Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Site Audit Report

    Hochgeladen von

    goodrookie
    196 Ansichten31 Seiten
    Detailed Scan Report Generated by Acunetix WVS Reporter (v6. Build 20081209) Scan of Scan details Scan Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level alerts distribution Total alerts found High Medium Low Informational 215 115 7 40 53 alerts summary PHP version older than 5.2.

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    Detailed Scan Report Generated by Acunetix WVS Reporter (v6. Build 20081209) Scan of Scan details Scan Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level alerts distribution Total alerts found High Medium Low Informational 215 115 7 40 53 alerts summary PHP version older than 5.2.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    196 Ansichten31 Seiten

    Site Audit Report

    Hochgeladen von

    goodrookie
    Detailed Scan Report Generated by Acunetix WVS Reporter (v6. Build 20081209) Scan of Scan details Scan Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level alerts distribution Total alerts found High Medium Low Informational 215 115 7 40 53 alerts summary PHP version older than 5.2.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 31

    Acunetix Website Audit 29 January, 2009

    Detailed Scan Report

    Generated by Acunetix WVS Reporter (v6.0 Build 20081209)

    Scan of http://testphp.acunetix.com:80/
    Scan details
    Scan information Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies Threat level

    1/29/2009 4:14:07 PM 1/29/2009 5:05:57 PM 51 minutes, 50 seconds default

    True Apache/2.0.55 (Ubuntu) mod_python/3.1.4 Python/2.4.3 PHP/5.1.2 mod_ssl/2.0.55 OpenSSL/0.9.8a mod_perl/2.0.2 Perl/v5.8.7 Unix PHP,Perl,mod_ssl,mod_perl,mod_python,OpenSSL

    Alerts distribution Total alerts found High Medium Low Informational 215 115 7 40 53

    Alerts summary
    Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability Affects Web Server Cross Site Scripting Affects /guestbook.php /search.php PHP HTML Entity Encoder Heap Overflow Vulnerability Affects PHP PHP version older than 5.2.1 Affects PHP Variations 1 Variations 1 Variations 69 34 Variations 1

    Acunetix Website Audit

    PHP version older than 5.2.3 Affects PHP PHP version older than 5.2.5 Affects PHP PHP version older than 5.2.6 Affects PHP PHP Zend_Hash_Del_Key_Or_Index vulnerability Affects PHP Proxy accepts CONNECT requests Affects Server SQL Injection (AS) Affects /AJAX/infoartist.php /artists.php Apache 2.x version older than 2.0.61 Affects Web Server Apache 2.x version older than 2.0.63 Affects Web Server Apache Mod_SSL Log Function Format String Vulnerability Affects mod_ssl Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability Affects mod_ssl Open proxy server Affects Server PHP enable_dl enabled Affects Web Server PHP errors enabled Affects / Variations 1 Variations 1 Variations 1 Variations 1 Variations 1 Variations 1 Variations 1 Variations 2 2 Variations 1 Variations 1 Variations 1 Variations 1 Variations 1

    Acunetix Website Audit

    Application error message Affects /AJAX/infoartist.php /AJAX/infocateg.php /AJAX/infotitle.php /artists.php /listproducts.php /showimage.php Hidden form input named price was found Affects /product.php TRACE Method Enabled Affects Web Server User credentials are sent in clear text Affects /login.php /signup.php Broken links Affects /privacy.php /secured/office_files/filelist.xml Variations 1 1 Variations 1 1 Variations 1 Variations 7 Variations 7 7 7 2 5 2

    Acunetix Website Audit

    Files found in the application directory but not linked Affects /_mmServerScripts/MMHTTPDB.php /_mmServerScripts/mysql.php /404.php /acunetix_file_inclusion_test /acunetix_md5_random.php /acunetix_not_execute /acunetix_rfi_test.php /acunetix_xsl_inclusion_test.xsl /admin/create.sql /blade_phpinfo.php /Connections/DB_Connection.php /CVS/Entries /CVS/Entries.Log /CVS/Repository /CVS/Root /database_connect.php /dot.gif /favicon.ico /Flash/add.fla /index.bak /logout.php /pi.php /pictures/1.jpg /pictures/1.jpg.tn /pictures/2.jpg /pictures/2.jpg.tn /pictures/3.jpg /pictures/3.jpg.tn /pictures/4.jpg /pictures/4.jpg.tn /pictures/5.jpg /pictures/5.jpg.tn /pictures/6.jpg /pictures/6.jpg.tn /pictures/7.jpg /pictures/7.jpg.tn /pictures/8.jpg /pictures/8.jpg.tn /secured /secured/database_connect.php /secured/index.php /secured/office.htm /sendcommand.php /Templates/main_dynamic_template.dwt.php /testphp.tar.gz /wvstests/pmwiki_2_1_19/scripts/version.php /xss.js /xss.swf Variations 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

