0% found this document useful (0 votes)

92 views209 pages

Qatprm - Riskpro.in - Detailed Scan Report PDF

The scan report identified 116 vulnerabilities on the site http://qatprm.riskpro.in/login/, of which 4 were confirmed. The confirmed vulnerabilities included out-of-date versions of Moment.js, Nginx, jQuery UI Autocomplete and jQuery UI Dialog. Passwords were transmitted over HTTP on several URLs.

Uploaded by

Training Desk

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

92 views209 pages

Qatprm - Riskpro.in - Detailed Scan Report PDF

Uploaded by

Training Desk

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 209

5/31/2021 7:51:48 AM (UTC-08:00)

Detailed Scan Report

http://qatprm.riskpro.in/login/

Scan Time : 5/31/2021 7:40:35 AM (UTC-08:00)

Scan Duration : 00:00:05:14 Risk Level:
Total Requests
Average Speed
: 1,358
: 4.3 r/s
HIGH

116
IDENTIFIED
4
CONFIRMED
0
CRITICAL

29 13
16 HIGH
MEDIUM

22
LOW

36
BEST PRACTICE INFORMATION

Identified Vulnerabilities Confirmed Vulnerabilities

Critical 0 Critical 0
High 16 High 4
Medium 29 Medium 0
Low 13 Low 0
Best Practice 22 Best Practice 0
Information 36 Information 0
TOTAL 116 TOTAL 4

( jQuery) ation

Content Security Policy GET http://qatprm.riskpro.in/login/sitemap.xml

(CSP) Not Implemented

Content Security Policy GET http://qatprm.riskpro.in/login/sitemap.xml.gz

(CSP) Not Implemented

Netsparker identified that the target web site is using Moment.js and detected that it is out of date.

Impact
Since this is an old version of the software, it may be vulnerable to attacks.

Moment.js Uncontrolled Resource Consumption Vulnerability

The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different
vulnerability than CVE-2016-4055.

Affected Versions
0.3.0 to 2.19.2

External References
CVE-2017-18214

Moment.js Regular Expression Denial of Service (ReDoS) Vulnerability

Affected versions of the package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks for any locale that has
separate format and standalone options and format input can be controlled by the user. An attacker can provide a specially crafted
input to the format function, which nearly matches the pattern being matched. This will cause the regular expression matching to take
a long time, all the while occupying the event loop and preventing it from processing other requests and making the server
unavailable (a Denial of Service attack). https://snyk.io/vuln/npm:moment:20161019

Affected Versions
0.3.0 to 2.15.1

External References
-

Vulnerabilities

1.1. http://qatprm.riskpro.in/login/
Identified Version
2.5.1

Latest Version
2.29.1 (in this branch)

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

13 / 209
Request

GET /login/.well-known/apple-app-site-association HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/apple-app-site-association
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 81.4673 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

14 / 209
1.4. http://qatprm.riskpro.in/login/.well-known/www.riskpro.in

Certainty

Request

GET /login/.well-known/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

15 / 209
Response

Response Time (ms) : 89.9458 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

1.5. http://qatprm.riskpro.in/login/images/

Certainty

16 / 209
Request

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/sitemap.xml.gz
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

24 / 209
Response

Response Time (ms) : 77.9533 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

1.11. http://qatprm.riskpro.in/login/www.riskpro.in
Identified Version
2.5.1

Latest Version
2.29.1 (in this branch)

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

25 / 209
Request

GET /login/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

26 / 209
Remedy
Please upgrade your installation of Moment.js to the latest stable version.

Remedy References
Downloading Moment.js

CLASSIFICATION

PCI DSS v3.2 6.2

OWASP 2013 A9

OWASP 2017 A9

SANS Top 25 829

CAPEC 310

HIPAA 164.308(A)(1)(I)

OWASP Proactive Controls C1

ISO27001 A.14.1.2

27 / 209
2. Out-of-date Version (Nginx)
HIGH 1

Netsparker identified you are using an out-of-date version of Nginx.

Impact
Since this is an old version of the software, it may be vulnerable to attacks.

Nginx Allocation of Resources Without Limits or Throttling Vulnerability

Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream
of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some
implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess
memory.

Affected Versions
1.9.5 to 1.16.0

External References
CVE-2019-9516

Nginx Other Vulnerability

Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates
multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree.
This can consume excess CPU.

Affected Versions
1.9.5 to 1.16.0

External References
CVE-2019-9513

Nginx Allocation of Resources Without Limits or Throttling Vulnerability

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading
to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate
window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is
queued, this can consume excess CPU, memory, or both.

Affected Versions
1.9.5 to 1.16.0

External References
CVE-2019-9511

Nginx Uncontrolled Resource Consumption Vulnerability

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive CPU usage.
This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option of the
'listen' directive is used in a configuration file.
28 / 209
Affected Versions
1.9.5 to 1.14.0

External References
CVE-2018-16844

Nginx Uncontrolled Resource Consumption Vulnerability

nginx before versions 1.15.6 and 1.14.1 has a vulnerability in the implementation of HTTP/2 that can allow for excessive memory
consumption. This issue affects nginx compiled with the ngx_http_v2_module (not compiled by default) if the 'http2' option
of the 'listen' directive is used in a configuration file.

Affected Versions
1.9.6 to 1.14.0

External References
CVE-2018-16843

Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability

nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite
loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially
crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the
.mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a
specially crafted mp4 file with the ngx_http_mp4_module.

Affected Versions
1.7.5 to 1.14.0

External References
CVE-2018-16845

Nginx Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability

NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an
attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

Affected Versions
1.7.5 to 1.16.0

External References
CVE-2019-20372

Vulnerabilities

2.1. http://qatprm.riskpro.in/login/
Identified Version
1.14.0

Latest Version
29 / 209
1.20.0 (in this branch)

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

Request

GET /login/ HTTP/1.1

Response

Response Time (ms) : 65.9592 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:02 GMT
ETag: WHTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:02 GMT
ETag: W/"
…

30 / 209
Remedy
Please upgrade your installation of Nginx to the latest stable version.

Remedy References
Downloading Nginx

CLASSIFICATION

PCI DSS v3.2 6.2

OWASP 2013 A9

OWASP 2017 A9

SANS Top 25 829

CAPEC 310

WASC 13

HIPAA 164.308(A)(1)(I)

OWASP Proactive Controls C1

ISO27001 A.14.1.2

31 / 209
3. Password Transmitted over HTTP
HIGH 11 CONFIRMED 4

Netsparker detected that password data is being transmitted over HTTP.

