Web Vulnerability Scan Report

(1)

Web Vulnerability Scan Report

Report Name: wvs report

Generated by: FortiWVS

Scan Summary

Target 172.21.0.210

Server Apache/1.3.28 (Unix)

mod_ssl/2.8.15 OpenSSL/0.9.7c Scan Start Time Thu Aug 21 03:33:49 2014 Scan End Time Thu Aug 21 03:34:41 2014 Scan Mode Enhanced Mode

Scan For Common Vulnerability, Cross-Site Scripting, SQL Injection, Source Disclosure, OS Commands

Total URLs and Forms Found 23 (7 Pages/Applications, 9 URLs with Inputs) Total External Hyperlinks 10 (8 email links) Total Alerts Found 30 Alert Summary Alerts Found By Severity High Severity 24 Medium Severity 3 Low Severity 0 Information 3 By Category Common Vulnerability 5 Cross-Site Scripting 24 SQL Injection 1 Source Disclosure 0 Affected Pages/Applications 1 /cgi-bin/badstore.cgi

(2)

Cross-Site Scripting (24) /cgi-bin/badstore.cgi

Vulnerability Cross-Site Scripting Severity High Severity

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=search&searchquery=wvs test<script>alert(521125438234)</ script> Method GET Post Data

Response Header HTTP/1.1 200 OK Date: Thu, 21 Aug 2014 11:33:55 GMT Server:

Apache/1.3.28 (Unix) mod_ssl/2.8.15

OpenSSL/0.9.7c Cache-Control:

no-cache ETag: CPE1704TKS Pragma: no-cache Transfer-Encoding:

chunked Content-Type: text/html

/cgi-bin/badstore.cgi

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=search&searchquery=wvs test>"><ScRiPt%20%0a%0d>alert(5211 25438234)%3B</ScRiPt> Method GET Post Data

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=search&searchquery=wvs test</textarea><ScRiPt%20%0a%0d>ale rt(521125438234)%3B</ScRiPt> Method GET Post Data

(3)

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=search&searchquery=wvs test<ScRiPt+src=http://www.testfort iweb.com/xss.js?521125438234></ScRi Pt> Method GET Post Data

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=search&searchquery=wvs test<body+onload=alert(52112543823 4)> Method GET Post Data

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=search&searchquery=wvs test<iframe/+/onload=alert(5211254 38234)></iframe> Method GET Post Data

(4)

Severity High Severity URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=search&searchquery=wvs test<img+src=http://www.testfortiwe b.com/dot.gif+onload=alert(5211254 38234)> Method GET Post Data

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=doguestbook

Method POST

Post Data comments=wvstest<script>alert(5211 25438234)</script>&email=wvstest&n ame=wvstest

Method POST

Post Data comments=wvstest<img+src=http://www .testfortiweb.com/dot.gif+onload=al ert(521125438234)>&email=wvstest& name=wvstest

(5)

Severity High Severity

Method POST

Post Data comments=wvstest&email=wvstest<scri pt>alert(521125438234)</script>&n ame=wvstest

chunked Content-Type: text/html 2014 a

Method POST

Post Data comments=wvstest&email=wvstest<scri pt/xss+src=http://www.testfortiweb. com/xss.js?521125438234></script>&n ame=wvstest

Method POST

Post Data comments=wvstest&email=wvstest<img+ src=http://www.testfortiweb.com/dot .gif+onload=alert(521125438234)>& name=wvstest

(6)

Method POST

Post Data comments=wvstest&email=wvstest&name =wvstest<script>alert(521125438234 na! Response Header HTTP/1.1 200 OK Date: Thu, 21 Aug

2014 11:34:01 GMT Server: Apache/1.3.28 (Unix)

mod_ssl/2.8.15

Method POST

Post Data comments=wvstest&email=wvstest&name =wvstest<script/xss+src=http://www. testfortiweb.com/xss.js?52112543823 4></script>

Method POST

Post Data comments=wvstest&email=wvstest&name =wvstest<body+onload=alert(5211254 38234)>

(7)

Method POST

Post Data comments=wvstest&email=wvstest&name =wvstest<iframe/+/onload=alert(521 125438234)></iframe>

Method POST

Post Data comments=wvstest&email=wvstest&name =wvstest<img+src=http://www.testfor tiweb.com/dot.gif+onload=alert(521 125438234)>

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=moduser

Method POST

Post Data DoMods=Reset+User+Password&email=wv stest<script>alert(521125438234)< /script>&pwdhint=yellow

(8)

Method POST

Post Data DoMods=Reset+User+Password&email=wv stest>"><ScRiPt%20%0a%0d>alert(521 125438234)%3B</ScRiPt>&pwdhint=yel low

