Scribd
Upload
178 views7 pages

Web Pentest TestPHP - 2023-06-05-01 - 24 - 01

Uploaded by

igna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
178 views7 pages

Web Pentest TestPHP - 2023-06-05-01 - 24 - 01

Uploaded by

igna
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Confidential Audit Report Generated by RidgeBot™

Web Pentest TestPHP


May 30, 2023 at 01:35
Agreement
CONFIDENTIALITY
This document contains proprietary and confidential information of a highly sensitive nature.
Reproduction or distribution without the express written permission of Ridge Security Technology
Corp. or the Client named above is strictly prohibited. This document should be marked
“CONFIDENTIAL” and therefore we suggest that this document be disseminated on a 'need to know'
basis.

DISCLAIMERS
The information presented in this document is provided as is and without warranty. Vulnerability
assessments are a 'point in time' analysis and as such it is possible that something in the
environment could have changed since the tests reflected in this report were run. Also, it is possible
that new vulnerabilities may have been discovered since the tests were run. For this reason, this
report should be considered a guide, not a 100% representation of the risk threatening your systems,
networks and applications. This report cannot and does not protect against personal or business loss
as the result of use of the applications or systems described. By using this information, you agree
that Ridge Security shall be held harmless in any event.
3 Critical Successful Exploits

Report Generated by RidgeBot™

Web Pentest TestPHP


QUICKLINKS

Executive Summary Configuration at a Asset Details Website


Glance Fingerprints

Host Open Ports Exploit Details Vulnerability Attack Surface


Details Details

Executive Summary
System Version: V4.2.2-20230414 Plugin Library Version: V4.29.3

TASK NAME START TIME END TIME TOTAL TIME STATUS

Web Pentest TestPHP May 30, 2023 at 01:35 May 30, 2023 at 02:11 0 hours and 36 minutes Success

Total Health Score Policy: Minimum Score 60


Risk Weighted Assessment

Severe Risk 60 Low Risk


Critical Business Vulnerabilities
Risk
22 High

In this task, we have tested 1 IPs and 1 web servers, the


26
Successful
Total Health Score of the target system is 22, this score is 3 Medium
based on 100 scale. It is a comprehensive evaluation Low 37
Exploits
based on multiple factors such as percentage of 55
vulnerability, attack surface, encrypted traffic etc.This Info
test system is considered as in a "Risky"(Risky<60; 14

60<=normal<85; good>=85) condition with the score of


22. The vulnerability found on each asset can be found Total number of targets: 1
in "Asset Detail".
Number of active assets: 1
The platform successfully performed 3 exploits. These 3 Number of active Domains: 1
exploited risks are critical and require immediate Number of attack surface(s): 76
attention. It means a real hacker can easily achieve the
same result. In the "Exploit Details", we provided
information on how it attacked - path, techniques and
actions etc for security team to replicate and fix the
issue.

Among 3 exploits, 33.0% credential disclosure. 67.0%


database manipulations.
Understanding the health
Exploit Results by Type and risk charts
In addition, the platform found
26 high vulnerabilities, 37
medium and 55 low
vulnerabilities. These
vulnerabilities are possible risks,
it might be exploitable, however
it may take bigger risk or larger
efforts for a hacker. It shall be
attended to achieve a
comprehensive defense system.
Please refer to the "Vulnerability
Details" for more information
and remediation suggestion.

Penetration Test Action Distribution

The Penetration Test


Action Distribution chart
Breakdown of total jobs spent
within each of the three core
functions for the total count of
jobs.

Business Risk Summary


INDEX RISK TYPE RELATED VULNERABILITY TARGET DETAILS

Credential Sensitive Credential http://testphp.vulnweb.com/pictures/


1
Disclosure Information Leakage credentials.txt
Database SQL Injection http://testphp.vulnweb.com/listprodu
2
Manipulations cts.php?artist=1
Database SQL Injection http://testphp.vulnweb.com/listprodu
3
Manipulations cts.php?cat=1

Configuration at a Glance
CUSTOMIZED PLUGINS SCRAPING STEALTH
SYSTEM TEMPLATE SCAN TYPE
TEMPLATE SELECTED MODE LEVEL

Website N/A 4227 Web applicationCrawling Normal


Penetration

OS TYPE SEVERITY RISK


OS TYPE SEVERITY RISK

HIGH (1182) IMP ACTF UL (461)


WINDO WS (682)
MEDIUM (1147) L O W IMP ACT (3766)
O THER (4097)
L O W (1765)
L INUX (4008)
INF O (133)