35 / 209
Response

Response Time (ms) : 81.4673 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

3.4. http://qatprm.riskpro.in/login/.well-known/www.riskpro.in

Certainty

36 / 209
Request

GET /login/.well-known/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 89.9458 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

37 / 209
3.5. http://qatprm.riskpro.in/login/images/

Certainty

Request

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/sitemap.xml.gz
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 77.9533 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

46 / 209
3.11. http://qatprm.riskpro.in/login/www.riskpro.in
CONFIRMED

Input Name
password

Form target action

http://qatprm.riskpro.in/umlistofusers

Request

GET /login/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

47 / 209
Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

Actions to Take

1. See the remedy for solution.

2. Move all of your critical forms and pages to HTTPS and do not serve them over HTTP.

Remedy
All sensitive data should be transferred over HTTPS rather than HTTP. Forms should be served over HTTPS. All aspects of the
application that accept user input, starting from the login process, should only be served over HTTPS.

48 / 209
CLASSIFICATION

PCI DSS v3.2 6.5.4

OWASP 2013 A6

OWASP 2017 A3

SANS Top 25 319

CAPEC 65

WASC 4

ISO27001 A.14.1.3

CVSS 3.0 SCORE

Base 5.7 (Medium)

Temporal 5.7 (Medium)

Environmental 5.7 (Medium)

CVSS Vector String

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 3.1 SCORE

Base 5.7 (Medium)

Temporal 5.7 (Medium)

Environmental 5.7 (Medium)

49 / 209
CVSS Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

50 / 209
4. [Possible] Password Transmitted over Query
String
MEDIUM 11

Response

Response Time (ms) : 77.9533 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

65 / 209
4.11. http://qatprm.riskpro.in/login/www.riskpro.in
Notes
Although a form with a GET method is detected, it may not be submitted directly and may be submitted using e.g. AJAX with
POST method.

Input Name
password

Form target action

http://qatprm.riskpro.in/umlistofusers

Certainty

Request

GET /login/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

66 / 209
Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

Remedy

Do not send any sensitive data through query string.

67 / 209
CLASSIFICATION

PCI DSS v3.2 6.5.4

OWASP 2013 A6

OWASP 2017 A3

SANS Top 25 598

WASC 13

ISO27001 A.14.2.5

CVSS 3.0 SCORE

Base 6.5 (Medium)

Temporal 6.5 (Medium)

Environmental 6.5 (Medium)

CVSS Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 3.1 SCORE

Base 6.5 (Medium)

Temporal 6.5 (Medium)

Environmental 6.5 (Medium)

68 / 209
CVSS Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

69 / 209
5. HTTP Strict Transport Security (HSTS) Policy
Not Enabled
MEDIUM 1

Netsparker identified that HTTP Strict Transport Security (HSTS) policy is not enabled.

The target website is being served from not only HTTPS but also HTTP and it lacks of HSTS policy implementation.

HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents
(such as a web browser) are to interact with it using only secure (HTTPS) connections. The HSTS Policy is communicated by the server
to the user agent via a HTTP response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during
which the user agent shall access the server in only secure fashion.

When a web application issues HSTS Policy to user agents, conformant user agents behave as follows:
Automatically turn any insecure (HTTP) links referencing the web application into secure (HTTPS) links. (For instance,
http://example.com/some/page/ will be modified to https://example.com/some/page/ before accessing the server.)
If the security of the connection cannot be ensured (e.g. the server's TLS certificate is self-signed), user agents show an error
message and do not allow the user to access the web application.

Vulnerabilities

5.1. https://qatprm.riskpro.in/login/

Certainty

Request

GET /login/ HTTP/1.1

70 / 209
Response

Response Time (ms) : 2270.8595 Total Bytes Received : 213 Body Length : 191 Is Compressed : No

HTTP/1.1 200 Error

[Netsparker Proxy] Error occured whilst handling session request (internal) - qatprm.riskpro.in - No co
nnection could be made because the target machine actively refused it 13.235.219.112:443

Remedy

Configure your webserver to redirect HTTP requests to HTTPS.

i.e. for Apache, you should have modification in the httpd.conf. For more configurations, please refer to External References section.

# load module
LoadModule headers_module modules/mod_headers.so

# redirect all HTTP to HTTPS (optional)

<VirtualHost *:80>
ServerAlias *
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>

# HTTPS-Host-Configuration
<VirtualHost *:443>
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

# Further Configuration goes here

[...]
</VirtualHost>

External References
Wikipedia - HTTP Strict Transport Security
Configure HSTS (HTTP Strict Transport Security) for Apache/Nginx
HTTP Strict Transport Security (HSTS) HTTP Header
Mozilla SSL Configuration Generator

71 / 209
CLASSIFICATION

OWASP 2013 A6

OWASP 2017 A3

SANS Top 25 523

CAPEC 217

WASC 4

ISO27001 A.14.1.2

72 / 209
6. Out-of-date Version (jQuery UI
Autocomplete)
MEDIUM 11

Netsparker identified the target web site is using jQuery UI Autocomplete and detected that it is out of date.

Impact
Since this is an old version of the software, it may be vulnerable to attacks.

JQuery UI Cross-site Scripting (XSS) Vulnerability

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML
via the closeText parameter of the dialog function.

Affected Versions
1.10.0 to 1.11.4

External References
CVE-2016-7103

Vulnerabilities

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

77 / 209
6.4. http://qatprm.riskpro.in/login/.well-known/www.riskpro.in

Certainty

Request

GET /login/.well-known/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

78 / 209
Response

Response Time (ms) : 89.9458 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

6.5. http://qatprm.riskpro.in/login/images/

Certainty

79 / 209
Request

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/sitemap.xml.gz
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

87 / 209
Response

Response Time (ms) : 77.9533 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

6.11. http://qatprm.riskpro.in/login/www.riskpro.in
Identified Version
1.10.3

Latest Version
1.12.1 (in this branch)

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

88 / 209
Request

GET /login/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

89 / 209
Remedy
Please upgrade your installation of jQuery UI Autocomplete to the latest stable version.

