Beruflich Dokumente
Kultur Dokumente
7 June, 2016
Scan
URL
Scan date
Duration
Profile
http://192.168.1.3:80/
6/6/2016 5:59:47 PM
15 hours, 7 minutes
Default
Compliance at a Glance
This section of the report is a summary and lists the number of alerts found according to individual compliance categories.
(4.4) OS Commanding
OS Commanding is an attack technique used to exploit web sites by executing Operating System commands through
manipulation of application input.
When a web application does not properly sanitize user-supplied input before using it within application code, it may be
possible to trick the application into executing Operating System commands. The executed commands will run with the
same permissions of the component that executed the command (e.g. Database server, Web application server, Web
server, etc.).
No alerts in this category.
SSI Injection (Server-side Include) is a server-side exploit technique that allows an attacker to send code into a web
application, which will later be executed locally by the web server. SSI Injection exploits a web application's failure to
sanitize user-supplied data before they are inserted into a server-side interpreted HTML file.
If an attacker submits a Server-side Include statement, he may have the ability to execute arbitrary operating system
commands, or include a restricted file's contents the next time the page is served.
No alerts in this category.
CWE
Affected item
/
Affected parameter
Variants
1
CWE
Affected item
Affected parameter
Variants
Affected item
/account/edit/endalamaw
FirstName
1
/account/edit/endalamaw
/finance/bankaccounts/edit/10
AccountName
1
/finance/bankaccounts/edit/10
BankAdress
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/finance/bankaccounts/edit/11
AccountName
1
/finance/bankaccounts/edit/11
BankAdress
1
/finance/bankaccounts/edit/11
BankBranch
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
/finance/bankaccounts/edit/12
AccountName
1
/finance/bankaccounts/edit/12
BankAdress
1
/finance/bankaccounts/edit/12
/finance/bankaccounts/edit/13
BankAdress
1
/finance/bankaccounts/edit/13
BankBranch
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/finance/bankaccounts/edit/14
__RequestVerificationToken
1
/finance/bankaccounts/edit/14
AccountName
1
/finance/bankaccounts/edit/14
AccountNumber
1
/finance/bankaccounts/edit/15
BankAdress
1
/finance/bankaccounts/edit/15
BankBranch
1
/finance/bankaccounts/edit/15
BankName
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/finance/bankaccounts/edit/16
AccountName
1
/finance/bankaccounts/edit/16
BankAdress
1
/finance/bankaccounts/edit/16
BankBranch
1
/finance/bankaccounts/edit/16
BankName
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/finance/bankaccounts/edit/17
AccountName
1
/finance/bankaccounts/edit/17
BankAdress
1
/finance/bankaccounts/edit/17
BankBranch
1
Affected item
/finance/bankaccounts/edit/6
Affected parameter AccountName
Variants
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/finance/bankaccounts/edit/6
BankAdress
1
/finance/bankaccounts/edit/6
BankBranch
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/finance/bankaccounts/edit/7
AccountName
1
/finance/bankaccounts/edit/7
BankAdress
1
/finance/bankaccounts/edit/7
BankBranch
1
/finance/bankaccounts/edit/7
BankName
1
Affected item
/finance/bankaccounts/edit/8
AccountName
1
/finance/bankaccounts/edit/8
BankAdress
1
/finance/bankaccounts/edit/8
BankBranch
1
/finance/bankaccounts/edit/8
BankName
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/finance/bankaccounts/edit/9
AccountName
1
/finance/bankaccounts/edit/9
BankAdress
1
/finance/bankaccounts/edit/9
BankBranch
1
Affected item
/hr/disciplinaymeasureranks/edit/2
Affected parameter DisciplinayMeasureRank
Variants
1
Affected item
/hr/disciplinaymeasureranks/edit/3
Affected parameter DisciplinayMeasureRank
Variants
1
Affected item
/hr/disciplinaymeasuretypes/edit/10
Affected parameter Measure
Variants
1
Affected item
/hr/disciplinaymeasuretypes/edit/11
Affected parameter Measure
Variants
Affected item
/hr/disciplinaymeasuretypes/edit/12
Affected parameter Measure
Variants
1
Affected item
/hr/disciplinaymeasuretypes/edit/8
Affected parameter Measure
Variants
1
Affected item
/hr/disciplinaymeasuretypes/edit/9
Affected parameter Measure
Variants
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/hr/empbscappraisalperiods/edit/1
__RequestVerificationToken
1
/hr/empbscappraisalperiods/edit/1
AppraisalPeriod
1
Affected item
/hr/empbscappraisalperiods/edit/2
Affected parameter AppraisalPeriod
Variants
1
Acunetix Website Audit
10
Affected item
/hr/empbscappraisalperiods/edit/4
Affected parameter AppraisalPeriod
Variants
1
Affected item
/hr/empbscappraisalperiods/edit/5
Affected parameter AppraisalPeriod
Variants
1
Affected item
/hr/empbscappraisalperiods/edit/6
Affected parameter AppraisalPeriod
Variants
1
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
CVSS
CWE
Affected item
/finance/json/description
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Affected parameter
Acunetix Website Audit
Variants
11
Affected item
/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Affected parameter
Variants
1
Affected item
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Affected parameter
Variants
1
Affected item
/hr/disciplinaymeasuretypes
Affected parameter
Variants
1
Affected item
/procurement/reportprocurement
Affected parameter
Variants
1
Affected item
/procurement/reportprocurement/getlotdetails
Affected parameter
Variants
1
Affected item
/upload
Affected parameter
Variants
1
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
CVSS
CWE
Affected item
/
Affected parameter /
Variants
3
Affected item
/account/delete/enanu
Affected parameter __RequestVerificationToken
Variants
1
Affected item
/account/delete/endalamaw
Affected parameter __RequestVerificationToken
Variants
1
Affected item
/account/delete/zelalem
Affected parameter __RequestVerificationToken
Variants
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
/account/edit/enanu
__RequestVerificationToken
1
/account/edit/enanu
Email
1
/account/edit/enanu
FirstName
1
/account/edit/enanu
LastName
1
/account/edit/enanu
UserName
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/account/edit/endalamaw
__RequestVerificationToken
1
/account/edit/endalamaw
Email
1
/account/edit/endalamaw
FirstName
1
/account/edit/endalamaw
LastName
1
/account/edit/endalamaw
UserName
1
12
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/account/login
__RequestVerificationToken
2
/account/login
Password
1
/account/login
ReturnUrl
1
/account/login
UserName
1
Affected item
/account/logoff
Affected parameter __RequestVerificationToken
Variants
1
Affected item
/account/register
Affected parameter __RequestVerificationToken
Variants
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/account/usergroups/enanu
__RequestVerificationToken
1
/account/usergroups/enanu
Groups[0].GroupId
1
/account/usergroups/enanu
Groups[1].GroupId
1
/account/usergroups/enanu
Groups[2].GroupId
1
/account/usergroups/enanu
Groups[3].GroupId
1
/account/usergroups/enanu
Groups[3].Selected
1
/account/usergroups/enanu
Groups[4].GroupId
1
/account/usergroups/enanu
Groups[4].Selected
1
/account/usergroups/enanu
Groups[5].GroupId
1
/account/usergroups/enanu
