0% found this document useful (0 votes)

18 views

Example Vulnerability Scan

Uploaded by

Basic house trading

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

18 views

Example Vulnerability Scan

Uploaded by

Basic house trading

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 74

WAS Scan Report

Scan Report 08 Oct 2015

Vulnerabilities of all selected scans are consolidated into one report so that you can view their evolution.

Tim LeKan Northwestern University

nrthw_tl 1800 Sherman Ave Suite 209
Evanston, Illinois 60201
United States of America

Target and Filters

Scans (1) Web Application Vulnerability Scan - Test Web Site 2 - 2015-10-08
Web Applications (1) Test Web Site 2
Status New, Active, Re-Opened

Security Risk Vulnerabilities Sensitive Information

Summary Contents Gathered

39 0 18

Findings by Severity

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Qualys provides the QualysGuard Service "As Is," without any warranty of any kind. Qualys makes no warranty that the information contained in this report is
complete or error-free. Copyright 2015, Qualys, Inc.
WAS Scan Report

Vulnerabilities by Status

Vulnerabilities by Group

CONFIDENTIAL AND PROPRIETARY INFORMATION.

OWASP Top 10 2013 Vulnerabilities

Sensitive Information
Scan Date Level 5 Level 4 Level 3 Level 2 Level 1
Contents Gathered
Web Application Vulnerability Scan - 08 Oct 2015 9 2 7 7 14 0 18
10:10
Test Web Site 2 - 2015-10-08 GMT-0600

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Results(57)

Vulnerability (39)
Cross-Site Scripting (11)
150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities (4)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities New

URL: http://demo.testfire.net/comment.aspx
Finding # 4849952(474978225) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-8 Cross-Site Scripting
CVSS Base 4.3 CVSS Temporal3.9

Details

Threat
XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser. For example, a Web application
might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user-supplied data contain
characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's Web
browser.

The XSS payload is echoed in HTML document returned by the request. An XSS payload may consist of HTML, JavaScript or other content that will be rendered
by the browser. In order to exploit this vulnerability, a malicious user would need to trick a victim into visiting the URL with the XSS payload.

Impact
XSS exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web
application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via
XSS because it enables an attacker to execute dynamic code. Consequently, any capability or feature available to the Web browser (for example HTML,
JavaScript, Flash and Java applets) can be used to as a part of a compromise.

Solution
Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers.

Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element
or JavaScript.

Detection Information

Parameter It has been detected by exploiting the parameter name of the form located in URL http://demo.testfire.net/feedback.aspx
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/
http://demo.testfire.net/feedback.aspx

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload "'><qss%20a=@REQUESTID@>
Request POST http://demo.testfire.net/comment.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
ef="default.aspx?content=inside_careers.htm">Careers</a></li>
</ul>
</td>
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Thank You</h1>

<p>Thank you for your comments, "'><qss a=X149637348Y2Z>. They will be reviewed by our Customer Service staff and
given the full attention that they deserve.</p>

</div>

</td>
</tr>
</table>

</div>

<div id="footer" style="width: 99%;">

<a id="_ctl0__ctl0_HyperLink5

* The reflected string on the response webpage indicates that the vulnerability test was successful

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849971(474978244) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-8 Cross-Site Scripting
CVSS Base 4.3 CVSS Temporal3.9

Details

Solution
Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers.

Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element
or JavaScript.

Detection Information

Parameter It has been detected by exploiting the parameter uid of the form located in URL http://demo.testfire.net/bank/login.aspx
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload uid=%22%3E%3Cqss%3E&passw=password&btnSubmit=Login
Request POST http://demo.testfire.net/bank/login.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
/p>

<form action="login.aspx" method="post" name="login" id="login" onsubmit="return (confirminput(login));">

<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid" value=""><qss>" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="passw" style="width: 150px;">
</td>
</tr>

* The reflected string on the response webpage indicates that the vulnerability test was successful

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities New

URL: http://demo.testfire.net/notfound.aspx?aspxerrorpath=/Privacypolicy.aspx
Finding # 4849979(474978252) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-8 Cross-Site Scripting
CVSS Base 4.3 CVSS Temporal3.9

Details

Solution
Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers.

Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element
or JavaScript.

Detection Information

Parameter It has been detected by exploiting the parameter aspxerrorpath

The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/
http://demo.testfire.net/default.aspx?content=inside_careers.htm
http://demo.testfire.net/Privacypolicy.aspx?sec=Careers&template=US

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload aspxerrorpath=%22%3E%3Cqss%3E
Request GET http://demo.testfire.net/notfound.aspx?aspxerrorpath=%22%3E%3Cqss%3E
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
</ul>
</td>
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>An Error Has Occurred</h1>

<p><span id="_ctl0__ctl0_Content_Main_error">Could not find the page you requested. <br><br><b>"><qss></b><br><br>Please check your spelling. If the spelling is correct and the page still does
not exist contact the System Administrator.</span></p>

</div>

</td>
</tr>
</table>

</div>

<div id="footer" style="width: 99%;">

* The reflected string on the response webpage indicates that the vulnerability test was successful

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150001 Reflected Cross-Site Scripting (XSS) Vulnerabilities New

URL: http://demo.testfire.net/search.aspx
Finding # 4849985(474978258) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-8 Cross-Site Scripting
CVSS Base 4.3 CVSS Temporal3.9

Details

Solution
Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers.

Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element
or JavaScript.

Detection Information

Parameter It has been detected by exploiting the parameter txtSearch of the form located in URL http://demo.testfire.net/
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload txtSearch=z--%3E%3Cqss%3E
Request GET http://demo.testfire.net/search.aspx?txtSearch=z--%3E%3Cqss%3E
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
</ul>
</td>
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Search Results</h1>

<p>No results were found for the query:<br /><br />

</div>

</td>
</tr>
</table>

</div>

<div id="footer" style="width: 99%;">

<a id="_ctl0__ctl0_HyperLink5" href="default.aspx?content=privacy.htm">Privacy Policy</a>
  |  
<a id="_

* The reflected string on the response webpage indicates that the vulnerability test was successful

150013 Browser-Specific Cross-Site Scripting Vulnerabilities (2)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150013 Browser-Specific Cross-Site Scripting Vulnerabilities New

URL: http://demo.testfire.net/notfound.aspx?aspxerrorpath=/Privacypolicy.aspx
Finding # 4849977(474978250) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-8 Cross-Site Scripting
CVSS Base 4.3 CVSS Temporal4.3

Details

Threat
XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser. For example, a Web application
might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user-supplied data
contains characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's
Web browser.

The XSS payload is echoed in the HTML document returned by the request. An XSS payload may consist of HTML, JavaScript or other content that will be
rendered by the browser. In order to exploit this vulnerability, a malicious user would need to trick a victim into visiting the URL with the XSS payload.

Note! This specific test uses an XSS payload that takes advantage of Mozilla's HTML parsing engine. Manual confirmation of this vulnerability should use the
Mozilla browser. Even though this exploits a particular Web browser, the Web application still has inadequate input filters.

Impact
XSS exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web
application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via
XSS because it enables an attacker to execute dynamic code in the victim's Web browser. Consequently, any capability or feature available to the Web browser
(for example HTML, JavaScript, Flash, and Java applets) can be used as part of a compromise.

Solution
Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers.

Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element
or JavaScript.

Detection Information

Parameter It has been detected by exploiting the parameter aspxerrorpath

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload aspxerrorpath=%3Cscript%20src%3Dhttps%3A%2F%2Ffanyv88.com%3A443%2Fhttp%2Flocalhost%2Fj%20
Request GET http://demo.testfire.net/notfound.aspx?aspxerrorpath=%3Cscript%20src%3Dhttps%3A%2F%2Ffanyv88.com%3A443%2Fhttp%2Flocalhost%2Fj%20
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
</td>
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>An Error Has Occurred</h1>

<p><span id="_ctl0__ctl0_Content_Main_error">Could not find the page you requested. <br><br><b><script src=http://localhost/j </b><br><br>Please check your spelling. If the spelling is correct
and the page still does not exist contact the System Administrator.</span></p>

</div>

</td>
</tr>
</table>

</div>

<div id="footer" style="width: 9

* The reflected string on the response webpage indicates that the vulnerability test was successful

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150013 Browser-Specific Cross-Site Scripting Vulnerabilities New

URL: http://demo.testfire.net/search.aspx
Finding # 4849983(474978256) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-8 Cross-Site Scripting
CVSS Base 4.3 CVSS Temporal4.3

Details

Threat
XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser. For example, a Web application
might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user-supplied data
contains characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's
Web browser.

Impact
XSS exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web
application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via
XSS because it enables an attacker to execute dynamic code in the victim's Web browser. Consequently, any capability or feature available to the Web browser
(for example HTML, JavaScript, Flash, and Java applets) can be used as part of a compromise.

Solution
Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers.

Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element
or JavaScript.

Detection Information

http://demo.testfire.net/

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload txtSearch=%3Cscript%20src%3Dhttps%3A%2F%2Ffanyv88.com%3A443%2Fhttp%2Flocalhost%2Fj%20
Request GET http://demo.testfire.net/search.aspx?txtSearch=%3Cscript%20src%3Dhttps%3A%2F%2Ffanyv88.com%3A443%2Fhttp%2Flocalhost%2Fj%20
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
l>
</td>
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Search Results</h1>

<p>No results were found for the query:<br /><br />

</div>

</td>
</tr>
</table>

</div>

<div id="footer" style="width: 99%;">

<a id="_ctl0__ctl0_HyperLink5" href="default.aspx?content=privacy.htm">Privacy Policy</a>
  |  

* The reflected string on the response webpage indicates that the vulnerability test was successful

150076 DOM-Based Cross-Site Scripting (XSS) (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150076 DOM-Based Cross-Site Scripting (XSS) New

URL: http://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
Finding # 4849982(474978255) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-8 Cross-Site Scripting
CVSS Base 4.3 CVSS Temporal3.7

Details

Threat
This is a type of HTML injection that delivers an attack payload via a property of the browser's Document Object Model (DOM). The DOM represents the rendered
form of a site's web page, such as frames, tables, forms, and text. The vulnerability occurs because a web page uses JavaScript to update the DOM with an
attacker-influenced value that either changes the DOM's layout or executes JavaScript of the attacker's choosing. The following example demonstrates a DOM
property, document.location, that is used to update the DOM via document.write. The exploit succeeds because the browser interprets the output of
document.write as HTML, which the attacker uses to inject a Vulnerable web page: Other XSS vulnerabilities occur when the Web application echoes user-
supplied data in an HTML response sent to the Web browser. For example, a Web application might include the user's name as part of a welcome message, or
display a home address when confirming a shipping destination. If the user-supplied data contains characters that are interpreted as part of an HTML element
instead of literal text, then an attacker can modify the HTML that is received by the victim's Web browser.