Remedy References

Downloading jQuery UI Autocomplete

CLASSIFICATION

PCI DSS v3.2 6.2

OWASP 2013 A9

OWASP 2017 A9

SANS Top 25 829

CAPEC 310

HIPAA 164.308(A)(1)(I)

OWASP Proactive Controls C1

ISO27001 A.14.1.2

90 / 209
7. Out-of-date Version (jQuery UI Dialog)
MEDIUM 11

Netsparker identified the target web site is using jQuery UI Dialog and detected that it is out of date.

Impact
Since this is an old version of the software, it may be vulnerable to attacks.

JQuery UI Cross-site Scripting (XSS) Vulnerability

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML
via the closeText parameter of the dialog function.

Affected Versions
1.10.0 to 1.11.4

External References
CVE-2016-7103

Vulnerabilities

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

95 / 209
7.4. http://qatprm.riskpro.in/login/.well-known/www.riskpro.in

Certainty

Request

GET /login/.well-known/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

96 / 209
Response

Response Time (ms) : 89.9458 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

7.5. http://qatprm.riskpro.in/login/images/

Certainty

97 / 209
Request

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/sitemap.xml.gz
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

105 / 209
Response

Response Time (ms) : 77.9533 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

7.11. http://qatprm.riskpro.in/login/www.riskpro.in
Identified Version
1.10.3

Latest Version
1.12.1 (in this branch)

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

106 / 209
Request

GET /login/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

107 / 209
Remedy

Please upgrade your installation of jQuery UI Dialog to the latest stable version.

Remedy References

Downloading jQuery UI Dialog

CLASSIFICATION

PCI DSS v3.2 6.2

OWASP 2013 A9

OWASP 2017 A9

SANS Top 25 829

CAPEC 310

HIPAA 164.308(A)(1)(I)

OWASP Proactive Controls C1

ISO27001 A.14.1.2

108 / 209
8. Out-of-date Version (jQuery UI Tooltip)
MEDIUM 11

Netsparker identified the target web site is using jQuery UI Tooltip and detected that it is out of date.

Impact
Since this is an old version of the software, it may be vulnerable to attacks.

JQuery UI Cross-site Scripting (XSS) Vulnerability

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML
via the closeText parameter of the dialog function.

Affected Versions
1.10.0 to 1.11.4

External References
CVE-2016-7103

Vulnerabilities

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

113 / 209
8.4. http://qatprm.riskpro.in/login/.well-known/www.riskpro.in

Certainty

Request

GET /login/.well-known/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

114 / 209
Response

Response Time (ms) : 89.9458 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

8.5. http://qatprm.riskpro.in/login/images/

Certainty

115 / 209
Request

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/sitemap.xml.gz
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

123 / 209
Response

Response Time (ms) : 77.9533 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

8.11. http://qatprm.riskpro.in/login/www.riskpro.in
Identified Version
1.10.3

Latest Version
1.12.1 (in this branch)

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

124 / 209
Request

GET /login/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

125 / 209
Remedy
Please upgrade your installation of jQuery UI Tooltip to the latest stable version.

Remedy References

Downloading jQuery UI Tooltip

CLASSIFICATION

PCI DSS v3.2 6.2

OWASP 2013 A9

OWASP 2017 A9

SANS Top 25 829

CAPEC 310

HIPAA 164.308(A)(1)(I)

OWASP Proactive Controls C1

ISO27001 A.14.1.2

126 / 209
9. Out-of-date Version (jQuery)
MEDIUM 11

Netsparker identified the target web site is using jQuery and detected that it is out of date.

Impact
Since this is an old version of the software, it may be vulnerable to attacks.

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the
dataType option, causing text/javascript responses to be executed.

Affected Versions
1.8.0 to 2.2.4

External References
CVE-2015-9251

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted
sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute
untrusted code. This problem is patched in jQuery 3.5.0.

Affected Versions
1.9.0 to 3.4.1

External References
CVE-2020-11023

jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to
one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is
patched in jQuery 3.5.0.

Affected Versions
1.9.0 to 3.4.1

External References
CVE-2020-11022

JQuery Prototype Pollution Vulnerability

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of
Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native
Object.prototype.

Affected Versions
1.0 to 3.3.1
127 / 209
External References
CVE-2019-11358

Vulnerabilities

9.1. http://qatprm.riskpro.in/login/
Identified Version
1.10.2

Latest Version
1.12.4 (in this branch)

Branch Status
This branch has stopped receiving updates since 6/20/2016.

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

Request

GET /login/ HTTP/1.1

128 / 209
Response

Response Time (ms) : 65.9592 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:02 GMT
ETag: W
…
lesheet" href="http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css"/><script src="http://c
ode.jquery.com/jquery-1.9.1.js"></script><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.
2/jquery.min.js"></script><script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script><title>T
PRM - Third Party Risk Management Software</title><link href="/static/css/2.d7c2c74d.chunk.css" rel="st
ylesheet"
…

9.2. http://qatprm.riskpro.in/login/.well-known/
Identified Version
1.10.2

Latest Version
1.12.4 (in this branch)

Branch Status
This branch has stopped receiving updates since 6/20/2016.

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

129 / 209
Request

GET /login/.well-known/ HTTP/1.1

Response

Response Time (ms) : 124.0243 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:41 GMT
ETag: W
…
lesheet" href="http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css"/><script src="http://c
ode.jquery.com/jquery-1.9.1.js"></script><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.
2/jquery.min.js"></script><script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script><title>T
PRM - Third Party Risk Management Software</title><link href="/static/css/2.d7c2c74d.chunk.css" rel="st
ylesheet"
…

9.3. http://qatprm.riskpro.in/login/.well-known/apple-app-site-association
Identified Version
1.10.2

Latest Version
1.12.4 (in this branch)

Branch Status
This branch has stopped receiving updates since 6/20/2016.
130 / 209
Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

Request

GET /login/.well-known/apple-app-site-association HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/apple-app-site-association
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 81.4673 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:41 GMT
ETag: W
…
lesheet" href="http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css"/><script src="http://c
ode.jquery.com/jquery-1.9.1.js"></script><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.
2/jquery.min.js"></script><script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script><title>T
PRM - Third Party Risk Management Software</title><link href="/static/css/2.d7c2c74d.chunk.css" rel="st
ylesheet"
…

9.4. http://qatprm.riskpro.in/login/.well-known/www.riskpro.in
131 / 209
Certainty

Request

GET /login/.well-known/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 89.9458 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:42:11 GMT
ETag: W
…
lesheet" href="http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css"/><script src="http://c
ode.jquery.com/jquery-1.9.1.js"></script><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.
2/jquery.min.js"></script><script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script><title>T
PRM - Third Party Risk Management Software</title><link href="/static/css/2.d7c2c74d.chunk.css" rel="st
ylesheet"
…

9.5. http://qatprm.riskpro.in/login/images/

Certainty

132 / 209
Request

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/sitemap.xml.gz
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 77.9533 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:47 GMT
ETag: W
…
lesheet" href="http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css"/><script src="http://c
ode.jquery.com/jquery-1.9.1.js"></script><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.
2/jquery.min.js"></script><script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script><title>T
PRM - Third Party Risk Management Software</title><link href="/static/css/2.d7c2c74d.chunk.css" rel="st
ylesheet"
…

9.11. http://qatprm.riskpro.in/login/www.riskpro.in
Identified Version
1.10.2

Latest Version
1.12.4 (in this branch)

Branch Status
138 / 209
This branch has stopped receiving updates since 6/20/2016.

