Scribd Logo
Upload

Welcome to Scribd!

  • Alert Views

    Uploaded by

    Rajasekhjar Matam
    82 views12 pages
    The document summarizes a security scan of the website http://zero.webappsecurity.com that found 104 vulnerabilities. The scan identified critical issues like cross-site scripting and privacy violations. It also found high risk issues such as unprotected files and directories on the server. Additionally, it discovered medium and low level risks including directory listings and poor error handling. The report provides details of vulnerabilities found on over 100 pages of the site.

    Original Description:

    HP webinspect alret view report

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document summarizes a security scan of the website http://zero.webappsecurity.com that found 104 vulnerabilities. The scan identified critical issues like cross-site scripting and privacy violations. It also found high risk issues such as unprotected files and directories on the server. Additionally, it discovered medium and low level risks including directory listings and poor error handling. The report provides details of vulnerabilities found on over 100 pages of the site.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    82 views12 pages

    Alert Views

    Uploaded by

    Rajasekhjar Matam
    The document summarizes a security scan of the website http://zero.webappsecurity.com that found 104 vulnerabilities. The scan identified critical issues like cross-site scripting and privacy violations. It also found high risk issues such as unprotected files and directories on the server. Additionally, it discovered medium and low level risks including directory listings and poor error handling. The report provides details of vulnerabilities found on over 100 pages of the site.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 12

    HPE Security WebInspect

    Alert View
    Web Application Assessment Report

    Scan Name:
    Policy:
    Scan Date:
    Scan Version:
    Scan Type:

    Site: http://zero.webappsecurity.com/
    Standard
    10/10/2016 1:19:47 PM
    16.10.463.10
    Site

    Crawl Sessions:
    Vulnerabilities:
    Scan Duration:
    Client:

    437
    104
    21 minutes : 27 seconds
    FF

    Server: http://zero.webappsecurity.com:80

    Critical
    Poor Error Handling: Unhandled Exception
    Page:

    http://zero.webappsecurity.com:80/account/

    Cross-Site Scripting: Reflected


    Page:

    http://zero.webappsecurity.com:80/faq.html?question=1%3c%73%43%72%49%70%54%3e%61%6c%65%
    72%74%28%37%34%38%36%37%29%3c%2f%73%43%72%49%70%54%3e

    Page:

    http://zero.webappsecurity.com:80/search.html?searchTerm=12345%3c%73%43%72%3c%53%63%52%69%
    50%74%3e%49%70%54%3e%61%6c%65%72%74%28%32%31%37%38%38%29%3c%2f%73%43%72%
    3c%53%63%52%69%50%74%3e%49%70%54%3e

    Cross-Site Scripting: Reflected


    Page:

    http://zero.webappsecurity.com:80/sendFeedback.html

    Privacy Violation: Social Security Number


    Page:

    http://zero.webappsecurity.com:80/admin/users.html

    High
    Web Server Misconfiguration: Unprotected File
    Page:

    http://zero.webappsecurity.com:80/server-status

    Web Server Misconfiguration: Unprotected File


    Page:

    http://zero.webappsecurity.com:80/faq.html.bak

    Web Server Misconfiguration: Unprotected File


    Page:

    http://zero.webappsecurity.com:80/index.html.old

    Report Date: 10/10/2016

    Web Server Misconfiguration: Unprotected File


    Page:

    http://zero.webappsecurity.com:80/debug.txt

    Web Server Misconfiguration: Unprotected File


    Page:

    http://zero.webappsecurity.com:80/index.old

    Insecure Transport
    Page:

    http://zero.webappsecurity.com:80/login.html

    Page:

    http://zero.webappsecurity.com:80/forgot-password.html

    Web Server Misconfiguration: HTTP Basic Authentication


    Page:

    http://zero.webappsecurity.com:80/manager/html

    Often Misused: Login


    Page:

    http://zero.webappsecurity.com:80/forgot-password.html

    Page:

    http://zero.webappsecurity.com:80/login.html

    Cross-Frame Scripting
    Page:

    http://zero.webappsecurity.com:80/login.html

    Expression Language Injection


    Page:

    http://zero.webappsecurity.com:80/search.html?searchTerm=${5914%2b2593}

    Medium
    Web Server Misconfiguration: Directory Listing
    Page:

    http://zero.webappsecurity.com:80/errors/

    Report Date: 10/10/2016

    Web Server Misconfiguration: Unprotected File


    Page:

    http://zero.webappsecurity.com:80/admin/WS_FTP.LOG

    Cross-Site Scripting: Reflected


    Page:

    http://zero.webappsecurity.com:80/forgotten-password-send.html

    Web Server Misconfiguration: Unprotected File


    Page:

    http://zero.webappsecurity.com:80/include/common.inc

    Insecure Deployment: Unpatched Application


    Page:

    http://zero.webappsecurity.com:80/

    Cross-Frame Scripting
    Page:

    http://zero.webappsecurity.com:80/

    Low
    Poor Error Handling: Unhandled Exception
    Page:

    http://zero.webappsecurity.com:80/docs/virtual-hosting-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/security-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/class-loader-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/realm-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/manager-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/setup.html

    Report Date: 10/10/2016

    Page:

    http://zero.webappsecurity.com:80/docs/security-manager-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/ssl-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/config/listeners.html

    Page:

    http://zero.webappsecurity.com:80/docs/config/context.html

    Page:

    http://zero.webappsecurity.com:80/docs/jasper-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/appdev/processes.html

    Page:

    http://zero.webappsecurity.com:80/docs/logging.html

    Page:

    http://zero.webappsecurity.com:80/docs/monitoring.html

    Page:

    http://zero.webappsecurity.com:80/docs/cluster-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/building.html

    Page:

    http://zero.webappsecurity.com:80/docs/config/resources.html

    Page:

    http://zero.webappsecurity.com:80/docs/changelog.html

    Page:

    http://zero.webappsecurity.com:80/docs/windows-auth-howto.html

    Web Server Misconfiguration: Unprotected File


    Page:

    http://zero.webappsecurity.com:80/docs/ssi-howto.html

    Report Date: 10/10/2016

    System Information Leak: Internal IP


    Page:

    http://zero.webappsecurity.com:80/errors/errors.log

    Page:

    http://zero.webappsecurity.com:80/docs/monitoring.html

    Page:

    http://zero.webappsecurity.com:80/admin/WS_FTP.LOG

    Page:

    http://zero.webappsecurity.com:80/docs/config/filter.html

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/manager/html

    Page:

    http://zero.webappsecurity.com:80/admin/

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/backup/

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/scripts/

    Page:

    http://zero.webappsecurity.com:80/cgi-bin/

    Page:

    http://zero.webappsecurity.com:80/htbin/

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/include/

    Page:

    http://zero.webappsecurity.com:80/errors/

    Report Date: 10/10/2016

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/db/

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/testing/

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/docs/

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/stats/

    Page:

    http://zero.webappsecurity.com:80/error_log/

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/user/

    Web Server Misconfiguration: Unprotected File


    Page:

    http://zero.webappsecurity.com:80/README.txt

    Poor Error Handling: Unhandled Exception


    Page:

    http://zero.webappsecurity.com:80/docs/building.html

    Page:

    http://zero.webappsecurity.com:80/docs/config/host.html

    Page:

    http://zero.webappsecurity.com:80/docs/windows-service-howto.html

    Page:

    http://zero.webappsecurity.com:80/admin/WS_FTP.LOG

    Report Date: 10/10/2016

    Page:

    http://zero.webappsecurity.com:80/docs/windows-auth-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/html-manager-howto.html

    Web Server Misconfiguration: Unprotected Directory


    Page:

    http://zero.webappsecurity.com:80/admin/

    System Information Leak: LDAP Query


    Page:

    http://zero.webappsecurity.com:80/docs/realm-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/config/listeners.html