Solution
Client-side JavaScript that uses document.write or otherwise modifies the DOM based on DOM properties such as document.location or window.location.href
should filter content to ensure it does not contain malicious characters.

Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element
or JavaScript.

More information can be found at the OWASP community site.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/
http://demo.testfire.net/default.aspx?content=inside_contact.htm

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload #<script>qjsobject.reportDOMXSS()</script>
Request GET http://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
site:
<br><br>
<b><script>document.write(unescape(sDst));</script>http://www.microsoft.com#<script>qjsobject.reportDOMXSS()</script></b></p></td></tr></tbody></table></center></body></html>

150084 Unencoded characters (4)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150084 Unencoded characters New

URL: http://demo.testfire.net/comment.aspx
Finding # 4849951(474978224) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-20 Improper Input Handling
CVSS Base - CVSS Temporal-

Details

Threat
The web application reflects potentially dangerous characters such as single quotes, double quotes, and angle brackets. These characters are commonly used
for HTML injection attacks such as cross-site scripting (XSS).

Impact
No exploit was determined for these reflected characters. The input parameter should be manually analyzed to verify that no other characters can be injected that
would lead to an HTML injection (XSS) vulnerability.

Solution
Review the reflected characters to ensure that they are properly handled as defined by the web application's coding practice. Typical solutions are to apply HTML
encoding or percent encoding to the characters depending on where they are placed in the HTML. For example, a double quote might be encoded as " when
displayed in a text node, but as %22 when placed in the value of an href attribute.

Detection Information

http://demo.testfire.net/
http://demo.testfire.net/feedback.aspx

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload cfile=comments.txt&name=%22'%3E%3C%3CSCRIPT%20a%3D2%3Eqss%3D7%3B%2F%2F%3C%3C%2FSCRIPT%3E&email_addr=123 Main
St.&subject=1&comments=1&reset=%20Clear%20Form%20&submit=%20Submit%20
Request POST http://demo.testfire.net/comment.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
comment: A significant portion of the XSS test payload appeared in the web page, but the page's DOM was not modified as expected for a successful exploit. This result should be manually verified to
determine its accuracy.

efault.aspx?content=inside_careers.htm">Careers</a></li>
</ul>
</td>
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Thank You</h1>

<p>Thank you for your comments, "'><<SCRIPT a=2>qss=7;//<</SCRIPT>. They will be reviewed by our Customer Service staff and
given the full attention that they deserve.</p>

</div>

</td>
</tr>
</table>

</div>

<div id="footer" style="width: 99%;">

<a id="_ctl0__ctl0_Hyper

* The reflected string on the response webpage indicates that the vulnerability test was successful

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150084 Unencoded characters New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849970(474978243) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-20 Improper Input Handling
CVSS Base - CVSS Temporal-

Details

Detection Information

http://demo.testfire.net/

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload uid=%3Cscript%20%3D%22%3E%22%20SRC%3D%2F%2Flocalhost%2Fj%3E&passw=password&btnSubmit=Login
Request POST http://demo.testfire.net/bank/login.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

m action="login.aspx" method="post" name="login" id="login" onsubmit="return (confirminput(login));">

<table>
<tr>
<td>
Username:
</td>
<td>
<input type="text" id="uid" name="uid" value="<script =">" SRC=//localhost/j>" style="width: 150px;">
</td>
<td>
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type="password" id="passw" name="passw" style="width: 150px;">
</td>

* The reflected string on the response webpage indicates that the vulnerability test was successful

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150084 Unencoded characters New

URL: http://demo.testfire.net/notfound.aspx?aspxerrorpath=/Privacypolicy.aspx
Finding # 4849978(474978251) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-20 Improper Input Handling
CVSS Base - CVSS Temporal-

Details

Detection Information

Parameter It has been detected by exploiting the parameter aspxerrorpath

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload aspxerrorpath=%22'%3E%3C%3CSCRIPT%20a%3D2%3Eqss%3D7%3B%2F%2F%3C%3C%2FSCRIPT%3E
Request GET http://demo.testfire.net/notfound.aspx?aspxerrorpath=%22'%3E%3C%3CSCRIPT%20a%3D2%3Eqss%3D7%3B%2F%2F%3C%3C%2FSCRIPT%3E
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

</td>
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>An Error Has Occurred</h1>

<p><span id="_ctl0__ctl0_Content_Main_error">Could not find the page you requested. <br><br><b>"'><<SCRIPT a=2>qss=7;//<</SCRIPT></b><br><br>Please check your spelling. If the spelling
is correct and the page still does not exist contact the System Administrator.</span></p>

</div>

</td>
</tr>
</table>

</div>

<div id="footer" style="width:

* The reflected string on the response webpage indicates that the vulnerability test was successful

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150084 Unencoded characters New

URL: http://demo.testfire.net/search.aspx
Finding # 4849984(474978257) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Cross-Site Scripting Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-79 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A3 Cross-Site Scripting (XSS) Times Detected 1
WASC WASC-20 Improper Input Handling
CVSS Base - CVSS Temporal-

Details

Detection Information

http://demo.testfire.net/

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload txtSearch=%3C%0a%0dscript%20a%3D4%3Eqss%3D7%3C%0a%0d%2Fscript%3E
Request GET http://demo.testfire.net/search.aspx?txtSearch=%3C%0a%0dscript%20a%3D4%3Eqss%3D7%3C%0a%0d%2Fscript%3E
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

</ul>
</td>
<td valign="top" colspan="3" class="bb">

<div class="fl" style="width: 99%;">

<h1>Search Results</h1>

<p>No results were found for the query:<br /><br />

<span id="_ctl0__ctl0_Content_Main_lblSearch"><

script a=4>qss=7<

/script></span></p>

</div>

</td>
</tr>
</table>

</div>

<div id="footer" style="width: 99%;">

<a id="_ctl0__ctl0_HyperLink5" href="default.aspx?content=privacy.htm">Privacy Policy</a>
  |  

* The reflected string on the response webpage indicates that the vulnerability test was successful

SQL Injection (3)

150003 SQL Injection (2)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150003 SQL Injection New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849968(474978241) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group SQL Injection Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-89 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A1 Injection Times Detected 1
WASC WASC-19 SQL Injection
CVSS Base 10 CVSS Temporal8.5

Details

Threat
SQL injection enables an attacker to modify the syntax of a SQL query in order to retrieve, corrupt or delete data. This is accomplished by manipulating query
criteria in a manner that affects the query's logic. The typical causes of this vulnerability are lack of input validation and insecure construction of the SQL query.

Queries created by concatenating strings with SQL syntax and user-supplied data are prone to this vulnerability. If any part of the string concatenation can be
modified, then the meaning of the query can be changed.

Examples:
These two lines demonstrate an insecure query that is created by appending the user-supplied data (userid):
dim strQuery as String
strQuery = "SELECT name,email FROM users WHERE userid=" + Request.QueryString("userid")

If no checks are performed against the userid parameter, then the query may be arbitrarily modified as shown in these two examples of a completed query:
SELECT name,email FROM users WHERE userid=42
SELECT name,email FROM users WHERE userid=42; SHUTDOWN WITH NOWAIT

Impact
The scope of a SQL injection exploit varies greatly. If any SQL statement can be injected into the query, then the attacker has the equivalent access of a
database administrator. This access could lead to theft of data, malicious corruption of data, or deletion of data.

Solution
SQL injection vulnerabilities can be addressed in three areas: input validation, query creation, and database security.

All input received from the Web client should be validated for correct content. If a value's type or content range is known beforehand, then stricter filters should be
applied. For example, an email address should be in a specific format and only contain characters that make it a valid address; or numeric fields like a U.S. zip
code should be limited to five digit values.

Prepared statements (sometimes referred to as parameterized statements) provide strong protection from SQL injection. Prepared statements are precompiled
SQL queries whose parameters can be modified when the query is executed. Prepared statements enforce the logic of the query and will fail if the query cannot
be compiled correctly. Programming languages that support prepared statements provide specific functions for creating queries. These functions are more secure
than string concatenation for assigning user-supplied data to a query.

Stored procedures are precompiled queries that reside in the database. Like prepared statements, they also enforce separation of query data and logic. SQL
statements that call stored procedures should not be created via string concatenation, otherwise their security benefits are negated.

SQL injection exploits can be mitigated by the use of Access Control Lists or role-based access within the database. For example, a read-only account would
prevent an attacker from modifying data, but would not prevent the user from viewing unauthorized data. Table and row-based access controls potentially
minimize the scope of a compromise, but they do not prevent exploits.

Example of a secure query created with a prepared statement:

PreparedStatement ps = "SELECT name,email FROM users WHERE userid=?"; ps.setInt(1, userid);

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Detection Information

Parameter It has been detected by exploiting the parameter passw of the form located in URL http://demo.testfire.net/bank/login.aspx
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/

Payloads

#1 Request
Payload uid=John&passw=z--%3E%3Cqss%3E&btnSubmit=Login
Request POST http://demo.testfire.net/bank/login.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
</tr>
</table>
</form>
</div>

<div id="wrapper" style="width: 99%;">

<div class="err" style="width: 99%;">

<h1>An Error Has Occurred</h1>

<h2>Summary:</h2>

<p><b><span id="_ctl0_Content_lblSummary">Syntax error in string in query expression 'username = 'John' AND password = 'z'.
</span></b></p>

<h2>Error Message:</h2>

<p><span id="_ctl0_Content_lblDetails">System.Data.OleDb.OleDbException: Syntax error in string in query expression 'username = 'John' AND pass

* The reflected string on the response webpage indicates that the vulnerability test was successful

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150003 SQL Injection New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849969(474978242) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group SQL Injection Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-89 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A1 Injection Times Detected 1
WASC WASC-19 SQL Injection
CVSS Base 10 CVSS Temporal8.5

Details

Solution
SQL injection vulnerabilities can be addressed in three areas: input validation, query creation, and database security.

