross site scripting OWASP PHP Top 5 How To: Prevent Cross-Site Scripting in ASP. The user will most likely click on this link from another website. then it may be possible for "joe" to hijack my session just by reading his bulletin board post. but in a manner to make it appear as valid content from the website. VBScript.com/articles/xss-faq. An attacker can steal the session cookie and take over the account. Because a browser cannot know if the script should be trusted or not. impersonating the user. It is also possible to modify the content of the page presented to the user. There has been a lot of confusion with Cascading Style Sheets (CSS) and cross site scripting. Time. HTML. This can prevent cookie theft. Wired. and &gt. VBScript. which can erode customer and public confidence in the security and privacy of your organization's site. is also suggested when it comes to script output. Acunetix Website Audit 18 . Left unrepaired. If you visit one website and it links to CNN for example. Never trust user input and always filter metacharacters. or bulletin board post. Ebay. ActiveX. which may allow for limited execution. "Does encryption protect me?" Websites that use SSL (https) are in no way more protected than websites that are not encrypted. "What can I do to protect myself as a vendor?" This is a simple answer. and &#41. "What are the threats of Cross Site Scripting?" Often attackers will inject JavaScript. and in general is a safer thing to do. Cross Site Scripting has been found in various large sites recently and have been widely publicized. or false advertising is possible. People often think that because they see the lock on their browser it means everything is secure. If an attacker were to exploit a browser flaw (browser hole) it could then be possible to execute commands on the client's side.gov. In IE turn your security settings to high. Sometimes XSS can be executed automatically when you open an email. If command execution were possible it would only be possible on the client side. Yahoo. If you plan on opening an email. "What if I don't feel like fixing a CSS/XSS Hole?" By not fixing an XSS hole this could allow possible user account compromise in portions of your site as they get added or updated. If your client doesn't trust you why would they wish to do business with you? Affected items /bank/login. Filtering < and > alone will not solve all cross site scripting attacks and it is suggested you also attempt to filter out ( and ) by translating them to &#40. or Flash into a vulnerable application to fool a user (Read below for further details) in order to gather data from them. Apple computer. This will probably eliminate ninety percent of the problem. Often attackers will disclose these holes to the public. someone may discover it and publish a warning about your company. instead of clicking on it visit CNN's main site and use its search engine to find the content. New malicious uses are being found every day for XSS attacks. This of course also sends the message to your clients that you aren't dealing with every problem that arises. "What can I do to protect myself as a user?" The easiest way to protect yourself as a user is to only follow links from the main website you wish to view. The post below by Brett Moore brings up a good point with regard to "Denial Of Service". email attachment. Every month roughly 10-25 XSS holes are found in commercial products and advisories are published explaining the threat. they are talking about Cross Site Scripting for certain. This may damage your company's reputation. "How common are XSS holes?" Cross site scripting holes are gaining popularity among hackers as easy holes to find in large websites. cookie theft/poisoning. read a guestbook. One of the best ways to protect yourself is to turn off Javascript in your browser settings..com. or reading a post on a public board from a person you don't know BE CAREFUL. This will eliminate the majority of XSS attacks. and potential "auto-attacking" of hosts if a user simply reads a post on a message board. CNN. and Newsbytes have all had one form or another of XSS bugs. changing of user settings. This just isn't the case. Microsoft.XSS hole". depicting it as being lax on security matters. In simple terms XSS holes can be used to help exploit other holes that may exist in your browser. except the attack is taking place in an encrypted connection. Websites from FBI. Zdnet. and also # and & by translating them to &#35 (#) and &#38 (&).aspx Details URL encoded POST input uid was set to 1" onmouseover=prompt(931034) bad=" The input is reflected inside a tag parameter between double quotes. Converting < and > to &lt.com. which turns into a trust issue. The web applications work the same way as before. Remember XSS holes can be damaging and costly to your business if abused. Everything from account hijacking. "Can XSS holes allow command execution?" XSS holes can allow Javascript insertion. 16 Jul 2015 06:59:03 GMT /comment.36 Acunetix-Product: WVS/9.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.NET_SessionId=rx35k455p05mwieaeevyb445.1500.0 (Windows NT 6.NET_SessionId=rx35k455p05mwieaeevyb445.1 Content-Length: 147 Content-Type: application/x-www-form-urlencoded Referer: http://demo.testfire.0 (Acunetix Web Vulnerability Scanner .1.testfire.1 Content-Length: 90 Content-Type: application/x-www-form-urlencoded Referer: http://demo.0 X-AspNet-Version: 2.deflate User-Agent: Mozilla/5. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 7235 Content-Type: text/html.com/wvs/disc.1500. like Gecko) Chrome/28.NET Date: Thu. 16 Jul 2015 07:00:04 GMT Acunetix Website Audit 19 .acunetix. WOW64) AppleWebKit/537.net Connection: Keep-alive Accept-Encoding: gzip.htm Accept: */* btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=1%22%20onmouseover%3dprompt(931034)%20bad%3d% 22 Response headers HTTP/1.36 (KHTML.1. lang= Host: demo.testfire.aspx Details URL encoded POST input name was set to ctuysydc'"()&%<ScRiPt >prompt(975117)</ScRiPt> Request headers POST /comment.Request headers POST /bank/login.63 Safari/537.0.com/wvs/disc. lang= Host: demo. amSessionId=15731163468.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8819 Content-Type: text/html.net Connection: Keep-alive Accept-Encoding: gzip.net:80/ Cookie: ASP.0. amSessionId=15731163468.deflate User-Agent: Mozilla/5.aspx HTTP/1.net:80/ Cookie: ASP.50727 X-Powered-By: ASP.0 (Windows NT 6. like Gecko) Chrome/28.0.63 Safari/537.50727 X-Powered-By: ASP. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.testfire.htm Accept: */* cfile=comments.NET Date: Thu.acunetix.0. WOW64) AppleWebKit/537.36 Acunetix-Product: WVS/9.36 (KHTML.txt&comments=1&email_addr=3137%20Laguna%20Street&name=ctuysydc'%22()%26%2 5<ScRiPt%20>prompt(975117)</ScRiPt>&subject=1&submit=Submit Response headers HTTP/1.0 (Acunetix Web Vulnerability Scanner .0 X-AspNet-Version: 2.aspx HTTP/1. 36 (KHTML.1 Referer: http://demo.aspx Details URL encoded POST input txtEmail was set to sample%40email. lang= Host: demo.net:80/ Cookie: ASP./search.net:80/ Cookie: ASP.0 (Windows NT 6.36 (KHTML. Request headers POST /subscribe.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.NET_SessionId=rx35k455p05mwieaeevyb445.aspx?txtSearch=the'%22()%26%25<ScRiPt%20>prompt(922589)</ScRiPt> HTTP/1.com/wvs/disc.NET Date: Thu.tst<ScRiPt >prompt(966807)</ScRiPt> The input is reflected inside a text element. WOW64) AppleWebKit/537.acunetix.aspx HTTP/1. lang= Host: demo.testfire.deflate User-Agent: Mozilla/5. charset=utf-8 Server: Microsoft-IIS/8.63 Safari/537.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.50727 X-Powered-By: ASP.1 200 OK Cache-Control: private Content-Length: 7311 Content-Type: text/html.0. WOW64) AppleWebKit/537. 16 Jul 2015 06:59:37 GMT Acunetix Website Audit 20 .NET Date: Thu.testfire.testfire. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.0.36 Acunetix-Product: WVS/9.0.63 Safari/537.htm Accept: */* Response headers HTTP/1.com/wvs/disc.36 Acunetix-Product: WVS/9.net Connection: Keep-alive Accept-Encoding: gzip.0. like Gecko) Chrome/28.testfire.1 Content-Length: 83 Content-Type: application/x-www-form-urlencoded Referer: http://demo.0 X-AspNet-Version: 2.aspx Details URL encoded GET input txtSearch was set to the'"()&%<ScRiPt >prompt(922589)</ScRiPt> Request headers GET /search.0 X-AspNet-Version: 2.net Connection: Keep-alive Accept-Encoding: gzip.tst<ScRiPt%20>prompt(966807)</ScRiPt> Response headers HTTP/1.0 (Acunetix Web Vulnerability Scanner .1500.0 (Acunetix Web Vulnerability Scanner .1500.1. like Gecko) Chrome/28.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8710 Content-Type: text/html.50727 X-Powered-By: ASP.NET_SessionId=rx35k455p05mwieaeevyb445. amSessionId=15731163468.0 (Windows NT 6.1. 16 Jul 2015 06:58:32 GMT /subscribe.deflate User-Agent: Mozilla/5.htm Accept: */* btnSubmit=Subscribe&txtEmail=sample%2540email. amSessionId=15731163468.acunetix. aspx?content=./.. References Acunetix Directory Traversal Attacks Affected items /default. As a result.0. attackers step out of the root directory and access files in other directories. amSessionId=15731163468....1 Referer: http://demo.0.deflate User-Agent: Mozilla/5.net:80/ Cookie: ASP.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 7095 Content-Type: text/html... lang= Host: demo.NET_SessionId=rx35k455p05mwieaeevyb445././windows/win.0 (Windows NT 6.aspx Details URL encoded GET input content was set to ./windows/win.50727 X-Powered-By: ASP./.1.. WOW64) AppleWebKit/537././. attackers might view restricted files or execute commands../. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.com/wvs/disc.36 (KHTML. 16 Jul 2015 07:00:38 GMT Acunetix Website Audit 21 .ini%00.. for 16-bit app support Request headers GET /default.ini%00.net Connection: Keep-alive Accept-Encoding: gzip./..script) Description This script is possibly vulnerable to directory traversal attacks./. Recommendation Your script should filter metacharacters from user input.htm File contents found: .. like Gecko) Chrome/28.0 X-AspNet-Version: 2.acunetix..htm HTTP/1.63 Safari/537./.0 (Acunetix Web Vulnerability Scanner ./.. leading to a full compromise of the Web server./../. Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory.1500. Impact By exploiting directory traversal vulnerabilities.Directory traversal Severity High Type Validation Reported by module Scripting (Directory_Traversal./.testfire.36 Acunetix-Product: WVS/9./.testfire.NET Date: Thu./..Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www...htm Accept: */* Response headers HTTP/1././..../. After the data is collected by the web application. impersonating the user. While a traditional cross-site scripting vulnerability occurs on the server-side code. called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser. ActiveX. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. VBScript. References OWASP Cross Site Scripting How To: Prevent Cross-Site Scripting in ASP. If for example I was logged in as "john" and read a message by "joe" that contained malicious javascript in it. but in a manner to make it appear as valid content from the website. It is also possible to modify the content of the page presented to the user. then it may be possible for "joe" to hijack my session just by reading his bulletin board post.shtml Introduction Websites today are more complex than ever. document object model based cross-site scripting is a type of vulnerability which affects the script code in the client's browser. Further details on how attacks like this are accomplished via "cookie theft" are explained in detail below. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Dynamic websites suffer from a threat that static websites don't.cgisecurity.com/articles/xss-faq. or simply just reading a web board or email message. Impact Malicious users may inject JavaScript.http://www. Recommendation Your script should filter metacharacters from user input. Many popular guestbook and forum programs allow users to submit posts with html and javascript embedded in them. HTML or Flash into a vulnerable application to fool a user in order to gather data from them. The data is usually gathered in the form of a hyperlink which contains malicious content within it. Because a browser cannot know if the script should be trusted or not.DOM-based cross site scripting Severity High Type Validation Reported by module DeepScan Description This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. "What is Cross Site Scripting?" Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. This FAQ was written to provide a better understanding of this emerging threat. instant message. The user will most likely click on this link from another website. "What does XSS and CSS mean?" Acunetix Website Audit 22 . containing a lot of dynamic content making the experience for the user more enjoyable. it creates an output page for the user containing the malicious data that was originally sent to it. and to give guidance on detection and prevention. An attacker can steal the session cookie and take over the account.NET OWASP PHP Top 5 Cross site scripting XSS Annihilation The Cross Site Scripting Faq VIDEO: How Cross-Site Scripting (XSS) Works Acunetix Cross Site Scripting Attack XSS Filter Evasion Cheat Sheet Detailed information Quote from The Cross Site Scripting FAQ . Left unrepaired. Microsoft. Every month roughly 10-25 XSS holes are found in commercial products and advisories are published explaining the threat. and potential "auto-attacking" of hosts if a user simply reads a post on a message board. If you plan on opening an email. someone may discover it and publish a warning about your company. "What if I don't feel like fixing a CSS/XSS Hole?" By not fixing an XSS hole this could allow possible user account compromise in portions of your site as they get added or updated. "What can I do to protect myself as a vendor?" This is a simple answer. which may allow for limited execution. Time. or Flash into a vulnerable application to fool a user (Read below for further details) in order to gather data from them. "What can I do to protect myself as a user?" The easiest way to protect yourself as a user is to only follow links from the main website you wish to view. Apple computer. This can prevent cookie theft. is also suggested when it comes to script output. "Can XSS holes allow command execution?" XSS holes can allow Javascript insertion. "What are the threats of Cross Site Scripting?" Often attackers will inject JavaScript.com. Everything from account hijacking. The web applications work the same way as before. Wired.com. instead of clicking on it visit CNN's main site and use its search engine to find the content. This will eliminate the majority of XSS attacks. Converting < and > to &lt. The post below by Brett Moore brings up a good point with regard to "Denial Of Service". and Newsbytes have all had one form or another of XSS bugs. This will probably eliminate ninety percent of the problem. This may damage your company's reputation. CNN. If you visit one website and it links to CNN for example. or false advertising is possible. Filtering < and > alone will not solve all cross site scripting attacks and it is suggested you also attempt to filter out ( and ) by translating them to &#40. Never trust user input and always filter metacharacters. Websites from FBI. or bulletin board post. and &#41. email attachment. People often think that because they see the lock on their browser it means everything is secure. There has been a lot of confusion with Cascading Style Sheets (CSS) and cross site scripting.Often people refer to Cross Site Scripting as CSS. If your client doesn't trust you why would they wish to do business with you? Affected items Acunetix Website Audit 23 . depicting it as being lax on security matters.gov. In IE turn your security settings to high. Ebay. Zdnet. New malicious uses are being found every day for XSS attacks. and &gt. changing of user settings. and also # and & by translating them to &#35 (#) and &#38 (&). they are talking about Cross Site Scripting for certain. Yahoo. and in general is a safer thing to do. If an attacker were to exploit a browser flaw (browser hole) it could then be possible to execute commands on the client's side. which can erode customer and public confidence in the security and privacy of your organization's site. "How common are XSS holes?" Cross site scripting holes are gaining popularity among hackers as easy holes to find in large websites. or reading a post on a public board from a person you don't know BE CAREFUL. This of course also sends the message to your clients that you aren't dealing with every problem that arises. One of the best ways to protect yourself is to turn off Javascript in your browser settings. Cross Site Scripting has been found in various large sites recently and have been widely publicized. which turns into a trust issue. This just isn't the case. VBScript. In simple terms XSS holes can be used to help exploit other holes that may exist in your browser. read a guestbook. Some security people refer to Cross Site Scripting as XSS. If you hear someone say "I found a XSS hole". except the attack is taking place in an encrypted connection.. Remember XSS holes can be damaging and costly to your business if abused. Often attackers will disclose these holes to the public. ActiveX. Sometimes XSS can be executed automatically when you open an email. HTML. cookie theft/poisoning. If command execution were possible it would only be possible on the client side. "Does encryption protect me?" Websites that use SSL (https) are in no way more protected than websites that are not encrypted. %22%3Cbr%3E()locxss%22)url=java script:domxssExecutionSink(1.htm?wvstest=javascript:domxssExecutionSink(1."<br>()locxss")& Execution Sink: document./disclaimer.testfire.htm?wvstest=javascript:domxssExecutionSink(1.%22%3Cbr%3E()locxss%22)&:34 Acunetix Website Audit 24 .write HTML code written: javascript:domxssExecutionSink(1. Stack Trace: at http://demo..net/disclaimer.net/disclaimer.testfire."<br>()locxss")& ."<br>()locxss")url=javascript:domxss ExecutionSink(1.htm Details Source: Location Location: http://demo.. A Security Nightmare? Microsoft IIS Shortname Scanner PoC Affected items / Details No details are available.0 (Acunetix Web Vulnerability Scanner .htm Accept: */* Response headers HTTP/1.3) Filenames . Impact Possible sensitive information disclosure.deflate User-Agent: Mozilla/5.aspx" files as they have 4 letters in their extensions.0 (Windows NT 6.net Connection: Keep-alive Accept-Encoding: gzip.aspx?aspxerrorpath=/ HTTP/1.NET Date: Thu.0 X-Powered-By: ASP.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.1 Cookie: ASP. This can be a major issue especially for the .1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.36 (KHTML.63 Safari/537. Recommendation Consult the "Prevention Technique(s)" section from Soroush Dalili's paper on this subject.Microsoft IIS tilde directory enumeration Severity High Type Configuration Reported by module Scripting (IIS_Tilde_Dir_Enumeration.testfire. amSessionId=15731163468.1. Request headers GET //*~1*/a.com/wvs/disc. 16 Jul 2015 07:11:36 GMT Content-Length: 1245 Acunetix Website Audit 25 . it is possible to detect all short-names of ". A link to this paper is listed in the Web references section below.3 file naming scheme equivalent in Windows by using some vectors in several versions of Microsoft IIS.0.Net websites which are vulnerable to direct URL access as an attacker can find important files and folders that they are not normally visible.acunetix.NET_SessionId=rx35k455p05mwieaeevyb445. For instance. WOW64) AppleWebKit/537.1500. lang= Host: demo. References Windows Short (8. like Gecko) Chrome/28.script) Description It is possible to detect short names of files and directories which have an 8.36 Acunetix-Product: WVS/9. whether to the SQL server or to HTML itself. Check detailed information for more information about fixing this vulnerability. The language of the web is full of special characters and strange markup (including alternate ways of representing the same characters). It may be possible to not only manipulate existing queries.an email address can contain only these characters: abcdefghijklmnopqrstuvwxyz Acunetix Website Audit 26 .net/techtips/sql-injection. Since . This may compromise the integrity of your database and/or expose sensitive information. there is a large number of web applications vulnerable. References Acunetix SQL Injection Attack VIDEO: SQL Injection tutorial OWASP Injection Flaws How to check for SQL injection vulnerabilities SQL Injection Walkthrough OWASP PHP Top 5 Detailed information Quote from SQL Injection Attacks by Example . rather than "remove known bad data".http://www. SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. Instead. use sub selects.script) Description This script is possibly vulnerable to SQL Injection attacks.SQL injection Severity High Type Validation Reported by module Scripting (Sql_Injection. This is one of the most common application layer attacks currently being used on the Internet. SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.in our example . Despite the fact that it is relatively easy to protect against. but security people do (including the bad guys). Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). but to UNION in arbitrary data. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.unixwiz. so there are three broad approaches that can be applied here. Recommendation Your script should filter metacharacters from user input. such as quotes or semicolons or escapes. Sanitize the input It's absolutely vital to sanitize user inputs to insure that they do not contain dangerous codes. it's harder to point to all of them. it's better to "remove everything but known good data": this distinction is crucial. it may be possible to read in or write out to files. or append additional queries. If an attacker can obtain access to these procedures it may be possible to compromise the entire machine. Impact An attacker may execute arbitrary SQL statements on the vulnerable system. Depending on the back-end database in use. One's first idea is to strip out "bad stuff". but this is a misguided attempt. or to execute shell commands on the underlying operating system.html SQL injection mitigations We believe that web application developers often simply do not think about "surprise inputs". In some cases. Though it's easy to point out some dangerous characters. and efforts to authoritatively identify all "bad stuff" are unlikely to be successful. -.is "protected" by doubling the quotes. other encodings. so after input of \'. which are supported by essentially all database programming interfaces.not only helps forestall SQL Injection. for instance. -. we're still in the area of "considering user input as SQL". and rejecting them early . but for any kind of real application. an SQL statement string is created with placeholders . but also catches mere typos early rather than stores them into the database.technique of preprocessing every string to replicate the single quotes: SELECT fieldlist FROM customers WHERE name = 'Bill O''Reilly'. and a much better approach exists: bound parameters. this prepared query is "executed" with a list of parameters: Example in perl $sth = $dbh->prepare("SELECT email. One includes an actual single quote in an SQL string by putting two of them together. Acunetix Website Audit 27 . In this technique."). and the usual SQL shenanigans follow. we get: SELECT fieldlist FROM customers WHERE name = '\''. this naive approach can be beaten because most databases support other string escape mechanisms. For "dates" or "email addresses" or "integers" it may have merit. a numeric PIN): SELECT fieldlist FROM table WHERE id = 23 OR 1=1. These methods must be used. and parsing oddities all hiding in the weeds to trip up the application designer.ABCDEFGHIJKLMNOPQRSTUVWXYZ 0123456789 @. one cannot take this approach with a "name" field lest one wishes to exclude the likes of Bill O'Reilly from one's application: a quote is simply a valid character for this field.Boom! Always matches! In practice. -. --'. MySQL.presumably with an error message . which is why many database interface languages provide a function that does it for you. Use bound parameters (the PREPARE statement) Though quotesafing is a good mechanism. -. because even "regular" characters can be troublesome. Escape/Quotesafe the input Even if one might be able to sanitize a phone number or email address.Boom! The expression '\'' is a complete string (containing just one single quote).