Method POST

Post Data DoMods=Reset+User+Password&email=wv stest</textarea><ScRiPt%20%0a%0d>al ert(521125438234)%3B</ScRiPt>&pwd hint=yellow

Method POST

Post Data DoMods=Reset+User+Password&email=wv stest<ScRiPt+src=http://www.testfor tiweb.com/xss.js?521125438234></ScR iPt>&pwdhint=yellow

chunked Content-Type: text/html CLR 3

(9)

Method POST

Post Data DoMods=Reset+User+Password&email=wv stest<body+onload=alert(5211254382 34)>&pwdhint=yellow

Method POST

Post Data DoMods=Reset+User+Password&email=wv stest<iframe/+/onload=alert(521125 438234)></iframe>&pwdhint=yellow Response Header HTTP/1.1 200 OK Date: Thu, 21 Aug

mod_ssl/2.8.15

Method POST

Post Data DoMods=Reset+User+Password&email=wv stest<img+src=http://www.testfortiw eb.com/dot.gif+onload=alert(521125 438234)>&pwdhint=yellow

chunked Content-Type: text/html be o

(10)

SQL Injection (1) /cgi-bin/badstore.cgi

Vulnerability Possible SQL Injection Severity Medium Severity

URL http://172.21.0.210/cgi-bin/badstor e.cgi?action=cartadd

Method POST

Post Data Add Items to

Cart=Add+Items+to+Cart&cartitem=101 4%27+and+%2798765%27%3D%2718764 Response Header HTTP/1.1 200 OK Date: Thu, 21 Aug

mod_ssl/2.8.15

OpenSSL/0.9.7c Transfer-Encoding: chunked Content-Type: text/html Ñ

(11)

Medium Severity (2)

Common Vulnerability (Web Server Known Issue)

Severity Medium Severity URL

Description Apache 1.3 below 1.3.29 are vulnerable to overflows in mod_rewrite and mod_cgi. CAN-2003-0542.

Common Vulnerability (Web Server Known Issue)

Severity Medium Severity URL

Description "mod_ssl 2.8.7 and lower are vulnerable to a remote buffer overflow which may allow a remote shell (difficult to exploit).

(12)

Information (3)

Common Vulnerability

(Server/Component Outdated) Severity Information

URL

Description The running Apache version is 1.3.28, which appears to be outdated (the current version is at least 2.2.19)

Common Vulnerability

(Server/Component Outdated) Severity Information

URL

Description The running mod_ssl version is 2.8.15, which appears to be outdated (the current version is at least 2.8.31)

Common Vulnerability (Web Server Setting)

Severity Information URL

Description Allow HTTP method 'TRACE': 'TRACE' is typically only used for

debugging and should be disabled. This message does not mean it is vulnerable to Cross-Site

(13)

Web Server Information

Target 172.21.0.210

Server Apache/1.3.28 (Unix)

mod_ssl/2.8.15 OpenSSL/0.9.7c HTTP Version 1.1

Total URLs and Forms Found 23 (7 Pages/Applications, 9 URLs with Inputs) Total External Hyperlinks 10 (8 email links) URLs/Pages Found 1 / 2 /BadStore_net_v1_2_Manual.pdf 3 /DoingBusiness/contract.doc 4 /Procedures/UploadProc.html 5 /cgi-bin/badstore.cgi 6 /cgi-bin/bsheader.cgi 7 /scanbot/scanbot.html

URLs That Have Input

1 /, GET action|searchquery

2 /cgi-bin/badstore.cgi, GET action 3 /cgi-bin/badstore.cgi, GET

action|searchquery

4 /cgi-bin/badstore.cgi, POST Add Items to Cart|cartitem 5 /cgi-bin/badstore.cgi, POST comments|email|name 6 /cgi-bin/badstore.cgi, POST DoMods|email|pwdhint 7 /cgi-bin/badstore.cgi, POST Login|email|passwd 8 /cgi-bin/badstore.cgi, POST Register|email|fullname|passwd|pwdh int|role 9 /cgi-bin/badstore.cgi, POST Upload|newfilename|uploaded_file External Links 1 http://4.bp.blogspot.com/-HJq-Jvge6 gI/Tv9E6hLQKvI/AAAAAAAABLY/wbGd2PiO 8hY/s320/XSS+defacing+tutorials.gif 2 http://www.badstore.net/scanbot/det h2botz.html 3 mailto: 4 mailto:aaaa 5 mailto:[email protected] 6 mailto:dsad 7 mailto:[email protected] 8 mailto:[email protected] 9 mailto:[email protected] 10 mailto:[email protected]