Example of a secure query created with a prepared statement:

PreparedStatement ps = "SELECT name,email FROM users WHERE userid=?"; ps.setInt(1, userid);

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Detection Information

http://demo.testfire.net/

Payloads

#1 Request
Payload uid=%22'%3E%3Cqss%20%60%3b!--%3D%26%7b()%7d%3E&passw=password&btnSubmit=Login
Request POST http://demo.testfire.net/bank/login.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
error (missing operator) in query expression 'username = '"'><qss `;!'.
</span></b></p>

<h2>Error Message:</h2>

<p><span id="_ctl0_Content_lblDetails">System.Data.OleDb.OleDbException: Syntax error (missing operator) in query expression 'username = '"'><qss `;!'.
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(OleDbHResult hr)
at System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult)

* The reflected string on the response webpage indicates that the vulnerability test was successful

150093 SQL Injection in Web Service call (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150093 SQL Injection in Web Service call New

URL: http://demo.testfire.net/bank/ws.asmx?wsdl
Finding # 4849950(474978223) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group SQL Injection Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A1 Injection Times Detected 1
WASC -
CVSS Base - CVSS Temporal-

Details

Solution
SQL injection vulnerabilities can be addressed in three areas: input validation, query creation, and database security.

Example of a secure query created with a prepared statement:

PreparedStatement ps = "SELECT name,email FROM users WHERE userid=?"; ps.setInt(1, userid);

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Detection Information

Parameter It has been detected by exploiting the parameter UserId of the form located in URL true
The payloads section will display a list of tests that show how the param could have been exploited to collect the information
Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload <script%20src=http://localhost/j%20
Request POST http://demo.testfire.net/bank/ws.asmx?WSDL
#1 Content-Type: text/xml; charset=utf-8
#2 Referer: http://demo.testfire.net/
#3 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
ap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</
faultcode><faultstring>Server was unable to process request. ---> Syntax error in string in query expression 'userid = %3Cscript%20src%3Dhttps%3A%2F%2Ffanyv88.com%3A443%2Fhttp%2Flocalhost%2Fj%20'.</faultstring><detail /
></soap:Fault></soap:Body></soap:Envelope>

* The reflected string on the response webpage indicates that the vulnerability test was successful

Path Disclosure (2)

150004 Path-Based Vulnerability (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150004 Path-Based Vulnerability New

URL: http://demo.testfire.net/bank/.
Finding # 4849981(474978254) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Path Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-22 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A4 Insecure Direct Object References Times Detected 1
A7 Missing Function Level Access Control
WASC WASC-15 Application Misconfiguration
WASC-16 Directory Indexing
WASC-17 Improper Filesystem Permissions
CVSS Base 2.1 CVSS Temporal1.9

Details

Threat
A potentially sensitive file, directory, or directory listing was discovered on the Web server.

Impact
The contents of this file or directory may disclose sensitive information.

Solution
Verify that access to this file or directory is permitted. If necessary, remove it or apply access controls to it.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload -
Request GET http://demo.testfire.net/bank/.
#1 Referer: http://demo.testfire.net/
#2 Cookie: amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
comment: This directory was discovered during the crawl phase.

<html><head><title>demo.testfire.net - /bank/</title></head><body><H1>demo.testfire.net - /bank/</H1><hr>

<pre><A HREF="/">[To Parent Directory]</A><br><br> 5/10/2015 4:25 AM <dir> <A HREF="/bank/20060308_bak/">20060308_bak</A><br>11/20/2006 10:05 AM 1831 <A HREF="/bank/
account.aspx">account.aspx</A><br> 6/18/2015 7:41 PM 5067 <A HREF="/bank/account.aspx.cs">account.aspx.cs</A><br>11/20/2006 10:05 AM 771 <A HREF="/bank/apply.aspx">apply.aspx</
A><br>11/2

150023 Directory Listing (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150023 Directory Listing New

URL: http://demo.testfire.net/bank/.
Finding # 4849980(474978253) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Path Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-22 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A4 Insecure Direct Object References Times Detected 1
A5 Security Misconfiguration
WASC WASC-16 Directory Indexing
CVSS Base 5 CVSS Temporal4.5

Details

Threat
The Web server presents a directory listing.

Impact
All file names in this directory are exposed.

Solution
The presence of a browseable directory does not necessarily imply a vulnerability. Determine if the directory listing is intended to be displayed. Verify that no files
in the directory contain content that should not be served by the Web application.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload @PATH@.
Request GET http://demo.testfire.net/bank/.
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
<html><head><title>demo.testfire.net - /bank/</title></head><body><H1>demo.testfire.net - /bank/</H1><hr>

* The reflected string on the response webpage indicates that the vulnerability test was successful

Information Disclosure (23)

150049 Login Brute Force Vulnerability (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150049 Login Brute Force Vulnerability New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849967(474978240) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE CWE-285 Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A2 Broken Authentication and Session Management Times Detected 1
WASC WASC-11 Brute Force
CVSS Base 7.5 CVSS Temporal7.1

Details

Threat
This vulnerability occurs when a malicious user succeeds to guess a valid username and password that will enable them to authenticate illicitly to a Web
application.

The username and password would be "guessed" based on a generated list that can come from two sources: a user-defined configuration, or an internal list
provided by the WAS module based on the most common usernames and passwords.

Impact
The consequences will vary depending on which account the malicious user found. Obviously if the admin account has been found this way the consequences
are much higher than a guest account.

Examples of consequences:
Administration rights on the Web site
Identity theft
Access to critical business related data

Solution
Implement a mechanism that will limit the number of attempts for a given username. This will prevent any brute forcer to test for more complex passwords.

Enforce a password policy that will make sure that the password is complex enough to prevent any easy guess (password equals username, or is a number, or a
dictionary word). It is really important because if a password can be guessed in one attempt (for example, password equals username) then any limitation of
number of attempts would useless.

It is recommended that a password has at least 8 characters containing numbers and special characters. Avoid replacing a letter that looks like a number by its
corresponding number (for example, o with zero, e with 3) since many brute forcers do check for them.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

CONFIDENTIAL AND PROPRIETARY INFORMATION.

#1 Request
Payload uid=admin&passw=a****&btnSubmit=Login
Request POST http://demo.testfire.net/bank/login.aspx
#1 Referer: http://demo.testfire.net/
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
Username: admin
Password: a****

150053 Login Form Is Not Submitted Via HTTPS (1)

150053 Login Form Is Not Submitted Via HTTPS New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849973(474978246) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A2 Broken Authentication and Session Management Times Detected 1
A6 Sensitive Data Exposure
WASC -
CVSS Base 8.5 CVSS Temporal7.2

Details

Threat
The login form's default action contains a link that is not submitted via HTTPS (HTTP over SSL).

Impact
Sensitive data such as authentication credentials should be encrypted when transmitted over the network. Otherwise they are exposed to sniffing attacks.

Solution
Change the login form's action to submit via HTTPS.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request POST http://demo.testfire.net/bank/login.aspx

Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
comment: Parent URL of Login Form is : http://demo.testfire.net/bank/login.aspx
Login Form Is Not Submitted Via HTTPS

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150085 Slow HTTP POST vulnerability (1)

150085 Slow HTTP POST vulnerability New

URL: http://demo.testfire.net/search.aspx
Finding # 4849976(474978249) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A5 Security Misconfiguration Times Detected 1
WASC -
CVSS Base 6.8 CVSS Temporal6.1

Details

Threat
The web application is possibly vulnerable to a "slow HTTP POST" Denial of Service (DoS) attack. This is an application-level DoS that consumes server
resources by maintaining open connections for an extended period of time by slowly sending traffic to the server. If the server maintains too many connections
open at once, then it may not be able to respond to new, legitimate connections. Unlike bandwidth-consumption DoS attacks, the "slow" attack does not require a
large amount of traffic to be sent to the server -- only that the client is able to maintain open connections for several minutes at a time. The attack holds server
connections open by sending properly crafted HTTP POST headers that contain a Content-Length header with a large value to inform the web server how much
of data to expect. After the HTTP POST headers are fully sent, the HTTP POST message body is sent at slow speeds to prolong the completion of the
connection and lock up server resources. By waiting for the complete request body, the server is helping clients with slow or intermittent connections to complete
requests, but is also exposing itself to abuse. More information can be found at the in this presentation.

Impact
All other services remain intact but the web server itself becomes inaccessible.

Solution
Solution would be server-specific, but general recommendations are: - to limit the size of the acceptable request to each form requirements - establish minimal
acceptable speed rate - establish absolute request timeout for connection with POST request Server-specific details can be found here. A tool that demonstrates
this vulnerability in a more intrusive manner is available here.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request POST http://demo.testfire.net/search.aspx

#1 Response
Vulnerable to slow HTTP POST attack
Connection with partial POST body remained open for: 135481 milliseconds
Server resets timeout after accepting request data from peer.

150124 Clickjacking - Framable Page (5)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150124 Clickjacking - Framable Page New

URL: http://demo.testfire.net/default.aspx?content=personal_deposit.htm
Finding # 4849947(474978220) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.9

Details

Threat
The page can be easily framed. Anti-framing measures are not used.

Impact
Clickjacking and Cross-Site Request Forgery (CSRF) can be performed by framing the target site. An attack can trick the user into clicking on the link by framing
the original page and showing a layer on top of it with dummy buttons.

Solution
Two of the most popular prevention are: X-Frame-Options: This header works with modern browsers and can be used to prevent framing of the page. Note that is
must be an HTTP header, the setting is ignored if it is created as an "http-equiv" meta element within the page. Framekiller: JavaScript code that prevents the
malicious user from framing the page.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/default.aspx?content=business.htm

#1 Response
The URI was framed.

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150124 Clickjacking - Framable Page New

URL: http://demo.testfire.net/default.aspx
Finding # 4849954(474978227) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.9

Details

Threat
The page can be easily framed. Anti-framing measures are not used.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/default.aspx

#1 Response
The URI was framed.

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150124 Clickjacking - Framable Page New

URL: http://demo.testfire.net/
Finding # 4849959(474978232) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.9

Details

Threat
The page can be easily framed. Anti-framing measures are not used.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/

#1 Response
The URI was framed.