Asset Details
TARGET OS TYPE EXPLOITED HIGH MEDIUM LOW

44.228.249.3 Ubuntu 0 0 0 0
testphp.vulnweb.com 0 0 0 0

SITE IP/DOMAIN EXPLOITED HIGH MEDIUM LOW

http://testphp.vulnweb.com/ testphp.vulnweb.com 3 26 37 55

Website Fingerprints
INDEX SITE CMS LANGUAGE FRAMEWORK WAF/CDN TYPE

1 http://testphp.vulnweb.com/ Nginx 1.19.0 PHP 5.6.40 - -

Attack Surface Details Total 75

INDEX METHOD URL PARAMETERS

1 GET http://testphp.vulnweb.com/pictures/8.jpg.tn
2 GET http://testphp.vulnweb.com/CVS/Entries
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct
3
-2/
GET http://testphp.vulnweb.com/pictures/path-disclosure-
4
win.html
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct
5
-1/
6 GET http://testphp.vulnweb.com/guestbook.php
7 GET http://testphp.vulnweb.com/pictures/7.jpg.tn
8 GET http://testphp.vulnweb.com/AJAX/artists.php
9 GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/
10 GET http://testphp.vulnweb.com/admin/create.sql
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/net
11
work-attached-storage-dlink/1/
GET http://testphp.vulnweb.com/Templates/main_dynamic_temp
12
late.dwt.php
13 GET http://testphp.vulnweb.com/showimage.php?file= file
14 GET http://testphp.vulnweb.com/ N/A
15 GET http://testphp.vulnweb.com/artists.php?artist=1 artist
16 POST http://testphp.vulnweb.com/guestbook.php name, submit, text
17 GET http://testphp.vulnweb.com/secured/ N/A
POST http://testphp.vulnweb.com/search.php?test=query test, goButton,
18
searchFor
GET http://testphp.vulnweb.com/pictures/path-disclosure-
19
unix.html
INDEX METHOD URL PARAMETERS

20 GET http://testphp.vulnweb.com/CVS/Root
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web
21
-camera-a4tech/2/
22 GET http://testphp.vulnweb.com/pictures
23 GET http://testphp.vulnweb.com/pictures/
24 GET http://testphp.vulnweb.com/comment.php?aid=1 aid
25 GET http://testphp.vulnweb.com/secured/
26 GET http://testphp.vulnweb.com/search.php?test=query test
27 GET http://testphp.vulnweb.com/images/ N/A
28 GET http://testphp.vulnweb.com/AJAX/index.php
29 GET http://testphp.vulnweb.com/hpp/
30 GET http://testphp.vulnweb.com/AJAX/titles.php
31 GET http://testphp.vulnweb.com/pictures/3.jpg.tn
32 GET http://testphp.vulnweb.com/listproducts.php?artist=1 artist
33 GET http://testphp.vulnweb.com/pictures/6.jpg.tn
34 GET http://testphp.vulnweb.com/AJAX/categories.php
35 GET http://testphp.vulnweb.com/hpp/ N/A
36 GET http://testphp.vulnweb.com/userinfo.php
37 GET http://testphp.vulnweb.com/secured
38 GET http://testphp.vulnweb.com/admin
39 GET http://testphp.vulnweb.com/hpp/?pp=12 pp
POST http://testphp.vulnweb.com/hpp/params.php? p, pp, aaaa%2F
40
p=valid&pp=12
41 GET http://testphp.vulnweb.com/CVS/
42 GET http://testphp.vulnweb.com/CVS/ N/A
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduc
43
t-2.html
44 GET http://testphp.vulnweb.com/listproducts.php?cat=1 cat
45 GET http://testphp.vulnweb.com/pictures/2.jpg.tn
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduc
46
t-1.html
47 GET http://testphp.vulnweb.com/artists.php
48 GET http://testphp.vulnweb.com/disclaimer.php
49 GET http://testphp.vulnweb.com/images
50 GET http://testphp.vulnweb.com/ N/A
51 GET http://testphp.vulnweb.com/admin/
52 GET http://testphp.vulnweb.com/categories.php
53 GET http://testphp.vulnweb.com/comment.php?pid=1 pid
54 GET http://testphp.vulnweb.com/product.php?pic=1 pic
55 GET http://testphp.vulnweb.com/pictures/WS_FTP.LOG
56 GET http://testphp.vulnweb.com/
57 GET http://testphp.vulnweb.com/pictures/5.jpg.tn
58 GET http://testphp.vulnweb.com/AJAX/showxml.php
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/colo
59
r-printer/3/
60 GET http://testphp.vulnweb.com/cart.php
61 POST http://testphp.vulnweb.com/cart.php addcart, price
62 GET http://testphp.vulnweb.com/pictures/ N/A
63 GET http://testphp.vulnweb.com/CVS/Entries.Log
64 GET http://testphp.vulnweb.com/comment.php
65 GET http://testphp.vulnweb.com/pictures/wp-config.bak
66 GET http://testphp.vulnweb.com/pictures/4.jpg.tn
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct
67
-3/
GET http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduc
68
t-3.html
69 GET http://testphp.vulnweb.com/admin/ N/A
POST http://testphp.vulnweb.com/comment.php Submit, comment,
70
name, phpaction
71 GET http://testphp.vulnweb.com/CVS/Repository
GET http://testphp.vulnweb.com/hpp/params.php? p, pp
72
p=valid&pp=12
INDEX METHOD URL PARAMETERS

73 GET http://testphp.vulnweb.com/images/
74 GET http://testphp.vulnweb.com/pictures/1.jpg.tn
75 GET http://testphp.vulnweb.com/CVS

You might also like