-_+ There is really no benefit in allowing characters that could not be valid. DROP TABLE users.but wrong! . userid FROM members WHERE email = ?. It doesn't stop with backslashes either: there is Unicode. this approach is highly limited because there are so few fields for which it's possible to outright exclude many of the dangerous characters.works OK However. Getting quotes right is notoriously difficult. however.and it's compiled ("prepared". Later. so this suggests the obvious .a question mark for each parameter . $sth->execute($email). DROP TABLE users. it's much more likely that the process will be done properly and safely. Be aware that "sanitizing the input" doesn't mean merely "remove the quotes". Some examples are the MySQL function mysql_real_escape_string() and perl DBD method $dbh->quote($value). In an example where an integer ID value is being compared against the user input (say. When the same internal code is used for "string quoting" and "string parsing". one simply cannot avoid the other mitigations. also permits \' to escape a quote. in SQL parlance) into an internal form. into a single procedure. it's nevertheless still possible to miss something and leave the server open to compromise. so we'd have had to resort to other avenues. update.prepareStatement( "SELECT email FROM member WHERE name = ?"). This is probably the single most important step one can take to secure a web application. . ResultSet rs = ps. It should go almost without saying that sa rights should never be used for any web-based application. SQL comment notation . This won't stop everything. The web application ought to use a database connection with the most limited rights possible: query-only access to the members table. and it is passed as positional parameter #1 (the first question mark). By encapsulating the rules for a certain action . because it's "just data". and at no point do the contents of this variable have anything to do with SQL statement parsing. having a single definition for the operation means it's going to be more robust and easier to maintain. Once the web application determined that a set of valid credentials had been passed via the login form. this demonstrates bound parameters in Java: Insecure version Statement s = connection. etc. use stored procedures for performing access on the application's behalf. Here. Acunetix Website Audit 28 . The effect here is that even a "successful" SQL injection attack is going to have much more limited success. we observed just two interactions that are made not in the context of a logged-in user: "log in" and "send me password". // *boom* Secure version PreparedStatement ps = connection. Limit database permissions and segregate users In the case at hand. For instance.setString(1.executeQuery("SELECT email FROM member WHERE name = " + formField). Quotes. which can eliminate SQL entirely (assuming the stored procedures themselves are written properly). and no access to any other table. it can be tested and documented on a standalone basis and business rules enforced (for instance. Note: it's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection . There simply is nothing to subvert. There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once). One ought to design the network infrastructure to assume that the bad guy will have full administrator access to the machine.Thanks to Stefan Wagner. $email is the data obtained from the user's form. formField). but it makes it a lot harder. For simple queries this might be only a minor benefit. putting the machine in a DMZ with extremely limited pinholes "inside" the network means that even getting complete control of the webserver doesn't automatically grant full access to everything else. the "add new order" procedure might reject that order if the customer were over his credit limit). semicolons.query. Isolate the webserver Even having taken all these mitigation steps. Use stored procedures for database access When the database server supports them.none of this has any impact. and then attempt to limit how that can be leveraged to compromise other things. of course.executeQuery(). Here. it would then switch that session to a database connection with more rights. delete. ps.createStatement(). but this is minor compared to the enormous security benefits. backslashes. so the application is be largely immune to SQL injection attacks.it's only proper binding with prepare/execute or direct SQL statements with bound variables that provide this protection. ResultSet rs = s. but as the operations become more complicated (or are used in more than one place). we'd not have been able to do the UPDATE request that ultimately granted us access. 63 Safari/537.net Connection: Keep-alive Accept-Encoding: gzip.36 (KHTML.0. but it should be restricted .to just internal users.if possible .63 Safari/537.com/wvs/disc.NET_SessionId=rx35k455p05mwieaeevyb445.testfire.0 (Acunetix Web Vulnerability Scanner .NET Date: Thu. WOW64) AppleWebKit/537.0.0 (Windows NT 6. amSessionId=15731163468.htm Accept: */* btnSubmit=Login&passw=1'%22&uid=1 Response headers HTTP/1. 16 Jul 2015 06:58:55 GMT Connection: close Content-Length: 6381 /bank/login. Affected items /bank/login. and this cannot be shown to outside users.testfire.net Connection: Keep-alive Accept-Encoding: gzip.0.aspx Details URL encoded POST input passw was set to 1'" Error message found: Syntax error in string in query expression Request headers POST /bank/login.acunetix.com/wvs/disc.Configure error reporting The default error reporting for some frameworks includes developer debugging information.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.36 (KHTML.deflate User-Agent: Mozilla/5. amSessionId=15731163468. WOW64) AppleWebKit/537.1.50727 X-Powered-By: ASP.1500.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.1500. like Gecko) Chrome/28. like Gecko) Chrome/28.aspx HTTP/1. lang= Host: demo.36 Acunetix-Product: WVS/9.NET_SessionId=rx35k455p05mwieaeevyb445.aspx Details URL encoded POST input uid was set to 1'" Error message found: Syntax error in string in query expression Request headers POST /bank/login.testfire.0 (Windows NT 6.deflate User-Agent: Mozilla/5.acunetix.testfire.aspx HTTP/1.net:80/ Cookie: ASP.1 Content-Length: 33 Content-Type: application/x-www-form-urlencoded Referer: http://demo.0 X-AspNet-Version: 2.net:80/ Cookie: ASP.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner .1.htm Accept: */* Acunetix Website Audit 29 .1 500 Internal Server Error Cache-Control: no-cache Pragma: no-cache Content-Type: text/html Expires: -1 Server: Microsoft-IIS/8. pointing to the syntax error involved. lang= Host: demo. This information is useful to developers.1 Content-Length: 48 Content-Type: application/x-www-form-urlencoded Referer: http://demo. Imagine how much easier a time it makes for an attacker if the full query is shown. Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.1 Content-Length: 34 Content-Type: application/x-www-form-urlencoded Referer: http://demo.net:80/ Cookie: ASP.1.0.50727 X-Powered-By: ASP.NET_SessionId=rx35k455p05mwieaeevyb445.com/wvs/disc.aspx HTTP/1.NET Date: Thu.36 (KHTML.0. like Gecko) Chrome/28.0 X-AspNet-Version: 2.1500.0 X-AspNet-Version: 2.testfire. WOW64) AppleWebKit/537.htm Accept: */* btnSubmit=Subscribe&txtEmail=1'%22 Response headers HTTP/1.acunetix.50727 X-Powered-By: ASP.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner .1 500 Internal Server Error Cache-Control: no-cache Pragma: no-cache Content-Type: text/html Expires: -1 Server: Microsoft-IIS/8.NET Date: Thu. lang= Host: demo. amSessionId=15731163468. 16 Jul 2015 06:59:38 GMT Connection: close Content-Length: 5603 Acunetix Website Audit 30 .testfire.0 (Windows NT 6.63 Safari/537.0.aspx Details URL encoded POST input txtEmail was set to 1'" Error message found: Syntax error in string in query expression Request headers POST /subscribe.btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=1'%22 Response headers HTTP/1.net Connection: Keep-alive Accept-Encoding: gzip.deflate User-Agent: Mozilla/5. 16 Jul 2015 06:59:08 GMT Connection: close Content-Length: 6403 /subscribe.1 500 Internal Server Error Cache-Control: no-cache Pragma: no-cache Content-Type: text/html Expires: -1 Server: Microsoft-IIS/8. aspx HTTP/1.deflate User-Agent: Mozilla/5. References PHP Runtime Configuration Affected items /bank/login.1 500 Internal Server Error Cache-Control: no-cache Pragma: no-cache Content-Type: text/html Expires: -1 Server: Microsoft-IIS/8. This may be a false positive if the error message is found in documentation pages.aspx Details URL encoded POST input passw was set to 12345'"\'\").script) Description This page contains an error/warning message that may disclose sensitive information. lang= Host: demo.0.|]*{%0d%0a<%00>%bf%27' Error message found: System.36 Acunetix-Product: WVS/9. This information can be used to launch further attacks.1500.net:80/ Cookie: ASP.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. like Gecko) Chrome/28.acunetix.0 (Windows NT 6.OleDbException: Syntax error (missing operator) in query expression 'username = '1' AND password = '12345'"\'\")'.testfire.NET_SessionId=rx35k455p05mwieaeevyb445. WOW64) AppleWebKit/537.NET Date: Thu.htm Accept: */* btnSubmit=Login&passw=12345'"\'\").1.1 Content-Length: 63 Content-Type: application/x-www-form-urlencoded Referer: http://demo. Impact The error messages may disclose sensitive information.com/wvs/disc.net Connection: Keep-alive Accept-Encoding: gzip.Data. Recommendation Review the source code for this script.0 (Acunetix Web Vulnerability Scanner .Application error message Severity Medium Type Validation Reported by module Scripting (Error_Message. The message can also contain the location of the file that produced the unhandled exception. amSessionId=15731163468.testfire.36 (KHTML.0.50727 X-Powered-By: ASP.63 Safari/537. Request headers POST /bank/login.OleDb.|]*{%0d%0a<%00>%bf%27'&uid=1 Response headers HTTP/1.0 X-AspNet-Version: 2. 16 Jul 2015 06:58:46 GMT Connection: close Content-Length: 6406 Acunetix Website Audit 31 . Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.0 (Windows NT 6.aspx Details URL encoded POST input txtEmail was set to 12345'"\'\").|]*{%0d%0a<%00>%bf%27' Response headers HTTP/1.36 (KHTML.0. WOW64) AppleWebKit/537.1500.1 Content-Length: 64 Content-Type: application/x-www-form-urlencoded Referer: http://demo.|]*{%0d%0a<%00>%bf%27' Error message found: System.36 Acunetix-Product: WVS/9./bank/login. like Gecko) Chrome/28.1 500 Internal Server Error Cache-Control: no-cache Pragma: no-cache Content-Type: text/html Expires: -1 Server: Microsoft-IIS/8.htm Accept: */* btnSubmit=Subscribe&txtEmail=12345'"\'\"). lang= Host: demo.0 (Acunetix Web Vulnerability Scanner .NET_SessionId=rx35k455p05mwieaeevyb445.63 Safari/537. 16 Jul 2015 06:58:48 GMT Connection: close Content-Length: 6368 /subscribe.testfire.OleDb.OleDb.OleDbException: Syntax error (missing operator) in query expression 'username = '12345'"\'\")'.0 (Windows NT 6.63 Safari/537. like Gecko) Chrome/28.testfire.NET_SessionId=rx35k455p05mwieaeevyb445.htm Accept: */* btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=12345'"\'\").1.testfire.com/wvs/disc.aspx Details URL encoded POST input uid was set to 12345'"\'\").testfire.0 (Acunetix Web Vulnerability Scanner .aspx HTTP/1.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.|]*{%0d%0a<%00>%bf%27' Error message found: System.50727 X-Powered-By: ASP.0. amSessionId=15731163468.com/wvs/disc.OleDbException: Syntax error (missing operator) in query expression ''12345'"\'\"'.aspx HTTP/1. WOW64) AppleWebKit/537.0 Acunetix Website Audit 32 .net Connection: Keep-alive Accept-Encoding: gzip.0.0 X-AspNet-Version: 2. lang= Host: demo.acunetix. Request headers POST /bank/login.NET Date: Thu.36 Acunetix-Product: WVS/9.1500.acunetix. amSessionId=15731163468.1 500 Internal Server Error Cache-Control: no-cache Pragma: no-cache Content-Type: text/html Expires: -1 Server: Microsoft-IIS/8.deflate User-Agent: Mozilla/5.Data.net Connection: Keep-alive Accept-Encoding: gzip.net:80/ Cookie: ASP.1 Content-Length: 78 Content-Type: application/x-www-form-urlencoded Referer: http://demo.deflate User-Agent: Mozilla/5.net:80/ Cookie: ASP.36 (KHTML.|]*{%0d%0a<%00>%bf%27' Response headers HTTP/1.1. Request headers POST /subscribe.Data. 0.NET Date: Thu.50727 X-Powered-By: ASP.X-AspNet-Version: 2. 16 Jul 2015 06:59:06 GMT Connection: close Content-Length: 5643 Acunetix Website Audit 33 . With Basic Authentication the user credentials are sent as cleartext and because HTTPS is not used. References Basic access authentication Affected items /bank/members/ Details No details are available.Basic authentication over HTTP Severity Medium Type Configuration Reported by module Scripting (Basic_Auth_Over_HTTP. Impact User credentials are sent as cleartext and are vulnerable to packet sniffing. This directory is protected using Basic Authentication over an HTTP connection. Recommendation Use Basic Authentication over an HTTPS connection. Acunetix Website Audit 34 . basic access authentication is a method for an HTTP user agent to provide a user name and password when making a request. they are vulnerable to packet sniffing.script) Description In the context of an HTTP transaction. On IIS is named default. Impact A user can view a list of all files from this directory possibly exposing sensitive information.