Vulnerability Database
Result is based on 05/25/2021 08:00:00 vulnerability database content.

Certainty

Request

GET /login/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:41 GMT
ETag: W
…
lesheet" href="http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css"/><script src="http://c
ode.jquery.com/jquery-1.9.1.js"></script><script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.
2/jquery.min.js"></script><script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script><title>T
PRM - Third Party Risk Management Software</title><link href="/static/css/2.d7c2c74d.chunk.css" rel="st
ylesheet"
…

139 / 209
Remedy

Please upgrade your installation of jQuery to the latest stable version.

Remedy References
Downloading jQuery

CLASSIFICATION

PCI DSS v3.2 6.2

OWASP 2013 A9

OWASP 2017 A9

SANS Top 25 829

CAPEC 310

HIPAA 164.308(A)(1)(I)

OWASP Proactive Controls C1

ISO27001 A.14.1.2

140 / 209
10. SSL/TLS Not Implemented
MEDIUM 1

Netsparker detected that SSL/TLS is not implemented.

Impact
An attacker who is able to intercept your - or your users' - network traffic can read and modify any messages that are exchanged with
your server.

That means that an attacker can see passwords in clear text, modify the appearance of your website, redirect the user to other web
pages or steal session information.

Therefore no message you send to the server remains confidential.

Vulnerabilities

10.1. https://qatprm.riskpro.in/login/

Certainty

Request

[NETSPARKER] SSL Connection

Response

Response Time (ms) : 1 Total Bytes Received : 27 Body Length : 0 Is Compressed : No

[NETSPARKER] SSL Connection

Remedy

We suggest that you implement SSL/TLS properly, for example by using the Certbot tool provided by the Let's Encrypt certificate
authority. It can automatically configure most modern web servers, e.g. Apache and Nginx to use SSL/TLS. Both the tool and the
certificates are free and are usually installed within minutes.

141 / 209
CLASSIFICATION

PCI DSS v3.2 6.5.4

OWASP 2013 A6

OWASP 2017 A3

SANS Top 25 311

CAPEC 217

WASC 4

HIPAA 164.306

ISO27001 A.14.1.3

CVSS 3.0 SCORE

Base 6.8 (Medium)

Temporal 6.1 (Medium)

Environmental 6.1 (Medium)

CVSS Vector String

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

CVSS 3.1 SCORE

Base 6.8 (Medium)

Temporal 6.1 (Medium)

Environmental 6.1 (Medium)

142 / 209
CVSS Vector String

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C

143 / 209
11. Missing Content-Type Header
LOW 1

Netsparker detected a missing Content-Type header which means that this website could be at risk of a MIME-sniffing attacks.

Impact
MIME type sniffing is a standard functionality in browsers to find an appropriate way to render data where the HTTP headers sent by
the server are either inconclusive or missing.

This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the
response body to be interpreted and displayed as a content type other than the intended content type.

The problem arises once a website allows users to upload content which is then published on the web server. If an attacker can carry
out XSS (Cross-site Scripting) attack by manipulating the content in a way to be accepted by the web application and rendered as
HTML by the browser, it is possible to inject code in e.g. an image file and make the victim execute it by viewing the image.

Vulnerabilities

11.1. https://qatprm.riskpro.in/login/

Certainty

Request

GET /login/ HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: https://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

144 / 209
Response

Response Time (ms) : 2224.3943 Total Bytes Received : 213 Body Length : 191 Is Compressed : No

HTTP/1.1 200 Error

[Netsparker Proxy] Error occured whilst handling session request (internal) - qatprm.riskpro.in - No co
nnection could be made because the target machine actively refused it 13.235.219.112:443

Remedy

1. When serving resources, make sure you send the content-type header to appropriately match the type of the resource being
served. For example, if you are serving an HTML page, you should send the HTTP header:

Content-Type: text/html

2. Add the X-Content-Type-Options header with a value of "nosniff" to inform the browser to trust what the site has sent is the
appropriate content-type, and to not attempt "sniffing" the real content-type.

X-Content-Type-Options: nosniff

External References

MIME Sniffing: feature or vulnerability?

X-Content-Type-Options HTTP Header

CLASSIFICATION

OWASP 2013 A5

OWASP 2017 A6

SANS Top 25 16

WASC 15

ISO27001 A.14.1.2

145 / 209
146 / 209
12. Missing X-Frame-Options Header
LOW 11

Netsparker detected a missing X-Frame-Options header which means that this website could be at risk of a clickjacking attack.

The X-Frame-Options HTTP header field indicates a policy that specifies whether the browser should render the transmitted resource
within a frame or an iframe. Servers can declare this policy in the header of their HTTP responses to prevent clickjacking attacks,
which ensures that their content is not embedded into other pages or frames.

Impact
Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on
a framed page when they were intending to click on the top level page. Thus, the attacker is "hijacking" clicks meant for their page and
routing them to other another page, most likely owned by another application, domain, or both.

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes,
a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible
frame controlled by the attacker.

Vulnerabilities

162 / 209
Remedy
Sending the proper X-Frame-Options in HTTP response headers that instruct the browser to not allow framing from other
domains.
X-Frame-Options: DENY It completely denies to be loaded in frame/iframe.
X-Frame-Options: SAMEORIGIN It allows only if the site which wants to load has a same origin.
X-Frame-Options: ALLOW-FROM URL It grants a specific URL to load itself in a iframe. However please pay attention
to that, not all browsers support this.
Employing defensive code in the UI to ensure that the current frame is the most top level window.

