Testyomequedo PDF

1.
Scan Info
Name: Testyomequedo
Description: Yomequedo
Targets: https://bono.yomequedoencasa.pe/WEB/
Status: completed
Last Ran: 2020-03-22T15:59:37.471Z
2. Vulnerabilties Summary
Plugin ID Plugin Name Severity Count

115540 Cookie Without Low 5
SameSite Flag
Detected
98050 Interesting response Informational 10
98772 XHR Detection Informational 1
98136 Target Information Informational 1
98526 Missing Feature Policy Informational 1
112434 jQuery 1.4.0 < 1.12.0 Medium 1
Cross-Site Scripting
98059 Technologies Detected Informational 1
98000 Scan Information Informational 1
112553 Missing 'Cache-Control' Low 1
Header
98063 Cookie Without Low 4
HttpOnly Flag Detected
98064 Cookie Without Secure Low 5
Flag Detected
98047 Allowed HTTP Methods Informational 1
112491 SSL/TLS Certificate Informational 1
Information
98590 jQuery < 3.4.0 Medium 1
Prototype Pollution
98072 Common Directories Informational 1
Detection
98138 Screenshot Informational 1
98056 Missing HTTP Strict Medium 1
Transport Security
Policy
98019 Network Timeout Informational 1
Encountered
112530 SSL/TLS Versions Informational 1
Supported
112546 TLS 1.1 Deprecated Informational 1
Protocol
98009 Web Application Informational 1
Sitemap
112529 Missing 'X-Content- Low 1
Type-Options' Header
112496 TLS 1.0 Weak Protocol Medium 1
115491 SSL/TLS Cipher Suites Informational 1
Supported
98393 jQuery UI < 1.12.0 Medium 1
Cross-Site Scripting
98119 Blind NoSQL Injection High 1
(differential analysis)
112551 Missing Content Low 1
Security Policy
98618 HTTP Header Low 1
Information Disclosure
98527 Missing Referrer Policy Informational 1
112526 Missing 'X-XSS- Low 1
Protection' Header
3. All vulnerabilities
Plugin ID:
115540
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
bono.yomequedoencasa.pe
Protocol:
TCP
Port:
443
Plugin Name:
Cookie Without SameSite Flag Detected
Synopsis:
Description:
When the SameSite flag is set on a cookie, the browser will prevent it from being sent along with
cross-site requests.
This can help prevent Cross-Site Request Forgery (CSRF) attacks.
Solution:
If the cookie contains sensitive information, then the server should ensure that the cookie has the
SameSite flag set. This flag can have two values: strict or lax. With the strict value the cookie will
only be sent if the request originates from the same website. With the lax value the cookie will
only be sent for GET requests.
See Also:
https://www.owasp.org/index.php/SameSite
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named '_ga' that does not set the
SameSite cookie flag correctly.
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Interesting response
Synopsis:
Description:
The scanner identified some responses with a status code other than the usual 200 (OK), 301
(Moved Permanently), 302 (Found) and 404 (Not Found) codes.
These codes can provide useful insights into the behavior of the web application and identify any
unexpected responses to be addressed.
Solution:
N/A
See Also:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
Output:
URL
-----
https://bono.yomequedoencasa.pe/console/login/LoginForm.jsp
Proof
-------
HTTP/1.1 403 Forbidden
Request
---------
GET /console/login/LoginForm.jsp HTTP/1.1