    Acunetix Website Audit

    Password type input with autocomplete enabled Affects /login.php /signup.php Variations 1 2

    Acunetix Website Audit

    Alert details
    Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability
    Severity High Type Configuration Reported by module Version check Description

    Impact

    Affected items Web Server Details

    Cross Site Scripting


    Severity High Type Validation Reported by module Parameter manipulation Description

    Impact

    Affected items /guestbook.php Details

    Acunetix Website Audit

    /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details

    /guestbook.php Details

    /guestbook.php Details /guestbook.php Details /guestbook.php Details

    /guestbook.php Details

    /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details

    Acunetix Website Audit

    /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details

    /guestbook.php Details

    /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details

    Acunetix Website Audit

    /guestbook.php Details

    /guestbook.php Details /guestbook.php Details

    /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details

    /guestbook.php Details

    Acunetix Website Audit

    10

    /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details

    /guestbook.php Details

    /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details

    Acunetix Website Audit

    11

    /guestbook.php Details /guestbook.php Details

    /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /guestbook.php Details /search.php Details

    /search.php Details

    /search.php Details

    /search.php Details

    Acunetix Website Audit

    12

    /search.php Details /search.php Details

    /search.php Details /search.php Details /search.php Details /search.php Details

    /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details

    /search.php Details

    Acunetix Website Audit

    13

    /search.php Details /search.php Details /search.php Details

    /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details /search.php Details

    Acunetix Website Audit

    14

    /search.php Details

    PHP HTML Entity Encoder Heap Overflow Vulnerability


    Severity High Type Configuration Reported by module Version check Description

    Impact

    Affected items PHP Details

    PHP version older than 5.2.1


    Severity High Type Configuration Reported by module Version check Description

    Acunetix Website Audit

    15

    Impact

    Affected items PHP Details

    PHP version older than 5.2.3


    Severity High Type Configuration Reported by module Version check Description

    Impact

    Affected items PHP Details

    Acunetix Website Audit

    16

    PHP version older than 5.2.5


    Severity High Type Configuration Reported by module Version check Description

    Impact

    Affected items PHP Details

    PHP version older than 5.2.6


    Severity High Type Configuration Reported by module Version check Description

    Acunetix Website Audit

    17

    Impact

    Affected items PHP Details

    PHP Zend_Hash_Del_Key_Or_Index vulnerability


    Severity High Type Configuration Reported by module Version check Description

    Impact

    Affected items PHP Details

    Proxy accepts CONNECT requests


    Severity High Type Configuration Reported by module Scripting Description

    Acunetix Website Audit

    18

    Impact

    Affected items Server Details

    SQL Injection (AS)


    Severity High Type Validation Reported by module Parameter manipulation Description

    Impact

    Affected items /AJAX/infoartist.php Details /AJAX/infoartist.php Details /artists.php Details /artists.php Details

    Apache 2.x version older than 2.0.61


    Severity Medium Type Configuration Reported by module Version check Acunetix Website Audit

    19

    Description

    Impact

    Affected items Web Server Details

    Apache 2.x version older than 2.0.63


    Severity Medium Type Configuration Reported by module Version check Description

    Acunetix Website Audit

    20

    Impact

    Affected items Web Server Details

    Apache Mod_SSL Log Function Format String Vulnerability


    Severity Medium Type Validation Reported by module Version check Description

    Impact

    Affected items mod_ssl Details

    Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability


    Severity Medium Type Validation Reported by module Version check Description

    Impact

    Affected items Acunetix Website Audit 21

    mod_ssl Details

    Open proxy server


    Severity Medium Type Configuration Reported by module Scripting Description

    Impact

    Affected items Server Details

    PHP enable_dl enabled


    Severity Medium Type Configuration Reported by module Aspect Description

    Impact

    Affected items Web Server Details

    PHP errors enabled


    Severity Medium Type Configuration Reported by module Aspect Description

    Acunetix Website Audit

    22

    Impact

    Affected items / Details

    Application error message


    Severity Low Type Validation Reported by module Parameter manipulation Description