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150124 Clickjacking - Framable Page New

URL: http://demo.testfire.net/feedback.aspx
Finding # 4849964(474978237) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.9

Details

Threat
The page can be easily framed. Anti-framing measures are not used.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/feedback.aspx

#1 Response
The URI was framed.

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150124 Clickjacking - Framable Page New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849974(474978247) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.9

Details

Threat
The page can be easily framed. Anti-framing measures are not used.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/bank/login.aspx

#1 Response
The URI was framed.

150112 Sensitive form field has not disabled autocomplete (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150112 Sensitive form field has not disabled autocomplete New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849972(474978245) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A5 Security Misconfiguration Times Detected 1
WASC -
CVSS Base - CVSS Temporal-

Details

Threat
An HTML form that collects sensitive information (such as a password field) does not prevent the browser from prompting the user to save the populated values
for late reuse. Stored credentials should not be available to anyone but their owner.

Impact
If the browser is used in a shared computing environment where more than one person may use the browser, then "autocomplete" values may be submitted by
an unauthorized user. For example, if a browser saves the login name and password for a form, then anyone with access to the browser may submit the form and
authenticate to the site without having to know the victim's password.

Solution
Add the following attribute to the form or input element: autocomplete="off" This attribute prevents the browser from prompting the user to save the populated
form values for later reuse.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request POST http://demo.testfire.net/bank/login.aspx

#1 Response
The following password field(s) in the form do not set autocomplete="off":
(Field name: passw, Field id: passw)
Parent URL of form is: http://demo.testfire.net/bank/login.aspx

150122 Cookie Does Not Contain The "secure" Attribute (2)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150122 Cookie Does Not Contain The "secure" Attribute New

URL: http://demo.testfire.net/
Finding # 4849958(474978231) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A2 Broken Authentication and Session Management Times Detected 1
A6 Sensitive Data Exposure
WASC -
CVSS Base - CVSS Temporal-

Details

Threat
The cookie does not contain the "secure" attribute.

Impact
Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Session cookies sent via HTTP expose an unsuspecting user to sniffing attacks that
could lead to user impersonation or compromise of the application account.

Solution
If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/

#1 Response
ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep; path=/; domain=demo.testfire.net; httponly

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150122 Cookie Does Not Contain The "secure" Attribute New

URL: http://demo.testfire.net/bank/customize.aspx
Finding # 4849962(474978235) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A2 Broken Authentication and Session Management Times Detected 1
A6 Sensitive Data Exposure
WASC -
CVSS Base - CVSS Temporal-

Details

Threat
The cookie does not contain the "secure" attribute.

Solution
If the associated risk of a compromised account is high, apply the "secure" attribute to cookies and force all sensitive requests to be sent via HTTPS.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/bank/customize.aspx

#1 Response
lang=; path=/; domain=demo.testfire.net

150123 Cookie Does Not Contain The "HTTPOnly" Attribute (2)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150123 Cookie Does Not Contain The "HTTPOnly" Attribute New

URL: http://demo.testfire.net/
Finding # 4849957(474978230) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A2 Broken Authentication and Session Management Times Detected 1
WASC -
CVSS Base - CVSS Temporal-

Details

Threat
The cookie does not contain the "HTTPOnly" attribute.

Impact
Cookies without the "HTTPOnly" attribute are permitted to be accessed via JavaScript. Cross-site scripting attacks can steal cookies which could lead to user
impersonation or compromise of the application account.

Solution
If the associated risk of a compromised account is high, apply the "HTTPOnly" attribute to cookies.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/

#1 Response
amSessionId=15130676; path=/; domain=demo.testfire.net

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150123 Cookie Does Not Contain The "HTTPOnly" Attribute New

URL: http://demo.testfire.net/bank/customize.aspx
Finding # 4849961(474978234) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP A2 Broken Authentication and Session Management Times Detected 1
WASC -
CVSS Base - CVSS Temporal-

Details

Threat
The cookie does not contain the "HTTPOnly" attribute.

Solution
If the associated risk of a compromised account is high, apply the "HTTPOnly" attribute to cookies.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/bank/customize.aspx

#1 Response
lang=; path=/; domain=demo.testfire.net

150059 Reference to Windows file path is present in HTML (5)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150059 Reference to Windows file path is present in HTML New

URL: http://demo.testfire.net/default.aspx?content=inside_volunteering.htm
Finding # 4849949(474978222) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 5 CVSS Temporal3.8

Details

Threat
Windows specific file path was detected in the response.

Impact
The response may be an error response that disclosed a local file path. This may potentially be a sensitive information.

Solution
The content should be reviewed to determine whether it could be masked or removed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/
http://demo.testfire.net/default.aspx?content=inside.htm
http://demo.testfire.net/default.aspx?content=inside_community.htm

Payloads

#1 Request
Payload -
Request GET http://demo.testfire.net/default.aspx?content=inside_volunteering.htm
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
C:\Documents\JohnSmith\VoluteeringInformation.pdf

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150059 Reference to Windows file path is present in HTML New

URL: http://demo.testfire.net/comment.aspx
Finding # 4849953(474978226) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 5 CVSS Temporal3.8

Details

Threat
Windows specific file path was detected in the response.

Impact
The response may be an error response that disclosed a local file path. This may potentially be a sensitive information.

Solution
The content should be reviewed to determine whether it could be masked or removed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/
http://demo.testfire.net/feedback.aspx

Payloads

#1 Request
Payload -
Request GET http://demo.testfire.net/comment.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
c:\downloads\AltoroMutual_v6\website\comment.aspx.cs

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150059 Reference to Windows file path is present in HTML New

URL: http://demo.testfire.net/bank/queryxpath.aspx
Finding # 4849956(474978229) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 5 CVSS Temporal3.8

Details

Threat
Windows specific file path was detected in the response.

Impact
The response may be an error response that disclosed a local file path. This may potentially be a sensitive information.

Solution
The content should be reviewed to determine whether it could be masked or removed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/
http://demo.testfire.net/bank/login.aspx

Payloads

#1 Request
Payload -
Request GET http://demo.testfire.net/bank/queryxpath.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: lang=; amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
c:\downloads\AltoroMutual_v6\website\bank\bank.master.cs

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150059 Reference to Windows file path is present in HTML New

URL: http://demo.testfire.net/bank/customize.aspx
Finding # 4849963(474978236) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 5 CVSS Temporal3.8

Details

Threat
Windows specific file path was detected in the response.

Impact
The response may be an error response that disclosed a local file path. This may potentially be a sensitive information.

Solution
The content should be reviewed to determine whether it could be masked or removed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/
http://demo.testfire.net/bank/login.aspx

Payloads

#1 Request
Payload -
Request GET http://demo.testfire.net/bank/customize.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
c:\downloads\AltoroMutual_v6\website\bank\bank.master.cs

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150059 Reference to Windows file path is present in HTML New

URL: http://demo.testfire.net/feedback.aspx
Finding # 4849966(474978239) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 5 CVSS Temporal3.8

Details

Threat
Windows specific file path was detected in the response.

Impact
The response may be an error response that disclosed a local file path. This may potentially be a sensitive information.

Solution
The content should be reviewed to determine whether it could be masked or removed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/

Payloads

#1 Request
Payload -
Request GET http://demo.testfire.net/feedback.aspx
#1 Referer: http://demo.testfire.net/
#2 Cookie: amSessionId=15130676; ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep;
Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.

#1 Response
L:\backup\website\oldfiles

150081 Clickjacking - X-Frame-Options header is not set (5)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150081 Clickjacking - X-Frame-Options header is not set New

URL: http://demo.testfire.net/default.aspx?content=personal_deposit.htm
Finding # 4849948(474978221) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.7

Details

Threat
X-Frame-Options header is not set, and that may lead to a possible framing of the page. An attack can trick the user into clicking on the link by framing the
original page and showing a layer on top of it with dummy buttons.

Impact
Attacks like Clickjacking and Cross-Site Request Forgery (CSRF) could be performed.

Solution
Set the X-Frame-Options: This header works with modern browsers and can be used to prevent framing of the page. Note that is must be an HTTP header, the
setting is ignored if it is created as an "http-equiv" meta element within the page.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/default.aspx?content=inside.htm

#1 Response
The response for this request either did not have an "X-FRAME-OPTIONS" header present or was not set to DENY or SAMEORIGIN

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150081 Clickjacking - X-Frame-Options header is not set New

URL: http://demo.testfire.net/default.aspx
Finding # 4849955(474978228) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.7

Details

Impact
Attacks like Clickjacking and Cross-Site Request Forgery (CSRF) could be performed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/default.aspx

#1 Response
The response for this request either did not have an "X-FRAME-OPTIONS" header present or was not set to DENY or SAMEORIGIN

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150081 Clickjacking - X-Frame-Options header is not set New

URL: http://demo.testfire.net/
Finding # 4849960(474978233) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.7

Details

Impact
Attacks like Clickjacking and Cross-Site Request Forgery (CSRF) could be performed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/

#1 Response
The response for this request either did not have an "X-FRAME-OPTIONS" header present or was not set to DENY or SAMEORIGIN

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150081 Clickjacking - X-Frame-Options header is not set New

URL: http://demo.testfire.net/feedback.aspx
Finding # 4849965(474978238) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.7

Details

Impact
Attacks like Clickjacking and Cross-Site Request Forgery (CSRF) could be performed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/feedback.aspx

#1 Response
The response for this request either did not have an "X-FRAME-OPTIONS" header present or was not set to DENY or SAMEORIGIN

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150081 Clickjacking - X-Frame-Options header is not set New

URL: http://demo.testfire.net/bank/login.aspx
Finding # 4849975(474978248) First Time Detected 08 Oct 2015 10:10 GMT-0600
Group Information Disclosure Last Time Detected 08 Oct 2015 10:10 GMT-0600
CWE - Last Time Tested 08 Oct 2015 10:10 GMT-0600
OWASP - Times Detected 1
WASC -
CVSS Base 2.1 CVSS Temporal1.7

Details

Impact
Attacks like Clickjacking and Cross-Site Request Forgery (CSRF) could be performed.

Detection Information

Parameter No param has been required for detecting the information.

