Date post: | 05-Apr-2018 |
Category: |
Documents |
Upload: | goodrookie |
View: | 226 times |
Download: | 0 times |
of 31
7/31/2019 Site Audit Report
1/31
Acunetix Website Audit
29 January, 2009
Detailed Scan Report
Generated by Acunetix WVS Reporter (v6.0 Build 20081209)
7/31/2019 Site Audit Report
2/31
Scan of http://testphp.acunetix.com:80/
Scan information
Scan details
Starttime 1/29/2009 4:14:07 PM
Finish time 1/29/2009 5:05:57 PM
Scan time 51 minutes, 50 secondsProfile default
Server information
Responsive True
Server bannerApache/2.0.55 (Ubuntu) mod_python/3.1.4 Python/2.4.3 PHP/5.1.2 mod_ssl/2.0.55OpenSSL/0.9.8a mod_perl/2.0.2 Perl/v5.8.7
Server OS Unix
Server technologies PHP,Perl,mod_ssl,mod_perl,mod_python,OpenSSL
Threat level
Alerts distribution
High
MediumLow
Informational 53
40
7
115
215Total alerts found
Alerts summary
Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
Affects Variations
1Web Server
Cross Site Scripting
Affects Variations
69/guestbook.php
34/search.php
PHP HTML Entity Encoder Heap Overflow Vulnerability
Affects Variations
1PHP
PHP version older than 5.2.1
Affects Variations
1PHP
2Acunetix Website Audit
7/31/2019 Site Audit Report
3/31
PHP version older than 5.2.3
Affects Variations
1PHP
PHP version older than 5.2.5
Affects Variations
1PHP
PHP version older than 5.2.6Affects Variations
1PHP
PHP Zend_Hash_Del_Key_Or_Index vulnerability
Affects Variations
1PHP
Proxy accepts CONNECT requests
Affects Variations
1Server
SQL Injection (AS)
Affects Variations
2/AJAX/infoartist.php
2/artists.php
Apache 2.x version older than 2.0.61
Affects Variations
1Web Server
Apache 2.x version older than 2.0.63
Affects Variations1Web Server
Apache Mod_SSL Log Function Format String Vulnerability
Affects Variations
1mod_ssl
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Affects Variations
1mod_ssl
Open proxy serverAffects Variations
1Server
PHP enable_dl enabled
Affects Variations
1Web Server
PHP errors enabled
Affects Variations
1/
3Acunetix Website Audit
7/31/2019 Site Audit Report
4/31
Application error message
Affects Variations
7/AJAX/infoartist.php
7/AJAX/infocateg.php
7/AJAX/infotitle.php
2/artists.php
5/listproducts.php
2/showimage.php
Hidden form input named price was found
Affects Variations
7/product.php
TRACE Method Enabled
Affects Variations
1Web Server
User credentials are sent in clear text
Affects Variations
1/login.php
1/signup.php
Broken links
Affects Variations
1/privacy.php
1/secured/office_files/filelist.xml
4Acunetix Website Audit
7/31/2019 Site Audit Report
5/31
Files found in the application directory but not linked
Affects Variations
1/_mmServerScripts/MMHTTPDB.php
1/_mmServerScripts/mysql.php
1/404.php
1/acunetix_file_inclusion_test
1/acunetix_md5_random.php
1/acunetix_not_execute
1/acunetix_rfi_test.php
1/acunetix_xsl_inclusion_test.xsl
1/admin/create.sql
1/blade_phpinfo.php
1/Connections/DB_Connection.php
1/CVS/Entries
1/CVS/Entries.Log
1/CVS/Repository
1/CVS/Root
1/database_connect.php
1/dot.gif1/favicon.ico
1/Flash/add.fla
1/index.bak
1/logout.php
1/pi.php
1/pictures/1.jpg
1/pictures/1.jpg.tn
1/pictures/2.jpg
1/pictures/2.jpg.tn
1/pictures/3.jpg
1/pictures/3.jpg.tn
1/pictures/4.jpg
1/pictures/4.jpg.tn
1/pictures/5.jpg
1/pictures/5.jpg.tn
1/pictures/6.jpg
1/pictures/6.jpg.tn
1/pictures/7.jpg
1/pictures/7.jpg.tn
1/pictures/8.jpg
1/pictures/8.jpg.tn1/secured
1/secured/database_connect.php
1/secured/index.php
1/secured/office.htm
1/sendcommand.php
1/Templates/main_dynamic_template.dwt.php
1/testphp.tar.gz
1/wvstests/pmwiki_2_1_19/scripts/version.php
1/xss.js
1/xss.swf
5Acunetix Website Audit
7/31/2019 Site Audit Report
6/31
Password type input with autocomplete enabled
Affects Variations
1/login.php
2/signup.php
6Acunetix Website Audit
7/31/2019 Site Audit Report
7/31
Alert details
Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
HighSeverity
ConfigurationType
Version checkReported by module
Impact
Description
Affected items
Details
Web Server
Cross Site Scripting
HighSeverity