    Impact

    Affected items /AJAX/infoartist.php Details /AJAX/infoartist.php Details /AJAX/infoartist.php Details /AJAX/infoartist.php Details /AJAX/infoartist.php Details /AJAX/infoartist.php Details /AJAX/infoartist.php Details

    Acunetix Website Audit

    23

    /AJAX/infocateg.php Details /AJAX/infocateg.php Details /AJAX/infocateg.php Details /AJAX/infocateg.php Details /AJAX/infocateg.php Details /AJAX/infocateg.php Details /AJAX/infocateg.php Details /AJAX/infotitle.php Details /AJAX/infotitle.php Details /AJAX/infotitle.php Details /AJAX/infotitle.php Details /AJAX/infotitle.php Details /AJAX/infotitle.php Details /AJAX/infotitle.php Details /artists.php Details

    Acunetix Website Audit

    24

    /artists.php Details /listproducts.php Details /listproducts.php Details /listproducts.php Details /listproducts.php Details /listproducts.php Details /showimage.php Details /showimage.php Details

    Hidden form input named price was found


    Severity Low Type Informational Reported by module Crawler Description

    Impact

    Affected items /product.php Details

    /product.php Details

    Acunetix Website Audit

    25

    /product.php Details

    /product.php Details

    /product.php Details

    /product.php Details

    /product.php Details

    TRACE Method Enabled


    Severity Low Type Validation Reported by module CGI Tester Description

    Impact

    Affected items Web Server Details

    User credentials are sent in clear text


    Severity Low Type Informational Reported by module Crawler Description

    Impact

    Affected items Acunetix Website Audit 26

    /login.php Details /signup.php Details

    Broken links
    Severity Informational Type Informational Reported by module Crawler Description

    Impact

    Affected items /privacy.php Details /secured/office_files/filelist.xml Details

    Files found in the application directory but not linked


    Severity Informational Type Informational Reported by module Crawler Description

    Impact

    Affected items /_mmServerScripts/MMHTTPDB.php Details /_mmServerScripts/mysql.php Details /404.php Details

    Acunetix Website Audit

    27

    /acunetix_file_inclusion_test Details /acunetix_md5_random.php Details /acunetix_not_execute Details /acunetix_rfi_test.php Details /acunetix_xsl_inclusion_test.xsl Details /admin/create.sql Details /blade_phpinfo.php Details /Connections/DB_Connection.php Details /CVS/Entries Details /CVS/Entries.Log Details /CVS/Repository Details /CVS/Root Details /database_connect.php Details /dot.gif Details /favicon.ico Details

    Acunetix Website Audit

    28

    /Flash/add.fla Details /index.bak Details /logout.php Details /pi.php Details /pictures/1.jpg Details /pictures/1.jpg.tn Details /pictures/2.jpg Details /pictures/2.jpg.tn Details /pictures/3.jpg Details /pictures/3.jpg.tn Details /pictures/4.jpg Details /pictures/4.jpg.tn Details /pictures/5.jpg Details /pictures/5.jpg.tn Details /pictures/6.jpg Details

    Acunetix Website Audit

    29

    /pictures/6.jpg.tn Details /pictures/7.jpg Details /pictures/7.jpg.tn Details /pictures/8.jpg Details /pictures/8.jpg.tn Details /secured Details /secured/database_connect.php Details /secured/index.php Details /secured/office.htm Details /sendcommand.php Details /Templates/main_dynamic_template.dwt.php Details /testphp.tar.gz Details /wvstests/pmwiki_2_1_19/scripts/version.php Details /xss.js Details /xss.swf Details

    Password type input with autocomplete enabled


    Acunetix Website Audit 30

    Severity Informational Type Informational Reported by module Crawler Description

    Impact

    Affected items /login.php Details /signup.php Details

    /signup.php Details

    Acunetix Website Audit

    31

    Das könnte Ihnen auch gefallen