External References
Clickjacking
Can I Use X-Frame-Options
X-Frame-Options HTTP Header

Remedy References
Clickjacking Defense Cheat Sheet

CLASSIFICATION

OWASP 2013 A5

OWASP 2017 A6

SANS Top 25 693

CAPEC 103

ISO27001 A.14.2.5

163 / 209
13. Version Disclosure (Nginx)
LOW 1

Netsparker identified a version disclosure (Nginx) in the target web server's HTTP response.

This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks
targeted at the specific version of Nginx.

Impact
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.

Vulnerabilities

13.1. http://qatprm.riskpro.in/login/
Extracted Version
1.14.0

Certainty

Request

GET /login/ HTTP/1.1

164 / 209
Response

Response Time (ms) : 65.9592 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:02 GMT
ETag: WHTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:02 GMT
ETag: W/"
…

Remedy
Add the following line to your nginx.conf file to prevent information leakage from the SERVER header of its HTTP response:

server_tokens off

165 / 209
CLASSIFICATION

OWASP 2013 A5

OWASP 2017 A6

SANS Top 25 205

CAPEC 170

WASC 45

HIPAA 164.306(A), 164.308(A)

ISO27001 A.18.1.3

166 / 209
14. Content Security Policy (CSP) Not
Implemented
BEST PRACTICE 11

CSP is an added layer of security that helps to mitigate mainly Cross-site Scripting attacks.

CSP can be enabled instructing the browser with a Content-Security-Policy directive in a response header;

Content-Security-Policy: script-src 'self';

or in a meta tag;

<meta http-equiv="Content-Security-Policy" content="script-src 'self';">

In the above example, you can restrict script loading only to the same domain. It will also restrict inline script executions both in the
element attributes and the event handlers. There are various directives which you can use by declaring CSP:

script-src: Restricts the script loading resources to the ones you declared. By default, it disables inline script executions unless
you permit to the evaluation functions and inline scripts by the unsafe-eval and unsafe-inline keywords.
base-uri: Base element is used to resolve relative URL to absolute one. By using this CSP directive, you can define all possible
URLs which could be assigned to base-href attribute of the document.
frame-ancestors: It is very similar to X-Frame-Options HTTP header. It defines the URLs by which the page can be loaded in an
iframe.
frame-src / child-src: frame-src is the deprecated version of child-src. Both define the sources that can be loaded by iframe in
the page. (Please note that frame-src was brought back in CSP 3)
object-src : Defines the resources that can be loaded by embedding such as Flash files, Java Applets.
img-src: As its name implies, it defines the resources where the images can be loaded from.
connect-src: Defines the whitelisted targets for XMLHttpRequest and WebSocket objects.
default-src: It is a fallback for the directives that mostly ends with -src suffix. When the directives below are not defined, the
value set to default-src will be used instead:
child-src
connect-src
font-src
img-src
manifest-src
media-src
object-src
script-src
style-src

When setting the CSP directives, you can also use some CSP keywords:

none: Denies loading resources from anywhere.

self : Points to the document's URL (domain + port).
unsafe-inline: Permits running inline scripts.
unsafe-eval: Permits execution of evaluation functions such as eval().

In addition to CSP keywords, you can also use wildcard or only a scheme when defining whitelist URLs for the points. Wildcard can be
used for subdomain and port portions of the URLs:

Content-Security-Policy: script-src https://*.example.com;

Content-Security-Policy: script-src https://example.com:*;
Content-Security-Policy: script-src https:;

167 / 209
It is also possible to set a CSP in Report-Only mode instead of forcing it immediately in the migration period. Thus you can see the
violations of the CSP policy in the current state of your web site while migrating to CSP:

Content-Security-Policy-Report-Only: script-src 'self'; report-uri: https://example.com;

Impact
There is no direct impact of not implementing CSP on your website. However, if your website is vulnerable to a Cross-site Scripting
attack CSP can prevent successful exploitation of that vulnerability. By not implementing CSP you’ll be missing out this extra layer of
security.

Vulnerabilities

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

14.4. http://qatprm.riskpro.in/login/.well-known/www.riskpro.in

Certainty

172 / 209
Request

GET /login/.well-known/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 89.9458 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

173 / 209
14.5. http://qatprm.riskpro.in/login/images/

Certainty

Request

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

183 / 209
Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

<!doctype html><html lang="en"><head><meta charset="utf-8"/><link rel="shortcut icon" href="/favicon.ic

Actions to Take

Enable CSP on your website by sending the Content-Security-Policy in HTTP response headers that instruct the browser to
apply the policies you specified.
Apply the whitelist and policies as strict as possible.
Rescan your application to see if Netsparker identifies any weaknesses in your policies.

Remedy
Enable CSP on your website by sending the Content-Security-Policy in HTTP response headers that instruct the browser to apply
the policies you specified.

External References

An Introduction to Content Security Policy

Content Security Policy (CSP) HTTP Header
Content Security Policy (CSP)
184 / 209
CLASSIFICATION

SANS Top 25 16

WASC 15

ISO27001 A.14.2.5

185 / 209
15. Subresource Integrity (SRI) Not
Implemented
BEST PRACTICE 11

Subresource Integrity (SRI) provides a mechanism to check integrity of the resource hosted by third parties like Content Delivery
Networks (CDNs) and verifies that the fetched resource has been delivered without unexpected manipulation.

SRI does this using hash comparison mechanism. In this way, hash value declared in HTML elements (for now only script and link
elements are supported) will be compared with the hash value of the resource hosted by third party.

Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.