| Host: bono.yomequedoencasa.pe
| Accept-Encoding: gzip, deflate, br
| User-Agent: ";print 28763*4196403;#
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
| Accept-Language: en-US,en;q=0.5
| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=w+2VBp6r1+qV8KrPq+
71MRx265aIA07FF8eat9ccGpFOsITv7roceci5sPG+PFnXMBs5BOPF0/wzoQMViFFMVLXtDm9M
TOydqVCKLZcJsWPJME6xAX2exzFm81qW;AWSALBCORS=w+2VBp6r1+qV8KrPq+71MRx265a
IA07FF8eat9ccGpFOsITv7roceci5sPG+PFnXMBs5BOPF0/wzoQMViFFMVLXtDm9MTOydqVCKL
ZcJsWPJME6xAX2exzFm81qW;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUb
t3yx6qQGS5nXtfQZ4fVXchhA6cdmPMbJdH7BA;_gat=1;_gid=GA1.2.533059777.1584890516;_ga
=GA1.2.2119926822.1584890516
Response
----------
| Date: Sun, 22 Mar 2020 15:43:42 GMT
| Content-Type: text/html; charset=UTF-8
| Transfer-Encoding: chunked
| Connection: keep-alive
| Cache-Control: max-age=10
| Expires: Sun, 22 Mar 2020 15:43:52 GMT
| X-Frame-Options: SAMEORIGIN
| Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-
cgi/beacon/expect-ct"
| Vary: Accept-Encoding
| Server: cloudflare
| CF-RAY: 578107a3cdc3d925-AMS
| Content-Encoding: gzip
|
| <!DOCTYPE html><html>
| <head>
| <title>YoMeQuedoEnCasa</title>
| <style>@font-face{font-family:Roboto;font-style:normal;font-
weight:400;src:local("Roboto"),local("Roboto-
Regular"),url(data:font/woff2;base64,d09GMgABAAAAAClQAA4AAAAAUFQAACj5AAEAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAGoFOG5JCHDYGYACHDBEMCvMI3BYLg1oAATYCJAOHMAQ
gBYJ0ByAbEUIF3Bhn2DgAaMTbJopSQRoTReUkHfxfL3BDhr4a6BMdhQ5bURRFIw9CmVRvsQz
FG8/dOraGemlpI1p6piOIEvuD7mtXcAwHPwVBE8DPHKGxT3IJIrv4r7nt2XsgMiKUIkAhoG/E72eA
UjJU6sMe8HP7extjZAkKrU0IH3UWWIjSSsbIHNEiIOWIjZykhCCD3hDYBERCkA5BPyhmEFWLW
Dk7VT13jsBpNBYhUXgFViAk4t/eNMC/8MCHON1+mkHiVMSP3Pp3FpaTmV328SOipRWVt1mW
kyd+wjc5mAYSh6i1KcqkKFOJwRETitpdE9ALUorZ79Wahtve1ygUBlAjLEwiW6OaCGFbXrjcheD/b
KbtjHb0TpvVvXcTlisr75mo6EJF56LKS9PM/F3tama0km5lEJkkk84USSZYyai7YBfuAUh3gQsBV0y
vT+uuTFsjFXUdxMFpsyIPQMquy7RGIq0R3DC3r/s2f5N8M3733V8iQYKIpBIeR9q9jM1HBEg4MJ
ENx+MvmwSFB4AXoEg4Aweh5SaELl0IQ7cgjJlAs2QF4cARAg8P4c4DwlcARLAQiDAREDFiIOIlQ
qRKgyAiQmTJgiAjQ+QpgChSBPHAA4gKlRA1HkNQrUCsW4d4ZQvitR0IBAroAvSDgjBmBiQgAZ0
ou4Bl/ned2yC+M9TfE8T3+uM9QPyQfaA3iGMBrL5VDv7y9wY2FcVi0FPDUXthQLPn+icZWVzp9H
q6MpfBevrE3Hg+cszwOR/8CBQ+x3fFbvOgmnELAhH8ERyBCp1S/fxRfwQesRnCGkjZWRdou8k2
4ooTZ67TQP4CxEtgGSSWEuXvwcpqq49aQ4011VxLrbXVHUO/54aNGPXSmHETJs1btmLTK9u
wcI0ytMCNgUxRmd7L9lEhHUKEt1gRbAr1SrhNRBuyrCuwiYObBxEYyoRjgyIsSfQRUZD3DCqg73
OpscL1gaFP3HyQ6ZNsbxSawM7NjFATwk2L0CfRNmLcsuJSaFqRjxAFVmHges/QB252ZPqi0C4
UN7tMO3a6Rtha4hISPvq+hnojwrx0neVaURA/hK4PBOCKZiU3Q/NRHFuJtNAUx8WVCCz/Ew/M0
yu2pPPwrsyy1ZUr3GfxKkT0CLq5d7AcbATBtnAriMZkkfl1xWrMFPPjc7gWC2Me7I61MRe6qO8Hx
NB3D6tgW8yBMVj5hqdwwNWYrnGGnnPzDNGJzSAeFsPAQ/dgD2o6JLjPd6IEXFlct41oDz9oCO
PUXom01E6pvGqq/5FfA7uT0ZeMz3t0pOhKQW9sgaoNlOHv2uGD9onnvasje0tO2BahvsP6oaa+9
EwefKT5tPm2o9D6Ie84s9dvtdabXuXeZ5W0smy3DQ83PaXa7EY4F3dvpuR0VIpsliU33CBDe3z4g
CZDRTFuhGVqe2qptRwd/Hj6Ghuk743x3F2yba+2Xq8xjojJPuXGa9GH9Yt2Yqk6PZPJ3Dr7RZ33
DSDqPg+nGlypk6q54QuO89eHBdzLxMtIrsKduTflS74CcQ7WU9lgHRSmM+M4s5IP27NP6uHTcd
X1eDWfN/Q66qxrRbvrTxUUVWcVFXSBomhT3w16wk06ZEv7HKjmSA0nipwpcqXIn2oB1EikiBTK
L5VyS6O8HlIBlZRdLeVRR/k8ppzqKbsGyq2R8mqmKC2UVStFaaOs6BSjQ7GNm2PTDcqNQXn1
U8RzijZM0UYo1igV8ZKyG6Mixim7CSpikrKbp1yWqbAVym+dstikQl5RYduKY2bzKsMb5XUyshVr
WPDAfr6nENq07FWAWZ1wNrQObvFoaYAM2rQ7voarWV1wdzVoB4ujJ8iWgq1Bxcng33Iee5rFD
uuykLHeWsVNFpbE53w3FBag1tJIYW+tIaIFBJvDmkbHPEntm5Qmr8l3yPtDvNG4uu7DgPxYVUE
aTucWn3J+5wk043ZSFv3Q1wKN2FVw4C/AnpP/gDTkaUDMKZU06VjdIV6BIo4fybQNS5oPjCKN
BSp2xCehuZuMPEh16kPPSGayli9Fco8KXsS2OMY3YUlKZopTk8Z0ZDSzWc/XonLPi8YsaIwDGs
9BgwEam6CxBhppQCILjAGmuQRsAHYAV4GHgGeA2XA2latwfanA2qivVsWcxffp+g3WbNh+xy3
YsV85N1TjESd4zlxse71mCvMWVs2G68JFWLW2dB5apCjRYsSKE++ORUsS3JWo05MVVM/0VJ
JoyXnJDMzCvRV2Q2/gf0iHOdgBCjwArgkFj8sTUXWny37BGQAWh4bNYXGMT85ZvvyU8xfkumA
hHiIgqBYqVJUwd+lIksJcqlQb0mSwlinLK9nI7OTKUyNfEScUD2wrVs1VjUdqP6cO5j1W/zSNQOev
Q4d1T3QK16XbKoanqHoMijRk2KIXRiQYNaPJ+BKzNQSJYZa5EHSGWeYlWKOFfcDFzwDYol+l
6MAb+kuqk/4N4h/gp0n/BfEf8PWk/4NoATdR+yqiwm8guw25K5xTyLd6rqEeIXeHc8+QP/TcC/XeyT
0FgcIGVVW6A/wJSN8AX4Fuc0Hf2yDOg9ovyxn6U8iNzWkoi/j4FrRgszdbtdmqmysYjRGb24xVnI2i
GhhtiVsVW9jAwW7z/uxXaFTqrcZuftDN2n13q6umfhm7g+Zz37FDMfSJWoNji5p62XmVIXutPRH4/
1shpGgAAERJW5WdkjlWNIhsl8YbjeF+8laPPdO+6n8dJf9J1EEDM0xw0b6Qfz8vxjQnspDfhB60H7
HHqkowEcJYYey00b1gciZxWZ6mzllblKddVeKLnLtgFvO84RAFNrUi85Ye9HFM4zJ17dyX5eUOA
C31VcOrhmF4zTXMwbJZ8Xw5SDfNUqTh2HUsCArhcIRMGV7W29yM8PWFL8r8P9XzGNeGVQ
QoulR7wqE0sMERWM8wBqFEJmkC0sjEmaGqYGeF+VZ9fS7iP1hNfnMGq8a/gnshjZpFOasy1M+
9uIpTmi9wOcd0SVdSWkkMcoo+dRIqE+WUSJSGlQCW3lGtsVdgab/2RODrpULPZHLUSBdANyW
tKZb+dKfMVGOdMtS7dhJxoVRzdRk/1UlETdeDsNVKZuOm3TCwNWJt3BVvNGsYGOy2PaodlfIc
oLBq6Uy4i1469WWXySg046pfwmNOPHFcc5ITl//1b/FT/R08qOVQGN6YNPyNRmDHBsItk+vt7H
WSqnc4crAwnSWg8yk7u54TWIJCGTgPLdE4JIZZ4yoTwvgwG6h7j3hJuGEN8denBDnfnukQJzTC
HI/pKHNbOcyQI+5cBCQLaayH/nrh1jVbjft0gWlVKeY00zOFCsAZNqfn1gq4viNFQYBNp9e5WLeor
Tw/2zU4xPfJq2OUGGCbf6gFBSQppXmG3NKVMRRiXwtGWJnbtS+8BkGdh1l8OMxhGjAPEW7+
EhvbgB6v75KdK0yrcKjZSeKadzuAeVXQsNI5AXWYrbO2A0AxsiGTlLodPTcTqc1JKEyZWr2A3TJ
oExDG1+NY9XBoGD308bACIx+RTx7N9rXgQ0DhhsNe8DaYMXYNsL/JkHoz9HBohFczalQV8dQ
wdXpGvjvvreWr0FfLvPYJytC+ElHkVAsWGUqnewuqYdCTDKyx19qHdRMl9Np4UGiz6qg4pAFk3
wOPpaCiFQSCOeUJy9TCgJWna7XPi1VDFHUyXc8hZKgb8jH0mGcNhFuX0EUicoi03RevJatBlW
XHcya5prJq3iGnHS88rj3WE2dT/cidvM5PlSfC/MeY6XRm6pQLNckl8yo7ax0+LDG4EQLPX2nnRM
urLtIsJJFbmBxHh62/C1DkEK/3yWunh4SUpsr4m1LIF486+57rrWKahUa0mx3Yl9EabCCAikrofm/2
znUQm1KB2za2ZiTUBX/6jXauCkY4EdSLna/HNd2l+XvbZN6cirvjy8vCaD2/qkMzNto5dOuM76jNwl
bf8CW1VK3tQpxwW/tHbfVjV5jTLE52JHtsP1y8j5vflPj5ma1kz2IiXlgmlIHaV54rkwMUTeoQca2uWx
A7ZZYyB5epWE7iXNd3oAjQGd9OwrWCDNH1g9IJKgG5KfrkPWD1kuEUaCL+9atYAqQi9igcdptJ
TT5tMODFFkGfeADJnHb4B+KrrYuZyyQXUawARezY4iL7UYT0g3NDis3FdM6BU4vjKgPSAS7s2f
0RTveTvetuGu...
(full response body contents are available as attachment)
Plugin ID:
98772
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
XHR Detection
Synopsis:
XHR Detection
Description:
The scan detected that the web application makes requests that appear to be using
XMLHTTPRequests (XHRs) to communicate with a backend API server. XHRs allow retrieval of
data from an API without triggering a page reload, making them especially useful for Single Page
Applications.
Solution:
N/A
See Also:
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest
Output:
The scan detected 6 unique XMLHttpRequests. Here is the distribution of MIME types used by the
detected requests:
- 2 as "application/x-www-form-urlencoded"
- 4 with no specified MIME type
Plugin ID:
98136
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Target Information
Synopsis:
Target Information
Description:
Publishes the target information of the starting url as evaluated by the scan.
Solution:
N/A
See Also:
N/A
Output:
Access to URL 'https://bono.yomequedoencasa.pe/WEB/' has been confirmed.
Target Information
------------------------
Domain Name : bono.yomequedoencasa.pe
IP Address : 104.22.7.157
Response Information
---------------------------
Status Code : 200

Response Time : 0.753166s
Response Size : 14420 bytes
Content-Type : text/html; charset=utf-8
Plugin ID:
98526
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Missing Feature Policy
Synopsis:
Missing Feature Policy
Description:
Feature Policy provides mechanisms to websites to restrict the use of browser features in its own
frame and in iframes that it embeds.
No Feature Policy header has been detected.