ValidationType
Parameter manipulationReported by module
Impact
Description
Affected items
Details
/guestbook.php
7Acunetix Website Audit
7/31/2019 Site Audit Report
8/31
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
8Acunetix Website Audit
7/31/2019 Site Audit Report
9/31
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
9Acunetix Website Audit
7/31/2019 Site Audit Report
10/31
Details
/guestbook.php
Details
/guestbook.php
Details/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
10Acunetix Website Audit
7/31/2019 Site Audit Report
11/31
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
Details
/guestbook.php
11Acunetix Website Audit
7/31/2019 Site Audit Report
12/31
7/31/2019 Site Audit Report
13/31
Details
/search.php
Details
/search.php
Details/search.php
Details
/search.php
Details
/search.php
Details/search.php
Details
/search.php
Details
/search.php
Details
/search.php
Details
/search.php
Details
/search.php
Details
/search.php
Details
/search.php
Details
/search.php
13Acunetix Website Audit
7/31/2019 Site Audit Report
14/31
Details
/search.php
Details
/search.php
Details
/search.php
Details
/search.php
Details
/search.php
Details/search.php
Details
/search.php
Details
/search.php
Details/search.php
Details
/search.php
Details
/search.php
Details/search.php
Details
/search.php
Details
/search.php
Details/search.php
14Acunetix Website Audit
7/31/2019 Site Audit Report
15/31
Details
/search.php
PHP HTML Entity Encoder Heap Overflow Vulnerability
HighSeverity
ConfigurationTypeVersion checkReported by module
Impact
Description
Affected items
Details
PHP
PHP version older than 5.2.1
HighSeverity
ConfigurationType
Version checkReported by module
Description
15Acunetix Website Audit
7/31/2019 Site Audit Report
16/31
Impact
Affected items
Details
PHP
PHP version older than 5.2.3
HighSeverity
ConfigurationType
Version checkReported by module
Impact
Description
Affected items
Details
PHP
16Acunetix Website Audit
7/31/2019 Site Audit Report
17/31
PHP version older than 5.2.5
HighSeverity
ConfigurationType
Version checkReported by module
Impact
Description
Affected items
Details
PHP
PHP version older than 5.2.6
HighSeverity
ConfigurationType
Version checkReported by module
Description
17Acunetix Website Audit
7/31/2019 Site Audit Report
18/31
Impact
Affected items
Details
PHP
PHP Zend_Hash_Del_Key_Or_Index vulnerability
HighSeverity
ConfigurationType
Version checkReported by module
Impact
Description
Affected items
Details
PHP
Proxy accepts CONNECT requests
HighSeverity
ConfigurationType
ScriptingReported by module
Description
18Acunetix Website Audit
7/31/2019 Site Audit Report
19/31
Impact
Affected items
Details
Server
SQL Injection (AS)
HighSeverity
ValidationType
Parameter manipulationReported by module
Impact
Description
Affected items
Details
/AJAX/infoartist.php
Details
/AJAX/infoartist.php
Details
/artists.php
Details
/artists.php
Apache 2.x version older than 2.0.61
MediumSeverity
ConfigurationType
Version checkReported by module19Acunetix Website Audit
7/31/2019 Site Audit Report
20/31
Impact
Description
Affected items
Details
Web Server
Apache 2.x version older than 2.0.63
MediumSeverity
ConfigurationType
Version checkReported by module
Description
20Acunetix Website Audit
7/31/2019 Site Audit Report
21/31
Impact
Affected items
Details
Web Server
Apache Mod_SSL Log Function Format String Vulnerability
MediumSeverity
ValidationType
Version checkReported by module
Impact
Description
Affected items
Details
mod_ssl
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
MediumSeverity
ValidationType
Version checkReported by module
Impact
Description
Affected items
21Acunetix Website Audit
7/31/2019 Site Audit Report
22/31
Details
mod_ssl
Open proxy server
MediumSeverity
ConfigurationTypeScriptingReported by module
Impact
Description
Affected items
Details
Server
PHP enable_dl enabled
MediumSeverity
ConfigurationType
AspectReported by module
Impact
Description
Affected items
Details
Web Server