Vulnerabilities

15.1. http://qatprm.riskpro.in/login/
Identified Sub Resource(s)
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
https://fonts.googleapis.com/icon?family=Material Icons
https://code.jquery.com/jquery-1.12.0.min.js
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
http://cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js
http://netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css
https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-
Ls8zTyFYoy2keo&libraries=geometry,drawing,places
http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css
http://code.jquery.com/jquery-1.9.1.js
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
http://code.jquery.com/ui/1.10.3/jquery-ui.js

Certainty

Request

GET /login/ HTTP/1.1

186 / 209
Response

Response Time (ms) : 65.9592 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:02 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

15.2. http://qatprm.riskpro.in/login/.well-known/
Identified Sub Resource(s)
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
https://fonts.googleapis.com/icon?family=Material Icons
https://code.jquery.com/jquery-1.12.0.min.js
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
http://cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js
http://netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css
https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-
Ls8zTyFYoy2keo&libraries=geometry,drawing,places
http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css
http://code.jquery.com/jquery-1.9.1.js
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
http://code.jquery.com/ui/1.10.3/jquery-ui.js
187 / 209
Certainty

Request

GET /login/.well-known/ HTTP/1.1

188 / 209
Response

Response Time (ms) : 124.0243 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:41 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

15.3. http://qatprm.riskpro.in/login/.well-known/apple-app-site-association
Identified Sub Resource(s)
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
https://fonts.googleapis.com/icon?family=Material Icons
https://code.jquery.com/jquery-1.12.0.min.js
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
http://cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js
http://netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css
https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-
Ls8zTyFYoy2keo&libraries=geometry,drawing,places
http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css
http://code.jquery.com/jquery-1.9.1.js
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
http://code.jquery.com/ui/1.10.3/jquery-ui.js

189 / 209
Certainty

Request

GET /login/.well-known/apple-app-site-association HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/apple-app-site-association
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

190 / 209
Response

Response Time (ms) : 81.4673 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:41 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

15.4. http://qatprm.riskpro.in/login/.well-known/www.riskpro.in

Certainty

191 / 209
Request

GET /login/.well-known/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/.well-known/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 89.9458 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:42:11 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

192 / 209
15.5. http://qatprm.riskpro.in/login/images/

Certainty

Request

GET /login/images/ HTTP/1.1

193 / 209
Response

Response Time (ms) : 96.9406 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:42:11 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

15.6. http://qatprm.riskpro.in/login/images/www.riskpro.in

Certainty

194 / 209
Request

GET /login/images/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/images/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 82.8086 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:43:32 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

195 / 209
15.7. http://qatprm.riskpro.in/login/open-search.gz

Certainty

Request

GET /login/open-search.gz HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/open-search.gz
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

196 / 209
Response

Response Time (ms) : 56.9602 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:42 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

15.8. http://qatprm.riskpro.in/login/opensearch.xml

Certainty

197 / 209
Request

GET /login/opensearch.xml HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/opensearch.xml
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 62.6645 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:41 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

198 / 209
15.9. http://qatprm.riskpro.in/login/sitemap.xml

Certainty

Request

GET /login/sitemap.xml HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/sitemap.xml
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

199 / 209
Response

Response Time (ms) : 91.9446 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:42 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

15.10. http://qatprm.riskpro.in/login/sitemap.xml.gz

Certainty

200 / 209
Request

GET /login/sitemap.xml.gz HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/sitemap.xml.gz
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

Response

Response Time (ms) : 77.9533 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:47 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

201 / 209
15.11. http://qatprm.riskpro.in/login/www.riskpro.in
Identified Sub Resource(s)
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
https://fonts.googleapis.com/icon?family=Material Icons
https://code.jquery.com/jquery-1.12.0.min.js
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
http://cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js
http://netdna.bootstrapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css
https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-
Ls8zTyFYoy2keo&libraries=geometry,drawing,places
http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css
http://code.jquery.com/jquery-1.9.1.js
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js
http://code.jquery.com/ui/1.10.3/jquery-ui.js

Certainty

Request

GET /login/www.riskpro.in HTTP/1.1

Host: qatprm.riskpro.in
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-us,en;q=0.5
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOiI2MDRlZDIyOWYyMGI1NzVjOTQxNGYw
OTkiLCJpYXQiOjE2MjI0NzIwNTAsImV4cCI6MTYyMjUwODA1MH0.Phsqj33DCC_9UdsbzZZGZQFjazM2iVebnEsFaqSGz0k
Cache-Control: no-cache
Referer: http://qatprm.riskpro.in/login/
User-Agent: Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.
77 Safari/537.36
X-Scanner: Netsparker

202 / 209
Response

Response Time (ms) : 58.9877 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:41 GMT
ETag: W
…
nk rel="shortcut icon" href="/favicon.ico"/><meta name="viewport" content="width=device-width,initial-s
cale=1"/><meta name="theme-color" content="#000000"/><link rel="manifest" href="/manifest.json"/><link
rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css"><link re
l="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons"><script src="https://cod
e.jquery.com/jquery-1.12.0.min.js"></script><script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.
7/js/bootstrap.min.js"></script><script type="text/javascript" src="/js/adminLte.js"></script><script s
rc="//cdnjs.cloudflare.com/ajax/libs/moment.js/2.5.1/moment.min.js"></script><link href="//netdna.boots
trapcdn.com/font-awesome/4.1.0/css/font-awesome.min.css" rel="stylesheet"><script type="text/javascrip
t" src="https://maps.googleapis.com/maps/api/js?key=AIzaSyBXlC-C2aioJUWrInh3-Ls8zTyFYoy2keo&libraries=g
eometry,drawing,places"></script><link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/s
moothness/jquery-ui.css"/><script src="http://code.jquery.com/jquery-1.9.1.js"></script><script src="ht
tp://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script><script src="http://code.jquer
y.com/ui/1.10.3/jquery-ui.js"></script><title>TPRM - Third Party Risk Management Software</title><link
href="/static/css/2.d7c2c74d.chunk.css" rel="stylesheet"><link href="/static/css/main.2274a20d.chunk.c
ss" rel="stylesheet"></head><body>
…

Remedy
Using Subresource Integrity is simply to add integrity attribute to the script tag along with a base64 encoded cryptographic hash value.

<script src="https://code.jquery.com/jquery-2.1.4.min.js" integrity="sha384-

R4/ztc4ZlRqWjqIuvf6RX5yb/v90qNGx6fS48N0tRxiGkqveZETq72KgDVJCp2TC" crossorigin="anonymous"></script>

The hash algorithm must be one of sha256, sha384 or sha512, followed by a '-' character.

External References
Subresource Integrity
Do not let your CDN betray you: Use Subresource Integrity
Web Application Security with Subresource Integrity
SRI Hash Generator

203 / 209
CLASSIFICATION

SANS Top 25 16

WASC 15

ISO27001 A.14.2.5

204 / 209
16. Nginx Web Server Identified
INFORMATION 1

Netsparker identified a web server (Nginx) in the target web server's HTTP response.

Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.