Solution:
Configure Feature Policy on your website by adding 'Feature-Policy' HTTP header.
See Also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
Output:
No Feature-Policy headers were found on https://bono.yomequedoencasa.pe/WEB/
Plugin ID:
115540
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named 'AWSALBCORS' that does not
set the SameSite cookie flag correctly.
Plugin ID:
112434
CVE:
N/A
CVSS:
4.3
RiskFactor:
Medium
Host:
Protocol:
TCP
Port:
443
Plugin Name:
jQuery 1.4.0 < 1.12.0 Cross-Site Scripting
Synopsis:
jQuery 1.4.0 < 1.12.0 Cross-Site Scripting
Description:
According to its self-reported version number, jQuery is at least 1.4.0 and prior to 1.12.0 or at least
1.12.4 and prior to 3.0.0-beta1. Therefore, it may be affected by a cross-site scripting vulnerability
due to cross-domain ajax request performed without the dataType.
Note that the scanner has not tested for these issues but has instead relied only on the
application's self-reported version number.
Solution:
Upgrade to jQuery version 1.12.0 or later.
See Also:
https://github.com/jquery/jquery/issues/2432
Output:
Current Version: 1.11.3
Fixed Version: 1.12.0
Detected technology URL: https://bono.yomequedoencasa.pe/WEB/
Plugin ID:
98059
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Technologies Detected
Synopsis:
Technologies Detected
Description:
This is an informational plugin to inform the user what technologies the framework has detected on
the target application, which can then be examined and checked for known vulnerable software
versions
Solution:
Only use components that do not have known vulnerabilities, only use components that when
combined to not introduce a security vulnerability, and ensure that a misconfiguration does not
cause any vulnerabilities
See Also:
N/A
Output:
The framework has detected the following technologies in the target application:
- jQuery (v1.11.3)
- jQuery UI (v1.11.4)
Plugin ID:
98000
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Scan Information
Synopsis:
Scan Information
Description:
Provides scan information and statistics of plugins run.
Solution:
N/A
See Also:
N/A
Output:
Engine Version 0.43.1-143

Scan ID 74b578a8-0ff6-4732-818f-f870a65ada29
Start Time 2020-03-22 15:21:43 +0000