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo. References Directory Listing and Information Disclosure Detailed information How to disable directory listings .deflate User-Agent: Mozilla/5.NET_SessionId=rx35k455p05mwieaeevyb445.aspx. Recommendation You should make sure the directory does not contain sensitive information or you may want to restrict directory listings from the web server configuration. In the configuration file you will have the definition of the directory.0 (Acunetix Web Vulnerability Scanner .acunetix.script) Description The web server is configured to display the list of files contained in this directory.0 Acunetix Website Audit 35 .0.. .net Connection: Keep-alive Accept-Encoding: gzip. WOW64) AppleWebKit/537.1500.For Apache you need to edit the Apache configuration file (usually named httpd. This is not recommended because the directory may contain files that are not normally exposed through links on the web site.conf) or create an . Affected items /bank Details Pattern found: <A HREF="/">[To Parent Directory]</A> Request headers GET /bank/ HTTP/1. charset=UTF-8 Server: Microsoft-IIS/8.com/wvs/disc. amSessionId=15731163468 Host: demo.htm.36 Acunetix-Product: WVS/9. default. </Directory> To disable directory listing for that directory you need to remove the 'Indexes' option. On Apache is called index. Something like <Directory /directoryname/subdirectory> Options Indexes FollowSymLinks .1 200 OK Content-Type: text/html.htm Accept: */* Response headers HTTP/1.html.1.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.htaccess file.The easiest way to disable directory listing is to create an index file..asp. default. like Gecko) Chrome/28.htm. The name of the index file depends on the web server configuration.63 Safari/537.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist. . index.Directory listing Severity Medium Type Information Reported by module Scripting (Directory_Listing.testfire.On IIS directory listings are disabled by default.testfire.aspectalerts Cookie: ASP.0 (Windows NT 6.36 (KHTML. 0 X-Powered-By: ASP.acunetix. like Gecko) Chrome/28.NET Date: Thu.net/pr/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.36 Acunetix-Product: WVS/9.0.0 (Acunetix Web Vulnerability Scanner .1.net Connection: Keep-alive Accept-Encoding: gzip.63 Safari/537. WOW64) AppleWebKit/537.X-Powered-By: ASP.NET Date: Thu.NET_SessionId=rx35k455p05mwieaeevyb445. amSessionId=15731163468 Host: demo.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.testfire.36 (KHTML.1 200 OK Content-Type: text/html.1500.com/wvs/disc. 16 Jul 2015 06:57:39 GMT Content-Length: 2297 /pr Details Pattern found: <A HREF="/">[To Parent Directory]</A> Request headers GET /pr/ HTTP/1. charset=UTF-8 Server: Microsoft-IIS/8.0 (Windows NT 6.deflate User-Agent: Mozilla/5.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.htm Accept: */* Response headers HTTP/1.aspectalerts Cookie: ASP.testfire. 16 Jul 2015 06:57:41 GMT Content-Length: 517 Acunetix Website Audit 36 . 36 (KHTML.txtSearch [Text] Request headers GET / HTTP/1.htm Accept: */* Response headers HTTP/1. WOW64) AppleWebKit/537.aspectalerts Cookie: ASP.0 (Acunetix Web Vulnerability Scanner . Consult details for more information about the affected HTML form.net Connection: Keep-alive Accept-Encoding: gzip.50727 X-Powered-By: ASP.NET Acunetix Website Audit 37 . amSessionId=15731163468 Host: demo.deflate User-Agent: Mozilla/5. this can compromise the entire web application. manual confirmation is required.testfire. A successful CSRF exploit can compromise end user data and operation in case of normal user. Acunetix WVS found a HTML form with no apparent CSRF protection implemented. also known as a one-click attack or session riding and abbreviated as CSRF or XSRF.com/wvs/disc. is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Impact An attacker may force the users of a web application to execute actions of the attacker''s choosing.0 (Windows NT 6.aspx Form method: GET Form inputs: .63 Safari/537. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8. Cross-site request forgery.1.NET_SessionId=rx35k455p05mwieaeevyb445.HTML form without CSRF protection Severity Medium Type Informational Reported by module Crawler Description This alert may be a false positive.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. like Gecko) Chrome/28. Affected items / Details Form name: <empty> Form action: http://demo.testfire.net/search. If the targeted end user is the administrator account.36 Acunetix-Product: WVS/9.0.acunetix.1 Pragma: no-cache Cache-Control: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.0.0 X-AspNet-Version: 2. Recommendation Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.1500. 36 Acunetix-Product: WVS/9. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.email_addr [Text] .testfire.net Connection: Keep-alive Accept-Encoding: gzip.testfire.btnSubmit [Submit] Request headers GET /bank/login.aspectalerts Cookie: ASP.0 X-AspNet-Version: 2.net/comment.Date: Thu.0.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. 16 Jul 2015 06:57:36 GMT /feedback.aspx Details Form name: cmt Form action: http://demo.comments [TextArea] .1.1500.NET_SessionId=rx35k455p05mwieaeevyb445.cfile [Hidden] .1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.aspx HTTP/1. 16 Jul 2015 06:57:33 GMT /bank/login.uid [Text] .0 (Windows NT 6.testfire.aspectalerts Acunetix Website Audit 38 . amSessionId=15731163468 Host: demo.testfire.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.50727 X-Powered-By: ASP.aspx HTTP/1.htm Accept: */* Response headers HTTP/1.name [Text] .aspx Details Form name: login Form action: http://demo.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.NET Date: Thu.deflate User-Agent: Mozilla/5.submit [Submit] Request headers GET /feedback.aspx Form method: POST Form inputs: .0 (Acunetix Web Vulnerability Scanner . like Gecko) Chrome/28.subject [Text] .acunetix.36 (KHTML.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8729 Content-Type: text/html.0.aspx Form method: POST Form inputs: .net/bank/login.testfire. WOW64) AppleWebKit/537.63 Safari/537.passw [Password] .com/wvs/disc.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist. 0.testfire.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.0. WOW64) AppleWebKit/537.testfire.0 X-AspNet-Version: 2.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8655 Content-Type: text/html.aspx HTTP/1.deflate User-Agent: Mozilla/5.36 Acunetix-Product: WVS/9. like Gecko) Chrome/28.aspx Details Form name: subscribe Form action: http://demo.36 (KHTML.htm Accept: */* Response headers HTTP/1.63 Safari/537.deflate User-Agent: Mozilla/5.1.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.NET Date: Thu.txtEmail [Text] .aspx Form method: POST Form inputs: .NET_SessionId=rx35k455p05mwieaeevyb445.NET_SessionId=rx35k455p05mwieaeevyb445.0 (Acunetix Web Vulnerability Scanner .0 (Acunetix Web Vulnerability Scanner .testfire.com/wvs/disc.1500.50727 X-Powered-By: ASP.NET Date: Thu. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.36 Acunetix-Product: WVS/9.1500.htm Accept: */* Response headers HTTP/1. WOW64) AppleWebKit/537.net/subscribe.0. amSessionId=15731163468 Host: demo.63 Safari/537.net Connection: Keep-alive Accept-Encoding: gzip.com/wvs/disc.btnSubmit [Submit] Request headers GET /subscribe.testfire.50727 X-Powered-By: ASP. like Gecko) Chrome/28. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.0 (Windows NT 6. 16 Jul 2015 06:57:36 GMT /subscribe.0.36 (KHTML.net/subscribe.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8721 Content-Type: text/html.1.aspectalerts Cookie: ASP.swf Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.Cookie: ASP.0 (Windows NT 6.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo. 16 Jul 2015 06:57:40 GMT Acunetix Website Audit 39 .net Connection: Keep-alive Accept-Encoding: gzip.acunetix.0 X-AspNet-Version: 2. amSessionId=15731163468 Host: demo. Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.net/bank/login. Impact A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection. Recommendation Because user credentials are considered sensitive information.btnSubmit [Submit] Request headers GET /bank/login.passw [Password] .0 (Acunetix Web Vulnerability Scanner .deflate User-Agent: Mozilla/5.testfire. Affected items /bank/login.User credentials are sent in clear text Severity Medium Type Configuration Reported by module Crawler Description User credentials are transmitted over an unencrypted channel.com/wvs/disc.0. WOW64) AppleWebKit/537.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8729 Content-Type: text/html.1.0 (Windows NT 6.htm Accept: */* Response headers HTTP/1.NET_SessionId=rx35k455p05mwieaeevyb445.aspx HTTP/1.acunetix.aspectalerts Cookie: ASP. should always be transferred to the server over an encrypted connection (HTTPS). 16 Jul 2015 06:57:36 GMT Acunetix Website Audit 40 .63 Safari/537.uid [Text] .0.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.net Connection: Keep-alive Accept-Encoding: gzip.testfire.1500.36 Acunetix-Product: WVS/9.0 X-AspNet-Version: 2.aspx Details Form name: login Form action: http://demo.50727 X-Powered-By: ASP. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.aspx Form method: POST Form inputs: .NET Date: Thu. like Gecko) Chrome/28. This information should always be transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.testfire.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.36 (KHTML. amSessionId=15731163468 Host: demo. debugging is disabled.com/wvs/disc.ASP.Free Edition) Acunetix Website Audit 41 .1500.0 (Acunetix Web Vulnerability Scanner .1500. Recommendation Check References for details on how to fix this problem.1. Request headers DEBUG /bank/acunetix_invalid_filename.36 (KHTML.36 Acunetix-Product: WVS/9.deflate User-Agent: Mozilla/5.net Connection: Keep-alive Accept-Encoding: gzip.0 (Acunetix Web Vulnerability Scanner .deflate User-Agent: Mozilla/5.testfire. charset=utf-8 Server: Microsoft-IIS/8.NET_SessionId=rx35k455p05mwieaeevyb445.htm Accept: */* Response headers HTTP/1.NET debugging enabled Severity Low Type Validation Reported by module Scripting (ASP-NET_Debugging_Enabled.36 Acunetix-Product: WVS/9.1 Command: stop-debug Cookie: ASP.50727 X-Powered-By: ASP.NET Date: Thu.1 Command: stop-debug Cookie: ASP.script) Description ASP.63 Safari/537.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. amSessionId=15731163468. lang= Host: demo. like Gecko) Chrome/28.63 Safari/537.0. Impact It may be possible to disclose sensitive information about the web sever the ASP.acunetix.1 200 OK Cache-Control: private Content-Length: 2 Content-Type: text/html. Request headers DEBUG /acunetix_invalid_filename. like Gecko) Chrome/28. and although debugging is frequently enabled to troubleshoot a problem.0 (Windows NT 6.aspx HTTP/1. it is also frequently not disabled again after the problem is resolved.0.NET debugging is enabled on this application. WOW64) AppleWebKit/537.aspx HTTP/1. 16 Jul 2015 07:11:21 GMT /bank Details No details are available.36 (KHTML.NET_SessionId=rx35k455p05mwieaeevyb445.NET application. By default.0 X-AspNet-Version: 2.net Connection: Keep-alive Accept-Encoding: gzip. References HOW TO: Disable Debugging for ASP. It is recommended to disable debug mode before deploying a production application. WOW64) AppleWebKit/537.testfire.0 (Windows NT 6.NET Applications Affected items / Details No details are available.1. lang= Host: demo.0. amSessionId=15731163468. com/wvs/disc.0 X-AspNet-Version: 2.NET Date: Thu. 16 Jul 2015 07:11:26 GMT Acunetix Website Audit 42 .50727 X-Powered-By: ASP.acunetix.0.Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.1 200 OK Cache-Control: private Content-Length: 2 Content-Type: text/html.htm Accept: */* Response headers HTTP/1. charset=utf-8 Server: Microsoft-IIS/8. NET_SessionId=rx35k455p05mwieaeevyb445. UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on. by ensuring that their content is not embedded into other sites.63 Safari/537.htm Accept: */* Response headers HTTP/1.1 Cookie: ASP. Impact The impact depends on the affected web application.0 (Windows NT 6.script) Description Clickjacking (User Interface redress attack.testfire. UI redress attack.com/wvs/disc.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.NET Date: Thu. thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. Sites can use this to avoid clickjacking attacks.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html.1500.0. References Clickjacking Original Clickjacking paper The X-Frame-Options response header Affected items Web Server Details No details are available. 