Authentication In order to detect this vulnerability, no authentication has been required.
Access Path Here is the path followed by the scanner to reach the exploitable URL:

http://demo.testfire.net/

Payloads

#1 Request
Payload N/A
Request GET http://demo.testfire.net/bank/login.aspx

#1 Response
The response for this request either did not have an "X-FRAME-OPTIONS" header present or was not set to DENY or SAMEORIGIN

Information Gathered (18)

Information Gathered (18)
150042 Server Returns HTTP 500 Message For Request (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150042 Server Returns HTTP 500 Message For Request

Finding # 1362946(474978216) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP A6 Sensitive Data Exposure
WASC WASC-15 Application Misconfiguration

Details

Threat
During the scanning engine's crawl phase, the Web server responded with an HTTP 500 message for each link listed below. The HTTP 500 message indicates a
server error.

Impact
The presence of an HTTP 500 error during the crawl phase indicates that some problem exists in the Web site that will be encountered during normal usage of
the Web application.

Solution
Review each link to determine why the server encountered an error when responding to the link.

Results

http://demo.testfire.net/bank/customize.aspx
http://demo.testfire.net/bank/queryxpath.aspx
http://demo.testfire.net/comment.aspx
http://demo.testfire.net/default.aspx?content=personal_savings.htm

150086 Server accepts unnecessarily large POST request body (1)

150086 Server accepts unnecessarily large POST request body
Finding # 1362935(474977205) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP A5 Security Misconfiguration
WASC -

Details

Threat
Web application scanner successfully sent a POST request with content type of application/x-www-form-urlencoded and 65536 bytes length random text data.
Accepting request bodies with unnecessarily large size could help attacker to use less connections to achieve Layer 7 DDoS of web server. More information can
be found at the here

Impact
Could result in successful application level (Layer 7) DDoS attack.

Solution
Limit the size of the request body to each form's requirements. For example, a search form with 256-char search field should not accept more than 1KB value.
Server-specific details can be found here.

Results

Server responded 200 to unnecessarily large random request body(over 64 KB) for URL http://demo.testfire.net/search.aspx, significantly increasing attacker's chances to prolong slow HTTP POST
attack.

CONFIDENTIAL AND PROPRIETARY INFORMATION.

45017 Operating System Detected (1)

45017 Operating System Detected
Finding # 1362947(474978217) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
Several different techniques can be used to identify the operating system (OS) running on a host. A short description of these techniques is provided below. The
specific technique used to identify the OS on this host is included in the RESULTS section of your report.

1) TCP/IP Fingerprint: The operating system of a host can be identified from a remote system using TCP/IP fingerprinting. All underlying operating system TCP/
IP stacks have subtle differences that can be seen in their responses to specially-crafted TCP packets. According to the results of this "fingerprinting" technique,
the OS version is among those listed below.

Note that if one or more of these subtle differences are modified by a firewall or a packet filtering device between the scanner and the host, the fingerprinting
technique may fail. Consequently, the version of the OS may not be detected correctly. If the host is behind a proxy-type firewall, the version of the operating
system detected may be that for the firewall instead of for the host being scanned.

2) NetBIOS: Short for Network Basic Input Output System, an application programming interface (API) that augments the DOS BIOS by adding special functions
for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network
capabilities. NetBIOS relies on a message format called Server Message Block (SMB).

3) PHP Info: PHP is a hypertext pre-processor, an open-source, server-side, HTML-embedded scripting language used to create dynamic Web pages. Under
some configurations it is possible to call PHP functions like phpinfo() and obtain operating system information.

4) SNMP: The Simple Network Monitoring Protocol is used to monitor hosts, routers, and the networks to which they attach. The SNMP service maintains
Management Information Base (MIB), a set of variables (database) that can be fetched by Managers. These include "MIB_II.system.sysDescr" for the operating
system.

Impact
Not applicable.

Solution
Not applicable.

Results

Operating System Technique ID

Windows Vista / Windows 2008 / Windows 7 / Windows 2012 TCP/IP Fingerprint U3675:80

150018 Connection Error Occurred During Web Application Scan (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150018 Connection Error Occurred During Web Application Scan

Finding # 1362932(474977202) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
Some of requests timed out or unexpected errors were detected in the connection while crawling or scanning the Web application.

Impact
Some of the links were not crawled or scanned. Results may be incomplete or incorrect.

Solution
Investigate the root cause of failure accessing the listed links.

Results

Total number of unique links that encountered unexpected errors: 1

Links with highest number of unexpected errors:
1 http://demo.testfire.net/cgi.exe

Phase wise summary of timeout and unexpected errors encountered:

ePhaseCrawl : 0 1

6 DNS Host Name (1)

6 DNS Host Name
Finding # 1362937(474977207) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The fully qualified domain name of this host, if it was obtained from a DNS server, is displayed in the RESULT section.

Results

IP address Host name

65.61.137.117 No registered hostname

45038 Host Scan Time (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

45038 Host Scan Time

Finding # 1362942(474978212) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The Host Scan Time is the period of time it takes the scanning engine to perform the vulnerability assessment of a single target host. The Host Scan Time for this
host is reported in the Result section below.

The Host Scan Time does not have a direct correlation to the Duration time as displayed in the Report Summary section of a scan results report. The Duration is
the period of time it takes the service to perform a scan task. The Duration includes the time it takes the service to scan all hosts, which may involve parallel
scanning. It also includes the time it takes for a scanner appliance to pick up the scan task and transfer the results back to the service's Secure Operating Center.
Further, when a scan task is distributed across multiple scanners, the Duration includes the time it takes to perform parallel host scanning on all scanners.

Impact
N/A

Solution
N/A

Results

Scan duration: 1411 seconds

Start time: Thu, Oct 08 2015, 15:10:34 GMT

End time: Thu, Oct 08 2015, 15:34:05 GMT

150009 Links Crawled (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150009 Links Crawled

Finding # 1362948(474978218) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The list of unique links crawled and HTML forms submitted by the Web application scanner appear in the Results section. This list may contain fewer links than
the maximum threshold defined at scan launch. The maximum links to crawl includes links in this list and requests for the same link made as an anonymous and
authenticated user.

Impact
N/A

Solution
N/A

Results

Duration of crawl phase (seconds): 263.00

Number of links: 85
(This number excludes form requests and links re-requested during authentication.)

http://demo.testfire.net/
http://demo.testfire.net/Privacypolicy.aspx?sec=Careers&template=US
http://demo.testfire.net/altoro/images/gradient.jpg
http://demo.testfire.net/bank/20060308_bak/
http://demo.testfire.net/bank/account.aspx
http://demo.testfire.net/bank/account.aspx.cs
http://demo.testfire.net/bank/apply.aspx.cs
http://demo.testfire.net/bank/bank.master
http://demo.testfire.net/bank/bank.master.cs
http://demo.testfire.net/bank/customize.aspx
http://demo.testfire.net/bank/customize.aspx.cs
http://demo.testfire.net/bank/login.aspx
http://demo.testfire.net/bank/login.aspx.cs
http://demo.testfire.net/bank/main.aspx
http://demo.testfire.net/bank/main.aspx.cs
http://demo.testfire.net/bank/members/
http://demo.testfire.net/bank/queryxpath.aspx
http://demo.testfire.net/bank/queryxpath.aspx.cs
http://demo.testfire.net/bank/servererror.aspx
http://demo.testfire.net/bank/transaction.aspx
http://demo.testfire.net/bank/transaction.aspx.cs
http://demo.testfire.net/bank/transfer.aspx.cs
http://demo.testfire.net/bank/ws.asmx
http://demo.testfire.net/bank/ws.asmx?WSDL
http://demo.testfire.net/bank/ws.asmx?disco
http://demo.testfire.net/bank/ws.asmx?op=GetUserAccounts
http://demo.testfire.net/bank/ws.asmx?op=IsValidUser
http://demo.testfire.net/bank/ws.asmx?op=TransferBalance
http://demo.testfire.net/comment.aspx
http://demo.testfire.net/default.aspx
http://demo.testfire.net/default.aspx?content=business.htm
http://demo.testfire.net/default.aspx?content=business_cards.htm
http://demo.testfire.net/default.aspx?content=business_deposit.htm
http://demo.testfire.net/default.aspx?content=business_insurance.htm
http://demo.testfire.net/default.aspx?content=business_lending.htm
http://demo.testfire.net/default.aspx?content=business_other.htm
http://demo.testfire.net/default.aspx?content=business_retirement.htm
http://demo.testfire.net/default.aspx?content=inside.htm
http://demo.testfire.net/default.aspx?content=inside_about.htm
http://demo.testfire.net/default.aspx?content=inside_benefits.htm
http://demo.testfire.net/default.aspx?content=inside_careers.htm
http://demo.testfire.net/default.aspx?content=inside_community.htm
http://demo.testfire.net/default.aspx?content=inside_contact.htm
http://demo.testfire.net/default.aspx?content=inside_executives.htm
http://demo.testfire.net/default.aspx?content=inside_internships.htm
http://demo.testfire.net/default.aspx?content=inside_investor.htm

CONFIDENTIAL AND PROPRIETARY INFORMATION.