Groups[5].Selected
1
/account/usergroups/enanu
Groups[6].GroupId
1
/account/usergroups/enanu
13
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Groups[6].Selected
1
/account/usergroups/enanu
Groups[7].GroupId
1
/account/usergroups/enanu
Groups[7].Selected
1
/account/usergroups/enanu
Groups[8].GroupId
1
/account/usergroups/enanu
Groups[8].Selected
1
/account/usergroups/enanu
UserName
1
Affected item
/finance/budgetallocationandusage/
Affected parameter BudgetYear
Variants
1
Affected item
/finance/budgetallocationandusage/budgetallocationandusageexcel
Affected parameter BudgetYear
Variants
1
Affected item
/finance/budgetallocationandusage/budgetallocationandusageprint
Affected parameter BudgetYear
Variants
1
Affected item
/finance/json/description
14
Affected parameter id
Variants
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/
fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
filter
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
filter
1
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
group
1
1
/
fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
group
1
/
fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
page
1
/
fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
pageSize
1
/
fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
sort
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
page
1
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
pageSize
1
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
sort
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
filter
1
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
group
1
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
page
1
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
pageSize
1
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
sort
1
Affected item
/home/setculture
Affected parameter Referer
Variants
1
Affected item
/hr/disciplinaymeasuretypes/delete/10
Affected parameter __RequestVerificationToken
Acunetix Website Audit
Variants
Affected item
/hr/disciplinaymeasuretypes/delete/11
Affected parameter __RequestVerificationToken
Variants
1
Affected item
/hr/disciplinaymeasuretypes/delete/12
Affected parameter __RequestVerificationToken
Variants
1
Affected item
/hr/disciplinaymeasuretypes/delete/8
Affected parameter __RequestVerificationToken
Variants
1
Affected item
/hr/disciplinaymeasuretypes/delete/9
Affected parameter __RequestVerificationToken
Variants
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
/hr/disciplinaymeasuretypes/edit/10
__RequestVerificationToken
1
/hr/disciplinaymeasuretypes/edit/10
CreatedBy
1
/hr/disciplinaymeasuretypes/edit/10
CreatedOn
15
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
1
/hr/disciplinaymeasuretypes/edit/10
DisciplinayMeasureRanksID
1
/hr/disciplinaymeasuretypes/edit/10
DisciplinayMeasureTypesID
1
/hr/disciplinaymeasuretypes/edit/10
ExpireYear
1
/hr/disciplinaymeasuretypes/edit/10
Measure
1
/hr/disciplinaymeasuretypes/edit/10
PercentageEffectOnPromotion
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
/hr/disciplinaymeasuretypes/edit/11
__RequestVerificationToken
1
/hr/disciplinaymeasuretypes/edit/11
CreatedBy
1
/hr/disciplinaymeasuretypes/edit/11
CreatedOn
1
/hr/disciplinaymeasuretypes/edit/11
DisciplinayMeasureRanksID
1
/hr/disciplinaymeasuretypes/edit/11
DisciplinayMeasureTypesID
1
/hr/disciplinaymeasuretypes/edit/11
ExpireYear
1
/hr/disciplinaymeasuretypes/edit/11
Measure
1
/hr/disciplinaymeasuretypes/edit/11
PercentageEffectOnPromotion
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
/hr/disciplinaymeasuretypes/edit/12
__RequestVerificationToken
1
/hr/disciplinaymeasuretypes/edit/12
CreatedBy
1
/hr/disciplinaymeasuretypes/edit/12
CreatedOn
1
/hr/disciplinaymeasuretypes/edit/12
DisciplinayMeasureRanksID
16
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
1
/hr/disciplinaymeasuretypes/edit/12
DisciplinayMeasureTypesID
1
/hr/disciplinaymeasuretypes/edit/12
ExpireYear
1
/hr/disciplinaymeasuretypes/edit/12
Measure
1
/hr/disciplinaymeasuretypes/edit/12
PercentageEffectOnPromotion
1
Affected item
Affected parameter
Variants
Affected item
Affected parameter
Variants
/hr/empbscappraisalperiods/create
__RequestVerificationToken
1
/hr/empbscappraisalperiods/create
IsClosed
1
CWE
17
Affected item
/
Affected parameter
Variants
1
Email address found
One or more email addresses have been found on this page. The majority of spam comes from email addresses
harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour
the internet looking for email addresses on any website they come across. Spambot programs look for strings like
myname@mydomain.com and then record any addresses found.
CVSS
CWE
Affected item
/account
Affected parameter
Variants
1
Affected item
/account/delete/zelalem
Affected parameter
Variants
1
Affected item
/account/edit/zelalem
Affected parameter
Variants
1
Microsoft IIS version disclosure
The HTTP responses returned by this web application include a header named Server. The value of this header includes
the version of Microsoft IIS server.
CVSS
CWE
Affected item
/
Affected parameter
Variants
1
Password type input with auto-complete enabled
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should
be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as
the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
CVSS
CWE-200
Affected item
/account/login
Affected parameter
Variants
1
Affected item
/account/login (1f2dc0e26bedda9d5aebd00f748cb9d1)
Affected parameter
Variants
1
Affected item
/account/login (8f687fa47b22a02f27a3174aed84ccc0)
Affected parameter
Variants
1
Affected item
/account/login (d4c7aaa78ab87dfcc2f6d60cf3c9605e)
Affected parameter
Variants
1
Affected item
/account/login (f679e9569fc981ca88e5e9c01ef99b87)
Affected parameter
Variants
1
Affected item
/account/register
18
Affected parameter
Variants
2
Possible internal IP address disclosure
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing
scheme of the internal network. This information can be used to conduct further attacks.
This alert may be a false positive, manual confirmation is required.
CVSS
CWE
Affected item
/home/setculture
Affected parameter
Variants
1
Possible username or password disclosure
A username and/or password was found in this file. This information could be sensitive.
This alert may be a false positive, manual confirmation is required.
CVSS
CWE
Affected item
/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
Affected parameter
Acunetix Website Audit
Variants
19
Predictable Resource Location is an attack technique used to uncover hidden web site content and functionality. By
making educated guesses, the attack is a brute force search looking for content that is not intended for public viewing.
Temporary files, backup files, configuration files, and sample files are all examples of potentially leftover files. These brute
force searches are easy because hidden files will often have common naming convention and reside in standard
locations. These files may disclose sensitive information about web application internals, database information,
passwords, machine names, file paths to other sensitive areas, or possibly contain vulnerabilities. Disclosure of this
information is valuable to an attacker.
No alerts in this category.