16 Jul 2015 06:57:33 GMT Acunetix Website Audit 43 . The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Consult Web references for more information about the possible values for this header.0 X-AspNet-Version: 2. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8. Request headers GET / HTTP/1. like Gecko) Chrome/28.acunetix.deflate User-Agent: Mozilla/5. Recommendation Configure your web server to include an X-Frame-Options header.Clickjacking: X-Frame-Options header missing Severity Low Type Configuration Reported by module Scripting (Clickjacking_X_Frame_Options. WOW64) AppleWebKit/537.0.net Connection: Keep-alive Accept-Encoding: gzip.0 (Acunetix Web Vulnerability Scanner .1.36 Acunetix-Product: WVS/9.50727 X-Powered-By: ASP. amSessionId=15731163468 Host: demo.36 (KHTML. Recommendation It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. 16 Jul 2015 06:58:52 GMT Acunetix Website Audit 44 . HttpOnly Set-Cookie: amSessionId=15853163765.net Connection: Keep-alive Accept-Encoding: gzip.com/wvs/disc.deflate User-Agent: Mozilla/5.36 Acunetix-Product: WVS/9.acunetix. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8. path=/ X-Powered-By: ASP.63 Safari/537.1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8829 Content-Type: text/html.36 (KHTML. WOW64) AppleWebKit/537. Consult Web references for more information about fixing this problem. numbers. It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. References Blocking Brute Force Attacks Affected items /bank/login.NET Date: Thu.0 (Windows NT 6. Request headers POST /bank/login. and symbols until you discover the one correct combination that works. and symbols until it discovers the one correct combination that works. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters.0 (Acunetix Web Vulnerability Scanner .testfire.1500.script) Description A common threat web developers face is a password-guessing attack known as a brute force attack.NET_SessionId=0kz1qgrv53cxgz45qoaa1hrv.net:80/ Host: demo. Impact An attacker may attempt to discover a weak password by systematically trying every possible combination of letters.aspx Details The scanner tested 10 invalid credentials and no account lockout was detected. This login page doesn't have any protection against password-guessing attacks (brute force attacks). path=/.Login page password-guessing attack Severity Low Type Validation Reported by module Scripting (Html_Authentication_Audit.0 X-AspNet-Version: 2.50727 Set-Cookie: ASP.0.1 Content-Length: 43 Content-Type: application/x-www-form-urlencoded Referer: http://demo. like Gecko) Chrome/28.aspx HTTP/1.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.htm Accept: */* btnSubmit=Login&passw=RmFCk2Qy&uid=0RRo7K98 Response headers HTTP/1.testfire.0. numbers. The OPTIONS method provides a list of the methods that are supported by the web server.0 (Windows NT 6.36 (KHTML. WOW64) AppleWebKit/537. HEAD. HEAD.deflate User-Agent: Mozilla/5. TRACE.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.testfire.0 (Acunetix Web Vulnerability Scanner .script) Description HTTP OPTIONS method is enabled on this web server.1.63 Safari/537.1500. GET. TRACE.1 Cookie: ASP.net Connection: Keep-alive Accept-Encoding: gzip. References Testing for HTTP Methods and XST (OWASP-CM-008) Affected items Web Server Details Methods allowed: OPTIONS. Recommendation It's recommended to disable OPTIONS Method on the web server.NET Date: Thu. 16 Jul 2015 06:57:36 GMT Content-Length: 0 Acunetix Website Audit 45 .1 200 OK Allow: OPTIONS.NET_SessionId=rx35k455p05mwieaeevyb445.com/wvs/disc. POST Request headers OPTIONS / HTTP/1.acunetix. amSessionId=15731163468 Host: demo.OPTIONS method is enabled Severity Low Type Validation Reported by module Scripting (Options_Server_Method.36 Acunetix-Product: WVS/9. POST X-Powered-By: ASP. TRACE. like Gecko) Chrome/28. it represents a request for information about the communication options available on the request/response chain identified by the Request-URI.0 Public: OPTIONS. GET. Impact The OPTIONS method may expose sensitive information that may help an malicious user to prepare more advanced attacks. POST Server: Microsoft-IIS/8.0.htm Accept: */* Response headers HTTP/1. GET. HEAD. Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.deflate User-Agent: Mozilla/5. Impact This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks. Request headers GET /admin HTTP/1.0 (Acunetix Web Vulnerability Scanner .This check looks for common sensitive resources like backup directories.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: ASP.Possible sensitive directories Severity Low Type Validation Reported by module Scripting (Possible_Sensitive_Directories.1.script) Description A possible sensitive directory has been found. References Web Server Security and Database Server Security Affected items /admin Details No details are available.0 X-Powered-By: ASP. database dumps.0.acunetix.com/wvs/disc.1 301 Moved Permanently Content-Type: text/html.testfire. Recommendation Restrict access to this directory or remove it from the website. charset=UTF-8 Location: http://demo.net Connection: Keep-alive Accept-Encoding: gzip.0 (Windows NT 6. like Gecko) Chrome/28.NET Date: Thu. Each one of these directories could help an attacker to learn more about his target.NET_SessionId=rx35k455p05mwieaeevyb445. administration pages. amSessionId=15731163468. lang= Host: demo.testfire.net/admin/ Server: Microsoft-IIS/8.36 Acunetix-Product: WVS/9.63 Safari/537.36 (KHTML. WOW64) AppleWebKit/537. This directory is not directly linked from the website. temporary directories. 16 Jul 2015 07:11:33 GMT Content-Length: 154 Acunetix Website Audit 46 .1500.htm Response headers HTTP/1. aspx Details No details are available.50727 X-Powered-By: ASP. charset=utf-8 Server: Microsoft-IIS/8.36 (KHTML.1500. Impact This file may expose sensitive information that could help a malicious user to prepare more advanced attacks. References Web Server Security and Database Server Security Affected items /test. 16 Jul 2015 07:12:09 GMT Acunetix Website Audit 47 . Recommendation Restrict access to this file or remove it from the website.acunetix. This check looks for common sensitive resources like password files.Possible sensitive files Severity Low Type Validation Reported by module Scripting (Possible_Sensitive_Files.NET_SessionId=rx35k455p05mwieaeevyb445. amSessionId=15731163468.aspx HTTP/1.0 X-AspNet-Version: 2.com/wvs/disc.deflate User-Agent: Mozilla/5.1. configuration files.0.1 200 OK Cache-Control: private Content-Length: 558 Content-Type: text/html. This file is not directly linked from the website. include files.0 (Windows NT 6.testfire. Request headers GET /test. log files.63 Safari/537. Each one of these files could help an attacker to learn more about his target. like Gecko) Chrome/28.0 (Acunetix Web Vulnerability Scanner . database dumps.script) Description A possible sensitive file has been found. WOW64) AppleWebKit/537.net Connection: Keep-alive Accept-Encoding: gzip.0.NET Date: Thu.htm Response headers HTTP/1.1 Accept: acunetix/wvs Cookie: ASP. lang= Host: demo. statistics data.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.36 Acunetix-Product: WVS/9. deflate User-Agent: Mozilla/5.NET_SessionId=rx35k455p05mwieaeevyb445. you should set the HTTPOnly flag for this cookie.63 Safari/537.1500.36 (KHTML.net" Request headers GET / HTTP/1.0 X-AspNet-Version: 2.Session Cookie without HttpOnly flag set Severity Low Type Informational Reported by module Crawler Description This cookie does not have the HTTPOnly flag set.htm Accept: */* Response headers HTTP/1.1500.com/wvs/disc.0 (Windows NT 6.deflate User-Agent: Mozilla/5. WOW64) AppleWebKit/537. When a cookie is set with the HTTPOnly flag. Impact None Recommendation If possible.63 Safari/537.0 (Acunetix Web Vulnerability Scanner .50727 X-Powered-By: ASP.testfire. amSessionId=15731163468 Host: demo.0 (Acunetix Web Vulnerability Scanner . Affected items / Details Cookie name: "amSessionId" Cookie domain: "demo.net Connection: Keep-alive Accept-Encoding: gzip.1 Cookie: ASP.1.NET_SessionId=rx35k455p05mwieaeevyb445. 16 Jul 2015 06:57:33 GMT / Details Cookie name: "amCreditOffer" Cookie domain: "demo.36 Acunetix-Product: WVS/9. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.testfire.36 (KHTML. WOW64) AppleWebKit/537.Free Edition) Acunetix Website Audit 48 .1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html. This is an important security protection for session cookies.36 Acunetix-Product: WVS/9.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.NET Date: Thu. like Gecko) Chrome/28.net" Request headers GET / HTTP/1.0. amSessionId=15731163468 Host: demo. like Gecko) Chrome/28.0 (Windows NT 6.1.1 Cookie: ASP.net Connection: Keep-alive Accept-Encoding: gzip.acunetix.0.testfire.testfire. it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts.0. 63 Safari/537.0 (Windows NT 6.0.NET_SessionId=rx35k455p05mwieaeevyb445. WOW64) AppleWebKit/537.testfire.0 (Acunetix Web Vulnerability Scanner .1 Cookie: ASP.0.net Connection: Keep-alive Accept-Encoding: gzip.NET Date: Thu.0 X-AspNet-Version: 2.acunetix. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.1.36 (KHTML.0 (Acunetix Web Vulnerability Scanner .acunetix.NET Date: Thu.50727 X-Powered-By: ASP. like Gecko) Chrome/28.1500.50727 X-Powered-By: ASP.htm Accept: */* Response headers HTTP/1.com/wvs/disc. WOW64) AppleWebKit/537.htm Accept: */* Response headers HTTP/1.36 Acunetix-Product: WVS/9. like Gecko) Chrome/28.0 X-AspNet-Version: 2. 16 Jul 2015 06:57:33 GMT / Details Cookie name: "amUserId" Cookie domain: "demo.1.net" Request headers GET / HTTP/1.htm Accept: */* Response headers HTTP/1.com/wvs/disc.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Acunetix Website Audit 49 .36 (KHTML.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html.deflate User-Agent: Mozilla/5.net" Request headers GET / HTTP/1.com/wvs/disc.acunetix.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.testfire.NET_SessionId=rx35k455p05mwieaeevyb445.1500.net Connection: Keep-alive Accept-Encoding: gzip.1 Cookie: ASP.Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.0.0 (Windows NT 6. amSessionId=15731163468 Host: demo.testfire.deflate User-Agent: Mozilla/5.0.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html. 16 Jul 2015 06:57:33 GMT / Details Cookie name: "lang" Cookie domain: "demo.testfire. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8. amSessionId=15731163468 Host: demo.63 Safari/537.36 Acunetix-Product: WVS/9. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.NET Date: Thu. 16 Jul 2015 06:57:33 GMT Acunetix Website Audit 50 .50727 X-Powered-By: ASP.Content-Type: text/html.0.0 X-AspNet-Version: 2. 0 (Acunetix Web Vulnerability Scanner .1.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.testfire. it instructs the browser that the cookie can only be accessed over secure SSL channels.36 (KHTML.NET_SessionId=rx35k455p05mwieaeevyb445.63 Safari/537.1500.63 Safari/537. Affected items / Details Cookie name: "amUserId" Cookie domain: "demo.1 Cookie: ASP.36 Acunetix-Product: WVS/9.1 Cookie: ASP.0.htm Accept: */* Response headers HTTP/1.testfire.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html.NET_SessionId=rx35k455p05mwieaeevyb445.0 X-AspNet-Version: 2. you should set the Secure flag for this cookie.36 (KHTML.0 (Acunetix Web Vulnerability Scanner .net Connection: Keep-alive Accept-Encoding: gzip.net" Request headers GET / HTTP/1.1500.testfire.0 (Windows NT 6. amSessionId=15731163468 Host: demo.Session Cookie without Secure flag set Severity Low Type Informational Reported by module Crawler Description This cookie does not have the Secure flag set. WOW64) AppleWebKit/537.deflate User-Agent: Mozilla/5. amSessionId=15731163468 Host: demo.0.net" Request headers GET / HTTP/1. 16 Jul 2015 06:57:33 GMT / Details Cookie name: "amSessionId" Cookie domain: "demo. When a cookie is set with the Secure flag.deflate User-Agent: Mozilla/5. like Gecko) Chrome/28.acunetix.com/wvs/disc.0 (Windows NT 6. This is an important security protection for session cookies. WOW64) AppleWebKit/537.testfire. like Gecko) Chrome/28. Impact None Recommendation If possible.0.36 Acunetix-Product: WVS/9.50727 X-Powered-By: ASP.net Connection: Keep-alive Accept-Encoding: gzip.1.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix Website Audit 51 .NET Date: Thu. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8. like Gecko) Chrome/28.1 Cookie: ASP.0 (Windows NT 6.50727 X-Powered-By: ASP.1 Cookie: ASP.63 Safari/537. like Gecko) Chrome/28.63 Safari/537.0 (Acunetix Web Vulnerability Scanner .0 X-AspNet-Version: 2.50727 X-Powered-By: ASP.net" Request headers GET / HTTP/1. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.1.0 X-AspNet-Version: 2.0 (Acunetix Web Vulnerability Scanner .0.acunetix.0. WOW64) AppleWebKit/537.htm Accept: */* Response headers HTTP/1. amSessionId=15731163468 Host: demo.NET Date: Thu.acunetix.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.deflate User-Agent: Mozilla/5. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8. amSessionId=15731163468 Host: demo.36 (KHTML.com/wvs/disc.NET_SessionId=rx35k455p05mwieaeevyb445.acunetix.net Connection: Keep-alive Accept-Encoding: gzip. 16 Jul 2015 06:57:33 GMT / Details Cookie name: "lang" Cookie domain: "demo.36 (KHTML.htm Accept: */* Response headers HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html.0.com/wvs/disc.testfire.1500.1500.Acunetix-User-agreement: http://www.htm Accept: */* Response headers HTTP/1.36 Acunetix-Product: WVS/9.testfire.NET Date: Thu. WOW64) AppleWebKit/537.net" Request headers GET / HTTP/1. 16 Jul 2015 06:57:33 GMT / Details Cookie name: "amCreditOffer" Cookie domain: "demo.1.NET_SessionId=rx35k455p05mwieaeevyb445.testfire.com/wvs/disc.net Connection: Keep-alive Accept-Encoding: gzip.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html.0 (Windows NT 6.0.testfire.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.36 Acunetix-Product: WVS/9.deflate User-Agent: Mozilla/5. charset=utf-8 Acunetix Website Audit 52 . 16 Jul 2015 06:57:33 GMT Acunetix Website Audit 53 .50727 X-Powered-By: ASP. WOW64) AppleWebKit/537.1.1 Cookie: ASP.0.net Connection: Keep-alive Accept-Encoding: gzip.63 Safari/537.deflate User-Agent: Mozilla/5.NET_SessionId" Cookie domain: "demo.0. amSessionId=15731163468 Host: demo.NET Date: Thu.0. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.acunetix.0 (Windows NT 6.1500.Expires: -1 Server: Microsoft-IIS/8.com/wvs/disc. 16 Jul 2015 06:57:33 GMT / Details Cookie name: "ASP.testfire.NET Date: Thu.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. like Gecko) Chrome/28.50727 X-Powered-By: ASP.htm Accept: */* Response headers HTTP/1.net" Request headers GET / HTTP/1.0 (Acunetix Web Vulnerability Scanner .testfire.36 Acunetix-Product: WVS/9.36 (KHTML.0 X-AspNet-Version: 2.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 9605 Content-Type: text/html.0 X-AspNet-Version: 2.NET_SessionId=rx35k455p05mwieaeevyb445. 0.63 Safari/537.com/wvs/disc.net Connection: Keep-alive Accept-Encoding: gzip. Recommendation Remove the links to this file or make it accessible.acunetix.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.cs HTTP/1. Affected items /bank/account.aspx. image or webpage. This page was linked from the website but it is inaccessible. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.NET_SessionId=rx35k455p05mwieaeevyb445. amSessionId=15731163468 Host: demo.deflate User-Agent: Mozilla/5.1500.aspx.aspx.0 (Windows NT 6.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.36 (KHTML. 16 Jul 2015 06:57:44 GMT Connection: close Content-Length: 1245 /bank/apply. that actually results in an error.aspectalerts Cookie: ASP. Request headers GET /bank/apply.Broken links Severity Informational Type Informational Reported by module Crawler Description A broken link refers to any link that should take you to a document.testfire. WOW64) AppleWebKit/537.0 (Acunetix Web Vulnerability Scanner .testfire.cs Details For a complete list of URLs linking to this file.cs HTTP/1.NET Date: Thu.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.aspx.36 Acunetix-Product: WVS/9.testfire. like Gecko) Chrome/28.htm Accept: */* Response headers HTTP/1. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.1.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix Website Audit 54 . Impact Problems navigating the site.cs Details For a complete list of URLs linking to this file.0 X-Powered-By: ASP.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo. Request headers GET /bank/account. master.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.deflate User-Agent: Mozilla/5.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.testfire. Request headers GET /bank/bank.1.63 Safari/537.net Connection: Keep-alive Accept-Encoding: gzip.htm Accept: */* Response headers HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.36 Acunetix-Product: WVS/9.master HTTP/1.0 (Windows NT 6.36 Acunetix-Product: WVS/9.1500.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.0 (Windows NT 6.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. WOW64) AppleWebKit/537.NET Date: Thu.NET_SessionId=rx35k455p05mwieaeevyb445.net Acunetix Website Audit 55 . go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.NET_SessionId=rx35k455p05mwieaeevyb445.aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445. like Gecko) Chrome/28.testfire.com/wvs/disc. amSessionId=15731163468 Host: demo. 16 Jul 2015 06:57:43 GMT Connection: close Content-Length: 1245 /bank/bank.acunetix. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.aspectalerts Cookie: ASP. amSessionId=15731163468 Host: demo.36 (KHTML.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.NET Date: Thu.36 (KHTML.cs Details For a complete list of URLs linking to this file.0 X-Powered-By: ASP.0. amSessionId=15731163468 Host: demo.acunetix. 16 Jul 2015 06:57:43 GMT Connection: close Content-Length: 1245 /bank/bank.master Details For a complete list of URLs linking to this file.0 (Acunetix Web Vulnerability Scanner . WOW64) AppleWebKit/537.cs HTTP/1.Acunetix-Aspect-Queries: filelist.0. Request headers GET /bank/bank. like Gecko) Chrome/28.0 (Acunetix Web Vulnerability Scanner .0 X-Powered-By: ASP.net Connection: Keep-alive Accept-Encoding: gzip.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.testfire.1.master.testfire.htm Accept: */* Response headers HTTP/1.aspectalerts Cookie: ASP.deflate User-Agent: Mozilla/5.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.testfire.1500.63 Safari/537.com/wvs/disc. Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.aspx.36 (KHTML.36 (KHTML.acunetix.0.0 (Acunetix Web Vulnerability Scanner .1.com/wvs/disc.cs Details For a complete list of URLs linking to this file. WOW64) AppleWebKit/537.testfire.cs HTTP/1.NET Date: Thu.deflate User-Agent: Mozilla/5.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.0 (Windows NT 6. amSessionId=15731163468. like Gecko) Chrome/28. 16 Jul 2015 06:57:44 GMT Connection: close Content-Length: 1245 /bank/login.1500.aspx. 16 Jul 2015 06:57:43 GMT Connection: close Content-Length: 1245 /bank/customize.0 X-Powered-By: ASP.cs Details For a complete list of URLs linking to this file.acunetix.testfire.0.htm Accept: */* Response headers HTTP/1.63 Safari/537.deflate User-Agent: Mozilla/5.aspectalerts Cookie: ASP. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.1500.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist. WOW64) AppleWebKit/537.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.aspectalerts Cookie: ASP.aspx.Connection: Keep-alive Accept-Encoding: gzip.deflate User-Agent: Mozilla/5. like Gecko) Acunetix Website Audit 56 .NET_SessionId=rx35k455p05mwieaeevyb445.cs HTTP/1.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist. like Gecko) Chrome/28.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.0 (Windows NT 6.1.0 (Windows NT 6. lang= Host: demo. Request headers GET /bank/customize.1. Request headers GET /bank/login.testfire.63 Safari/537.36 Acunetix-Product: WVS/9.net Connection: Keep-alive Accept-Encoding: gzip.aspx.net Connection: Keep-alive Accept-Encoding: gzip. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.htm Accept: */* Response headers HTTP/1.testfire.0 (Acunetix Web Vulnerability Scanner .NET Date: Thu.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.0 X-Powered-By: ASP.36 Acunetix-Product: WVS/9.com/wvs/disc.NET_SessionId=rx35k455p05mwieaeevyb445.36 (KHTML. WOW64) AppleWebKit/537. amSessionId=15731163468 Host: demo. com/wvs/disc.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.acunetix.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8. like Gecko) Chrome/28.0 X-Powered-By: ASP.0 (Acunetix Web Vulnerability Scanner . WOW64) AppleWebKit/537.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix Website Audit 57 .1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.36 Acunetix-Product: WVS/9.1. amSessionId=15731163468 Host: demo.aspx.cs Details For a complete list of URLs linking to this file. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.net Connection: Keep-alive Accept-Encoding: gzip.cs Details For a complete list of URLs linking to this file. 16 Jul 2015 06:57:43 GMT Connection: close Content-Length: 1245 /bank/main.NET Date: Thu.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.testfire.36 (KHTML.36 Acunetix-Product: WVS/9.aspx.63 Safari/537.36 Acunetix-Product: WVS/9.63 Safari/537.deflate User-Agent: Mozilla/5.1500. 16 Jul 2015 06:57:43 GMT Connection: close Content-Length: 1245 /bank/logout.1500.0 (Windows NT 6.1500.1. like Gecko) Chrome/28.36 (KHTML.NET_SessionId=rx35k455p05mwieaeevyb445.0 (Acunetix Web Vulnerability Scanner .aspectalerts Cookie: ASP.NET Date: Thu.htm Accept: */* Response headers HTTP/1.aspx. WOW64) AppleWebKit/537.0.deflate User-Agent: Mozilla/5. amSessionId=15731163468 Host: demo.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.net Connection: Keep-alive Accept-Encoding: gzip.0 (Acunetix Web Vulnerability Scanner .0 X-Powered-By: ASP.Chrome/28.testfire.com/wvs/disc. Request headers GET /bank/logout.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. Request headers GET /bank/main.0.htm Accept: */* Response headers HTTP/1.0.aspectalerts Cookie: ASP.testfire.63 Safari/537.0 (Windows NT 6.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.testfire.NET_SessionId=rx35k455p05mwieaeevyb445.acunetix.cs HTTP/1.cs HTTP/1.aspx. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane. NET_SessionId=rx35k455p05mwieaeevyb445.36 (KHTML. WOW64) AppleWebKit/537.0 (Acunetix Web Vulnerability Scanner .63 Safari/537.com/wvs/disc.acunetix.aspectalerts Cookie: ASP.aspx. WOW64) AppleWebKit/537.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.acunetix.com/wvs/disc. like Gecko) Chrome/28. 16 Jul 2015 06:57:43 GMT Connection: close Content-Length: 1245 /bank/queryxpath. Request headers GET /bank/queryxpath. Request headers GET /bank/transaction.0 (Windows NT 6.aspx.0 X-Powered-By: ASP.deflate User-Agent: Mozilla/5.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.NET_SessionId=rx35k455p05mwieaeevyb445.Acunetix-User-agreement: http://www.0 X-Powered-By: ASP.net Connection: Keep-alive Accept-Encoding: gzip.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.1. 16 Jul 2015 06:57:44 GMT Connection: close Content-Length: 1245 /bank/transaction.htm Accept: */* Response headers Acunetix Website Audit 58 .1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.cs HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.testfire.cs Details For a complete list of URLs linking to this file.net Connection: Keep-alive Accept-Encoding: gzip. lang= Host: demo. lang= Host: demo.testfire.63 Safari/537.cs Details For a complete list of URLs linking to this file.0.1500.com/wvs/disc. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.testfire.deflate User-Agent: Mozilla/5. like Gecko) Chrome/28.htm Accept: */* Response headers HTTP/1.1.NET Date: Thu.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.cs HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.aspx.0.36 Acunetix-Product: WVS/9. amSessionId=15731163468.36 Acunetix-Product: WVS/9.aspx.acunetix.testfire.htm Accept: */* Response headers HTTP/1.aspectalerts Cookie: ASP.0 (Acunetix Web Vulnerability Scanner .36 (KHTML.0 (Windows NT 6. amSessionId=15731163468.NET Date: Thu.1500. like Gecko) Chrome/28.testfire.36 Acunetix-Product: WVS/9.deflate User-Agent: Mozilla/5. WOW64) AppleWebKit/537.testfire.36 (KHTML.1500.cs Details For a complete list of URLs linking to this file.0 (Acunetix Web Vulnerability Scanner . lang= Host: demo.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.NET_SessionId=rx35k455p05mwieaeevyb445.0 (Acunetix Web Vulnerability Scanner .net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.deflate User-Agent: Mozilla/5.0 X-Powered-By: ASP.cs HTTP/1.NET Date: Thu.testfire.testfire.acunetix.0 (Windows NT 6.NET Date: Thu. 16 Jul 2015 06:57:44 GMT Connection: close Content-Length: 1245 /inside_points_of_interest.aspectalerts Cookie: ASP.36 Acunetix-Product: WVS/9.0 (Windows NT 6.htm Accept: */* Response headers HTTP/1.0.0 Acunetix Website Audit 59 .1500.63 Safari/537. amSessionId=15731163468 Host: demo.0 X-Powered-By: ASP. Request headers GET /bank/transfer.htm Accept: */* Response headers HTTP/1.aspx.