http://demo.testfire.net/default.aspx?content=inside_jobs.htm
http://demo.testfire.net/default.aspx?content=inside_press.htm
http://demo.testfire.net/default.aspx?content=inside_trainee.htm
http://demo.testfire.net/default.aspx?content=inside_volunteering.htm
http://demo.testfire.net/default.aspx?content=jobs/20061024.htm
http://demo.testfire.net/default.aspx?content=jobs/20061025.htm
http://demo.testfire.net/default.aspx?content=jobs/20061027.htm
http://demo.testfire.net/default.aspx?content=personal.htm
http://demo.testfire.net/default.aspx?content=personal_cards.htm
http://demo.testfire.net/default.aspx?content=personal_checking.htm
http://demo.testfire.net/default.aspx?content=personal_deposit.htm
http://demo.testfire.net/default.aspx?content=personal_investments.htm
http://demo.testfire.net/default.aspx?content=personal_loans.htm
http://demo.testfire.net/default.aspx?content=personal_other.htm
http://demo.testfire.net/default.aspx?content=personal_savings.htm
http://demo.testfire.net/default.aspx?content=pr/20060413.htm
http://demo.testfire.net/default.aspx?content=pr/20060518.htm
http://demo.testfire.net/default.aspx?content=pr/20060720.htm
http://demo.testfire.net/default.aspx?content=pr/20060817.htm
http://demo.testfire.net/default.aspx?content=pr/20060921.htm
http://demo.testfire.net/default.aspx?content=pr/20060928.htm
http://demo.testfire.net/default.aspx?content=pr/20061005.htm
http://demo.testfire.net/default.aspx?content=pr/20061109.htm
http://demo.testfire.net/default.aspx?content=privacy.htm
http://demo.testfire.net/default.aspx?content=security.htm
http://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
http://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
http://demo.testfire.net/feedback.aspx
http://demo.testfire.net/high_yield_investments.htm
http://demo.testfire.net/images/b_retirement.jpg
http://demo.testfire.net/inside_points_of_interest.htm
http://demo.testfire.net/notfound.aspx%3Faspxerrorpath=/Privacypolicy.aspx
http://demo.testfire.net/notfound.aspx?aspxerrorpath=/Privacypolicy.aspx
http://demo.testfire.net/retirement.htm
http://demo.testfire.net/search.aspx
http://demo.testfire.net/security.htm
http://demo.testfire.net/subscribe.swf
http://demo.testfire.net/survey_questions.aspx
http://demo.testfire.net/survey_questions.aspx?step=a

150010 External Links Discovered (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150010 External Links Discovered

Finding # 1362945(474978215) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The external links discovered by the Web application scanning engine are provided in the Results section. These links were present on the target Web
application, but were not crawled.

Impact
N/A

Solution
N/A

Results

Number of links: 9
http://www.adobe.com/products/acrobat/readstep2.html
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://www.cert.org/
http://www.newspapersyndications.tv/
http://demo-analytics.testfire.net/urchin.js
file:///C:%5CDocuments%5CJohnSmith%5CVoluteeringInformation.pdf
file:///C:%5Cmy%20documents%5CJohnSmith%5CBank%20Site%20Documents%5Cgrouplife.htm
http://www.macromedia.com/go/getflashplayer
http://www.watchfire.com/statements/terms.aspx

150021 Scan Diagnostics (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150021 Scan Diagnostics

Finding # 1362938(474977208) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
This check provides various details of the scan's performance and behavior. In some cases, this check can be used to identify problems that the scanner
encountered when crawling the target Web application.

Impact
The scan diagnostics data provides technical details about the crawler's performance and behavior. This information does not necessarily imply problems with the
Web application.

Solution
No action is required.

Results

Loaded 0 blacklist entries.

Loaded 0 whitelist entries.
HTML form authentication unavailable, no WEBAPP entry found
No more requeues, redundant link threshold has been surpassed.
Collected 95 links overall.
Path manipulation: Estimated requests (payloads x links): files with extension:(3 x 64) + files:(10 x 64) + directories:(91 x 8) + paths:(13 x 72) = total (2496)
Batch #0 Path manipulation: estimated time < 10 minutes (117 tests, 72 inputs)
Path manipulation: 117 vulnsigs tests, completed 1214 requests, 15 seconds. Completed 1214 requests of 2496 estimated requests (48.6378%). All tests completed.
Batch #0 WS enumeration: estimated time < 1 minute (9 tests, 95 inputs)
WS enumeration: 9 vulnsigs tests, completed 73 requests, 2 seconds. Completed 73 requests of 855 estimated requests (8.53801%). All tests completed.
Batch #1 URI parameter manipulation (no auth): estimated time < 1 minute (47 tests, 17 inputs)
Batch #1 URI parameter manipulation (no auth): 47 vulnsigs tests, completed 799 requests, 24 seconds. Completed 799 requests of 799 estimated requests (100%). All tests completed.
Batch #1 Form parameter manipulation (no auth): estimated time < 1 minute (47 tests, 2 inputs)
Batch #1 Form parameter manipulation (no auth): 47 vulnsigs tests, completed 547 requests, 30 seconds. Completed 547 requests of 94 estimated requests (581.915%). All tests completed.
Batch #1 URI blind SQL manipulation (no auth): estimated time < 1 minute (9 tests, 17 inputs)
Batch #1 URI blind SQL manipulation (no auth): 9 vulnsigs tests, completed 153 requests, 8 seconds. Completed 153 requests of 459 estimated requests (33.3333%). All tests completed.
Batch #1 Form blind SQL manipulation (no auth): estimated time < 1 minute (9 tests, 2 inputs)
Batch #1 Form blind SQL manipulation (no auth): 9 vulnsigs tests, completed 99 requests, 10 seconds. Completed 99 requests of 54 estimated requests (183.333%). All tests completed.
Batch #1 URI parameter time-based tests (no auth): estimated time < 1 minute (11 tests, 17 inputs)
Batch #1 URI parameter time-based tests (no auth): 11 vulnsigs tests, completed 187 requests, 14 seconds. Completed 187 requests of 187 estimated requests (100%). All tests completed.
Batch #1 Form field time-based tests (no auth): estimated time < 1 minute (11 tests, 2 inputs)
Batch #1 Form field time-based tests (no auth): 11 vulnsigs tests, completed 121 requests, 20 seconds. Completed 121 requests of 22 estimated requests (550%). All tests completed.
Batch #2 URI parameter manipulation (no auth): estimated time < 1 minute (47 tests, 17 inputs)
Batch #2 URI parameter manipulation (no auth): 47 vulnsigs tests, completed 799 requests, 23 seconds. Completed 799 requests of 799 estimated requests (100%). All tests completed.
Batch #2 URI blind SQL manipulation (no auth): estimated time < 1 minute (9 tests, 17 inputs)
Batch #2 URI blind SQL manipulation (no auth): 9 vulnsigs tests, completed 153 requests, 10 seconds. Completed 153 requests of 459 estimated requests (33.3333%). All tests completed.
Batch #2 URI parameter time-based tests (no auth): estimated time < 1 minute (11 tests, 17 inputs)
Batch #2 URI parameter time-based tests (no auth): 11 vulnsigs tests, completed 187 requests, 19 seconds. Completed 187 requests of 187 estimated requests (100%). All tests completed.
Batch #3 URI parameter manipulation (no auth): estimated time < 1 minute (47 tests, 17 inputs)
Batch #3 URI parameter manipulation (no auth): 47 vulnsigs tests, completed 844 requests, 22 seconds. Completed 844 requests of 799 estimated requests (105.632%). All tests completed.
Batch #3 URI blind SQL manipulation (no auth): estimated time < 1 minute (9 tests, 17 inputs)
Batch #3 URI blind SQL manipulation (no auth): 9 vulnsigs tests, completed 144 requests, 8 seconds. Completed 144 requests of 459 estimated requests (31.3725%). All tests completed.
Batch #3 URI parameter time-based tests (no auth): estimated time < 1 minute (11 tests, 17 inputs)
Batch #3 URI parameter time-based tests (no auth): 11 vulnsigs tests, completed 176 requests, 14 seconds. Completed 176 requests of 187 estimated requests (94.1176%). All tests completed.
Batch #4 HTTP call manipulation: estimated time < 1 minute (33 tests, 6 inputs)
Batch #4 HTTP call manipulation: 33 vulnsigs tests, completed 792 requests, 39 seconds. Completed 792 requests of 990 estimated requests (80%). All tests completed.
Batch #4 Open Redirect analysis: estimated time < 1 minute (1 tests, 2 inputs)
Batch #4 Open Redirect analysis: 1 vulnsigs tests, completed 2 requests, 4 seconds. Completed 2 requests of 2 estimated requests (100%). All tests completed.
CSRF tests will not be launched because the scan is not successfully authenticated.
Batch #4 File Inclusion analysis: estimated time < 1 minute (1 tests, 89 inputs)
Batch #4 File Inclusion analysis: 1 vulnsigs tests, completed 42 requests, 4 seconds. Completed 42 requests of 89 estimated requests (47.191%). All tests completed.
Batch #4 Cookie manipulation: estimated time < 10 minutes (37 tests, 3 inputs)
Batch #4 Cookie manipulation: 37 vulnsigs tests, completed 6261 requests, 237 seconds. Completed 6261 requests of 9435 estimated requests (66.3593%). XSS optimization removed 1080 links. All
tests completed.
Batch #4 Header manipulation: estimated time < 10 minutes (37 tests, 85 inputs)
Batch #4 Header manipulation: 37 vulnsigs tests, completed 2064 requests, 72 seconds. Completed 2064 requests of 6290 estimated requests (32.814%). XSS optimization removed 2040 links. All tests
completed.
Batch #4 shell shock detector: estimated time < 1 minute (1 tests, 83 inputs)
Batch #4 shell shock detector: 1 vulnsigs tests, completed 84 requests, 3 seconds. Completed 84 requests of 83 estimated requests (101.205%). All tests completed.
Batch #4 shell shock detector(form): estimated time < 1 minute (1 tests, 2 inputs)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Batch #4 shell shock detector(form): 1 vulnsigs tests, completed 2 requests, 1 seconds. Completed 2 requests of 2 estimated requests (100%). All tests completed.
Batch #4 Login Brute Force manipulation: estimated time < 10 minutes (1914 tests, 1 inputs)
Batch #4 Login Brute Force manipulation: 1914 vulnsigs tests, completed 234 requests, 535 seconds. Completed 234 requests of 1914 estimated requests (12.2257%). Module did not finish.
Batch #5 HTTP Time Bandit: estimated time < 1 minute (1 tests, 10 inputs)
Batch #5 HTTP Time Bandit: 1 vulnsigs tests, completed 180 requests, 12 seconds. No tests to execute.
Total requests made: 15534
Average server response time: 0.16 seconds
Most recent links:
200 http://demo.testfire.net/feedback.aspx
200 http://demo.testfire.net/bank/login.aspx
200 http://demo.testfire.net/default.aspx
200 http://demo.testfire.net/default.aspx?content=business.htm
200 http://demo.testfire.net/default.aspx?content=inside.htm
200 http://demo.testfire.net/default.aspx?content=inside_contact.htm
200 http://demo.testfire.net/default.aspx?content=personal.htm
200 http://demo.testfire.net/default.aspx?content=personal_checking.htm
200 http://demo.testfire.net/default.aspx?content=personal_deposit.htm
200 http://demo.testfire.net/feedback.aspx

150028 Cookies Collected (1)

150028 Cookies Collected
Finding # 1362941(474978211) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The cookies listed in the Results section were received from the web application during the crawl phase.

