Acunetix Website Audit 3 September, 2013

Detailed Scan Report

Generated by Acunetix WVS Reporter (v7.0 Build 20100921)

Scan of http://www.universitas-galuh.ac.id:80/html/index.php
Scan details
Scan information Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level

9/3/2013 4:38:58 PM 9/3/2013 5:00:26 PM 21 minutes, 29 seconds Default

True Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Unix PHP,mod_ssl,OpenSSL

Alerts distribution Total alerts found High Medium Low Informational 24 2 3 11 8

Knowledge base
List of open TCP ports

Acunetix Website Audit

DNS server running FTP server running Whois lookup

Acunetix Website Audit

DNS server running on TCP MySQL server running

POP3 server running List of RPC services

SSH server running

SSL server running [443]

Acunetix Website Audit

Acunetix Website Audit

List of file extensions

List of files with inputs

List of external hosts

Acunetix Website Audit

List of email addresses

Alerts summary
Blind SQL Injection Affects /html/menu.php DNS zone transfer Affects Server Error message on page Affects /html/member/error_log SSL weak ciphers Affects Server Bonjour service running Affects Server Possible sensitive directories Affects /html/member Possible sensitive files Affects /html/error_log /html/member/error_log Session Cookie without HttpOnly flag set Affects / Session Cookie without Secure flag set Affects / TRACE method is enabled Affects Web Server Acunetix Website Audit Variations 1 7 Variations 3 Variations 3 Variations 1 1 Variations 1 Variations 1 Variations 2 Variations 1 Variations 1 Variations 1

Email address found Affects /html/index.php /html/menu.php GHDB: Generic MySQL error message Affects /html/member/error_log GHDB: PHP error message Affects /html/error_log Possible server path disclosure (Unix) Affects /html/error_log /html/index.php /html/member/error_log /html/menu.php Variations 1 1 1 1 Variations 1 Variations 1 Variations 1 1

Acunetix Website Audit

Alert details
Blind SQL Injection
Severity High Type Validation Reported by module Scripting (Blind_Sql_Injection.script) Description

Impact

Recommendation

Affected items /html/menu.php Details Request GET /html/menu.php?kode=%24%7binjecthere%7d HTTP/1.1 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:40:01 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 42293

DNS zone transfer

Acunetix Website Audit 9

High Configuration Severity Scripting (dns_zone_transfer.script) Type Reported by module Description

Impact

Recommendation

Affected items Server Details

Error message on page

Severity Medium Type Validation Reported by module Scripting (Text_Search.script) Description

Impact

Recommendation

Affected items /html/member/error_log Details

Request GET /html/member/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix Website Audit 10

Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/member/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:00:24 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Mon, 26 Dec 2011 12:12:00 GMT ETag: "6a0da1-210-4b4fdac764400" Accept-Ranges: bytes Content-Length: 528 Connection: close Content-Type: text/plain; charset=UTF-8

SSL weak ciphers

Severity Medium Type Configuration Reported by module Scripting (ssl_ping.script) Description

Impact

Recommendation

Affected items Server Details

Server Details

Bonjour service running

Severity Low Type Configuration Reported by module Scripting (mdns_zeroconf_ping.script) Description

Acunetix Website Audit

11

Impact

Recommendation

Affected items Server Details

Possible sensitive directories

Severity Low Type Validation Reported by module Scripting (Possible_Sensitive_Directories.script) Description

Impact

Recommendation

Affected items /html/member Details Request GET /html/member HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 301 Moved Permanently Date: Tue, 03 Sep 2013 09:41:16 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Location: http://www.universitas-galuh.ac.id/html/member/ Content-Length: 398 Connection: close Content-Type: text/html; charset=iso-8859-1