CWE
Affected item
/
Affected parameter
Variants
2
Affected item
/account
Affected parameter
Variants
4
Affected item
/finance/accountstransactions
Acunetix Website Audit
Affected parameter
Variants
2
Affected item
/finance/budgetagainstpreviousyear
Affected parameter
Variants
2
Affected item
/finance/budgetallocationandusage
Affected parameter
Variants
2
Affected item
/finance/json/fromaccountcode
Affected parameter
Variants
2
20
Affected item
/finance/reportfinance/accountanalysis
Affected parameter
Variants
2
Affected item
/finance/reportfinance/accountanalysisbysegment
Affected parameter
Variants
2
Affected item
/finance/reportfinance/aragingbyinvoice
Affected parameter
Variants
2
Affected item
/finance/reportfinance/cashflow
Affected parameter
Variants
2
Affected item
/finance/reportfinance/chartofaccount
Affected parameter
Variants
2
Affected item
/finance/reportfinance/customerlist
Affected parameter
Variants
2
Affected item
/finance/reportfinance/incomestatement
Affected parameter
Variants
2
Affected item
/finance/reportfinance/incomestatementbyproject
Affected parameter
Variants
2
Affected item
/finance/reportfinance/supplierlist
Affected parameter
Variants
2
Affected item
/finance/reportfinance/trialbalance
Affected parameter
Variants
2
Affected item
/hr/certificatesandletters
Affected parameter
Variants
2
Affected item
/hr/upload
Affected parameter
Variants
2
Acunetix Website Audit
Affected item
/inventory/reportinventory/issueitem
Affected parameter
Variants
2
Affected item
/inventory/reportinventory/stockbalance
Affected parameter
Variants
2
Affected item
/payroll/payrollreports/bonusincometaxreport
Affected parameter
Variants
2
Affected item
/payroll/payrollreports/monthlypensionreport
21
Affected parameter
Variants
2
Affected item
/payroll/payrollreports/reportbycontributiontypelist
Affected parameter
Variants
2
Login page password-guessing attack
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack
is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols
until you discover the one correct combination that works.
This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended to
implement some type of account lockout after a defined number of incorrect password attempts. Consult Web references
for more information about fixing this problem.
CVSS
CWE
Affected item
/account/login
Affected parameter
Variants
1
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
Affected item
/finance/json/bankaccounts (6e57e52fb25f1aa27d063b6c42189ce6)
Affected parameter
Variants
1
Affected item
/finance/json/description (c002f292f84915c9792f54c0abc710d4)
Affected parameter
Acunetix Website Audit
Variants
22
Affected item
/finance/json/fromaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Affected parameter
Variants
1
Affected item
/finance/json/toaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Affected parameter
Variants
1
Affected item
/
Affected parameter fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Variants
Affected item
/
Affected parameter fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Variants
1
Affected item
/
Affected parameter fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Variants
1
Affected item
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Affected parameter (11e076bff3d87afafd26c723d1fdc6a3)
Variants
1
Affected item
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Affected parameter (11e076bff3d87afafd26c723d1fdc6a3)
Variants
1
CWE
Affected item
/hr/disciplinaymeasuretypes
Affected parameter
Variants
1
Affected item
/projectmanagement/projectestimationnames
Affected parameter
Variants
1
23
/
Microsoft IIS tilde directory enumeration
24
It is possible to detect short names of files and directories which have an 8.3 file naming scheme equivalent in Windows
by using some vectors in several versions of Microsoft IIS. For instance, it is possible to detect all short-names of ".aspx"
files as they have 4 letters in their extensions. This can be a major issue especially for the .Net websites which are
vulnerable to direct URL access as an attacker can find important files and folders that they are not normally visible.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Variations
1
CWE
Parameter
Variations
1
25
CWE
CWE-200
Parameter
/
Variations
3
CWE
Parameter
Variations
1
CWE
Parameter
/account
HTML form without CSRF protection
Variations
1
26
CWE
Parameter
Variations
2
CWE
Parameter
/account/delete/enanu
Internal server error
Variations
1
27
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
Variations
1
/account/delete/endalamaw
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
/account/delete/zelalem
Variations
1
28
CWE
Parameter
__RequestVerificationToken
Variations
1
CWE
Parameter
/account/edit/enanu
Variations
1
29
CWE
Parameter
__RequestVerificationToken
Email
FirstName
LastName
UserName
Variations
1
1
1
1
1
30
/account/edit/endalamaw
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
FirstName
UserName
Variations
1
1
CWE
Parameter
__RequestVerificationToken
Email
FirstName
LastName
UserName
/account/edit/zelalem
Application error message
Variations
1
1
1
1
1
31
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
LastName
Variations
1
CWE
Parameter
/account/login
Variations
1
32
CWE
Parameter
Password
Variations
1
CWE
Parameter
__RequestVerificationToken
Password
ReturnUrl
UserName
Variations
2
1
1
1
33
CVSS
CWE
Parameter
Variations
1
CWE
Parameter
Variations
1
/account/login (1f2dc0e26bedda9d5aebd00f748cb9d1)
Password type input with auto-complete enabled
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should
be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as
the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 0.0
CWE
Parameter
Variations
1
34
/account/login (8f687fa47b22a02f27a3174aed84ccc0)
Password type input with auto-complete enabled
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should
be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as
the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 0.0
CWE
Parameter
Variations
1
/account/login (d4c7aaa78ab87dfcc2f6d60cf3c9605e)
Password type input with auto-complete enabled
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should
be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as
the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 0.0
CWE
Parameter
35
/account/login (f679e9569fc981ca88e5e9c01ef99b87)
Password type input with auto-complete enabled
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should
be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as
the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 0.0
CWE
Parameter
Variations
1
/account/logoff
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
Variations
1
36
/account/register
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
Variations
1
CWE
Parameter
37
/account/usergroups/enanu
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
Groups[0].GroupId
Groups[1].GroupId
Groups[2].GroupId
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
Variations
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
38
/account/usergroups/endalamaw
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
UserName
/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
Possible username or password disclosure
A username and/or password was found in this file. This information could be sensitive.
This alert may be a false positive, manual confirmation is required.