Impact
Cookies may contain sensitive information about the user. Cookies sent via HTTP may be sniffed.

Solution
Review cookie values to ensure that sensitive information such as passwords are not present within them.

Results

Total cookies: 4
ASP.NET_SessionId=vvdt2455rgmjcz312m2mamep; HttpOnly; path=/ First set at URL: http://demo.testfire.net/
amSessionId=15130676; path=/ First set at URL: http://demo.testfire.net/
TRACK=QlP7Myt3zfSMlSwEIh5I6dtyo; path=/ First set at URL: http://www.altoromutual.com/bug.aspx
lang=; path=/ First set at URL: http://demo.testfire.net/bank/customize.aspx

150041 Links Rejected (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150041 Links Rejected

Finding # 1362949(474978219) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
This has an informative nature. The links listed below were not crawled by the Web application scanning engine because they were intentionally prohibited by a
blacklist or whitelist configuration setting. The list is provided to verify that links have been correctly blocked by blacklist and whitelist filters.

Impact
Links listed here were neither crawled or tested by the Web application scanning engine, and that should be in sync with the intended behavior.

Solution
No action is required.

Results

http://demo.testfire.net/pr/communityannualreport.pdf
http://demo.testfire.net/admin/clients.xls

150054 Email Addresses Collected (1)

150054 Email Addresses Collected
Finding # 1362934(474977204) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The email addresses listed in the Results section were collected from the returned HTML content during the crawl phase.

Impact
Email addresses may help a malicious user with brute force and phishing attacks.

Solution
Review the email list to see if they are all email addresses you want to expose.

Results

Number of emails: 1
[email protected] first seen at http://demo.testfire.net/security.htm

150058 Flash Analysis (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150058 Flash Analysis

Finding # 1362939(474977209) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
This check provides various details on Flash analysis including problems encountered while handling SWF files.

Impact
N/A

Solution
No action is required.

Results

SWF file: http://demo.testfire.net/subscribe.swf

Version: 6
Extracted links: 0

150087 Web Service Found (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150087 Web Service Found

Finding # 1362936(474977206) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The list of links with Web Service descriptions was found during the crawling or by brute forcing. List of Web Services is included with every discovered Web
Service description.

Impact
N/A

Solution
N/A

Results

APIs from: http://demo.testfire.net/bank/ws.asmx?WSDL

GetUserAccounts
IsValidUser
TransferBalance
APIs from: http://demo.testfire.net/bank/ws.asmx?wsdl

GetUserAccounts
IsValidUser
TransferBalance

150099 Cookies Issued Without User Consent (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150099 Cookies Issued Without User Consent

Finding # 1362943(474978213) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The cookies listed in the Results section were issued from the web application during the crawl without accepting any opt-in dialogs.

Impact
Cookies may be set without user explicitly agreeing to accept them.

Solution
Review the application to ensure that all cookies listed are supposed to be issued without user opt-in. If the EU Cookie law is applicable for this web application,
ensure these cookies require user opt-in or have been classified as exempt by your organization.

Results

Total cookies: 2
ASP.NET_SessionId=g0jw2hjjeuutb4quvtaypneb; HttpOnly; path=/ First set at URL: http://demo.testfire.net/
amSessionId=128739550; path=/ First set at URL: http://demo.testfire.net/

150101 Third-party Cookies Collected (1)

150101 Third-party Cookies Collected
Finding # 1362944(474978214) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The cookies listed in the Results section were received from third-party web application(s) during the crawl phase.

Impact
Cookies may contain sensitive information about the user. Cookies sent via HTTP may be sniffed.

Solution
Review cookie values to ensure that sensitive information such as passwords are not present within them.

Results

Total cookies: 1
TRACK=QlP7Myt3zfSMlSwEIh5I6dtyo; path=/ First set at URL: http://www.altoromutual.com/bug.aspx

150115 Authentication Form found (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150115 Authentication Form found

Finding # 1362933(474977203) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
Authentication Form was found during the web application crawling.

Impact
N/A

Solution
N/A

Results

Authentication form found at: http://demo.testfire.net/bank/login.aspx

Action uri: http://demo.testfire.net/bank/login.aspx
Fields: uid, passw, btnSubmit

150126 Links With High Resource Consumption (1)

CONFIDENTIAL AND PROPRIETARY INFORMATION.

150126 Links With High Resource Consumption

Finding # 1362940(474978210) Detection Date 08 Oct 2015 10:10 GMT-0600
Group Information Gathered
CWE -
OWASP -
WASC -

Details

Threat
The list of links with lowest bytes/sec which are assumed to be resources with highest resource consumption. The links in the list have slower transfer times
speeds to an average resource on the server. This may indicate that the links are more CPU or DB intensive than majority of links.

The latency of the network and file size have no effect on calculations.

Impact
The links with high resource consumption could be used to perform DOS on the server by just performing GET Flooding. Attackers could more easily take the
server down if there are huge resource hogs on it, performing less request.

Solution
Find the root cause of resources slow download speed.

If the cause is a real CPU strain or complex DB queries performed, there may be a need for re-engineering of the web application or defense measures should be
in place. Examples of defense against DOS that is targeted towards high resource consumption links are Load Balancers and Rate Limiters.

Results

136036.200000 bytes/sec http://demo.testfire.net/bank/login.aspx

141788.300000 bytes/sec http://demo.testfire.net/default.aspx?content=personal_checking.htm
142133.000000 bytes/sec http://demo.testfire.net/default.aspx?content=business.htm
143684.000000 bytes/sec http://demo.testfire.net/default.aspx?content=personal_deposit.htm
148547.500000 bytes/sec http://demo.testfire.net/default.aspx?content=inside.htm
149393.100000 bytes/sec http://demo.testfire.net/feedback.aspx
150667.900000 bytes/sec http://demo.testfire.net/default.aspx?content=personal.htm
155750.600000 bytes/sec http://demo.testfire.net/default.aspx
177704.600000 bytes/sec http://demo.testfire.net/default.aspx?content=inside_contact.htm

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Appendix

Scan Details
Web Application Vulnerability Scan - Test Web Site 2 - 2015-10-08
Reference was/1444317019323.11273247
Date 08 Oct 2015 10:10 GMT-0600
Mode On-Demand
Type Vulnerability
Authentication None
Scanner Appliance External (IP: 64.39.105.57, Scanner: 7.16.38-1, WAS: 3.12.19-1, Signatures: 2.3.133-2)
Profile Standard Scan
Duration 00:23:31
Status Finished
Authentication Status None

Web Application Details: Test Web Site 2

Name Test Web Site 2
URL http://demo.testfire.net/
Owner Tim LeKan (nrthw_tl)
Scope Limit to content located at or below URL subdirectory
Operating System Windows Vista / Windows 2008 / Windows 7 / Windows 2012

Severity Levels
Confirmed Vulnerabilities
Vulnerabilities (QIDs) are design flaws, programming errors, or mis-configurations that make your web application and web application platform
susceptible to malicious attacks. Depending on the level of the security risk, the successful exploitation of a vulnerability can vary from the
disclosure of information to a complete compromise of the web application and/or the web application platform. Even if the web application isn't
fully compromised, an exploited vulnerability could still lead to the web application being used to launch attacks against users of the site.

Minimal Basic information disclosure (e.g. web server type, programming language) might enable intruders to
discover other vulnerabilities, but lack of this information does not make the vulnerability harder to find.
Medium Intruders may be able to collect sensitive information about the application platform, such as the
precise version of software used. With this information, intruders can easily exploit known
vulnerabilities specific to software versions. Other types of sensitive information might disclose a few
lines of source code or hidden directories.
Serious Vulnerabilities at this level typically disclose security-related information that could result in misuse or
an exploit. Examples include source code disclosure or transmitting authentication credentials over non-
encrypted channels.
Critical Intruders can exploit the vulnerability to gain highly sensitive content or affect other users of the web
application. Examples include certain types of cross-site scripting and SQL injection attacks.
Urgent Intruders can exploit the vulnerability to compromise the web application's data store, obtain
information from other users' accounts, or obtain command execution on a host in the web application's
architecture.
Potential Vulnerabilities
Potential Vulnerabilities indicate that the scanner observed a weakness or error that is commonly used to attack a web application, and the
scanner was unable to confirm if the weakness or error could be exploited. Where possible, the QID's description and results section include
information and hints for following-up with manual analysis. For example, the exploitability of a QID may be influenced by characteristics that
the scanner cannot confirm, such as the web application's network architecture, or the test to confirm exploitability requires more intrusive
testing than the scanner is designed to conduct.

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Minimal Presence of this vulnerability is indicative of basic information disclosure (e.g. web server type,
programming language) and might enable intruders to discover other vulnerabilities. For example in this
scenario, information such as web server type, programming language, passwords or file path
references can be disclosed.
Medium Presence of this vulnerability is indicative of basic information disclosure (e.g. web server type,
programming language) and might enable intruders to discover other vulnerabilities. For example
version of software or session data can be disclosed, which could be used to exploit.
Serious Presence of this vulnerability might give access to security-related information to intruders who are
bound to misuse or exploit. Examples of what could happen if this vulnerability was exploited include
bringing down the server or causing hindrance to the regular service.
Critical Presence of this vulnerability might give intruders the ability to gain highly sensitive content or affect
other users of the web application.
Urgent Presence of this vulnerability might enable intruders to compromise the web application's data store,
obtain information from other users' accounts, or obtain command execution on a host in the web
application's architecture. For example in this scenario, the web application users can potentially be
targeted if the application is exploited.
Sensitive Content
Sensitive content may be detected based on known patterns (credit card numbers, social security numbers) or custom patterns (strings, regular
expressions), depending on the option profile used. Intruders may gain access to sensitive content that could result in misuse or other exploits.