Possible sensitive files

Severity Low 12

Acunetix Website Audit

Type Reported by module Scripting (Possible_Sensitive_Files.script) Description

l i d a t i o n

Impact

Recommendation

Affected items /html/error_log Details Request GET /html/error_log HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 206 Partial Content Date: Tue, 03 Sep 2013 09:40:37 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Wed, 07 Mar 2012 05:19:28 GMT ETag: "6a0d95-9ef-4baa04db3b800" Accept-Ranges: bytes Content-Length: 2543 Content-Range: bytes 0-2542/2543 Connection: close Content-Type: text/plain; charset=UTF-8 /html/member/error_log Details Request GET /html/member/error_log HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 206 Partial Content Date: Tue, 03 Sep 2013 09:59:22 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Mon, 26 Dec 2011 12:12:00 GMT ETag: "6a0da1-210-4b4fdac764400" Accept-Ranges: bytes Content-Length: 528 Acunetix Website Audit 13

Content-Range: bytes 0-527/528 Connection: close

Session Cookie without HttpOnly flag set

Severity Low Type Informational Reported by module Crawler Description

Impact

Recommendation

Affected items / Details

Request GET / HTTP/1.1 Response

/ Details

Request GET / HTTP/1.1 Response

/ Details

Request GET / HTTP/1.1 Response

Session Cookie without Secure flag set

Severity Low 14

Acunetix Website Audit

Type Reported by module Crawler Description

o r m a t i o n a l

Impact

Recommendation

Affected items / Details

Request GET / HTTP/1.1 Response

/ Details

Request GET / HTTP/1.1 Response

/ Details

Request GET / HTTP/1.1 Response

TRACE method is enabled

Severity Low Type Validation Reported by module Scripting (Track_Trace_Server_Methods.script) Description

Acunetix Website Audit

15

Impact

Recommendation

Affected items Web Server Details Request TRACE /ydky9bvCbd HTTP/1.1 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:39:03 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Connection: close Content-Type: message/http Content-Length: 233

Email address found

Severity Informational Type Informational Reported by module Scripting (Text_Search.script) Description

Impact

Recommendation

Affected items /html/index.php Details

Request GET /html/index.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix Website Audit 16

Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.universitas-galuh.ac.id Connection: Keep-alive Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:38:59 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 30798 /html/menu.php Details

Request GET /html/menu.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/index.php Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:39:01 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 28546

GHDB: Generic MySQL error message

Severity Informational Type Informational Reported by module GHDB Description

Acunetix Website Audit

17

Impact

Recommendation

Affected items /html/member/error_log Details

Request GET /html/member/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/member/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:00:24 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Mon, 26 Dec 2011 12:12:00 GMT ETag: "6a0da1-210-4b4fdac764400" Accept-Ranges: bytes Content-Length: 528 Connection: close Content-Type: text/plain; charset=UTF-8

GHDB: PHP error message

Severity Informational Type Informational Reported by module GHDB Description

Impact

Acunetix Website Audit

18

Recommendation

Affected items /html/error_log Details

Request GET /html/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:59:08 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Wed, 07 Mar 2012 05:19:28 GMT ETag: "6a0d95-9ef-4baa04db3b800" Accept-Ranges: bytes Content-Length: 2543 Connection: close Content-Type: text/plain; charset=UTF-8

Possible server path disclosure (Unix)

Severity Informational Type Informational Reported by module Scripting (Text_Search.script) Description

Impact

Recommendation

Affected items /html/error_log Details

Acunetix Website Audit

19

Request GET /html/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:59:08 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Wed, 07 Mar 2012 05:19:28 GMT ETag: "6a0d95-9ef-4baa04db3b800" Accept-Ranges: bytes Content-Length: 2543 Connection: close Content-Type: text/plain; charset=UTF-8 /html/index.php Details

Request GET /html/index.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:38:59 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 30798 /html/member/error_log Details

Request GET /html/member/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Acunetix Website Audit 20

Referer: http://www.universitas-galuh.ac.id/html/member/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:00:24 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Mon, 26 Dec 2011 12:12:00 GMT ETag: "6a0da1-210-4b4fdac764400" Accept-Ranges: bytes Content-Length: 528 Connection: close Content-Type: text/plain; charset=UTF-8 /html/menu.php Details

Request GET /html/menu.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/index.php Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:39:01 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 28546

Acunetix Website Audit

21