Duration 00:35:13
Requests 49591
Requests/s 24.1406
Mean Response Time 0.3101s
Bandwidth Usage
- Data to Target 46.7 MB
- Data from Target 1.48 GB
Network TimeOuts 18
Browser TimeOuts 0
Protocols HTTP/HTTPs
Authentication
- None
Plugins Included:
- 98000 "Scan Information"
- 98003 "OS Detection"
- 98009 "Web Application Sitemap"
- 98019 "Network Timeout Encountered"
- 98024 "HTTP Server Authentication Detected"
- 98025 "HTTP Server Authentication Succeeded"
- 98026 "HTTP Server Authentication Failed"
- 98033 "Login Form Detected"
- 98034 "Login Form Authentication Failed"
- 98035 "Login Form Authentication Succeeded"
- 98043 "Scan logged-out intermittently"
- 98044 "Scan aborted after being logged out"
- 98047 "Allowed HTTP Methods"
- 98048 "HTTP TRACE Allowed"
- 98050 "Interesting response"
- 98054 "Unvalidated Redirection"
- 98056 "Missing HTTP Strict Transport Security Policy"
- 98057 "Insecure 'Access-Control-Allow-Origin' header"
- 98059 "Technologies Detected"
- 98060 "Missing 'X-Frame-Options' Header"
- 98062 "Cookie set for parent domain"
- 98063 "Cookie Without HttpOnly Flag Detected"
- 98064 "Cookie Without Secure Flag Detected"
- 98065 "Insecure client-access policy"
- 98067 "Insecure cross-domain policy (allow-access-from)"
- 98068 "Insecure cross-domain policy (allow-http-request-headers-from)"
- 98070 "Common Administration Interfaces Detection"
- 98071 "Common Files Detection"
- 98072 "Common Directories Detection"
- 98073 "Backup directory"
- 98074 "Backup file"
- 98077 "Private IP address disclosure"
- 98078 "E-mail address disclosure"
- 98079 "CVS/SVN user disclosure"
- 98080 "Form-based File Upload"
- 98081 "Password field with auto-complete"
- 98082 "Unencrypted password form"
- 98083 "CAPTCHA Detection"
- 98084 "Directory Listing"
- 98087 "WebDAV"
- 98088 "Exposed localstart.asp page"
- 98091 "Mixed Resource Detection"
- 98092 "HTML Object"
- 98095 "Misconfiguration in LIMIT directive of .htaccess file"
- 98096 "Access restriction bypass via origin spoof"
- 98097 "Backdoor Detection"
- 98098 "Source Code Disclosure"
- 98099 "Publicly writable directory"
- 98100 "Path Traversal"
- 98101 "Response Splitting"
- 98102 "Session fixation"
- 98103 "Unvalidated DOM redirect"
- 98104 "Cross-Site Scripting (XSS)"
- 98105 "Cross-Site Scripting (XSS) in HTML tag"
- 98106 "Cross-Site Scripting (XSS) in script context"
- 98107 "Cross-Site Scripting (XSS) in path"
- 98108 "Cross-Site Scripting (XSS) in event tag of HTML element"
- 98109 "DOM-based Cross-Site Scripting (XSS)"
- 98110 "DOM-based Cross-Site Scripting (XSS) in script context"
- 98112 "Cross-Site Request Forgery"
- 98113 "XML External Entity"
- 98114 "XPath Injection"
- 98115 "SQL Injection"
- 98116 "NoSQL Injection"
- 98117 "Blind SQL Injection (differential analysis)"
- 98118 "Blind SQL Injection (timing attack)"
- 98119 "Blind NoSQL Injection (differential analysis)"
- 98120 "Code injection"
- 98121 "Code injection (php://input wrapper)"
- 98122 "Code injection (timing attack)"
- 98123 "Operating System Command Injection"
- 98124 "Operating system command injection (timing attack)"
- 98125 "Local File Inclusion"
- 98126 "Remote File Inclusion"
- 98127 "LDAP Injection"
- 98129 "Credit card number disclosure"
- 98136 "Target Information"
- 98137 "Scan aborted after too many timeouts"
- 98138 "Screenshot"
- 98139 "Cookie Authentication Succeeded"
- 98140 "Cookie Authentication Failed"
- 98141 "Selenium Authentication Succeeded"
- 98142 "Selenium Authentication Failed"
- 98143 "Selenium Crawl Succeeded"
- 98145 "Selenium Crawl Failed"
- 98200 "Drupal Administration Panel Login Form Detected"
- 98201 "Drupal User Registration Form Detected"
- 98202 "WordPress User Registration Form Detected"
- 98203 "WordPress User Enumeration"
- 98204 "WordPress Configuration Backup Files Detected"
- 98205 "Joomla! User Registration Form Detected"
- 98206 "Joomla! Administration Panel Login Form Detected"
- 98207 "WordPress Administration Panel Login Form Detected"
- 98208 "Joomla! User Enumeration"
- 98209 "Drupal User Enumeration"
- 98210 "Drupal Configuration Backup Files Detected"
- 98211 "Joomla! Configuration Backup Files Detected"
- 98212 "WordPress Directory Listing"
- 98213 "Drupal Directory Listing"
- 98214 "Joomla! Directory Listing"
- 98215 "WordPress XML-RPC Interface Detected"
- 98216 "Drupal < 7.58 / 8.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1 Remote Code Execution"
- 98217 "WordPress 4.7.x < 4.7.2 REST API 'id' Parameter Privilege Escalation"
- 98218 "Joomla! 3.7.0 < 3.7.1 fields.php getListQuery() Method SQLi"
- 98219 "Drupal RESTWS Module Page Callback RCE"
- 98220 "Drupal Database Abstraction API SQLi"
- 98221 "Drupal Coder Module Deserialization RCE"
- 98222 "Joomla! User-Agent Object Injection RCE"
- 98223 "Web Server info.php / phpinfo.php Detection"
- 98224 "WordPress Media Attachment Enumeration"
- 98225 "Apache mod_status /server-status Information Disclosure"
- 98226 "Apache mod_info /server-info Information Disclosure"
- 98227 "WordPress Unsupported Version"
- 98228 "Drupal Unsupported Version"
- 98229 "Joomla! Unsupported Version"
- 98230 "PHP Unsupported Version"
- 98231 "Apache Unsupported Version"
- 98232 "Apache Tomcat Unsupported Version"
- 98233 "jQuery File Upload Arbitrary File Upload"
- 98234 "PHP 7.3.x < 7.3.3 Multiple Vulnerabilities"
- 98237 "MediaElement.js < 2.11.2 Cross-Site Scripting"
- 98238 "Drupal Version End of Life Advanced Notification"
- 98239 "PHP Version End of Life Advanced Notification"
- 98240 "Joomla! 3.0.x < 3.9.4 Multiple Vulnerabilities"
- 98241 "PHP 7.3.x < 7.3.2 Information Disclosure"
- 98242 "PHP 7.3.x < 7.3.1 Multiple vulnerabilities"
- 98246 "WordPress 3.9.x < 3.9.27 Cross-Site Scripting"
- 98250 "WordPress 4.7.x < 4.7.1 Multiple Vulnerabilities"
- 98331 "WordPress 4.9.x < 4.9.2 MediaElement.js Flash Fallback XSS"
- 98357 "WordPress 4.9.x < 4.9.7 Arbitrary File Deletion"
- 98393 "jQuery UI < 1.12.0 Cross-Site Scripting"
- 98394 "jQuery UI < 1.10.0 Multiple Vulnerabilities"
- 98395 "Drupal 8.6.x < 8.6.13 Cross-Site Scripting"
- 98396 "Drupal 8.5.x < 8.5.14 Cross-Site Scripting"
- 98397 "Drupal 7.x < 7.65 Cross-Site Scripting"
- 98398 "JK Status Manager Information Disclosure"
- 98399 "Drupal 8.5.x < 8.5.8 / 8.6.x < 8.6.2 Open Redirect"
- 98402 "Joomla! 3.4.4 < 3.6.4 Multiple Vulnerabilities"
- 98407 "WordPress Debug Mode"
- 98425 "Joomla! 3.7.x < 3.7.1 fields.php getListQuery() Method SQLi"
- 98489 "Joomla! 3.8.x < 3.8.6 User Notes List View SQL Injection"
- 98522 "Apache Tomcat JK Connector 1.2.x < 1.2.46 Access Control Bypass"
- 98523 "Apache Tomcat JK Connector 1.2.x < 1.2.41 JkUnmount Directive Handling Remote
Information Disclosure"
- 98524 "Apache Tomcat Default Files"
- 98525 "Apache Tomcat Manager Detected"
- 98526 "Missing Feature Policy"
- 98527 "Missing Referrer Policy"
- 98528 "Social Warfare Plugin for WordPress < 3.5.3 Remote Code Execution"
- 98529 "Easy WP SMTP Plugin for WordPress 1.3.9 Remote Code Execution"
- 98530 "Apache 2.4.x < 2.4.39 Multiple Vulnerabilities"
- 98531 "Magento 2.1.x < 2.1.17 / 2.2.x < 2.2.8 / 2.3.x < 2.3.1 SQL Injection"
- 98536 "Duplicate Page Plugin for WordPress < 3.4 SQL Injection"
- 98538 "Environment Configuration File Detected"
- 98539 "Apache Tomcat 9.0.0.M1 < 9.0.19 Remote Code Execution on Windows"
- 98540 "Apache Tomcat 8.5.0 < 8.5.40 Remote Code Execution on Windows"
- 98541 "Apache Tomcat 7.0.0 < 7.0.94 Remote Code Execution on Windows"
- 98542 "Apache Tomcat 9.0.0.M1 < 9.0.16 Denial of Service"
- 98543 "Apache Tomcat 8.5.0 < 8.5.38 Denial of Service"
- 98544 "Drupal 8.6.x < 8.6.15 Multiple Vulnerabilities"
- 98545 "Drupal 8.x < 8.5.15 Multiple Vulnerabilities"
- 98546 "Drupal 7.x < 7.66 Multiple Vulnerabilities"
- 98547 "Yellow Pencil Visual Theme Customizer Plugin for WordPress < 7.2.1 Privilege
Escalation"
- 98548 "WP GDPR Compliance Plugin for WordPress < 1.4.3 Multiple Vulnerabilities"
- 98549 "Yuzo Related Posts Plugin for WordPress Cross-Site Scripting"
- 98550 "Drupal 8.2.x < 8.2.0-rc2 Multiple Vulnerabilities"
- 98556 "Drupal 8.3.x < 8.3.1 Access Bypass Vulnerability"
- 98557 "Drupal 8.x < 8.2.8 Access Bypass Vulnerability"
- 98564 "Drupal 8.5.x < 8.5.1 Remote Code Execution Vulnerability"
- 98570 "Drupal 7.x < 7.58 Remote Code Execution Vulnerability"
- 98571 "Drupal 8.5.x < 8.5.2 Enhanced Image Plugin XSS"
- 98572 "Drupal 8.x < 8.4.7 Enhanced Image Plugin XSS"
- 98579 "Drupal 7.x < 7.59 Remote Code Execution Vulnerability"
- 98580 "Drupal 8.6.x < 8.6.0-beta2 Symfony Legacy HTTP Headers Vulnerability"
- 98581 "Drupal 8.x < 8.5.6 Symfony Legacy HTTP Headers Vulnerability"
- 98590 "jQuery < 3.4.0 Prototype Pollution"
- 98591 "WooCommerce Checkout Manager Plugin for WordPress < 4.3 Arbitrary File Upload"
- 98592 "Blog Designer Plugin for WordPress < 1.8.11 Cross-Site Scripting"
- 98593 "PHP error_log File Detected"
- 98594 "Web.config File Information Disclosure"
- 98595 "Gitignore File Detected"
- 98596 "nginx 1.x < 1.14.1 Multiple Vulnerabilties"
- 98597 "nginx 1.15.x < 1.15.6 Multiple Vulnerabilties"
- 98598 "jQuery Mobile < 1.2.0 Cross-Site Scripting"
- 98599 "PHP 7.3.x < 7.3.5 Heap-based Buffer Overflow Vulnerability"
- 98602 "Drupal 8.7.x < 8.7.1 Third-Party Libraries Vulnerability"
- 98603 "Drupal 8.6.x < 8.6.16 Third-Party Libraries Vulnerability"
- 98604 "Drupal 7.x < 7.67 Third-Party Libraries Vulnerability"
- 98605 "Slimstat Analytics Plugin for WordPress < 4.8.1 Cross-Site Scripting"
