Beruflich Dokumente
Kultur Dokumente
Scan of http://www.universitas-galuh.ac.id:80/html/index.php
Scan details
Scan information Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level
Knowledge base
List of open TCP ports
Alerts summary
Blind SQL Injection Affects /html/menu.php DNS zone transfer Affects Server Error message on page Affects /html/member/error_log SSL weak ciphers Affects Server Bonjour service running Affects Server Possible sensitive directories Affects /html/member Possible sensitive files Affects /html/error_log /html/member/error_log Session Cookie without HttpOnly flag set Affects / Session Cookie without Secure flag set Affects / TRACE method is enabled Affects Web Server Acunetix Website Audit Variations 1 7 Variations 3 Variations 3 Variations 1 1 Variations 1 Variations 1 Variations 2 Variations 1 Variations 1 Variations 1
Email address found Affects /html/index.php /html/menu.php GHDB: Generic MySQL error message Affects /html/member/error_log GHDB: PHP error message Affects /html/error_log Possible server path disclosure (Unix) Affects /html/error_log /html/index.php /html/member/error_log /html/menu.php Variations 1 1 1 1 Variations 1 Variations 1 Variations 1 1
Alert details
Blind SQL Injection
Severity High Type Validation Reported by module Scripting (Blind_Sql_Injection.script) Description
Impact
Recommendation
Affected items /html/menu.php Details Request GET /html/menu.php?kode=%24%7binjecthere%7d HTTP/1.1 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:40:01 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 42293
Impact
Recommendation
Impact
Recommendation
Request GET /html/member/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix Website Audit 10
Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/member/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:00:24 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Mon, 26 Dec 2011 12:12:00 GMT ETag: "6a0da1-210-4b4fdac764400" Accept-Ranges: bytes Content-Length: 528 Connection: close Content-Type: text/plain; charset=UTF-8
Impact
Recommendation
Server Details
11
Impact
Recommendation
Impact
Recommendation
Affected items /html/member Details Request GET /html/member HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 301 Moved Permanently Date: Tue, 03 Sep 2013 09:41:16 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Location: http://www.universitas-galuh.ac.id/html/member/ Content-Length: 398 Connection: close Content-Type: text/html; charset=iso-8859-1
l i d a t i o n
Impact
Recommendation
Affected items /html/error_log Details Request GET /html/error_log HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 206 Partial Content Date: Tue, 03 Sep 2013 09:40:37 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Wed, 07 Mar 2012 05:19:28 GMT ETag: "6a0d95-9ef-4baa04db3b800" Accept-Ranges: bytes Content-Length: 2543 Content-Range: bytes 0-2542/2543 Connection: close Content-Type: text/plain; charset=UTF-8 /html/member/error_log Details Request GET /html/member/error_log HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 206 Partial Content Date: Tue, 03 Sep 2013 09:59:22 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Mon, 26 Dec 2011 12:12:00 GMT ETag: "6a0da1-210-4b4fdac764400" Accept-Ranges: bytes Content-Length: 528 Acunetix Website Audit 13
Impact
Recommendation
/ Details
/ Details
o r m a t i o n a l
Impact
Recommendation
/ Details
/ Details
15
Impact
Recommendation
Affected items Web Server Details Request TRACE /ydky9bvCbd HTTP/1.1 Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id:80 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:39:03 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Connection: close Content-Type: message/http Content-Length: 233
Impact
Recommendation
Request GET /html/index.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix Website Audit 16
Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.universitas-galuh.ac.id Connection: Keep-alive Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:38:59 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 30798 /html/menu.php Details
Request GET /html/menu.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/index.php Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:39:01 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 28546
17
Impact
Recommendation
Request GET /html/member/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/member/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:00:24 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Mon, 26 Dec 2011 12:12:00 GMT ETag: "6a0da1-210-4b4fdac764400" Accept-Ranges: bytes Content-Length: 528 Connection: close Content-Type: text/plain; charset=UTF-8
Impact
18
Recommendation
Request GET /html/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:59:08 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Wed, 07 Mar 2012 05:19:28 GMT ETag: "6a0d95-9ef-4baa04db3b800" Accept-Ranges: bytes Content-Length: 2543 Connection: close Content-Type: text/plain; charset=UTF-8
Impact
Recommendation
19
Request GET /html/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:59:08 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Wed, 07 Mar 2012 05:19:28 GMT ETag: "6a0d95-9ef-4baa04db3b800" Accept-Ranges: bytes Content-Length: 2543 Connection: close Content-Type: text/plain; charset=UTF-8 /html/index.php Details
Request GET /html/index.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:38:59 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Set-Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6; path=/ Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 30798 /html/member/error_log Details
Request GET /html/member/error_log HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Acunetix Website Audit 20
Referer: http://www.universitas-galuh.ac.id/html/member/ Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 10:00:24 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips Last-Modified: Mon, 26 Dec 2011 12:12:00 GMT ETag: "6a0da1-210-4b4fdac764400" Accept-Ranges: bytes Content-Length: 528 Connection: close Content-Type: text/plain; charset=UTF-8 /html/menu.php Details
Request GET /html/menu.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://www.universitas-galuh.ac.id/html/index.php Cookie: PHPSESSID=mdguva43gd290m1vpohq30oei6 Host: www.universitas-galuh.ac.id Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Response HTTP/1.1 200 OK Date: Tue, 03 Sep 2013 09:39:01 GMT Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.3.3 mod_ssl/2.2.15 OpenSSL/1.0.0-fips X-Powered-By: PHP/5.3.3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 28546
21