Vulnerabilities

16.1. http://qatprm.riskpro.in/login/

Certainty

Request

GET /login/ HTTP/1.1

205 / 209
Response

Response Time (ms) : 65.9592 Total Bytes Received : 3468 Body Length : 3214 Is Compressed : No

HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:02 GMT
ETag: WHTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Connection: keep-alive
Content-Encoding:
Last-Modified: Thu, 27 May 2021 14:23:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 31 May 2021 14:41:02 GMT
ET
…

206 / 209
CLASSIFICATION

SANS Top 25 200

WASC 13

OWASP Proactive Controls C7

ISO27001 A.18.1.3

CVSS 3.0 SCORE

Base 5.3 (Medium)

Temporal 5.1 (Medium)

Environmental 5.1 (Medium)

CVSS Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

CVSS 3.1 SCORE

Base 5.3 (Medium)

Temporal 5.1 (Medium)

Environmental 5.1 (Medium)

CVSS Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C

207 / 209
Show Scan Detail

Enabled Security Checks : Apache Struts S2-045 RCE,

Apache Struts S2-046 RCE,
BREACH Attack,
Code Evaluation,
Code Evaluation (Out of Band),
Command Injection,
Command Injection (Blind),
Content Security Policy,
Content-Type Sniffing,
Cookie,
Cross Frame Options Security,
Cross-Origin Resource Sharing (CORS),
Cross-Site Request Forgery,
Cross-site Scripting,
Cross-site Scripting (Blind),
Custom Script Checks (Passive),
Custom Script Checks (Singular),
Drupal Remote Code Execution,
Expect Certificate Transparency (Expect-CT),
Expression Language Injection,
File Upload,
Header Analyzer,
Heartbleed,
HSTS,
HTML Content,
HTTP Header Injection,
HTTP Methods,
HTTP Status,
HTTP.sys (CVE-2015-1635),
IFrame Security,
Insecure JSONP Endpoint,
Insecure Reflected Content,
JavaScript Libraries,
Local File Inclusion,
Login Page Identifier,
Mixed Content,
Open Redirection,
Referrer Policy,
Reflected File Download,
Remote File Inclusion,
Remote File Inclusion (Out of Band),
Reverse Proxy Detection,
RoR Code Execution,
Server-Side Request Forgery (DNS),
Server-Side Request Forgery (Pattern Based),
Server-Side Template Injection,
208 / 209
Signatures,
SQL Injection (Blind),
SQL Injection (Boolean),
SQL Injection (Error Based),
SQL Injection (Out of Band),
SSL,
Static Resources (All Paths),
Static Resources (Only Root Path),
WAF Identifier,
Web App Fingerprint,
Web Cache Deception,
WebDAV,
Windows Short Filename,
XML External Entity,
XML External Entity (Out of Band)

URL Rewrite Mode : Heuristic

Detected URL Rewrite Rule(s) : None

Excluded URL Patterns : (log|sign)\-?(out|off)