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.htm HTTP/1.net Connection: Keep-alive Accept-Encoding: gzip.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.aspx.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane. go to Site Structure > Locate and select the file (marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.0.NET_SessionId=rx35k455p05mwieaeevyb445. amSessionId=15731163468.com/wvs/disc. WOW64) AppleWebKit/537.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.aspx Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.HTTP/1. like Gecko) Chrome/28.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.com/wvs/disc.1.aspectalerts Cookie: ASP. Request headers GET /inside_points_of_interest.htm Details For a complete list of URLs linking to this file.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.1. 16 Jul 2015 06:57:44 GMT Connection: close Content-Length: 1245 /bank/transfer.net Connection: Keep-alive Accept-Encoding: gzip.36 (KHTML.63 Safari/537.acunetix.net/default. NET Date: Thu. 16 Jul 2015 06:57:38 GMT Content-Length: 1245 Acunetix Website Audit 60 .X-Powered-By: ASP. 0 X-Powered-By: ASP.net/default.com and then record any addresses found.0. The majority of spam comes from email addresses harvested off the internet.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. lang= Host: demo.testfire.htm Accept: */* Response headers HTTP/1.aspx Details Pattern found: [email protected] Connection: Keep-alive Accept-Encoding: gzip.36 (KHTML.com/wvs/disc. Impact Email addresses posted on Web sites may attract spam.0 (Acunetix Web Vulnerability Scanner .script) Description One or more email addresses have been found on this page. Spambot programs look for strings like myname@mydomain. WOW64) AppleWebKit/537.testfire.deflate User-Agent: Mozilla/5. amSessionId=15731163468. like Gecko) Chrome/28. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across.Email address found Severity Informational Type Informational Reported by module Scripting (Text_Search_File.NET Date: Thu.1. 16 Jul 2015 07:17:42 GMT Content-Length: 49 /cache.htm Details Pattern found: [email protected] Request headers GET /cache.aspx HTTP/1.63 Safari/537. 07 Jul 2015 10:14:20 GMT Accept-Ranges: bytes ETag: "2a9b47b09db8d01:0" Server: Microsoft-IIS/8.36 Acunetix-Product: WVS/9.aspx Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.0 (Windows NT 6.aspectalerts Cookie: ASP. Recommendation Check references for details on how to solve this problem.1 200 OK Content-Type: text/html Last-Modified: Tue.htm HTTP/1.1 Pragma: no-cache Acunetix Website Audit 61 .1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.1500. References Email Address Disclosed on Website Can be Used for Spam Affected items /business_cards.NET_SessionId=rx35k455p05mwieaeevyb445.com Request headers GET /business_cards. deflate User-Agent: Mozilla/5. lang= Host: demo. like Gecko) Chrome/28. like Gecko) Chrome/28.testfire.1.aspx Details Pattern found: [email protected] Cookie: ASP.0 X-AspNet-Version: 2.1500.36 Acunetix-Product: WVS/9. charset=utf-8 Server: Microsoft-IIS/8.0 X-AspNet-Version: 2.0.0 (Windows NT 6.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html.Cache-Control: no-cache Referer: http://demo. WOW64) AppleWebKit/537.acunetix.com/wvs/disc.NET Date: Thu.aspx Details Pattern found: [email protected] Pragma: no-cache Cache-Control: no-cache Referer: http://demo.com Request headers GET /files.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.htm Accept: */* Response headers HTTP/1.net Connection: Keep-alive Accept-Encoding: gzip.testfire.testfire.0.NET_SessionId=rx35k455p05mwieaeevyb445.1.50727 X-Powered-By: ASP. lang= Host: demo.net/ Acunetix-Aspect: enabled Acunetix Website Audit 62 .36 (KHTML.0.50727 X-Powered-By: ASP. amSessionId=15731163468.NET Date: Thu.63 Safari/537.63 Safari/537.net Connection: Keep-alive Accept-Encoding: gzip.aspx HTTP/1. 16 Jul 2015 07:17:42 GMT /callback.testfire.36 (KHTML.testfire.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo. WOW64) AppleWebKit/537.0.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html. amSessionId=15731163468. charset=utf-8 Server: Microsoft-IIS/8.0 (Windows NT 6.com Request headers GET /callback.aspectalerts Cookie: ASP.htm Accept: */* Response headers HTTP/1.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.0 (Acunetix Web Vulnerability Scanner . 16 Jul 2015 07:17:42 GMT /files.0 (Acunetix Web Vulnerability Scanner .aspx HTTP/1.NET_SessionId=rx35k455p05mwieaeevyb445.deflate User-Agent: Mozilla/5.com/wvs/disc.36 Acunetix-Product: WVS/9.1500. WOW64) AppleWebKit/537.net Connection: Keep-alive Accept-Encoding: gzip.1500. amSessionId=15731163468.com Request headers GET /home.0 (Acunetix Web Vulnerability Scanner .1.0 (Windows NT 6.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.com Request headers GET /header.testfire.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist. WOW64) AppleWebKit/537.aspectalerts Cookie: ASP.com/wvs/disc.deflate User-Agent: Mozilla/5.aspx Details Pattern found: [email protected] Accept: */* Response headers HTTP/1.63 Safari/537.0.36 Acunetix-Product: WVS/9. charset=utf-8 Server: Microsoft-IIS/8.NET_SessionId=rx35k455p05mwieaeevyb445.0 X-AspNet-Version: 2.aspx HTTP/1.deflate User-Agent: Mozilla/5.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. amSessionId=15731163468.testfire.NET_SessionId=rx35k455p05mwieaeevyb445.aspectalerts Cookie: ASP.1.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html.0 (Acunetix Web Vulnerability Scanner .htm Accept: */* Response headers HTTP/1. lang= Host: demo.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.aspx Details Pattern found: skipfish@example. charset=utf-8 Server: Microsoft-IIS/8.50727 X-Powered-By: ASP.1500.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html.0.NET Date: Thu.acunetix.com/wvs/disc. like Gecko) Chrome/28. like Gecko) Chrome/28. lang= Acunetix Website Audit 63 .Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.0.0 X-AspNet-Version: 2.NET_SessionId=rx35k455p05mwieaeevyb445.36 Acunetix-Product: WVS/9.36 (KHTML. 16 Jul 2015 07:17:42 GMT /header.0.NET Date: Thu.testfire.acunetix.36 (KHTML.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.0 (Windows NT 6.net Connection: Keep-alive Accept-Encoding: gzip. lang= Host: demo.63 Safari/537.50727 X-Powered-By: ASP. 16 Jul 2015 07:17:42 GMT /home.aspx HTTP/1.testfire. amSessionId=15731163468.aspectalerts Cookie: ASP. lang= Host: demo.deflate Acunetix Website Audit 64 .htm Accept: */* Response headers HTTP/1.net Connection: Keep-alive Accept-Encoding: gzip. charset=utf-8 Server: Microsoft-IIS/8.acunetix.1.0 (Windows NT 6.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.50727 X-Powered-By: ASP.testfire.36 (KHTML.0 X-AspNet-Version: 2.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.0.50727 X-Powered-By: ASP.com/wvs/disc.0 (Acunetix Web Vulnerability Scanner .1.36 Acunetix-Product: WVS/9.NET Date: Thu.36 (KHTML.1500.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html.com Request headers GET /info.Host: demo.0 (Windows NT 6. 16 Jul 2015 07:17:42 GMT /index.0 X-AspNet-Version: 2.testfire.aspectalerts Cookie: ASP.0 (Acunetix Web Vulnerability Scanner . amSessionId=15731163468.63 Safari/537.com/wvs/disc.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.testfire. 16 Jul 2015 07:17:42 GMT /info.63 Safari/537.NET Date: Thu.36 Acunetix-Product: WVS/9.deflate User-Agent: Mozilla/5. like Gecko) Chrome/28.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html.aspx HTTP/1. WOW64) AppleWebKit/537.0.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.1500.aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445. amSessionId=15731163468.deflate User-Agent: Mozilla/5.net Connection: Keep-alive Accept-Encoding: gzip. lang= Host: demo.aspx Details Pattern found: [email protected]/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.testfire.com Request headers GET /index.htm Accept: */* Response headers HTTP/1.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.aspx Details Pattern found: skipfish@example. like Gecko) Chrome/28.0.testfire.net Connection: Keep-alive Accept-Encoding: gzip. charset=utf-8 Server: Microsoft-IIS/8.aspx HTTP/1. WOW64) AppleWebKit/537.0.NET_SessionId=rx35k455p05mwieaeevyb445. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* Response headers HTTP/1.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Thu, 16 Jul 2015 07:17:42 GMT /inside_about.htm Details Pattern found: [email protected] Request headers GET /inside_about.htm HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/default.aspx Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468; lang= Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* Response headers HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Tue, 07 Jul 2015 10:12:04 GMT Accept-Ranges: bytes ETag: "c9acab5f9db8d01:0" Server: Microsoft-IIS/8.0 X-Powered-By: ASP.NET Date: Thu, 16 Jul 2015 07:17:42 GMT Content-Length: 49 /inside_investor.htm Details Pattern found: [email protected] Request headers GET /inside_investor.htm HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/default.aspx Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468; lang= Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix Website Audit 65 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* Response headers HTTP/1.1 200 OK Content-Type: text/html Last-Modified: Tue, 07 Jul 2015 10:12:05 GMT Accept-Ranges: bytes ETag: "6bf554609db8d01:0" Server: Microsoft-IIS/8.0 X-Powered-By: ASP.NET Date: Thu, 16 Jul 2015 07:17:42 GMT Content-Length: 49 /log.aspx Details Pattern found: [email protected] Request headers GET /log.aspx HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468; lang= Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* Response headers HTTP/1.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Thu, 16 Jul 2015 07:17:42 GMT /login.aspx Details Pattern found: [email protected] Request headers GET /login.aspx HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468; lang= Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix Website Audit 66 Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* Response headers HTTP/1.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Thu, 16 Jul 2015 07:17:42 GMT /orders.aspx Details Pattern found: [email protected] Request headers GET /orders.aspx HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.testfire.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468; lang= Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* Response headers HTTP/1.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET Date: Thu, 16 Jul 2015 07:17:42 GMT /robots.txt Details Pattern found: [email protected] Request headers GET /robots.txt HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: ASP.NET_SessionId=rx35k455p05mwieaeevyb445; amSessionId=15731163468 Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Acunetix-Product: WVS/9.0 (Acunetix Web Vulnerability Scanner - Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm Accept: */* Response headers Acunetix Website Audit 67 net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.testfire.0 X-Powered-By: ASP.htm Details Pattern found: [email protected] Details Pattern found: [email protected] Date: Thu.aspectalerts Cookie: ASP.net Connection: Keep-alive Accept-Encoding: gzip. WOW64) AppleWebKit/537. 16 Jul 2015 06:57:34 GMT Content-Length: 49 /security.com/wvs/disc.NET_SessionId=rx35k455p05mwieaeevyb445.com Request headers GET /security.deflate User-Agent: Mozilla/5.acunetix. WOW64) AppleWebKit/537.1.testfire.63 Safari/537.0 (Windows NT 6.36 Acunetix-Product: WVS/9.0 (Windows NT 6.0.aspectalerts Cookie: ASP.0.htm Accept: */* Response headers HTTP/1. like Gecko) Chrome/28.NET Date: Thu.testfire.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.1500.HTTP/1.NET_SessionId=rx35k455p05mwieaeevyb445.com Request headers GET /signup.36 (KHTML.0 (Acunetix Web Vulnerability Scanner . 07 Jul 2015 10:12:49 GMT Accept-Ranges: bytes ETag: "33a33b7a9db8d01:0" Server: Microsoft-IIS/8.com/wvs/disc.1 200 OK Content-Type: text/plain Last-Modified: Tue.1500. amSessionId=15731163468.htm Accept: */* Response headers HTTP/1. 16 Jul 2015 07:17:42 GMT Content-Length: 49 /signup.deflate User-Agent: Mozilla/5.net Connection: Keep-alive Accept-Encoding: gzip.net/default.htm HTTP/1.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.aspx HTTP/1.testfire. lang= Host: demo.0 (Acunetix Web Vulnerability Scanner .Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.aspx Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.1 200 OK Content-Type: text/html Last-Modified: Tue.acunetix.1. 