Website Vulnerability Scanner Report (Light)

Unlock the full capabilities of this scanner

See what the FULL scanner can do

Perform in-depth website scanning and discover high risk vulnerabilities.

Testing areas Light scan Full scan

Website fingerprinting  
Version-based vulnerability detection  

Common configuration issues  

SQL injection  

Cross-Site Scripting  

Local/Remote File Inclusion  

Remote command execution  

Discovery of sensitive files  

 http://boltimkab.go.id

Summary

Overall risk level: Risk ratings: Scan information:

Medium High: 0 Start time: 2021-07-15 17:08:49 UTC+03

Medium: 3 Finish time: 2021-07-15 17:09:39 UTC+03

Low: 5 Scan duration: 50 sec

Info: 10 Tests performed: 18/18

Scan status: Finished

Findings

 Communication is not secure

URL Evidence

http://boltimkab.go.id Communication is made over unsecure, unencrypted HTTP.

 Details

Risk description:
The communication between the web browser and the server is done using the HTTP protocol, which transmits data unencrypted over the
network. Thus, an attacker who manages to intercept the communication at the network level, is able to read and modify the data
transmitted (including passwords, secret tokens, credit card information and other sensitive data).

Recommendation:
We recommend you to reconfigure the web server to use HTTPS - which encrypts the communication between the web browser and the
server.

1/6
 Classification:
CWE : CWE-311
OWASP Top 10 - 2013 : A6 - Sensitive Data Exposure
OWASP Top 10 - 2017 : A3 - Sensitive Data Exposure

 Insecure cookie setting: missing Secure flag

Cookie
URL Evidence
Name

Set-Cookie:
ci_session http://boltimkab.go.id ci_session=800ef3bb1a7a1353e23bfc203175615465bb5180; expires=Thu, 15-Jul-2021 16:08:51
GMT; Max-Age=7200; path=/; HttpOnly

 Details

Risk description:
Since the Secure flag is not set on the cookie, the browser will send it over an unencrypted channel (plain HTTP) if such a request is made.
Thus, the risk exists that an attacker will intercept the clear-text communication between the browser and the server and he will steal the
cookie of the user. If this is a session cookie, the attacker could gain unauthorized access to the victim's web session.

Recommendation:
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure
that the secure flag is set for cookies containing such sensitive information.
https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-
Session_Management_Testing/02-Testing_for_Cookies_Attributes.html

Classification:
CWE : CWE-614
OWASP Top 10 - 2013 : A5 - Security Misconfiguration
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

 Directory listing is enabled

URL

http://boltimkab.go.id/template/

 Details

Risk description:
An attacker can see the entire structure of files and subdirectories from the affected URL. It is often the case that sensitive files are "hidden"
among public files in that location and attackers can use this vulnerability to access them.

Recommendation:
We recommend reconfiguring the web server in order to deny directory listing. Furthermore, you should verify that there are no sensitive
files at the mentioned URLs.

More information about this issue:

http://projects.webappsec.org/w/page/13246922/Directory%20Indexing.

Classification:
CWE : CWE-548
OWASP Top 10 - 2013 : A5 - Security Misconfiguration
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

 Missing security header: Content-Security-Policy

URL Evidence

http://boltimkab.go.id Response headers do not include the HTTP Content-Security-Policy security header

 Details

Risk description:
The Content-Security-Policy (CSP) header activates a protection mechanism implemented in web browsers which prevents exploitation of
Cross-Site Scripting vulnerabilities (XSS). If the target application is vulnerable to XSS, lack of this header makes it easily exploitable by
attackers.

2/6
 Recommendation:
Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the
application.

Read more about CSP:

https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Classification:
CWE : CWE-693
OWASP Top 10 - 2013 : A5 - Security Misconfiguration
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

 Missing security header: X-Frame-Options

URL Evidence

http://boltimkab.go.id Response headers do not include the HTTP X-Frame-Options security header

 Details

Risk description:
Because the X-Frame-Options header is not sent by the server, an attacker could embed this website into an iframe of a third party website.
By manipulating the display attributes of the iframe, the attacker could trick the user into performing mouse clicks in the application, thus
performing activities without user's consent (ex: delete user, subscribe to newsletter, etc). This is called a Clickjacking attack and it is
described in detail here:
https://owasp.org/www-community/attacks/Clickjacking

Recommendation:
We recommend you to add the X-Frame-Options HTTP header with the values DENY or SAMEORIGIN to every page that you want to be
protected against Clickjacking attacks.