This alert belongs to the following categories: 5.2
Variations
1
CVSS
CWE
Parameter
Variations
1
39
/finance/accountstransactions
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
/finance/bankaccounts/edit/10
Application error message
Variations
1
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AccountName
BankAdress
Variations
1
1
40
/finance/bankaccounts/edit/11
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AccountName
BankAdress
BankBranch
/finance/bankaccounts/edit/12
Application error message
Variations
1
1
1
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AccountName
BankAdress
BankBranch
Variations
1
1
1
41
/finance/bankaccounts/edit/13
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
BankAdress
BankBranch
/finance/bankaccounts/edit/14
Application error message
Variations
1
1
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
AccountName
AccountNumber
Variations
1
1
1
42
/finance/bankaccounts/edit/15
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
BankAdress
BankBranch
BankName
/finance/bankaccounts/edit/16
Variations
1
1
1
CWE
Parameter
AccountName
BankAdress
BankBranch
BankName
Variations
1
1
1
1
43
/finance/bankaccounts/edit/17
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AccountName
BankAdress
BankBranch
/finance/bankaccounts/edit/6
Variations
1
1
1
CWE
Parameter
AccountName
BankAdress
BankBranch
Variations
1
1
1
44
/finance/bankaccounts/edit/7
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AccountName
BankAdress
BankBranch
BankName
Variations
1
1
1
1
/finance/bankaccounts/edit/8
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AccountName
BankAdress
BankBranch
BankName
Variations
1
1
1
1
45
/finance/bankaccounts/edit/9
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AccountName
BankAdress
BankBranch
Variations
1
1
1
/finance/budgetagainstpreviousyear
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
Variations
1
46
/finance/budgetallocationandusage
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
/finance/budgetallocationandusage/
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
BudgetYear
Variations
1
47
/finance/budgetallocationandusage/budgetallocationandusageexcel
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
BudgetYear
/finance/budgetallocationandusage/budgetallocationandusageprint
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
BudgetYear
Variations
1
48
/finance/json/bankaccounts (6e57e52fb25f1aa27d063b6c42189ce6)
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
This alert belongs to the following categories: 6.1
Parameter
Variations
1
49
/finance/json/description
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Variations
1
CWE
Parameter
id
Variations
1
50
/finance/json/description (c002f292f84915c9792f54c0abc710d4)
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
This alert belongs to the following categories: 6.1
Parameter
Variations
1
/finance/json/fromaccountcode
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
Variations
1
51
/finance/json/fromaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
This alert belongs to the following categories: 6.1
Parameter
Variations
1
/finance/json/toaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
This alert belongs to the following categories: 6.1
Parameter
Variations
1
52
/finance/reportfinance/accountanalysis
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
CWE
Parameter
Variations
1
/finance/reportfinance/accountanalysisbysegment
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
Variations
1
53
/finance/reportfinance/aragingbyinvoice
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
CWE
Parameter
Variations
1
/finance/reportfinance/cashflow
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
Variations
1
54
/finance/reportfinance/chartofaccount
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
CWE
Parameter
Variations
1
/finance/reportfinance/customerlist
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
/finance/reportfinance/incomestatement
HTML form without CSRF protection
Variations
1
55
CWE
Parameter
Variations
1
/finance/reportfinance/incomestatementbyproject
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
/finance/reportfinance/supplierlist
HTML form without CSRF protection
Variations
1
56
CWE
Parameter
Variations
1
/finance/reportfinance/trialbalance
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
Variations
1
/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
57
CWE
Parameter
Variations
1
/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Variations
1
/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
58
CWE
Parameter
Variations
1
/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
filter
group
page
pageSize
sort
Variations
1
1
1
1
1
59
/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
This alert belongs to the following categories: 6.1
Parameter
Variations
1
/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
This alert belongs to the following categories: 6.1
Parameter
Variations
1
60
/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
This alert belongs to the following categories: 6.1
Parameter
Variations
1
/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
61
/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
62
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
1
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
filter
group
page
pageSize
sort
Variations
1
1
1
1
1
63
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
This alert belongs to the following categories: 6.1
Parameter
Variations
/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Variations
1
64
/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Variations
1
/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Variations
1
65
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CWE
CWE-200
Parameter
Variations
1
CWE
Parameter
filter
group
page
pageSize
sort
Variations
1
1
1
1
1
66
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Possible CSRF (Cross-site request forgery)
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or other
content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to
have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
Variations
1
67
/home/setculture
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
CWE
Parameter
Referer
Variations
1
CWE
Parameter
/hr/certificatesandletters
HTML form without CSRF protection
Variations
1
68
CWE
Parameter
Variations
1
/hr/disciplinaymeasureranks/edit/2
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
DisciplinayMeasureRank
/hr/disciplinaymeasureranks/edit/3
Application error message
Variations
1
69
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
DisciplinayMeasureRank
/hr/disciplinaymeasuretypes
Variations
1
70
CWE
Parameter
Variations
1
CWE
Parameter
/hr/disciplinaymeasuretypes/delete/10
Variations
1
71
CWE
Parameter
__RequestVerificationToken
Variations
1
/hr/disciplinaymeasuretypes/delete/11
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
Variations
1
72
/hr/disciplinaymeasuretypes/delete/12
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
Variations
1
/hr/disciplinaymeasuretypes/delete/8
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
Variations
1
73
/hr/disciplinaymeasuretypes/delete/9
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
Variations
1
74
/hr/disciplinaymeasuretypes/edit/10
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Measure
Variations
1
CWE
Parameter
__RequestVerificationToken
CreatedBy
CreatedOn
DisciplinayMeasureRanksID
DisciplinayMeasureTypesID
ExpireYear
Measure
PercentageEffectOnPromotion
Variations
1
1
1
1
1
1
1
1
75
/hr/disciplinaymeasuretypes/edit/11
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Measure
Variations
1
CWE
Parameter
__RequestVerificationToken
CreatedBy
CreatedOn
DisciplinayMeasureRanksID
DisciplinayMeasureTypesID
ExpireYear
Measure
Variations
1
1
1
1
1
1
1
PercentageEffectOnPromotion
76
/hr/disciplinaymeasuretypes/edit/12
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Measure
Variations
1
CWE
Parameter
__RequestVerificationToken
CreatedBy
CreatedOn
DisciplinayMeasureRanksID
DisciplinayMeasureTypesID
ExpireYear
Variations
1
1
1
1
1
1
Measure
PercentageEffectOnPromotion
1
1
77
/hr/disciplinaymeasuretypes/edit/8
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Measure
Variations
1
/hr/disciplinaymeasuretypes/edit/9
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Measure
78
/hr/empbscappraisalperiods/create
Internal server error
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
IsClosed
Variations
1
1
/hr/empbscappraisalperiods/edit/1
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
__RequestVerificationToken
AppraisalPeriod
Variations
1
1
79
/hr/empbscappraisalperiods/edit/2
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AppraisalPeriod
Variations
1
/hr/empbscappraisalperiods/edit/4
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AppraisalPeriod
Variations
1
80
/hr/empbscappraisalperiods/edit/5
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AppraisalPeriod
Variations
1
/hr/empbscappraisalperiods/edit/6
Application error message
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
AppraisalPeriod
Variations
1
81
/hr/upload
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
Variations
1
/inventory/reportinventory/issueitem
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
CWE
Parameter
Variations
1
82
/inventory/reportinventory/stockbalance
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
Variations
1
/payroll/payrollreports/bonusincometaxreport
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
CWE
Parameter
Variations
1
83
/payroll/payrollreports/monthlypensionreport
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
This alert belongs to the following categories: 6.1, 6.1
CVSS
Base Score: 2.6
CWE
Parameter
Variations
1
/payroll/payrollreports/reportbycontributiontypelist
HTML form without CSRF protection
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type
of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
CWE
Parameter
Variations
1
84
/procurement/reportprocurement
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
Base Score: 5.0
CWE
Parameter
Variations
1
/procurement/reportprocurement/getlotdetails
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
CWE
Parameter
Variations
1
85
/projectmanagement/projectestimationnames
Slow response time
This page had a slow response time. This type of files can be targeted in denial of service attacks. An attacker can
request this page repeatedly from multiple computers until the server becomes overloaded.