exit
endsession
gtm\.js
WebResource\.axd
ScriptResource\.axd

Authentication : Form Authentication

Scheduled : No

Additional Website(s) : None

This report created with 5.8.1.28119-master-bca4e4e

https://www.netsparker.com

209 / 209

PDF Python GUI Programming With Tkinter: Develop Responsive and Powerful GUI Applications With Tkinter by Alan D. Moore
No ratings yet
PDF Python GUI Programming With Tkinter: Develop Responsive and Powerful GUI Applications With Tkinter by Alan D. Moore
3 pages
3BSE092443 A en AC 800M - PM861A PM864A - Life Cycle Announcement
No ratings yet
3BSE092443 A en AC 800M - PM861A PM864A - Life Cycle Announcement
2 pages
Astra Security - Sample Report For VAPT
No ratings yet
Astra Security - Sample Report For VAPT
30 pages
Web Application Report: Target and Filters
No ratings yet
Web Application Report: Target and Filters
115 pages
02 - Threat Protection Workshop - Results and Next Steps
No ratings yet
02 - Threat Protection Workshop - Results and Next Steps
55 pages
Web Application Scanning Detailed Scan Export: Pontual Scan: April 3, 2023 at 14:00 (UTC)
No ratings yet
Web Application Scanning Detailed Scan Export: Pontual Scan: April 3, 2023 at 14:00 (UTC)
71 pages
CloudEcopetrol ParcheMicrosoft CVE-2022-21907
No ratings yet
CloudEcopetrol ParcheMicrosoft CVE-2022-21907
39 pages
Zero Day Vulnerability Report Feb 2022
No ratings yet
Zero Day Vulnerability Report Feb 2022
8 pages
Network Vulnerability Scan With Openvas Report (Light)
No ratings yet
Network Vulnerability Scan With Openvas Report (Light)
2 pages
CloudForte Service Intelligence - Security Vulnerability Report 1.5
No ratings yet
CloudForte Service Intelligence - Security Vulnerability Report 1.5
4 pages
Trend Report
No ratings yet
Trend Report
21 pages
Network Assessment Report Template
No ratings yet
Network Assessment Report Template
27 pages
Security Analysis For - Snyk
No ratings yet
Security Analysis For - Snyk
2 pages
Website Vulnscan Sample Report
No ratings yet
Website Vulnscan Sample Report
6 pages
Web Application (Muthoot - Com) - Pentesting - Revalidation - Report - 26-4-2023
No ratings yet
Web Application (Muthoot - Com) - Pentesting - Revalidation - Report - 26-4-2023
148 pages
Ethical Hacker - Test Case
No ratings yet
Ethical Hacker - Test Case
5 pages
Sample Report Web
No ratings yet
Sample Report Web
19 pages
Website Vulnerability Scanner Report (Light)
No ratings yet
Website Vulnerability Scanner Report (Light)
5 pages
Breaches Anticipated in 2024
No ratings yet
Breaches Anticipated in 2024
175 pages
Levelup0X Bug Bounty Hunting Training
100% (2)
Levelup0X Bug Bounty Hunting Training
8 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
6 pages
PenTest Proposal
No ratings yet
PenTest Proposal
8 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
4 pages
Qualis TruRisk Report
No ratings yet
Qualis TruRisk Report
43 pages
IntruderReport - 06 Oct 2021
No ratings yet
IntruderReport - 06 Oct 2021
15 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
4 pages
Vulnerability Statistics Report
No ratings yet
Vulnerability Statistics Report
43 pages
Smart Console
100% (2)
Smart Console
50 pages
006 - Interactive Report
No ratings yet
006 - Interactive Report
22 pages
DVWA
No ratings yet
DVWA
11 pages
Brocket Web Applicaion
No ratings yet
Brocket Web Applicaion
11 pages
Dvwa2 Sample Report
No ratings yet
Dvwa2 Sample Report
11 pages
VVATP
No ratings yet
VVATP
11 pages
Report 20240629 Pet-Healthcare-Frontend-Green Vercel App
No ratings yet
Report 20240629 Pet-Healthcare-Frontend-Green Vercel App
15 pages
Report Summary
No ratings yet
Report Summary
8 pages
Report 20240628 Pet-Healthcare-Frontend-Green Vercel App
No ratings yet
Report 20240628 Pet-Healthcare-Frontend-Green Vercel App
15 pages
Simple - Web Application Report
No ratings yet
Simple - Web Application Report
194 pages
Pentest
No ratings yet
Pentest
26 pages
Controles de Vulnerabilidades 2
No ratings yet
Controles de Vulnerabilidades 2
4 pages
Additional Task 2
No ratings yet
Additional Task 2
9 pages
Website Vulnerability Scanner Report: Returnurl /&aspxautodetectcookiesupport 1
No ratings yet
Website Vulnerability Scanner Report: Returnurl /&aspxautodetectcookiesupport 1
4 pages
ZAP - Automation Framework
No ratings yet
ZAP - Automation Framework
15 pages
IBM-Mainframes: COBOL Class-1
No ratings yet
IBM-Mainframes: COBOL Class-1
11 pages
Schneider PLCUSB Driver - Release Notes
No ratings yet
Schneider PLCUSB Driver - Release Notes
23 pages
Service Design
No ratings yet
Service Design
55 pages
ADMS 2511: Management Information Systems Session 3
No ratings yet
ADMS 2511: Management Information Systems Session 3
41 pages
Export 20240730091023
No ratings yet
Export 20240730091023
2 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
7 pages
Department of Education: Attendance Sheet Hrpta Meeting/Rabus
No ratings yet
Department of Education: Attendance Sheet Hrpta Meeting/Rabus
4 pages
Templ Presentation & Penetration Test Report by Muaz
No ratings yet
Templ Presentation & Penetration Test Report by Muaz
21 pages
IJEETC 5cd142704439b
No ratings yet
IJEETC 5cd142704439b
6 pages
KACST Contract Web PTHelpdeask Report
No ratings yet
KACST Contract Web PTHelpdeask Report
26 pages
Security
No ratings yet
Security
13 pages
Easm Comprehensive Report
No ratings yet
Easm Comprehensive Report
16 pages
Variables, Constants, and Arithmetic Operators
No ratings yet
Variables, Constants, and Arithmetic Operators
41 pages
Ai Complete Notes
No ratings yet
Ai Complete Notes
83 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
7 pages
Vinay Naik: Amdocs India (12/2018 - Present)
No ratings yet
Vinay Naik: Amdocs India (12/2018 - Present)
3 pages
Alter Rollback Segment: Purpose
No ratings yet
Alter Rollback Segment: Purpose
3 pages
University: DART Central Station
No ratings yet
University: DART Central Station
2 pages
LAM-PACK 5.sap1-Ag
No ratings yet
LAM-PACK 5.sap1-Ag
13 pages
The Taming of The Shrew Magazine
No ratings yet
The Taming of The Shrew Magazine
5 pages
GC 02 Datasheet v01 190314 English A4
No ratings yet
GC 02 Datasheet v01 190314 English A4
2 pages
Sainath Gorde - SAP S4HANA Solution Architect
No ratings yet
Sainath Gorde - SAP S4HANA Solution Architect
2 pages
Audit Report v1
No ratings yet
Audit Report v1
15 pages
Storage Replication Adapter (SRA) - Unable To Find Matching Device - Stale Database Entries
No ratings yet
Storage Replication Adapter (SRA) - Unable To Find Matching Device - Stale Database Entries
5 pages
JD For SE SD AI Hub NITs - 2025 Batch
No ratings yet
JD For SE SD AI Hub NITs - 2025 Batch
2 pages
Vulnerability Assessment Executive Summary
No ratings yet
Vulnerability Assessment Executive Summary
2 pages
Jpet Store
No ratings yet
Jpet Store
21 pages
PentestTools WebsiteRecon Report
No ratings yet
PentestTools WebsiteRecon Report
2 pages
Unit 5 - ApplicationLayer
No ratings yet
Unit 5 - ApplicationLayer
130 pages
Research On System Logs Collection and Analysis Model of The Network and Information Security System by Using Multi-Agent Technology
No ratings yet
Research On System Logs Collection and Analysis Model of The Network and Information Security System by Using Multi-Agent Technology
4 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
3 pages
User Manual On Ifps Usage and Byjus App Usage
No ratings yet
User Manual On Ifps Usage and Byjus App Usage
120 pages
V Apt Report Mark Down
No ratings yet
V Apt Report Mark Down
8 pages
Web Application Vulnerability Mitigation Report
No ratings yet
Web Application Vulnerability Mitigation Report
2 pages
04 Chapter Pattern in Mongodb2
No ratings yet
04 Chapter Pattern in Mongodb2
32 pages
Task - 2 WAPT - Report-1
No ratings yet
Task - 2 WAPT - Report-1
9 pages
Web Application Vulnerability
No ratings yet
Web Application Vulnerability
2 pages
WT Unit-2 CSS
No ratings yet
WT Unit-2 CSS
20 pages
Binomom Scan Report
No ratings yet
Binomom Scan Report
5 pages
Hacking Web Applications
No ratings yet
Hacking Web Applications
23 pages
Browser's Vuln Report
No ratings yet
Browser's Vuln Report
9 pages
Cloud Services Running Notes
No ratings yet
Cloud Services Running Notes
9 pages
Connect SAP HANA To Power PI
No ratings yet
Connect SAP HANA To Power PI
14 pages
V 2 TTWR
No ratings yet
V 2 TTWR
17 pages
Chrome Advisory
No ratings yet
Chrome Advisory
7 pages
App Scores File Information App Information: Exported Activities Exported Services Exported Providers
No ratings yet
App Scores File Information App Information: Exported Activities Exported Services Exported Providers
48 pages
Penetration Testing of Computer Networks Using Burpsuite and Various Penetration Testing Tools
From Everand
Penetration Testing of Computer Networks Using Burpsuite and Various Penetration Testing Tools
Dr. Hidaia Mahmood Alassouli
No ratings yet
Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools
From Everand
Penetration Testing of Computer Networks Using BurpSuite and Various Penetration Testing Tools
Dr. Hidaia Mahmood Alassoulii
No ratings yet