Minimal Sensitive content was found in the web server response. During our scan of the site form(s) were found
with field(s) for credit card number or social security number. This information disclosure could result
in a confidentiality breach and could be a target for intruders. For this reason we recommend caution.
Medium Sensitive content was found in the web server response. Specifically our service found a certain
sensitive content pattern (defined in the option profile). This information disclosure could result in a
confidentiality breach and could be a target for intruders. For this reason we recommend caution.
Serious Sensitive content was found in the web server response - a valid social security number or credit card
information. This infomation disclosure could result in a confidentiality breach, and it gives intruders
access to valid sensitive content that could be misused.
Information Gathered
Information Gathered issues (QIDs) include visible information about the web application's platform, code, or architecture. It may also include
information about users of the web application.

Minimal Intruders may be able to retrieve sensitive information related to the web application platform.

Medium Intruders may be able to retrieve sensitive information related to internal functionality or business logic
of the web application.
Serious Intruders may be able to detect highly sensitive data, such as personally identifiable information (PII)
about other users of the web application.

CONFIDENTIAL AND PROPRIETARY INFORMATION.

Els PTP
100% (1)
Els PTP
59 pages
Web Application Audit Report: Demo Account
No ratings yet
Web Application Audit Report: Demo Account
12 pages
Left of Bang
No ratings yet
Left of Bang
10 pages
TASK1
No ratings yet
TASK1
12 pages
15067CEM Resit
No ratings yet
15067CEM Resit
17 pages
Web Application Report Avaintcon Ex
No ratings yet
Web Application Report Avaintcon Ex
5 pages
VAPT-1
No ratings yet
VAPT-1
18 pages
Cross Site Scripting Cheat Sheet
No ratings yet
Cross Site Scripting Cheat Sheet
3 pages
Week 20220 Report
No ratings yet
Week 20220 Report
28 pages
Vulnerability Assessment and Attack Plan Report (Rohit Roy) PDF
No ratings yet
Vulnerability Assessment and Attack Plan Report (Rohit Roy) PDF
31 pages
Must Know Hacking!3
No ratings yet
Must Know Hacking!3
60 pages
What Is Cross-Site Scripting (XSS) ?
No ratings yet
What Is Cross-Site Scripting (XSS) ?
4 pages
Cross Site Scripting Ethical Hacking Lab Exercise
No ratings yet
Cross Site Scripting Ethical Hacking Lab Exercise
10 pages
Lecture 6 Webapps
No ratings yet
Lecture 6 Webapps
36 pages
Report
No ratings yet
Report
22 pages
15067CEM Resit
No ratings yet
15067CEM Resit
20 pages
Cross Script Xss
No ratings yet
Cross Script Xss
3 pages
Altoro Mutual VAPT
No ratings yet
Altoro Mutual VAPT
19 pages
xss temu report
No ratings yet
xss temu report
7 pages
Cross Site Scripting XSS
No ratings yet
Cross Site Scripting XSS
31 pages
Broken Web Security
No ratings yet
Broken Web Security
87 pages
Cross Site Scripting (XSS) : by Amit Tyagi
0% (1)
Cross Site Scripting (XSS) : by Amit Tyagi
31 pages
A Study On Removal Techniques of Cross-Site From Web Application
No ratings yet
A Study On Removal Techniques of Cross-Site From Web Application
7 pages
Veracode Whitepaper Eradicate Xss
No ratings yet
Veracode Whitepaper Eradicate Xss
8 pages
Vulnerability Disclosure Form
No ratings yet
Vulnerability Disclosure Form
1 page
VAPT Report Template
No ratings yet
VAPT Report Template
12 pages
Xampp & XSS Attacks
No ratings yet
Xampp & XSS Attacks
10 pages
With Emphasis On Web Applications Security Related Issues
0% (1)
With Emphasis On Web Applications Security Related Issues
28 pages
Garpa Xss Bug Report
No ratings yet
Garpa Xss Bug Report
6 pages
Cross-site Scripting (XSS)
No ratings yet
Cross-site Scripting (XSS)
7 pages
Was 4
No ratings yet
Was 4
117 pages
Report
No ratings yet
Report
12 pages
Web Application Security: Vulnerabilities, Attacks, and Countermeasures
No ratings yet
Web Application Security: Vulnerabilities, Attacks, and Countermeasures
72 pages
Dvwa2 Sample Report
No ratings yet
Dvwa2 Sample Report
11 pages
IEEE Mini Project
No ratings yet
IEEE Mini Project
7 pages
Task 2
No ratings yet
Task 2
10 pages
Xss Documentation
No ratings yet
Xss Documentation
6 pages
pib-home bug report
No ratings yet
pib-home bug report
9 pages
XSS Attacks and Defenses: John Mitchell
No ratings yet
XSS Attacks and Defenses: John Mitchell
44 pages
Assignment No 4
No ratings yet
Assignment No 4
18 pages
VVATP
No ratings yet
VVATP
11 pages
Vulnerabilities in Modern Web Applications
100% (1)
Vulnerabilities in Modern Web Applications
34 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
6 pages
Brocket Web Applicaion
No ratings yet
Brocket Web Applicaion
11 pages
DVWA
No ratings yet
DVWA
11 pages
Penetration Testing
No ratings yet
Penetration Testing
25 pages
VSSD04 web vulnerabilities
No ratings yet
VSSD04 web vulnerabilities
57 pages
Xss
No ratings yet
Xss
4 pages
Sample Report Web
No ratings yet
Sample Report Web
19 pages
Vulnerability Assessment
No ratings yet
Vulnerability Assessment
12 pages
Vaprogram Example
No ratings yet
Vaprogram Example
37 pages
Cross Site Scripting (XSS)
No ratings yet
Cross Site Scripting (XSS)
32 pages
Exact Basics of Hacking Intro: Description
No ratings yet
Exact Basics of Hacking Intro: Description
6 pages
Web Security Testing
No ratings yet
Web Security Testing
11 pages
XSS
No ratings yet
XSS
13 pages
Truth of Cross Site Scripting (XSS)
No ratings yet
Truth of Cross Site Scripting (XSS)
14 pages
XSS Attack and how to mitigate it
No ratings yet
XSS Attack and how to mitigate it
8 pages
SSRF & Cross-Site Scripting. Task 1 What Is An SSRF - by YCZHU - Medium
No ratings yet
SSRF & Cross-Site Scripting. Task 1 What Is An SSRF - by YCZHU - Medium
1 page
ETHICAL HACKING GUIDE-Part 3: Comprehensive Guide to Ethical Hacking world
From Everand
ETHICAL HACKING GUIDE-Part 3: Comprehensive Guide to Ethical Hacking world
POONAM DEVI
No ratings yet
Web Application Defender's Cookbook: Battling Hackers and Protecting Users
From Everand
Web Application Defender's Cookbook: Battling Hackers and Protecting Users
Ryan C. Barnett
No ratings yet
AWS Certified Security – Specialty (SCS-C02) Exam Guide: Get all the guidance you need to pass the AWS (SCS-C02) exam on your first attempt
From Everand
AWS Certified Security – Specialty (SCS-C02) Exam Guide: Get all the guidance you need to pass the AWS (SCS-C02) exam on your first attempt
Adam Book
No ratings yet
Cisco ePDG Admin
No ratings yet
Cisco ePDG Admin
99 pages
OFF Page Optimization
No ratings yet
OFF Page Optimization
77 pages
A Winter Internship Project Report On Digital Marketing
No ratings yet
A Winter Internship Project Report On Digital Marketing
56 pages
Assessment 2 - Attempt Review
No ratings yet
Assessment 2 - Attempt Review
11 pages
Top 5 Open Source Email Security Tools On GitHub
No ratings yet
Top 5 Open Source Email Security Tools On GitHub
4 pages
Infographics About Digital Footprint & Digital Citizenship
No ratings yet
Infographics About Digital Footprint & Digital Citizenship
2 pages
Searchsearch: User Settings
No ratings yet
Searchsearch: User Settings
4 pages
Glossary of 100 Networking Terms You Must Know
No ratings yet
Glossary of 100 Networking Terms You Must Know
4 pages
Functions of Web Browser: Web Browser Definition: A Software Application Used To Access Information On The World Wide
No ratings yet
Functions of Web Browser: Web Browser Definition: A Software Application Used To Access Information On The World Wide
3 pages
Practical2 RWPD
No ratings yet
Practical2 RWPD
5 pages
Cookies
No ratings yet
Cookies
75 pages
Oyanib
No ratings yet
Oyanib
30 pages
SBEC13005034ENR1
No ratings yet
SBEC13005034ENR1
11 pages
Computer Application in Front Office Operation
No ratings yet
Computer Application in Front Office Operation
6 pages
University of The East Manila: The Problem and Its Background
No ratings yet
University of The East Manila: The Problem and Its Background
53 pages
BRKRST 2559
No ratings yet
BRKRST 2559
85 pages
Web Results: AN1020-25 USER MANUAL - Ip Address - Wireless Lan - Scribd
No ratings yet
Web Results: AN1020-25 USER MANUAL - Ip Address - Wireless Lan - Scribd
56 pages
Telecommunications and Networks: Mcgraw-Hill/Irwin
No ratings yet
Telecommunications and Networks: Mcgraw-Hill/Irwin
72 pages
Steve Imparl CV 20080430
No ratings yet
Steve Imparl CV 20080430
8 pages
Unit 4 Transport and Application Layer
No ratings yet
Unit 4 Transport and Application Layer
24 pages
Product Comparison PA-5260 PA-850 PA-220
No ratings yet
Product Comparison PA-5260 PA-850 PA-220
5 pages
Love and Lust in The Digital Age
No ratings yet
Love and Lust in The Digital Age
12 pages
CCIE SECv5 LAB1 Configuration Question Set
No ratings yet
CCIE SECv5 LAB1 Configuration Question Set
4 pages
A Review of Best Practices From School Connectivity For Uzbekistan' Ari Katz
No ratings yet
A Review of Best Practices From School Connectivity For Uzbekistan' Ari Katz
11 pages
Dell Force10 s4810 - Owners Manual9 - en Us
No ratings yet
Dell Force10 s4810 - Owners Manual9 - en Us
1,136 pages
M5 Digital Marketing
No ratings yet
M5 Digital Marketing
24 pages
Multimedia Networks - 1 - Introduction
No ratings yet
Multimedia Networks - 1 - Introduction
101 pages
NGN - Core Network
No ratings yet
NGN - Core Network
42 pages
Science and Technology Academic Words
No ratings yet
Science and Technology Academic Words
10 pages