This alert belongs to the following categories: 6.2
CVSS
Base Score: 5.0
CWE
Parameter
Variations
1
/upload
Error message on page
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
This alert belongs to the following categories: 5.2
CVSS
CWE
Parameter
Variations
1
86
Input type
Path Fragment
Path Fragment
Input scheme 2
Input name
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Input scheme 3
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 4
Input name
-
Input type
Path Fragment
/
/
/
/
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 5
Input name
/
Input type
Path Fragment
Input scheme 6
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 7
Input name
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
87
/
/
Path Fragment
Path Fragment
Input scheme 8
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 9
Input name
/
/
/
/
Input scheme 10
Input name
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input type
Path Fragment
/
/
/
/
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 11
Input name
Host
Input type
HTTP Header
http://192.168.1.3/account
Vulnerabilities have been identified for this URL
4 input(s) found for this URL
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
page
SearchString
Input type
URL encoded GET
URL encoded POST
88
http://192.168.1.3/account/login
Vulnerabilities have been identified for this URL
8 input(s) found for this URL
Inputs
Input scheme 1
Input name
ReturnUrl
Input type
URL encoded GET
Input scheme 2
Input name
ReturnUrl
__RequestVerificationToken
Password
UserName
Input type
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 3
Input name
__RequestVerificationToken
Password
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/account/logoff
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/account/manage
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/delete
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/delete/bizuneh
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/delete/abeje
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/delete/admin
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/delete/abiyu
No vulnerabilities have been identified for this URL
No input(s) found for this URL
89
Input type
URL encoded POST
http://192.168.1.3/account/delete/enanu
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/account/delete/endalamaw
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/account/edit
No vulnerabilities have been identified for this URL
No input(s) found for this URL
90
http://192.168.1.3/account/edit/abrham
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/edit/bizuneh
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/edit/birhanu
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/edit/alemnew
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/edit/zelalem
Vulnerabilities have been identified for this URL
5 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/account/edit/enanu
Vulnerabilities have been identified for this URL
5 input(s) found for this URL
Acunetix Website Audit
91
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/account/edit/endalamaw
Vulnerabilities have been identified for this URL
5 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Email
FirstName
LastName
UserName
http://192.168.1.3/account/usergroups
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
92
http://192.168.1.3/account/usergroups/birhanu
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/usergroups/abeyus
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/usergroups/alemnew
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/usergroups/zelalem
No vulnerabilities have been identified for this URL
20 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Groups[0].GroupId
Input type
POST (multipart)
POST (multipart)
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
http://192.168.1.3/account/usergroups/endalamaw
Vulnerabilities have been identified for this URL
20 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
93
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
http://192.168.1.3/account/usergroups/enanu
Vulnerabilities have been identified for this URL
20 input(s) found for this URL
Inputs
Input scheme 1
Input name
Input type
__RequestVerificationToken
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
http://192.168.1.3/account/userpermissions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/userpermissions/bizuneh
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/userpermissions/meaza
No vulnerabilities have been identified for this URL
No input(s) found for this URL
94
http://192.168.1.3/account/userpermissions/abrham
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/userpermissions/abiyu
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/userpermissions/alemnew
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/userpermissions/zelalem
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/userpermissions/endalamaw
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/userpermissions/enanu
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/account/register
Vulnerabilities have been identified for this URL
7 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
ConfirmPassword
Email
FirstName
LastName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
95
URL encoded POST
URL encoded POST
http://192.168.1.3/content/ace/css/ace.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/ace/css/ace-rtl.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/ace/css/bootstrap.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/ace/css/images/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/ace/fonts/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/ace/fonts/fonts.googleapis.com.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/ace/font-awesome/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/ace/font-awesome/4.2.0/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/ace/font-awesome/4.2.0/css/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
96
97
http://192.168.1.3/content/jqury-ui/jquery-ui.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/jqury-ui/images
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/jstree/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/jstree/themes/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/jstree/themes/default/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/jstree/themes/default/style.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/jstree/jstree.min.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/kendo.dataviz.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/content/kendo/2016.1.112/kendo.bootstrap.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/kendo.mobile.all.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/kendo.common-bootstrap.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/kendo.dataviz.bootstrap.min.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
98
http://192.168.1.3/content/kendo/2016.1.112/bootstrap/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/%23clip
Vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/images/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/textures/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/fonts/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/fonts/dejavu/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/content/kendo/2016.1.112/fonts/glyphs/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/home
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/home/setculture
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
culture
Acunetix Website Audit
http://192.168.1.3/home/index
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/cosigns
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/allowances
No vulnerabilities have been identified for this URL
Input type
URL encoded POST
99
100
101
http://192.168.1.3/hr/recruitmentplans
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/educationalfields
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/trainingproviders
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/educationallevels
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/outgoingletters
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/upload
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
File
Input type
POST (multipart)
http://192.168.1.3/hr/upload/download
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/employeeprofiles
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/sectionjobtitles
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/divisionjobtitles
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/hr/terminationletters
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/orgglobaljobtitles
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/terminationreasons
No vulnerabilities have been identified for this URL
No input(s) found for this URL
102
http://192.168.1.3/hr/retirementlauncher
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/reports
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/reports/detailreports
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/reports/summaryreports
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/supportingdocuments
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/transportallowances
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/departmentjobtitles
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/trainingapplications
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods/edit
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods/edit/5
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Acunetix Website Audit
Input scheme 1
Input name
__RequestVerificationToken
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
EmpBSCAppraisalPeriodID
IsClosed
103
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
MonthFrom
MonthTo
YearFrom
YearTo
http://192.168.1.3/hr/empbscappraisalperiods/edit/4
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
EmpBSCAppraisalPeriodID
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/empbscappraisalperiods/edit/6
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
EmpBSCAppraisalPeriodID
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
104
http://192.168.1.3/hr/empbscappraisalperiods/edit/2
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AppraisalPeriod
Input type
URL encoded POST
URL encoded POST
CreatedBy
CreatedOn
DayFrom
DayTo
EmpBSCAppraisalPeriodID
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
http://192.168.1.3/hr/empbscappraisalperiods/edit/1
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
EmpBSCAppraisalPeriodID
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/empbscappraisalperiods/delete
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods/delete/2
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/empbscappraisalperiods/delete/6
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Acunetix Website Audit
105
Inputs
Input scheme 1
Input name
__RequestVerificationToken
http://192.168.1.3/hr/empbscappraisalperiods/delete/5
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/empbscappraisalperiods/delete/4
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/empbscappraisalperiods/delete/1
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/empbscappraisalperiods/details
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods/details/4
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods/details/5
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods/details/6
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods/details/2
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscappraisalperiods/details/1
No vulnerabilities have been identified for this URL
No input(s) found for this URL
106
http://192.168.1.3/hr/empbscappraisalperiods/create
Vulnerabilities have been identified for this URL
9 input(s) found for this URL
Inputs
Input scheme 1
Input name
Input type
__RequestVerificationToken
AppraisalPeriod
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
http://192.168.1.3/hr/retirementnotification
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empleavetakenslauncher
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/trainingneedassesments
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscperformanceplans
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/trainingreportbycourse
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/addallowancetoemployees
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/earlyretirementlauncher
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasureranks
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasureranks/edit
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasureranks/edit/3
Vulnerabilities have been identified for this URL
5 input(s) found for this URL
Acunetix Website Audit
107
Inputs
Input scheme 1
Input name
__RequestVerificationToken
CreatedBy
Input type
URL encoded POST
URL encoded POST
CreatedOn
DisciplinayMeasureRank
DisciplinayMeasureRanksID
http://192.168.1.3/hr/disciplinaymeasureranks/edit/2
Vulnerabilities have been identified for this URL
5 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
CreatedBy
CreatedOn
DisciplinayMeasureRank
DisciplinayMeasureRanksID
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasureranks/delete