- 98606 "WP Live Chat Support Plugin for WordPress < 8.0.27 Cross-Site Scripting"
- 98607 "Ultimate Member Plugin for WordPress < 2.0.46 Multiples Vulnerabilities"
- 98608 "Give Plugin for WordPress < 2.4.7 Cross-Site Scripting"
- 98609 "W3 Total Cache Plugin for WordPress < 0.9.7.4 Multiples Vulnerabilities"
- 98610 "All-in-One Event Calendar Plugin for WordPress < 2.5.39 Cross-Site Scripting"
- 98611 "Error Message"
- 98612 "Missing 'Expect-CT' Header"
- 98613 "Atlassian Confluence < 6.6.12 / 6.7.x < 6.12.3 / 6.13.x < 6.13.3 / 6.14.x < 6.14.2
Template Injection"
- 98615 "Basic Authentication Without HTTPS"
- 98616 "TLS 1.2 Not Supported Protocol"
- 98617 "SSL/TLS Forward Secrecy Cipher Suites Not Supported"
- 98618 "HTTP Header Information Disclosure"
- 98623 "Host Header Injection"
- 98624 "WP Statistics Plugin for WordPress < 12.6.7 SQL Injection"
- 98626 "WP Live Chat Support Plugin for WordPress < 8.0.33 Authentication Bypass"
- 98627 "Convert Plus Plugin for WordPress < 3.4.3 Arbitrary User Role Creation"
- 98628 "WP Database Backup Plugin for WordPress < 5.2 Command Injection"
- 98630 "Apache .htaccess and .htpasswd Disclosure"
- 98631 "Joomla! 3.9.7 < 3.9.9 Remote Code Execution"
- 98632 "WS_FTP.LOG File Detected"
- 98633 "Atlassian Confluence 6.15.x < 6.15.2 Directory Traversal Vulnerability"
- 98637 "Atlassian Confluence < 6.6.13 Directory Traversal Vulnerability"
- 98638 "Atlassian Confluence 6.14.x < 6.14.2 Multiple Vulnerabilities"
- 98641 "Atlassian Confluence < 6.6.12 Multiple Vulnerabilities"
- 98642 "Magento Adminstration Panel Login Form Detected"
- 98643 "Drupal 8.7.4 Access Bypass Vulnerability"
- 98644 "Magento Connect Manager Detected"
- 98645 "Sessvars < 1.01 DOM-based Cross-Site Scripting"
- 98646 ".DS_Store File Detected"
- 98647 "Missing Subresource Integrity (SRI)"
- 98648 "Missing 'Content-Type' Header"
- 98649 "Invalid Subresource Integrity"
- 98650 "SVN Repository Detected"
- 98651 "Atlassian JIRA 4.4.x < 7.6.14 Template Injection Vulnerability"
- 98656 "Atlassian Crowd 3.4.x < 3.4.4 RCE Vulnerability"
- 98664 "Give Plugin for WordPress < 2.5.1 SQL Injection"
- 98665 "Moment.js < 2.15.2 Regular Expression Denial of Service"
- 98666 "Joomla! 1.6.2 < 3.9.11 Incorrect Access Control"
- 98667 "nginx 1.17.x < 1.17.3 Multiple Vulnerabilties"
- 98668 "nginx 1.9.5 < 1.16.1 Multiple Vulnerabilties"
- 98670 "Webmin 1.890 < 1.930 Remote Command Execution"
- 98671 "CVS Entries Detected"
- 98672 "Webmin 1.880 Local File Inclusion Vulnerability"
- 98673 "Webmin 1.840 Local File Inclusion Vulnerability"
- 98674 "Webmin < 1.870 Cross-Site Scripting Vulnerability"
- 98675 "Webmin < 1.860 Multiple Vulnerabilities"
- 98676 "Webmin < 1.850 Multiple Cross-Site Scripting Vulnerabilities"
- 98677 "Webmin < 1.830 Multiple Cross-Site Scripting Vulnerabilities"
- 98678 "Webmin < 1.760 xmlrpc.cgi Cross-Site Scripting Vulnerability"
- 98679 "Webmin < 1.730 Read Mail Symlink Vulnerability"
- 98680 "CVS Repository Detected"
- 98681 "Sitemap.xml File Detected"
- 98701 "JetBrains .idea Directory Detected"
- 98702 "Magento RSS Feed Brute Force"
- 98703 "Magento API Anonymous Access"
- 98704 "Drupal PHPUnit/Mailchimp Code Execution Vulnerability"
- 98705 "Robots.txt File Detected"
- 98706 "Popup Builder Plugin for WordPress < 3.45 SQL Injection"
- 98707 "Everest Forms Plugin for WordPress < 1.5.0 SQL Injection"
- 98708 "Joomla! 3.0.x < 3.9.12 Cross-Site Scripting"
- 98709 "FV Flowplayer Video Player Plugin for WordPress < 7.3.19.727 SQL Injection"
- 98710 "Photo Gallery Plugin for WordPress < 1.5.31 SQL Injection"
- 98711 "Email Subscribers & Newsletters Plugin for WordPress < 4.1.8 SQL Injection"
- 98712 "Blog2Social Plugin for WordPress < 5.6.0 SQL Injection"
- 98713 "AdRotate Banner Manager Plugin for WordPress < 5.3 SQL Injection"
- 98714 "NextGEN Gallery Plugin for WordPress < 3.2.11 SQL Injection"
- 98715 "Permissive HTTP Strict Transport Security Policy Detected"
- 98716 "Rails Arbitrary File Content Disclosure"
- 98719 "Atlassian JIRA 7.0.10 < 7.6.16 Template Injection Vulnerability"
- 98720 "Give Plugin for WordPress < 2.5.5 Authentication Bypass"
- 98726 "Atlassian JIRA < 8.4.0 Multiple Vulnerabilities"
- 98727 "Atlassian Bitbucket < 5.16.10 Command Injection Vulnerability"
- 98728 "Atlassian Bitbucket 6.0.x < 6.0.10 Command Injection Vulnerability"
- 98734 "Atlassian Bitbucket 5.13.x < 5.13.6 Path Traversal Vulnerability"
- 98740 "Cross-Site Scripting (XSS) in script src"
- 98741 "All In One WP Security & Firewall Plugin for WordPress < 4.4.2 Open Redirect"
- 98742 "Atlassian JIRA Service Desk < 3.9.16 Path Traversal Vulnerability"
- 98743 "Atlassian JIRA Service Desk 3.10.x < 3.16.8 Path Traversal Vulnerability"
- 98764 "vBulletin 5.x < 5.5.4 Patch Level 1 Remote Code Execution Vulnerability"
- 98765 "Magento Cacheleak"
- 98766 "PHP 7.3.x < 7.3.11 Remote Code Execution Vulnerability"
- 98770 "Email Subscribers & Newsletters Plugin for WordPress < 4.3.1 Multiple Vulnerabilities"
- 98771 "Give Plugin for WordPress < 2.5.10 Multiple Vulnerabilities"
- 98772 "XHR Detection"
- 98773 "W3 Total Cache Plugin for WordPress < 0.9.4 Arbitrary File Read"
- 98774 "vBulletin 5.5.4 < 5.5.4 Patch Level 2 Multiple Vulnerabilities"
- 98775 "vBulletin 5.5.3 < 5.5.3 Patch Level 2 Multiple Vulnerabilities"
- 98776 "vBulletin 5.5.x < 5.5.2 Patch Level 2 Multiple Vulnerabilities"
- 98777 "vBulletin 5.4.3 Open Redirect Vulnerability"
- 98778 "vBulletin < 5.3.0 Server-Side Request Forgery Vulnerability"
- 98779 "Source Code Leakage"
- 98800 "PHP 5.6.0 Development Releases CDF File NULL Pointer Dereference DoS"
- 98801 "PHP 5.6.x < 5.6.1 add_post_var() Code Execution"
- 98803 "PHP 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)"
- 98814 "PHP 5.6.x < 5.6.24 Multiple Vulnerabilities (httpoxy)"
- 98820 "PHP 5.6.x < 5.6.3 donote DoS"
- 98821 "PHP 5.6.x < 5.6.30 Multiple DoS"
- 98825 "PHP 5.6.x < 5.6.34 Stack Buffer Overflow"
- 98827 "PHP 5.6.x < 5.6.4 process_nested_data() RCE"
- 98829 "PHP 5.6.x < 5.6.6 Multiple Vulnerabilities (GHOST)"
- 98838 "PHP 7.0.x < 7.0.14 php_wddx_push_element() Function Empty Boolean Element
Decoding RCE"
- 98842 "PHP 7.x < 7.0.2 Multiple Vulnerabilities"
- 98855 "PHP 7.0.x < 7.0.9 Multiple Vulnerabilities (httpoxy)"
- 98867 "PHP 7.2.x < 7.2.4 Dumpable FPM Child Processes"
- 98869 "PHP 5.6.x < 5.6.38 Transfer-Encoding Parameter XSS Vulnerability"
- 98874 "PHP 5.6.x < 5.6.37 exif_thumbnail_extract() DoS"
- 98875 "PHP 7.1.x < 7.1.20 exif_thumbnail_extract() DoS"
- 98876 "PHP 7.0.x < 7.0.23 Heap User After Free Vulnerability"
- 98877 "PHP 7.1.x < 7.1.9 Heap User After Free Vulnerability"
- 98878 "PHP 7.0.x < 7.0.31 Use After Free Arbitrary Code Execution in EXIF"
- 98879 "PHP 7.2.x < 7.2.8 Use After Free Arbitrary Code Execution in EXIF"
- 98886 "Apache Solr 4.0.0 XML External Entity"
- 98887 "Apache Solr 4.0.0 < 4.6.0 Directory Traversal"
- 98888 "Apache Solr 3.6.0 < 4.1.0 XML External Entity"
- 98889 "Apache Solr 3.6.0 < 4.3.1 XML External Entity"
- 98890 "Apache Solr 4.0.0 < 4.10.3 Cross-Site Scripting"
- 98891 "Apache Solr < 5.1.0 Cross-Site Scripting"
- 98894 "Apache Solr < 5.5.4 Directory Traversal"
- 98895 "Apache Solr 6.x < 6.4.1 Directory Traversal"
- 98896 "Apache Solr 1.3.0 <= 7.6.0 Server Side Request Forgery"
- 98897 "Apache Solr < 7.1.0 Remote Code Execution"
- 98898 "Apache Solr 1.3.0 < 1.4.1 XML Resource Consumption Attack"
- 98900 "Apache 2.4.x < 2.4.2 'LD_LIBRARY_PATH' Insecure Library Loading"
- 98902 "Apache 2.4.x < 2.4.4 Multiple XSS Vulnerabilities"
- 98904 "Apache 2.4.6 Remote DoS"
- 98909 "Apache 2.4.18 / 2.4.20 X.509 Certificate Authentication Bypass"
- 98910 "Apache 2.4.x < 2.4.25 Multiple Vulnerabilities (httpoxy)"
- 98913 "Apache 2.4.x < 2.4.28 HTTP Vulnerability (OptionsBleed)"
- 98916 "Apache 2.4.x < 2.4.35 Denial of Service"
- 98917 "Apache 2.4.17 / 2.4.18 mod_http2 Denial of Service"
- 98919 "Apache Solr 5.0.0 < 5.5.5 Remote Code Execution"
- 98920 "Disclosed US Social Security Number"
- 98922 "Apache Solr 1.2.0 < 6.6.2 XML Entity Expansion"
- 98923 "Apache Solr 7.0.0 < 7.2.1 XML Entity Expansion"
- 98928 "InfiniteWP Client Plugin for WordPress < 1.9.4.5 Authentication Bypass"
- 98935 "Joomla! 3.x < 3.9.15 Multiple Vulnerabilities"
- 98937 "Magento Log File Detected"
- 98938 "Joomla! Session Object Injection RCE"
- 98939 "GDPR Cookie Consent Plugin for WordPress < 1.8.3 Cross-Site Scripting"
- 98940 "Code Snippets Plugin for WordPress < 2.14.0 Cross-Site Request Forgery"
- 98941 "Duplicator Plugin for WordPress < 1.3.28 Arbitrary File Download"
- 98942 "ThemeGrill Demo Importer Plugin for WordPress < 1.6.2 Database Wipe and
Authentication Bypass"
- 98943 "Laravel Log File Detected"
- 98944 "Knockout.js < 3.5.0-beta Cross-site Scripting"
- 98945 "Knockout.js 2.1.x < 3.0.0 Cross-site Scripting"
- 98946 "Apache Tomcat 9.0.0.M1 < 9.0.31 Multiple Vulnerabilities"
- 98947 "Apache Tomcat 8.5.x < 8.5.51 Multiple Vulnerabilities"
- 98949 "Apache Tomcat 9.0.0.M1 < 9.0.30 Session Fixation"
- 98950 "nginx < 1.4.1 ngx_http_proxy_module.c Multiple Vulnerabilities"
- 98951 "nginx < 1.2.9 ngx_http_proxy_module.c Multiple Vulnerabilities"
- 98952 "nginx < 1.5.7 ngx_parse_http Security Bypass"
- 98953 "nginx < 1.4.4 ngx_parse_http Security Bypass"
- 98954 "nginx 1.5.10 SPDY Memory Corruption"
- 98955 "nginx < 1.5.12 SPDY Heap Buffer Overflow"
- 98956 "nginx < 1.4.7 SPDY Heap Buffer Overflow"
- 98957 "nginx < 1.7.4 SMTP STARTTLS Command Injection"
