www.tacti

More documents

Recommendations

Info

Security Hole found on port/service "80 / tcp / www" Status Plugin Automatic Failure as listed by the PCI SSC (This must be resolved for your device to be compliant) "CGI Generic SQL Injection (blind)" Category "CGI abuses " Priority "Urgent Synopsis A CGI application hosted on the remote web server is potentially prone to SQL injection attack. Description By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database. An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system. Note that this script is experimental and may be prone to false positives. See also: http://www.securiteam.com/securityreviews/5DP0N1P76E.html http://www.securitydocs.com/library/2651 http://projects.webappsec.org/SQL-Injection Risk factor HIGH / CVSS BASE SCORE :7.5 CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P Plugin output Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to blind SQL injection : + The 'NewNameMade' parameter of the /BuildaGate5/general2/company_search_tree.php CGI : /BuildaGate5/general2/company_search_tree.php?cstFlag=1&z=&framesource=& framemode=&ItemID=&FromRec=&FF=&DataCardTemplate=&Daf=&BANNER=&BuyerID=3
1 0291408&CNumber=&CardPrice=&Clubtmp1=&Referral=tree&SearchType=All&Site Nam e=takti&ValuePage=&comefrom=&NewNameMade=0zz1&z=&framesource=&framemo de=&I temID=&FromRec=&FF=&DataCardTemplate=&Daf=&BANNER=&BuyerID=31029140 8&CNumb er=&CardPrice=&Clubtmp1=&Referral=tree&SearchType=All&SiteName=ta kti&Value Page=&comefrom=&NewNameMade=0yy -------- output --------
Page 1: Scan Summary Customer company name
Page 5 and 6: framemode=&ItemID=&FromRec=&FF=&Dat
Page 7 and 8: Solution Consult the application's
Page 9 and 10: Solution Consult the application's
Page 12: Security Warning found on port/serv
Page 15 and 16: Kx={key exchange} Au={authenticatio
Page 17 and 18: Security Warning found on port/serv
Page 27 and 28: certificate authority : |-Subject :
Page 29 and 30: |-Subject : C=US/ST=Virginia/L=Hern
Page 31 and 32: |-Subject : C=US/ST=Virginia/L=Hern
Page 33 and 34: DES-CBC-SHA Kx=RSA Au=RSA Enc=DES-C
Page 35 and 36: Security Notes found on port/servic
Page 37 and 38: Content-Type: text/html; charset=ut
Page 39 and 40: X-Permitted-Cross-Domain-Policies:
Page 41 and 42: Key Length: 2048 bits Public Key: 0
Page 43 and 44: Extension: Authority Information Ac
Page 47 and 48: D0 91 64 EC E2 0B 0B 3D B6 90 98 2A
Page 49 and 50: Version: 1 Signature Algorithm: SHA
Page 53 and 54:
Security Notes found on port/servic
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
ECDHE-RSA-AES256-SHA384 Kx=ECDHE Au
Page 89 and 90:
CAMELLIA256-SHA Kx=RSA Au=RSA Enc=C
Page 91 and 92:
EXP-RC2-CBC-MD5 Kx=RSA(512) Au=RSA
Page 93 and 94:
Page 95 and 96:
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES
Page 97 and 98:
RSA-AES256-SHA256 Kx=RSA Au=RSA Enc
Page 99 and 100:
Page 101 and 102:
RSA-AES128-SHA256 Kx=RSA Au=RSA Enc
Page 103 and 104:
High Strength Ciphers (>= 112-bit k
Page 105 and 106:
DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES
Page 107 and 108:
Page 109 and 110:
- https://www.takti.co.il/demo/inde
Page 111 and 112:
- http://www.takti.co.il/demo/index
Page 113 and 114:
Page 115 and 116:
Signature Length: 256 bytes / 2048
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
SSL/TLS version : TLSv1.0 Cipher su
Page 123 and 124:
Diffie-Hellman MODP size (bits) : 1
Page 125 and 126:
EXP-RC4-MD5 Kx=RSA(512) Au=RSA Enc=
Page 127 and 128:
administration /administrator /admi
Page 129 and 130:
webalizer Based on tests of each me
Page 131 and 132:
Page 133 and 134:
cgi-bin /mailman
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
Name : PHPSESSID Path : / Value : 4
Page 141 and 142:
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
State/Province: Virginia Locality:
Page 153 and 154:
Page 155 and 156:
Page 157 and 158:
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
lind SQL injection (4 requests) : S
Page 175 and 176:
directory traversal (write access)
Page 177 and 178:
show all

www.tacti

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?