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasureranks/delete/3
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasureranks/delete/2
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasureranks/details
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasureranks/details/3
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasureranks/details/2
No vulnerabilities have been identified for this URL
No input(s) found for this URL
108
http://192.168.1.3/hr/emppayrollnodaysworkeds
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/employeerequisitionforms
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/trainingreportbyemployee
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/outsourcecompanyprofiles
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/terminationotherslauncher
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empannualleaveusagereport
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/outsourcecompanyworkeddays
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/applicantprobationslauncher
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empbscperformanceevaluations
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/contractemployeerequisitions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplineemployeerecognition
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empannualleavepaidincashes
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/annualleaveentitlementupdate
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/hr/empdisciplinayrecognitiontypes
No vulnerabilities have been identified for this URL
No input(s) found for this URL
109
http://192.168.1.3/hr/empannualleaveusagesingereport
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empannualleavetransferonebyones
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empterminationclearancelauncher
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/outsourcecompanyworkeddaysreport
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/recruitmentresultreportbyvacancy
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/certificatesandletters
Vulnerabilities have been identified for this URL
3 input(s) found for this URL
Inputs
Input scheme 1
Input name
choice
EmpFullName
EmpID
Input type
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/certificatesandletters/experience
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/certificatesandletters/certificate
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/promotionandtransferapplicantlists
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/empannualleaveentitlementviewmodels
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasuretypes
Vulnerabilities have been identified for this URL
No input(s) found for this URL
110
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/edit/8
Vulnerabilities have been identified for this URL
8 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
CreatedBy
CreatedOn
DisciplinayMeasureRanksID
DisciplinayMeasureTypesID
ExpireYear
Measure
PercentageEffectOnPromotion
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/edit/11
Vulnerabilities have been identified for this URL
8 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
CreatedBy
CreatedOn
DisciplinayMeasureRanksID
DisciplinayMeasureTypesID
ExpireYear
Measure
PercentageEffectOnPromotion
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/edit/12
Vulnerabilities have been identified for this URL
8 input(s) found for this URL
Inputs
Acunetix Website Audit
Input scheme 1
111
Input name
__RequestVerificationToken
CreatedBy
CreatedOn
DisciplinayMeasureRanksID
DisciplinayMeasureTypesID
ExpireYear
Measure
PercentageEffectOnPromotion
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/edit/10
Vulnerabilities have been identified for this URL
8 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
CreatedBy
CreatedOn
DisciplinayMeasureRanksID
DisciplinayMeasureTypesID
ExpireYear
Measure
PercentageEffectOnPromotion
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/delete
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasuretypes/delete/9
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/delete/8
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/delete/10
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Acunetix Website Audit
Input type
URL encoded POST
112
http://192.168.1.3/hr/disciplinaymeasuretypes/delete/11
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/delete/12
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/hr/disciplinaymeasuretypes/details
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasuretypes/details/8
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasuretypes/details/9
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasuretypes/details/12
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasuretypes/details/10
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/hr/disciplinaymeasuretypes/details/11
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/roles
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/groups
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory
No vulnerabilities have been identified for this URL
No input(s) found for this URL
113
http://192.168.1.3/inventory/uoms
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/items
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/stores
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/issues
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/goodreceives
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/storereturns
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/itemcategories
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/itemtransfers
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/purchasereturns
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/stockadjustments
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/storerequisitions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/purchaserequisitions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/storeitemassignments
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/departmentcostcenters
No vulnerabilities have been identified for this URL
No input(s) found for this URL
114
http://192.168.1.3/inventory/reportinventory
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/inventory/reportinventory/issueitem
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/inventory/reportinventory/transferitem
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/inventory/reportinventory/stockbalance
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
category
Input type
URL encoded POST
http://192.168.1.3/inventory/reportinventory/goodsreceive
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/inventory/reportinventory/adjustmentitem
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
http://192.168.1.3/inventory/reportinventory/storereturnitem
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input type
URL encoded POST
URL encoded POST
115
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/inventory/reportinventory/purchasereturnitem
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/inventory/reportinventory/storerequisitionitem
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/inventory/reportinventory/issueitemexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/issueitemprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/transferitemprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
http://192.168.1.3/inventory/reportinventory/transferitemexcel
No vulnerabilities have been identified for this URL
Input type
URL encoded GET
URL encoded GET
116
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/stockbalanceprint
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
category
Input type
URL encoded GET
http://192.168.1.3/inventory/reportinventory/stockbalanceexcel
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
category
Input type
URL encoded GET
http://192.168.1.3/inventory/reportinventory/goodsreceiveprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/goodsreceiveexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/storereturnitemexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
http://192.168.1.3/inventory/reportinventory/storereturnitemprint
No vulnerabilities have been identified for this URL
Input type
URL encoded GET
URL encoded GET
117
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/adjustmentitemprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/adjustmentitemexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/purchasereturnitemprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/purchasereturnitemexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/storerequisitionitemprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/reportinventory/storerequisitionitemexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Acunetix Website Audit
118
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/inventory/storekeeperassignments
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/globaluseraccesslogs
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/orgbranchusermappings
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/glledgerposting
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/glrecordjournals
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/arinvoices
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/bankaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/bankaccounts/edit
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/bankaccounts/edit/14
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
Input type
URL encoded POST
URL encoded POST
URL encoded POST
AccountDesc
AccountName
AccountNumber
AccountUse
119
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/16
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/17
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
http://192.168.1.3/finance/bankaccounts/edit/15
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
Input type
URL encoded POST
URL encoded POST
URL encoded POST
120
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/7
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/9
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/8
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
121
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/6
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/10
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
122
http://192.168.1.3/finance/bankaccounts/edit/13
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/12
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/edit/11
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
Input type
__RequestVerificationToken
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
123
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/bankaccounts/delete/6
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/13
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/9
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/7
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
http://192.168.1.3/finance/bankaccounts/delete/11
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/8
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Acunetix Website Audit
Input scheme 1
Input name
__RequestVerificationToken
124
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/16
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/17
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/14
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/12
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
http://192.168.1.3/finance/bankaccounts/delete/15
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
Input type
__RequestVerificationToken
http://192.168.1.3/finance/bankaccounts/delete/10
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
__RequestVerificationToken
Input type
URL encoded POST
125
http://192.168.1.3/finance/bankaccounts/details/11
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/bankaccounts/details/13
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/budgetusages
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
126
http://192.168.1.3/finance/apsetupitems
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/budgetdefines
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/budgetmonthlies
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/arcustomertypes
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/arremitaddresses
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/appaybleinvoices
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/approcurementsuppliers
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/budgetallocationandusage
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/budgetallocationandusage/budgetallocationandusageexcel
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/finance/budgetallocationandusage/budgetallocationandusageprint
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded GET
URL encoded GET
127
http://192.168.1.3/finance/reconciliationschedules
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/reconcilationbankaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/budgetagainstpreviousyear
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
http://192.168.1.3/finance/budgetagainstpreviousyear/budgetyearlyprint