    Poor Error Handling: Server Error Message


    Page:

    http://zero.webappsecurity.com:80/account/

    Page:

    http://zero.webappsecurity.com:80/<script>alert('TRACK');</script>

    HTML5: Overly Permissive CORS Policy


    Page:

    http://zero.webappsecurity.com:80/docs/funcspecs/index.html

    Page:

    http://zero.webappsecurity.com:80/docs/servletapi/index.html

    Page:

    http://zero.webappsecurity.com:80/docs/websocketapi/

    Page:

    http://zero.webappsecurity.com:80/docs/appdev/sample/

    Page:

    http://zero.webappsecurity.com:80/errors/errors.log

    Page:

    http://zero.webappsecurity.com:80/docs/appdev/sample/sample.war

    Report Date: 10/10/2016

    Page:

    http://zero.webappsecurity.com:80/docs/appdev/sample/sample.war

    Page:

    http://zero.webappsecurity.com:80/docs/tribes/introduction.html

    Page:

    http://zero.webappsecurity.com:80/docs/jspapi/

    Page:

    http://zero.webappsecurity.com:80/docs/servletapi/

    Page:

    http://zero.webappsecurity.com:80/docs/websocketapi/index.html

    Page:

    http://zero.webappsecurity.com:80/docs/architecture/index.html

    Page:

    http://zero.webappsecurity.com:80/docs/appdev/

    Page:

    http://zero.webappsecurity.com:80/docs/config/

    Page:

    http://zero.webappsecurity.com:80/search.html?searchTerm=12345

    Page:

    http://zero.webappsecurity.com:80/resources/js/placeholders.min.js

    Page:

    http://zero.webappsecurity.com:80/docs/config/index.html

    Page:

    http://zero.webappsecurity.com:80/bank/pay-bills.html

    Page:

    http://zero.webappsecurity.com:80/docs/elapi/index.html

    Page:

    http://zero.webappsecurity.com:80/docs/appdev/index.html

    Page:

    http://zero.webappsecurity.com:80/bank/

    Report Date: 10/10/2016

    Page:

    http://zero.webappsecurity.com:80/docs/api/index.html

    Page:

    http://zero.webappsecurity.com:80/docs/elapi/

    Page:

    http://zero.webappsecurity.com:80/docs/funcspecs/

    Page:

    http://zero.webappsecurity.com:80/docs/manager-howto.html

    Page:

    http://zero.webappsecurity.com:80/docs/api/

    Page:

    http://zero.webappsecurity.com:80/docs/jspapi/index.html

    Page:

    http://zero.webappsecurity.com:80/admin/index.html

    Page:

    http://zero.webappsecurity.com:80/

    Page:

    http://zero.webappsecurity.com:80/docs/architecture/

    Web Server Misconfiguration: Insecure Content-Type Setting


    Page:

    http://zero.webappsecurity.com:80/docs/appdev/sample/sample.war

    Page:

    http://zero.webappsecurity.com:80/errors/errors.log

    Informational
    Insecure Deployment: Known Application Fingerprint
    Page:

    http://zero.webappsecurity.com:80/admin/index.html

    Report Date: 10/10/2016

    10

    Web Server Misconfiguration: OPTIONS HTTP Method


    Page:

    http://zero.webappsecurity.com:80/

    Best Practice
    Compliance Failure: Missing Privacy Policy
    Page:

    http://zero.webappsecurity.com:80/

    Privacy Violation: Autocomplete


    Page:

    http://zero.webappsecurity.com:80/

    Page:

    http://zero.webappsecurity.com:80/admin/currencies-add.html

    Page:

    http://zero.webappsecurity.com:80/online-banking.html

    Page:

    http://zero.webappsecurity.com:80/admin/currencies.html

    Page:

    http://zero.webappsecurity.com:80/admin/index.html

    Page:

    http://zero.webappsecurity.com:80/index.html

    Page:

    http://zero.webappsecurity.com:80/admin/users.html

    Page:

    http://zero.webappsecurity.com:80/search.html?searchTerm=12345

    Page:

    http://zero.webappsecurity.com:80/sendFeedback.html

    Page:

    http://zero.webappsecurity.com:80/admin/

    Page:

    http://zero.webappsecurity.com:80/feedback.html

    Report Date: 10/10/2016

    11

    HTML5: CORS Functionality Abuse


    Page:

    http://zero.webappsecurity.com:80/resources/js/placeholders.min.js

    Web Server Misconfiguration: Insecure Content-Type Setting


    Page:

    http://zero.webappsecurity.com:80/docs/appdev/sample/

    Report Date: 10/10/2016

    12

    You might also like