07 Jul 2015 10:18:00 GMT Accept-Ranges: bytes ETag: "10c892339eb8d01:0" Server: Microsoft-IIS/8.63 Safari/537. lang= Host: demo.0 X-Powered-By: ASP.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.1 200 OK Acunetix Website Audit 68 .36 Acunetix-Product: WVS/9. amSessionId=15731163468. like Gecko) Chrome/28.36 (KHTML. 16 Jul 2015 07:17:42 GMT Acunetix Website Audit 69 .Cache-Control: private Content-Length: 49 Content-Type: text/html. charset=utf-8 Server: Microsoft-IIS/8.NET Date: Thu.0 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP. aspectalerts Cookie: ASP.0 (Windows NT 6.NET Date: Thu.testfire.NET_SessionId=rx35k455p05mwieaeevyb445. like Gecko) Chrome/28. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.net Connection: Keep-alive Accept-Encoding: gzip.com/wvs/disc.acunetix.0. Category : Pages containing login portals This is a typical login page. Impact Not available. References The Google Hacking Database (GHDB) community Acunetix Google hacking Affected items /bank/login.org/articles/SQLinjectionBasicTutorial.0 (Acunetix Web Vulnerability Scanner . Recommendation Not available.php brought this to my attention.testfire.0 X-AspNet-Version: 2.1. WOW64) AppleWebKit/537. Check description. amSessionId=15731163468 Host: demo.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8729 Content-Type: text/html.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.governmentsecurity.1500.htm Accept: */* Response headers HTTP/1. it may contain inappropriate language. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community. Check description. 16 Jul 2015 06:57:36 GMT Acunetix Website Audit 70 .GHDB: Typical login page Severity Informational Type Informational Reported by module GHDB Description The description for this alert is contributed by the GHDB community.36 (KHTML. It has recently become a target for SQL injection.36 Acunetix-Product: WVS/9.deflate User-Agent: Mozilla/5.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.asp Request headers GET /bank/login.aspx Details We found inurl:login.63 Safari/537.0. Comsec's article at http://www.50727 X-Powered-By: ASP.aspx HTTP/1. testfire. amSessionId=15731163468 Host: demo.deflate User-Agent: Mozilla/5.0 X-AspNet-Version: 2.deflate User-Agent: Mozilla/5.0.1500.36 Acunetix-Product: WVS/9.aspx (825f8b5076aa7df703fc45c8fed863e5) Details We found inurl:login.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/8.NET Date: Thu.asp Request headers POST /bank/login.aspx HTTP/1.aspx.0 X-Powered-By: ASP.1.aspx.0 (Acunetix Web Vulnerability Scanner .aspectalerts Cookie: ASP.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8822 Content-Type: text/html.net/bank/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.36 Acunetix-Product: WVS/9. amSessionId=15731163468 Host: demo.testfire.net Connection: Keep-alive Accept-Encoding: gzip.36 (KHTML. like Gecko) Chrome/28.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.63 Safari/537.net Connection: Keep-alive Accept-Encoding: gzip.aspectalerts Cookie: ASP.cs HTTP/1.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.acunetix.htm Accept: */* btnSubmit=Login&passw=g00dPa%24%24w0rD&uid=1 Response headers HTTP/1.0.acunetix.0 (Acunetix Web Vulnerability Scanner .asp Request headers GET /bank/login. WOW64) AppleWebKit/537.63 Safari/537.com/wvs/disc. 16 Jul 2015 06:57:43 GMT Acunetix Website Audit 71 .testfire.NET_SessionId=rx35k455p05mwieaeevyb445.aspx Content-Length: 44 Content-Type: application/x-www-form-urlencoded Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.htm Accept: */* Response headers HTTP/1.0./bank/login.cs Details We found inurl:login. WOW64) AppleWebKit/537.1500.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.NET Date: Thu.NET_SessionId=rx35k455p05mwieaeevyb445.net/bank/login.50727 X-Powered-By: ASP. 16 Jul 2015 06:57:39 GMT /bank/login.testfire.36 (KHTML.0 (Windows NT 6.1.0 (Windows NT 6. like Gecko) Chrome/28.com/wvs/disc. charset=utf-8 Server: Microsoft-IIS/8.Connection: close Content-Length: 1245 /login.aspx HTTP/1.aspx Details We found inurl:login. WOW64) AppleWebKit/537.0.net Connection: Keep-alive Accept-Encoding: gzip. 16 Jul 2015 07:17:42 GMT Acunetix Website Audit 72 .com/wvs/disc.0 (Windows NT 6.htm Accept: */* Response headers HTTP/1.deflate User-Agent: Mozilla/5.0 X-AspNet-Version: 2.NET_SessionId=rx35k455p05mwieaeevyb445.1.testfire.50727 X-Powered-By: ASP.0. amSessionId=15731163468.acunetix.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.NET Date: Thu.asp Request headers GET /login.aspectalerts Cookie: ASP.1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.0 (Acunetix Web Vulnerability Scanner . like Gecko) Chrome/28.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.testfire.63 Safari/537.36 (KHTML.1 200 OK Cache-Control: private Content-Length: 49 Content-Type: text/html.1500.36 Acunetix-Product: WVS/9. lang= Host: demo. 1 Pragma: no-cache Cache-Control: no-cache Referer: http://demo.Free Edition) Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED Acunetix-User-agreement: http://www.aspx has autocomplete enabled. the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache. 16 Jul 2015 06:57:36 GMT Acunetix Website Audit 73 .net Connection: Keep-alive Accept-Encoding: gzip. Request headers GET /bank/login.Password type input with auto-complete enabled Severity Informational Type Informational Reported by module Crawler Description When a new name and password is entered in a form and the form is submitted. WOW64) AppleWebKit/537.50727 X-Powered-By: ASP.NET_SessionId=rx35k455p05mwieaeevyb445. Recommendation The password auto-complete should be disabled in sensitive applications.net/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist.0.0 (Windows NT 6.com/wvs/disc. the browser asks if the password should be saved.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Length: 8729 Content-Type: text/html. you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off"> Affected items /bank/login.aspx HTTP/1. charset=utf-8 Expires: -1 Server: Microsoft-IIS/8. amSessionId=15731163468 Host: demo.0 (Acunetix Web Vulnerability Scanner . To disable auto-complete.36 Acunetix-Product: WVS/9.1.acunetix.deflate User-Agent: Mozilla/5.testfire.aspectalerts Cookie: ASP. like Gecko) Chrome/28.NET Date: Thu.1500.0 X-AspNet-Version: 2.0.Thereafter when the form is displayed.63 Safari/537.htm Accept: */* Response headers HTTP/1.testfire.36 (KHTML. Impact Possible sensitive information disclosure.aspx Details Password type input named passw from form named login with action login. aspx) Input scheme 2 Input name / Input type Path Fragment (suffix .aspx Vulnerabilities has been identified for this URL 1 input(s) found for this URL Inputs Input scheme 1 Input name txtSearch Input type URL encoded GET URL: http://demo.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo. URL: http://demo.net/bank/ Vulnerabilities has been identified for this URL No input(s) found for this URL Acunetix Website Audit 74 .testfire.htm) Input scheme 5 Input name Host Input type HTTP Header URL: http://demo.testfire.testfire.net/feedback.net/ Vulnerabilities has been identified for this URL 6 input(s) found for this URL Inputs Input scheme 1 Input name / / Input type Path Fragment (suffix .aspx Vulnerabilities has been identified for this URL 1 input(s) found for this URL Inputs Input scheme 1 Input name content Input type URL encoded GET URL: http://demo.Scanned items (coverage report) Scanned 61 URLs. Found 39 vulnerable.aspx) Input scheme 3 Input name / Input type Path Fragment (suffix /) Input scheme 4 Input name / Input type Path Fragment (suffix .aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/default.aspx) Path Fragment (suffix .testfire.net/search.net/style.testfire. net/bank/apply.testfire.testfire.net/bank/20060308_bak/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/bank/ws.net/bank/main.net/bank/members/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.testfire.cs Vulnerabilities has been identified for this URL No input(s) found for this URL Acunetix Website Audit 75 .net/bank/login.testfire.aspx Vulnerabilities has been identified for this URL 3 input(s) found for this URL Inputs Input scheme 1 Input name btnSubmit passw uid Input type URL encoded POST URL encoded POST URL encoded POST URL: http://demo.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.asmx No vulnerabilities has been identified for this URL 2 input(s) found for this URL Inputs Input scheme 1 Input name op Input scheme 2 Input name Input type URL encoded GET Input type URL encoded GET URL: http://demo.aspx.testfire.master Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/bank/login.testfire.net/bank/mozxpath.URL: http://demo.testfire.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/bank/main.aspx.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/bank/logout.net/bank/bank.testfire. master.cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/bank/apply.testfire.testfire.net/bank/transaction.testfire.aspx.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.URL: http://demo.testfire.net/bank/servererror.net/bank/customize.aspx.testfire.cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/bank/account.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.aspx.testfire.testfire.net/bank/transfer.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx.aspx.cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/bank/transfer.net/bank/logout.aspx.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx.net/bank/account.cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.testfire.net/bank/customize.net/bank/queryxpath.net/bank/transaction.testfire.net/images/ No vulnerabilities has been identified for this URL No input(s) found for this URL Acunetix Website Audit 76 .cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/bank/queryxpath.testfire.testfire.cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/bank/bank.cs Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo. txt Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.htm Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.swf No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx No vulnerabilities has been identified for this URL 1 input(s) found for this URL Inputs Input scheme 1 Input name step Input type URL encoded GET URL: http://demo.net/comment.net/subscribe.testfire.net/inside_points_of_interest.testfire.net/pr/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.URL: http://demo.testfire.net/disclaimer.testfire.net/subscribe.net/survey_questions.xml No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/robots.net/retirement.aspx Vulnerabilities has been identified for this URL 2 input(s) found for this URL Inputs Acunetix Website Audit 77 .testfire.net/pr/docs.testfire.testfire.htm No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx Vulnerabilities has been identified for this URL 6 input(s) found for this URL Inputs Input scheme 1 Input name cfile comments email_addr name subject submit Input type URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL encoded POST URL: http://demo.testfire.htm Vulnerabilities has been identified for this URL 1 input(s) found for this URL Inputs Input scheme 1 Input name url Input type URL encoded GET URL: http://demo. testfire.net/files.testfire.testfire.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/cache.net/inside_about.testfire.htm Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/inside_investor.txt No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/business_cards.net/test.net/security.testfire.Input scheme 1 Input name btnSubmit txtEmail Input type URL encoded POST URL encoded POST URL: http://demo.testfire.htm Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/admin/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/callback.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.net/comments.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/index.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL Acunetix Website Audit 78 .net/info.testfire.testfire.htm Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/header.htm Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/home.testfire.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire. net/login.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.net/signup.net/static/ No vulnerabilities has been identified for this URL No input(s) found for this URL Acunetix Website Audit 79 .URL: http://demo.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.testfire.testfire.net/log.net/orders.testfire.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.testfire.aspx Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://demo.
Copyright © 2024 DOKUMEN.SITE Inc.