PHP errors enabled
MediumSeverity
ConfigurationType
AspectReported by module
Description
22Acunetix Website Audit
7/31/2019 Site Audit Report
23/31
Impact
Affected items
Details
/
Application error message
LowSeverity
ValidationType
Parameter manipulationReported by module
Impact
Description
Affected items
Details
/AJAX/infoartist.php
Details
/AJAX/infoartist.php
Details
/AJAX/infoartist.php
Details
/AJAX/infoartist.php
Details
/AJAX/infoartist.php
Details
/AJAX/infoartist.php
Details
/AJAX/infoartist.php
23Acunetix Website Audit
7/31/2019 Site Audit Report
24/31
Details
/AJAX/infocateg.php
Details
/AJAX/infocateg.php
Details
/AJAX/infocateg.php
Details
/AJAX/infocateg.php
Details
/AJAX/infocateg.php
Details
/AJAX/infocateg.php
Details
/AJAX/infocateg.php
Details
/AJAX/infotitle.php
Details
/AJAX/infotitle.php
Details
/AJAX/infotitle.php
Details
/AJAX/infotitle.php
Details
/AJAX/infotitle.php
Details
/AJAX/infotitle.php
Details
/AJAX/infotitle.php
Details
/artists.php
24Acunetix Website Audit
7/31/2019 Site Audit Report
25/31
Details
/artists.php
Details
/listproducts.php
Details
/listproducts.php
Details
/listproducts.php
Details
/listproducts.php
Details
/listproducts.php
Details
/showimage.php
Details
/showimage.php
Hidden form input named price was found
LowSeverity
InformationalType
CrawlerReported by module
Impact
Description
Affected items
Details
/product.php
Details
/product.php
25Acunetix Website Audit
7/31/2019 Site Audit Report
26/31
Details
/product.php
Details
/product.php
Details
/product.php
Details
/product.php
Details
/product.php
TRACE Method Enabled
LowSeverity
ValidationType
CGI TesterReported by module
Impact
Description
Affected items
Details
Web Server
User credentials are sent in clear text
LowSeverity
InformationalType
CrawlerReported by module
Impact
Description
Affected items
26Acunetix Website Audit
7/31/2019 Site Audit Report
27/31
Details
/login.php
Details
/signup.php
Broken links
InformationalSeverity
InformationalType
CrawlerReported by module
Impact
Description
Affected items
Details
/privacy.php
Details
/secured/office_files/filelist.xml
Files found in the application directory but not linked
InformationalSeverity
InformationalType
CrawlerReported by module
Impact
Description
Affected items
Details
/_mmServerScripts/MMHTTPDB.php
Details
/_mmServerScripts/mysql.php
Details
/404.php
27Acunetix Website Audit
7/31/2019 Site Audit Report
28/31
Details
/acunetix_file_inclusion_test
Details
/acunetix_md5_random.php
Details
/acunetix_not_execute
Details
/acunetix_rfi_test.php
Details
/acunetix_xsl_inclusion_test.xsl
Details
/admin/create.sql
Details
/blade_phpinfo.php
Details
/Connections/DB_Connection.php
Details
/CVS/Entries
Details
/CVS/Entries.Log
Details
/CVS/Repository
Details
/CVS/Root
Details
/database_connect.php
Details
/dot.gif
Details
/favicon.ico
28Acunetix Website Audit
7/31/2019 Site Audit Report
29/31
Details
/Flash/add.fla
Details
/index.bak
Details
/logout.php
Details
/pi.php
Details
/pictures/1.jpg
Details
/pictures/1.jpg.tn
Details
/pictures/2.jpg
Details
/pictures/2.jpg.tn
Details
/pictures/3.jpg
Details
/pictures/3.jpg.tn
Details
/pictures/4.jpg
Details
/pictures/4.jpg.tn
Details
/pictures/5.jpg
Details
/pictures/5.jpg.tn
Details
/pictures/6.jpg
29Acunetix Website Audit
7/31/2019 Site Audit Report
30/31
Details
/pictures/6.jpg.tn
Details
/pictures/7.jpg
Details
/pictures/7.jpg.tn
Details
/pictures/8.jpg
Details
/pictures/8.jpg.tn
Details
/secured
Details
/secured/database_connect.php
Details
/secured/index.php
Details
/secured/office.htm
Details
/sendcommand.php
Details
/Templates/main_dynamic_template.dwt.php
Details
/testphp.tar.gz
Details
/wvstests/pmwiki_2_1_19/scripts/version.php
Details
/xss.js
Details
/xss.swf
Password type input with autocomplete enabled30Acunetix Website Audit
7/31/2019 Site Audit Report
31/31
InformationalSeverity
InformationalType
CrawlerReported by module
Impact
Description
Affected items
Details
/login.php
Details
/signup.php
Details
/signup.php