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
Input type
URL encoded GET
http://192.168.1.3/finance/budgetagainstpreviousyear/budgetyearlyexcel
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
http://192.168.1.3/finance/reconcilationbookaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/arsetupreceiptbalanceaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Input type
URL encoded GET
http://192.168.1.3/finance/arsetupproductserviceaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/arcustomerprofiles
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/gljournalcategoriers
No vulnerabilities have been identified for this URL
No input(s) found for this URL
128
http://192.168.1.3/finance/accountstransactions
Vulnerabilities have been identified for this URL
12 input(s) found for this URL
Inputs
Input scheme 1
Input name
CategoryNames
EffectiveDates
JournalReferences
Period
Source
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
page
CategoryNames
EffectiveDates
JournalReferences
Period
Source
Input type
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/accountstransactions/details
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1684
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1683
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1685
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1690
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1689
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1680
No vulnerabilities have been identified for this URL
No input(s) found for this URL
129
http://192.168.1.3/finance/accountstransactions/details/1617
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1615
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1619
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1618
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/finance/accountstransactions/details/1101
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1102
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1103
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1098
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1099
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1100
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1673
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1672
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1674
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1676
No vulnerabilities have been identified for this URL
No input(s) found for this URL
130
http://192.168.1.3/finance/accountstransactions/details/1675
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1669
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1670
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1668
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/finance/accountstransactions/details/1671
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1667
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1663
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1662
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1664
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1666
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1665
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1659
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1660
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1658
No vulnerabilities have been identified for this URL
131
132
133
http://192.168.1.3/finance/accountstransactions/details/1649
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1650
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1648
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1651
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1647
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/finance/accountstransactions/details/1601
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1600
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1602
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1604
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1603
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1595
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1596
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1594
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1598
No vulnerabilities have been identified for this URL
No input(s) found for this URL
134
http://192.168.1.3/finance/accountstransactions/details/1597
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1643
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1642
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1644
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1646
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/finance/accountstransactions/details/1645
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1639
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1640
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1638
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1641
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1637
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1633
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1632
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/1634
No vulnerabilities have been identified for this URL
135
136
137
http://192.168.1.3/finance/accountstransactions/details/12312-1-00-ba0003
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
Vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/63120-1-fs-000000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/11120-1-00-pc0006
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/12304-1-00-000000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/51290-1-00-000000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/finance/accountstransactions/details/51199-1-00-000000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/51206-1-00-000000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/12100-1-00-in0004
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/30030-1-00-3060gn
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/11110-1-00-ch0045
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/62101-1-00-000000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/11320-1-00-y00125
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/18000-1-00-ba0004
No vulnerabilities have been identified for this URL
No input(s) found for this URL
138
http://192.168.1.3/finance/accountstransactions/details/11499-1-00-pi0000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/21370-1-00-tl0003
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/11350-1-00-ta0001
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/21370-1-00-tl0008
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/11330-1-00-s00984
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/accountstransactions/details/63106-1-00-000000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/finance/accountstransactions/details/62102-1-00-000000
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/arstandardcollections
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/glchartofaccountaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/glchartofaccountlocations
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/armiscelaneouscollections
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/glchartofaccountsubaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/glchartofaccountcostcenters
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/budgetagainstpreviousyearmonthly
No vulnerabilities have been identified for this URL
139
Input type
URL encoded POST
http://192.168.1.3/finance/budgetagainstpreviousyearmonthly/budgetmonthlyexcel
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
Input type
URL encoded GET
http://192.168.1.3/finance/budgetagainstpreviousyearmonthly/budgetmonthlyprint
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
Input type
URL encoded GET
140
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/reportfinance/balancesheet
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
branchCode
dt2
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/reportfinance/supplierlist
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Acunetix Website Audit
Input scheme 1
Input name
businessType
supplierType
141
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/reportfinance/customerlist
Vulnerabilities have been identified for this URL
9 input(s) found for this URL
Inputs
Input scheme 1
Input name
custype
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
custype
page
Input type
URL encoded GET
URL encoded GET
Input scheme 4
Input name
page
custype
Input type
URL encoded GET
URL encoded POST
Input scheme 5
Input name
Input type
custype
page
custype
http://192.168.1.3/finance/reportfinance/trialbalance
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
Branch
dt1
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/reportfinance/chartofaccount
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
Account
AccountType
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/reportfinance/accountanalysis
Vulnerabilities have been identified for this URL
3 input(s) found for this URL
Inputs
Acunetix Website Audit
Input scheme 1
Input name
Category
dt1
dt2
142
Input type
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/reportfinance/incomestatement
Vulnerabilities have been identified for this URL
3 input(s) found for this URL
Inputs
Input scheme 1
Input name
branchCode
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/reportfinance/aragingbyinvoice
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
agetype
http://192.168.1.3/finance/reportfinance/aragingbycustomer
No vulnerabilities have been identified for this URL
Input type
URL encoded POST
Input type
URL encoded POST
http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
Vulnerabilities have been identified for this URL
4 input(s) found for this URL
Inputs
Input scheme 1
Input name
acctFrom
acctTo
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/reportfinance/incomestatementbyproject
Vulnerabilities have been identified for this URL
3 input(s) found for this URL
Inputs
Input scheme 1
Input name
costcenterCode
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
143
http://192.168.1.3/finance/reportfinance/chartofaccountexcel
No vulnerabilities have been identified for this URL
3 input(s) found for this URL
Inputs
Input scheme 1
Input name
AccountType
Input type
URL encoded GET
Input scheme 2
Input name
Account
AccountType
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/finance/reportfinance/accountanalysisexcel
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/reportfinance/trialbalanceexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
CostCenter
dt1
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/finance/reportfinance/trialbalanceprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
CostCenter
dt1
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/finance/reportfinance/incomestatementprint
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt2
Input type
URL encoded GET
http://192.168.1.3/finance/reportfinance/customerlistexcel
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
custype
Input type
URL encoded GET
144
http://192.168.1.3/finance/reportfinance/customerlistprint
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
custype
Input type
URL encoded GET
http://192.168.1.3/finance/reportfinance/supplierlistexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/finance/reportfinance/supplierlistprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
Input type
businessType
supplierType
http://192.168.1.3/finance/reportfinance/aragingbyinvoiceprint
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
http://192.168.1.3/finance/reportfinance/aragingbyinvoiceexcel
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
http://192.168.1.3/finance/reportfinance/aragingbycustomerprint
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
145
http://192.168.1.3/finance/reportfinance/aragingbycustomerexcel
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
http://192.168.1.3/finance/reportfinance/accountanalysisbysegmentexcel
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/reportfinance/incomestatementbyprojectprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
costcenterCode
dt2
http://192.168.1.3/finance/reportfinance/incomestatementbyprojectexcel
No vulnerabilities have been identified for this URL
Input type
URL encoded GET
URL encoded GET
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/finance/finsetupcurrencyexchanges
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/finsetupcashflowconfigurations
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/json
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/finance/json/fromaccountcode
Vulnerabilities have been identified for this URL
4 input(s) found for this URL
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
146
http://192.168.1.3/finance/json/toaccountcode
No vulnerabilities have been identified for this URL
4 input(s) found for this URL
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/finance/json/description
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
id
http://192.168.1.3/finance/json/bankaccounts
No vulnerabilities have been identified for this URL
