ScanAlert - Report - Thane

More documents

Recommendations

Info

purchased=B purchased=C purchased=D purchased=E dobmonth=0 dobday=0 dobyear=0 education=4319f684-0c89-4edc-9d8a-c56752eb905f goal=4319f684-0c89-4edc-9d8a-c56752eb905f equip1=A equip2=A equip3=A equip4=A equip5=A equip6=A people=4319f684-0c89-4edc-9d8a-c56752eb905f room=4319f684-0c89-4edc-9d8a-c56752eb905f enter=SUBMIT reset=CLEAR Headers Content-Type=application%2Fx-www-form-urlencoded Links Top sites vulnerable to hackers The Cross Site Scripting FAQ An Oldie but Goodie: The Cross-Site Scripting Vulnerability www.cgisecurity.com/articles/xss-faq.shtml www.developer.com/lang/article.php/947041 www.vnunet.com/vnunet/news/2116667/top-sites-vulnerable-hackers Apache: Cross Site Scripting Info Apache: ??? The Cross-Site Scripting Vulnerability Top sites vulnerable to hackers Related CERT CA-2000-02 WebApp Cross Site Scripting Port First Detected Category 80 27-FEB-2007 09:33 Web Application Protocol Fix Difficulty Impact HTTP Medium Cross Site Scripting (XSS) Description The remote web application appears to be vulnerable to cross site scripting (XSS). The cross-site scripting attack is one of the most common, yet overlooked, security problems facing web developers today. A web site is vulnerable if it displays user-submitted content without checking for malicious script tags. The target of cross-site scripting attacks is not the server itself, but the user files on the server, such as forms and other dynamic content. All a malicious attacker needs to do is find a page that does not properly sanitize user input, but returns the scripting code verbatim to the browser of a visitor to that website. It is important to note that websites that use SSL are just as vulnerable as websites that do not encrypt browser sessions. The damage caused by such an attack can range from stealing session and cookie data from your customers to loading a virus payload onto their computer via browser. The pages listed in the vulnerability output will display embedded javascript with no filtering back to the user. Solution Ensure you turn the > and < into their HTML equivalents before sending it back to the browser. Ensure that parameters and user input are stripped of HTML tags before using. Remove : input = replace( input, ">", "" ) Remove ' : input = replace( input, "'", "" ) Filtering < and > alone will not solve all cross site scripting attacks and it is suggested you also attempt to filter out ( and ) by translating them to their encoded equivalents. Result Method POST Protocol http Port 80 Demo Path /scripts/cgiip.exe/WService=fq/warranty.html product=4319f684-0c89-4edc-9d8a-c56752eb905f serial= packageid=80000002 amonth=x'; aday=x'; ayear=80000002 firstname=x'; lastname=x'; address=80000002 Confidential - ScanAlert Security Audit Report Page 12
city=80000002 state=80000002 zip=80000002 areacode=x'; prefix=`80 last4=0 email=80000002 sex=A sex=B married=A married=B Post purchased=A purchased=B purchased=C purchased=D purchased=E dobmonth=0 dobday=0 dobyear=0 education=4319f684-0c89-4edc-9d8a-c56752eb905f goal=4319f684-0c89-4edc-9d8a-c56752eb905f equip1=A equip2=A equip3=A equip4=A equip5=A equip6=A people=4319f684-0c89-4edc-9d8a-c56752eb905f room=4319f684-0c89-4edc-9d8a-c56752eb905f enter=SUBMIT reset=CLEAR Headers Content-Type=application%2Fx-www-form-urlencoded Links Top sites vulnerable to hackers The Cross Site Scripting FAQ An Oldie but Goodie: The Cross-Site Scripting Vulnerability www.cgisecurity.com/articles/xss-faq.shtml www.developer.com/lang/article.php/947041 www.vnunet.com/vnunet/news/2116667/top-sites-vulnerable-hackers Apache: Cross Site Scripting Info Apache: ??? The Cross-Site Scripting Vulnerability Top sites vulnerable to hackers Related CERT CA-2000-02 Directory Scanner Port First Detected Category 80 22-OCT-2006 00:29 Web Application Protocol Fix Difficulty Impact HTTP Medium Information Disclosure Description During an audit common directories are looked for. This may result in non public Web pages being found. Solution Make sure that these directories are intented for the public. Result Method GET Protocol http Port 80 Demo Path /images/ Links None Related None Directory Scanner Port First Detected Category 443 22-OCT-2006 00:29 Web Application Confidential - ScanAlert Security Audit Report Page 13
Page 1 and 2: Security Report - By Device Fitness
Page 3 and 4: Report Overview Customer Name Fitne
Page 5 and 6: Device Overview Name Urgent Critica
Page 7 and 8: Overview - 63.109.13.3 Last Audit D
Page 9 and 10: Overview - ashe.fitnessquest.com La
Page 11: Overview - www.fitnessquest.com Las
Page 15: Vulnerability Levels Severity Level

ScanAlert - Report - Thane

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?