More information about this issue:

https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html

Classification:
CWE : CWE-693
OWASP Top 10 - 2013 : A5 - Security Misconfiguration
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

 Missing security header: X-XSS-Protection

URL Evidence

http://boltimkab.go.id Response headers do not include the HTTP X-XSS-Protection security header

 Details

Risk description:
The X-XSS-Protection HTTP header instructs the browser to stop loading web pages when they detect reflected Cross-Site Scripting (XSS)
attacks. Lack of this header exposes application users to XSS attacks in case the web application contains such vulnerability.

Recommendation:
We recommend setting the X-XSS-Protection header to X-XSS-Protection: 1; mode=block .

More information about this issue:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Classification:
CWE : CWE-693
OWASP Top 10 - 2013 : A5 - Security Misconfiguration
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

 Missing security header: Referrer-Policy

URL Evidence

3/6
 http://boltimkab.go.id Response headers do not include the Referrer-Policy HTTP security header

 Details

Risk description:
The Referrer-Policy HTTP header controls how much referrer information the browser will send with each request originated from the
current web application.
For instance, if a user visits the web page "http://example.com/pricing/" and it clicks on a link from that page going to e.g.
"https://www.google.com", the browser will send to Google the full originating URL in the Referer header, assuming the Referrer-Policy
header is not set. The originating URL could be considered sensitive information and it could be used for user tracking.

Recommendation:
The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value
no-referrer of this header instructs the browser to omit the Referer header entirely.

Read more:
https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns

Classification:
CWE : CWE-693
OWASP Top 10 - 2013 : A5 - Security Misconfiguration
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

 Server software and technology found

Software / Version Category

LiteSpeed Web Servers

PHP 7.2.34 Programming Languages

CodeIgniter Web Frameworks

Twitter Bootstrap Web Frameworks

jQuery JavaScript Frameworks

 Details

Risk description:
An attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation:
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating
system: HTTP server headers, HTML meta information, etc.

More information about this issue:

https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/01-Information_Gathering/02-
Fingerprint_Web_Server.html.

Screenshot:

4/6
 Classification:
OWASP Top 10 - 2013 : A5 - Security Misconfiguration
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

 Website is accessible.

 Nothing was found for vulnerabilities of server-side software.

 Nothing was found for client access policies.

 Nothing was found for robots.txt file.

 Nothing was found for use of untrusted certificates.

 Nothing was found for enabled HTTP debug methods

 Nothing was found for domain too loose set for cookies.

 Nothing was found for missing HTTP header - Strict-Transport-Security.

 Nothing was found for missing HTTP header - X-Content-Type-Options.

 Nothing was found for HttpOnly flag of cookie.

Scan coverage information

List of tests performed (18/18)

 Checking for website accessibility...
 Checking for secure communication...
 Checking for Secure flag of cookie...
 Checking for missing HTTP header - Content Security Policy...
 Checking for missing HTTP header - X-Frame-Options...
 Checking for missing HTTP header - X-XSS-Protection...

5/6
  Checking for missing HTTP header - Referrer...
 Checking for website technologies...
 Checking for vulnerabilities of server-side software...
 Checking for client access policies...
 Checking for robots.txt file...
 Checking for use of untrusted certificates...
 Checking for enabled HTTP debug methods
 Checking for directory listing...
 Checking for domain too loose set for cookies...
 Checking for missing HTTP header - Strict-Transport-Security...
 Checking for missing HTTP header - X-Content-Type-Options...
 Checking for HttpOnly flag of cookie...

Scan parameters
Website URL: http://boltimkab.go.id
Scan type: Light
Authentication: False

Scan stats
URLs spidered: 7
Total number of HTTP request errors: 0
Total number of HTTP requests: 16
Unique Injection Points Detected: 128

6/6