4 input(s) found for this URL
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/userprofile
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/userprofile/mybranches
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/pensions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollbonus
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollprocess
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/payroll/emppayrollloans
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/empcontributions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/emppayrolladavances
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/emppayrolladditions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/empfixedcontributions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/emppayrolllabourunions
No vulnerabilities have been identified for this URL
No input(s) found for this URL
147
http://192.168.1.3/payroll/emppayrollovertimetwoes
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/emppayrollcalculatebonus
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/emppayrollcreditassociations
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollpayslip
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/overtimehours
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/bonusbanksliplist
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/payrollbanksliplist
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
148
http://192.168.1.3/payroll/payrollreports/detailreport
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/summaryreport
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/monthlypensionreport
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
http://192.168.1.3/payroll/payrollreports/bonusincometaxreport
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input type
URL encoded POST
Input scheme 1
Input name
fyear
Input type
URL encoded POST
http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylist
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
page
Input type
URL encoded GET
http://192.168.1.3/payroll/payrollreports/monthlyincometaxreport
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelist
Vulnerabilities have been identified for this URL
3 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
source
type
Input type
URL encoded POST
URL encoded POST
URL encoded POST
149
http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreport
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
period
http://192.168.1.3/payroll/payrollreports/bonusincometaxreportprint
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/bonusincometaxreportexcel
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/monthlypensionreportprint
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Input type
URL encoded POST
http://192.168.1.3/payroll/payrollreports/monthlypensionreportexcel
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/monthlyincometaxreportprint
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/monthlyincometaxreportexcel
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylistexcel
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylistprint
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreportprint
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreportexcel
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelistprint
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelistexcel
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/payroll/payrollperiods
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/overtimetypetwoes
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollpaymentbanks
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollemployeeaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/payroll/payrollcontributiontypes
No vulnerabilities have been identified for this URL
No input(s) found for this URL
150
http://192.168.1.3/payroll/payrollemployeebankaccounts
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/globalbranchsetups
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fixedasset
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fixedasset/fixedassetgroups
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fixedasset/fixedassetdepreciationsetups
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fixedasset/fixedassetclearingaccountsetups
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fixedasset/usercards
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fixedasset/fixedassetcategories
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fixedasset/fixedassetsubcategories
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/fixedasset/fixedassetregistrations
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/etp/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/etp/jquery.calendars.picker.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/etp/jquery.plugin.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
151
http://192.168.1.3/scripts/etp/jquery.calendars.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/etp/jquery.calendars.plus.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/etp/jquery.calendars.picker.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/etp/jquery.calendars.ethiopian.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/etp/jquery.calendars.ethiopian-am.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/kendo/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/kendo/2016.1.112/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/kendo/2016.1.112/jquery.min.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/kendo/2016.1.112/jszip.min.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/scripts/kendo/2016.1.112/kendo.all.min.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/kendo/2016.1.112/kendo.aspnetmvc.min.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/kendo.modernizr.custom.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/jquery.unobtrusive-ajax.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/scripts/jquery.validate.min.js
No vulnerabilities have been identified for this URL
152
153
Input type
URL encoded GET
http://192.168.1.3/procurement/reportprocurement/tenderreport
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
154
http://192.168.1.3/procurement/reportprocurement/purchaseorderitem
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitem
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input type
URL encoded POST
URL encoded POST
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
http://192.168.1.3/procurement/reportprocurement/tenderdetails
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/9
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/8
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/14
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/12
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/15
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/13
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/11
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/10
No vulnerabilities have been identified for this URL
No input(s) found for this URL
155
http://192.168.1.3/procurement/reportprocurement/tenderdetails/17
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/tenderdetails/16
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/purchaseorderitemexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
Input type
dt1
dt2
http://192.168.1.3/procurement/reportprocurement/purchaseorderitemprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitemexcel
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitemprint
No vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
http://192.168.1.3/procurement/reportprocurement/getlotdetails
Vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/reportprocurement/getlotdetails/8
No vulnerabilities have been identified for this URL
No input(s) found for this URL
156
157
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
http://192.168.1.3/procurement/procurementcontractmanagements/edit
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/edit/4
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/edit/6
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/edit/7
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/edit/2
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/edit/1
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/delete
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/delete/7
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/delete/6
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/delete/1
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/procurement/procurementcontractmanagements/delete/2
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/delete/4
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/details
No vulnerabilities have been identified for this URL
No input(s) found for this URL
158
http://192.168.1.3/procurement/procurementcontractmanagements/details/7
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/details/6
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/details/4
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/details/1
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementcontractmanagements/details/2
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories
No vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
http://192.168.1.3/procurement/procurementsuppliercategories/edit
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/edit/9
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/edit/4
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/edit/7
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/procurement/procurementsuppliercategories/edit/8
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/edit/6
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/edit/2
No vulnerabilities have been identified for this URL
No input(s) found for this URL
159
http://192.168.1.3/procurement/procurementsuppliercategories/edit/10
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/edit/11
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete/7
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete/4
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete/10
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete/2
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete/9
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete/8
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete/6
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/delete/11
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/procurement/procurementsuppliercategories/details
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/details/4
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementsuppliercategories/details/7
No vulnerabilities have been identified for this URL
160
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
http://192.168.1.3/procurement/procurementannualneedassesments/edit
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/edit/13
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
http://192.168.1.3/procurement/procurementannualneedassesments/edit/24
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/edit/23
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/edit/17
161
162
http://192.168.1.3/procurement/procurementannualneedassesments/details/14
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/details/25
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/details/23
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/details/24
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/details/26
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/details/17
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/details/18
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/details/20
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/procurement/procurementannualneedassesments/details/19
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/globalorginformations
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Acunetix Website Audit
163
http://192.168.1.3/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Vulnerabilities have been identified for this URL
6 input(s) found for this URL
Inputs
Input scheme 1
Input name
Input type
grid-mode
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Vulnerabilities have been identified for this URL
6 input(s) found for this URL
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/fleetmanagement/fleetsetupequipmentname
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype
No vulnerabilities have been identified for this URL
No input(s) found for this URL
164
Input name
grid-mode
Input type
URL encoded GET
http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Acunetix Website Audit
Input scheme 1
Input name
grid-mode
http://192.168.1.3/fleetmanagement/fleetequipmentregistrations
No vulnerabilities have been identified for this URL
165
Input type
URL encoded GET
Input type
URL encoded GET
http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Vulnerabilities have been identified for this URL
6 input(s) found for this URL
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard
No vulnerabilities have been identified for this URL
No input(s) found for this URL
http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
166
167