- 98958 "nginx < 1.6.1 SMTP STARTTLS Command Injection"
- 98959 "nginx < 1.7.5 SSL Session Reuse"
- 98960 "nginx < 1.6.2 SSL Session Reuse"
- 98961 "nginx 1.9.x < 1.9.6 HTTPv2 PRI Double-Free DoS"
- 98962 "nginx < 1.9.10 Multiple Vulnerabilities"
- 98963 "nginx < 1.8.1 Multiple Vulnerabilities"
- 98964 "nginx < 1.11.1 NULL Pointer Dereference"
- 98965 "nginx < 1.10.1 NULL Pointer Dereference"
- 98966 "nginx < 1.13.3 Integer Overflow"
- 98967 "nginx < 1.12.1 Integer Overflow"
- 98968 "Apache Tomcat 8.5.x < 8.5.50 Session Fixation"
- 98969 "Apache Tomcat 7.0.x < 7.0.99 Session Fixation"
- 98970 "Apache Tomcat 9.0.0.M1 < 9.0.29 Local Privilege Escalation"
- 98971 "Apache Tomcat 8.5.x < 8.5.49 Local Privilege Escalation"
- 98972 "Apache Tomcat 7.0.x < 7.0.99 Local Privilege Escalation"
- 98976 "Kibana < 6.8.6 Cross-Site Scripting"
- 98977 "Kibana 7.x < 7.5.1 Cross-Site Scripting"
- 98978 "Kibana 7.3.x < 7.4.0 Local File Disclosure"
- 98979 "Kibana < 6.8.2 Multiple Vulnerabilities"
- 98980 "Kibana 7.x < 7.2.1 Multiple Vulnerabilities"
- 98981 "Kibana < 5.6.15 Multiple Vulnerabilities"
- 98982 "Kibana 6.x < 6.6.1 Multiple Vulnerabilities"
- 112290 "Apache Tomcat 9.0.0.M1 < 9.0.10 Multiple Vulnerabilities"
- 112292 "Apache Tomcat 9.0.0.M1 < 9.0.5 Security Constraint Weakness"
- 112293 "Apache Tomcat 9.0.0.M22 < 9.0.2 Insecure CGI Servlet Search Algorithm Description
Weakness"
- 112294 "Apache Tomcat 9.0.0.M1 < 9.0.1 Remote Code Execution via JSP Upload"
- 112295 "Apache Tomcat 9.0.0.M1 < 9.0.0.M22 Multiple Vulnerabilities"
- 112296 "Apache Tomcat 8.5.0 < 8.5.32 Multiple Vulnerabilities"
- 112298 "Apache Tomcat 8.5.x < 8.5.28 Security Constraint Weakness"
- 112299 "Apache Tomcat 8.5.16 < 8.5.24 Insecure CGI Servlet Search Algorithm Description
Weakness"
- 112300 "Apache Tomcat 8.5.x < 8.5.23 Remote Code Execution via JSP Upload"
- 112302 "Apache Tomcat 7.0.x < 7.0.78 Remote Error Page Manipulation"
- 112303 "Apache Tomcat 8.5.x < 8.5.15 Remote Error Page Manipulation"
- 112305 "Apache Tomcat 7.0.25 < 7.0.90 Multiple Vulnerabilities"
- 112307 "Apache Tomcat 7.0.0 < 7.0.85 Security Constraint Weakness"
- 112308 "Apache Tomcat 7.0.79 < 7.0.84 Insecure CGI Servlet Search Algorithm Description
Weakness"
- 112309 "Apache Tomcat 7.0.x < 7.0.82 Remote Code Execution via JSP Upload"
- 112311 "Apache Tomcat 7.0.41 < 7.0.79 Cache Poisoning Vulnerability"
- 112312 "Apache Tomcat 7.0.x < 7.0.77 Information Disclosure"
- 112313 "Apache Tomcat 9.0.0.M1 < 9.0.12 Open Redirect"
- 112315 "Apache Tomcat 7.0.23 < 7.0.91 Open Redirect"
- 112316 "Apache Tomcat 8.5.0 < 8.5.34 Open Redirect"
- 112350 "Nginx Default Index Page"
- 112351 "Apache Default Index Page"
- 112352 "Microsoft ASP.NET Application Tracing trace.axd Information Disclosure"
- 112353 "ASP.NET DEBUG Method Enabled"
- 112354 "lighttpd < 1.4.28 Insecure Temporary File Creation"
- 112355 "lighttpd < 1.4.30 base64_decode Function Out-of-Bounds Read Error DoS"
- 112356 "lighttpd 1.4.31 http_request_split_value Function Header Handling DoS"
- 112357 "lighttpd < 1.4.34 Multiple Vulnerabilities"
- 112359 "lighttpd < 1.4.36 mod_auth Arbitrary Log Entries Injection"
- 112360 "Lighttpd Default Index Page"
- 112361 "Lighttpd Status Module Information Disclosure"
- 112370 "Apache Struts 2 DevMode Enabled"
- 112371 "Apache Struts 2 OGNL Console Detected"
- 112372 "Bootstrap < 2.1.0 Cross-Site Scripting"
- 112374 "Bootstrap 4.0.0 < 4.1.2 Cross-Site Scripting"
- 112376 "Bootstrap 4.3.x < 4.3.1 Cross-Site Scripting"
- 112381 "Modernizr 3.x < 3.4.0 Marked Multiple Vulnerabilities"
- 112391 "AngularJS < 1.4.10 Cross-Site Scripting"
- 112392 "AngularJS 1.3.0 < 1.5.0-rc.2 Cross-Site Scripting"
- 112394 "AngularJS 1.5.0 < 1.5.9 Content Security Policy Bypass"
- 112411 "YUI 2.4.0 < 2.8.2 Cross-Site Scripting"
- 112412 "YUI < 2.9.0 Cross-Site Scripting"
- 112413 "YUI 3.5.0-PR1 < 3.5.1 Cross-Site Scripting"
- 112417 "YUI 3.10.2 Cross-Site Scripting"
- 112431 "jQuery < 1.6.3 Cross-Site Scripting"
- 112432 "jQuery 1.7.1 < 1.9.0 Cross-Site Scripting"
- 112436 "jQuery 3.0.0-rc.1 Denial of Service"
- 112456 "jQuery File Upload < 9.22.1 Arbitrary File Upload"
- 112457 "jQuery File Upload < 9.24.1 Arbitrary File Upload"
- 112458 "jQuery File Upload < 9.25.1 Potential Vulnerability With ImageMagick"
- 112461 "Backbone.js < 0.5.0 Cross-Site Scripting"
- 112470 "Apache Spark < 2.1.3 / 2.2.x < 2.2.2 / 2.3.x < 2.3.1 XSS in UI"
- 112476 "Prototype < 1.6.0.2 Cross-Site Ajax Request"
- 112490 "Telerik Reporting < 11.0.17.406 Cross-Site Scripting"
- 112491 "SSL/TLS Certificate Information"
- 112493 "SSL/TLS Certificate Expired"
- 112494 "SSL Insecure Protocols"
- 112495 "SSL/TLS Self-Signed Certificate"
- 112496 "TLS 1.0 Weak Protocol"
- 112500 "IIS Default Index Page"
- 112501 "Sitefinity < 10.0.6412.0 Multiple Vulnerabilities"
- 112502 "Sitefinity < 6.0.4230.0 Multiple Vulnerabilities"
- 112503 "Sitefinity 6.1.x < 6.1.4720.0 Multiple Vulnerabilities"
- 112519 "Sitefinity 11.x < 11.0.6702.0 Multiple Vulnerabilities"
- 112526 "Missing 'X-XSS-Protection' Header"
- 112527 "Disabled 'X-XSS-Protection' Header"
- 112528 "Sitefinity Administration Panel Login Form Detected"
- 112529 "Missing 'X-Content-Type-Options' Header"
- 112530 "SSL/TLS Versions Supported"
- 112531 "Git Repository Detected"
- 112536 "SSL/TLS Anonymous Cipher Suites Supported"
- 112537 "SSL/TLS Null Cipher Suites Supported"
- 112538 "SSL/TLS Insecure Cipher Suites Supported"
- 112539 "SSL/TLS Weak Cipher Suites Supported"
- 112540 "SSL/TLS Certificate RSA Keys Less Than 2048 bits"
- 112541 "SSL/TLS Certificate Common Name Mismatch"
- 112542 "SSL/TLS Certificate Signed Using Weak Hashing Algorithm"
- 112543 "HTTPS Not Detected"
- 112544 "HTTP to HTTPS Redirect Not Enabled"
- 112545 "Oracle WebLogic Server Administration Console Detection"
- 112546 "TLS 1.1 Deprecated Protocol"
- 112547 "Apache Struts Config Browser Detected"
- 112550 "Full Path Disclosure"
- 112551 "Missing Content Security Policy"
- 112552 "Deprecated Content Security Policy"
- 112553 "Missing 'Cache-Control' Header"
- 112554 "Permissive Content Security Policy Detected"
- 112555 "Report Only Content Security Policy Detected"
- 112556 "MediaElement.js < 2.21.1 Cross-Site Scripting"
- 112564 "ThinkPHP 5.0.x < 5.0.23 / 5.1.x < 5.1.31 Remote Code Execution"
- 112565 "ThinkPHP 5.0.x < 5.0.24 Remote Code Execution"
- 115491 "SSL/TLS Cipher Suites Supported"
- 115540 "Cookie Without SameSite Flag Detected"
Plugin ID:
112553
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Missing 'Cache-Control' Header
Synopsis:
Missing 'Cache-Control' Header
Description:
The HTTP 'Cache-Control' header is used to specify directives for caching mechanisms.
The server did not return or returned an invalid 'Cache-Control' header which means page
containing sensitive information (password, credit card, personal data, social security number, etc)
could be stored on client side disk and then be exposed to unauthorised persons. This URL is
flagged as an specific example.
Solution:
Configure your web server to include a 'Cache-Control' header with appropriate directives. If page
contains sensitive information 'Cache-Control' value should be 'no-cache, no-store' and 'Pragma'
header value should be 'no-cache'.
See Also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma
Output:
https://bono.yomequedoencasa.pe/WEB/ has invalid directive found :
- post-check=0
https://bono.yomequedoencasa.pe/WEB/ has invalid directive found :
- pre-check=0
Plugin ID:
98063
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Cookie Without HttpOnly Flag Detected
Synopsis:
Description:
The HttpOnly flag assists in the prevention of client side-scripts (such as
JavaScript) from accessing and using the cookie.
This can help prevent XSS attacks from targeting the cookies holding the client's
session token (setting the HttpOnly flag does not prevent, nor safeguard against
XSS vulnerabilities themselves).
Solution:
The initial step to remedy this would be to determine whether any client-side scripts (such as
JavaScript) need to access the cookie and if not, set the HttpOnly flag.
It should be noted that some older browsers are not compatible with the HttpOnly flag;
therefore, setting this flag will not protect those clients against this form of attack.
See Also:
https://www.owasp.org/index.php/HttpOnly
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named 'AWSALB' that does not set
the HttpOnly flag.
Plugin ID:
98064
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Cookie Without Secure Flag Detected
Synopsis:
Description:
When the `secure` flag is set on a cookie, the browser will prevent it from being
sent over a clear text channel (HTTP) and only allow it to be sent when an encrypted
channel is used (HTTPS).
The scanner discovered that a cookie was set by the server without the secure flag
being set. Although the initial setting of this cookie was via an HTTPS
connection, any HTTP link to the same server will result in the cookie being
sent in clear text.
Note that if the cookie does not contain sensitive information, the risk of this
vulnerability is mitigated.
Solution:
`secure` flag set.
See Also:
https://www.owasp.org/index.php/SecureFlag
Output:
https://bono.yomequedoencasa.pe/WEB/ returned cookie 'AWSALB' without the Secure flag set.
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/WEB/
Proof
-------
HTTP/1.1 405 Not Allowed
Request
---------
TRACE /WEB/ HTTP/1.1

| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/77.0.3865.90 Safari/537.36
| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=pGy51YKtzy0NHv2GPl
HY8vBK2xuFo9Wc54nW5ShljT6w7ggVF4R44lNz4bDP/ziVOaPv1kxtP5kxjr9al78nlUW/My/O3689
RQlXADqlEtIpnYQpI6sOolQzsd5t;AWSALBCORS=pGy51YKtzy0NHv2GPlHY8vBK2xuFo9Wc54n
W5ShljT6w7ggVF4R44lNz4bDP/ziVOaPv1kxtP5kxjr9al78nlUW/My/O3689RQlXADqlEtIpnYQpI6s
OolQzsd5t;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3yx6qQGS5nXtfQZ4f
VXchhA6cdmPMbJdH7BA;_gat=1;_gid=GA1.2.533059777.1584890516;_ga=GA1.2.2119926822.
1584890516
Response
----------
HTTP/1.1 405 Not Allowed

| Date: Sun, 22 Mar 2020 15:22:03 GMT
| Content-Type: text/html
| Content-Length: 557
| Connection: close
| CF-RAY: -
|
| <html>
| <head><title>405 Not Allowed</title></head>
| <body>
| <center><h1>405 Not Allowed</h1></center>
| <hr><center>cloudflare</center>
| </body>
| </html>
| 
Plugin ID:
98047
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Allowed HTTP Methods
Synopsis:
Allowed HTTP Methods
Description:
There are a number of HTTP methods that can be used on a webserver (`OPTIONS`, `HEAD`,
`GET`, `POST`, `PUT`, `DELETE` etc.). Each of these methods perform a different function and
each have an associated level of risk when their use is permitted on the webserver.
By sending an HTTP OPTIONS request and a direct HTTP request for each method, the scanner
discovered the methods that are allowed by the server.
Solution:
It is recommended that a whitelisting approach be taken to explicitly permit only the HTTP
methods required by the application and block all others.
See Also:
http://httpd.apache.org/docs/2.2/mod/core.html#limitexcept
Output:
https://bono.yomequedoencasa.pe/WEB/ allows requests made using the following HTTP
methods (See attachment for more information):
- GET
- POST
- PUT
- HEAD
- DELETE
- PATCH
- OPTIONS
- PROPFIND
- PROPPATCH
- MKCOL
- COPY
- MOVE
- LOCK
- UNLOCK
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/etc/passwd%00
Proof
-------
HTTP/1.1 400 Bad Request
Request
---------
GET /etc/passwd%00 HTTP/1.1

| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=Mg5lLASvSjtBszGzcNc
zgPhBRMWtEAkMneomH0y2IANp9gRz9DbpIXzwoQtRVimkRmvc4boKDo8t8RiiOBr6Ub/ePN9yzfi
NGbCh/PCxaCuGM3nFRPbT5aueN/eq;AWSALBCORS=Mg5lLASvSjtBszGzcNczgPhBRMWtEAk
MneomH0y2IANp9gRz9DbpIXzwoQtRVimkRmvc4boKDo8t8RiiOBr6Ub/ePN9yzfiNGbCh/PCxaCu
GM3nFRPbT5aueN/eq;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3yx6qQ
GS5nXtfQZ4fVXchhA6cdmPMbJdH7BA;_gid=GA1.2.533059777.1584890516;_ga=GA1.2.211992
6822.1584890516
Response
----------
HTTP/1.1 400 Bad Request

| Date: Sun, 22 Mar 2020 15:24:30 GMT
| Content-Type: text/html
| Connection: close
| CF-RAY: -
|
| <html>
| <head><title>400 Bad Request</title></head>
| <body>
| <center><h1>400 Bad Request</h1></center>
| <hr><center>cloudflare</center>
| </body>
| </html>
Plugin ID:
112491
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
SSL/TLS Certificate Information
Synopsis:
SSL/TLS Certificate Information
Description:
This plugin displays information about the X.509 certificate extracted from the HTTPS connection.
Solution:
N/A
See Also:
N/A
Output:
Certificate 1
=============
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:b1:3e:96:02:36:4d:25:99:77:1e:f9:f2:f8:77:06
Signature Algorithm: ecdsa-with-SHA256
Issuer: C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-2
Validity
Not Before: Mar 21 00:00:00 2020 GMT
Not After : Oct 9 12:00:00 2020 GMT
Subject: C=US, ST=CA, L=San Francisco, O=Cloudflare, Inc., CN=sni.cloudflaressl.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:4a:a8:ff:71:6c:37:d3:13:39:42:0a:b9:0a:40:
ae:63:73:1e:d5:33:af:74:f4:13:24:45:e5:d4:d9:
98:03:bf:9f:57:4b:b4:37:06:fe:bc:9b:36:36:1d:
12:28:ec:77:d2:29:96:d8:26:d6:0a:bf:29:c6:6e:
8f:ed:59:18:41
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:3E:74:2D:1F:CF:45:75:04:7E:3F:C0:A2:87:3E:4C:43:83:51:13:C6
X509v3 Subject Key Identifier:

21:33:D1:A9:6E:DD:9D:CF:F7:73:39:E0:C0:62:B7:D3:AC:F2:0D:94
X509v3 Subject Alternative Name:
DNS:sni.cloudflaressl.com, DNS:bono.yomequedoencasa.pe
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/CloudFlareIncECCCA2.crl
Full Name:
URI:http://crl4.digicert.com/CloudFlareIncECCCA2.crl
X509v3 Certificate Policies:

Policy: 2.16.840.1.114412.1.1
CPS: https://www.digicert.com/CPS
Policy: 2.23.140.1.2.2
Authority Information Access:

OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/CloudFlareIncECCCA-2.crt
X509v3 Basic Constraints: critical

CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1(0)
Log ID : B2:1E:05:CC:8B:A2:CD:8A:20:4E:87:66:F9:2B:B9:8A:
25:20:67:6B:DA:FA:70:E7:B2:49:53:2D:EF:8B:90:5E
Timestamp : Mar 21 02:35:24.998 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:6C:45:77:95:25:DD:23:BC:65:06:06:4D:
E3:99:42:F7:EF:45:D3:A6:80:1E:46:5B:79:11:7A:8B:
97:9B:C5:14:02:20:18:18:34:23:3F:91:61:49:EE:C7:
69:01:40:F9:E4:17:A3:CD:67:88:2C:52:ED:01:4B:19:
CC:78:2E:6C:03:D7
Signed Certificate Timestamp:
Version : v1(0)
Log ID : F0:95:A4:59:F2:00:D1:82:40:10:2D:2F:93:88:8E:AD:
4B:FE:1D:47:E3:99:E1:D0:34:A6:B0:A8:AA:8E:B2:73
Timestamp : Mar 21 02:35:25.086 2020 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:62:9F:DC:94:73:93:7C:A5:CB:DA:46:04:
92:21:76:6C:99:F4:B6:61:AE:7F:48:79:9D:9D:76:71:
57:89:77:E8:02:20:0A:B2:37:99:C9:72:97:93:CC:DD:
1A:3A:E8:2C:04:7E:AD:35:A7:29:E9:11:51:F3:E4:25:
93:F0:94:A9:D2:06
Signature Algorithm: ecdsa-with-SHA256
30:45:02:21:00:93:7d:49:55:15:91:73:fc:2c:96:21:cc:d1:
0f:f8:38:09:b3:a3:15:9a:fb:c7:72:0e:fb:9b:f4:22:30:cc:
e8:02:20:14:82:9a:7c:1a:eb:2f:cd:09:50:74:df:5f:00:ca:
93:75:72:b1:1e:de:73:41:62:7b:33:dc:59:41:73:13:95
Certificate 2
=============
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0f:f3:e6:16:39:aa:3d:1a:12:65:f4:1f:8b:34:e5:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
Validity
Not Before: Oct 14 12:00:00 2015 GMT
Not After : Oct 9 12:00:00 2020 GMT
Subject: C=US, ST=CA, L=San Francisco, O=CloudFlare, Inc., CN=CloudFlare Inc ECC CA-
2
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d1:56:f4:9c:b6:e4:31:a0:f5:a4:52:cf:e3:9a:
7a:86:ff:f2:86:b2:5e:cc:b5:59:cc:11:c7:4e:dd:
64:fd:55:9c:60:e3:a0:4b:d9:78:54:ff:48:50:ba:
a2:e1:a1:58:75:8f:c7:60:37:44:16:4d:55:99:ec:
ee:d4:33:7a:23
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/Omniroot2025.crl
X509v3 Certificate Policies:

Policy: X509v3 Any Policy
CPS: https://www.digicert.com/CPS
X509v3 Subject Key Identifier:

3E:74:2D:1F:CF:45:75:04:7E:3F:C0:A2:87:3E:4C:43:83:51:13:C6
X509v3 Authority Key Identifier:
keyid:E5:9D:59:30:82:47:58:CC:AC:FA:08:54:36:86:7B:3A:B5:04:4D:F0
Signature Algorithm: sha256WithRSAEncryption

38:5f:a7:ff:fc:85:f2:73:32:e4:d5:a3:89:99:96:60:af:32:
c1:03:b3:65:df:be:1e:03:ca:a5:ed:85:b2:8f:af:4b:8c:73:
8f:2a:8c:a9:00:0e:01:24:17:f7:ec:52:85:76:c8:e5:1c:79:
ca:c3:17:87:50:b6:04:33:36:9e:2a:9e:18:17:96:32:12:af:
43:cc:57:18:de:db:c7:d8:88:25:83:e5:ca:06:25:31:fd:bd:
5d:48:3b:51:01:dd:2c:14:c7:c1:60:51:e9:95:01:d8:b2:33:
56:0e:47:66:8d:6c:cd:af:f9:85:d9:eb:1c:47:47:88:34:e8:
f0:fa:c2:ab:4f:69:4e:09:59:d4:57:c6:cc:c1:c8:e3:e6:19:
c1:58:38:52:e2:e2:83:85:de:22:34:dc:3f:a6:f7:af:24:bc:
e0:6f:c0:ab:68:2d:52:c7:6b:05:57:2c:42:1b:2d:48:87:03:
0c:90:ab:48:48:a9:28:be:34:8a:fb:ba:ed:f4:60:99:1d:15:
78:11:aa:d9:6d:53:7f:69:28:bc:b7:6b:20:76:7f:a0:55:03:
71:79:f5:67:a7:b0:a0:0a:17:57:b2:00:a9:ad:cf:ff:67:8c:
3e:26:e5:a7:24:bc:c2:6f:10:e8:89:c6:70:a5:d2:1f:80:ed:
0d:3f:27:13
Plugin ID:
115540
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named 'PHPSESSID' that does not set
the SameSite cookie flag correctly.
Plugin ID:
98590
CVE:
N/A
CVSS:
4.3
RiskFactor:
Medium
Host:
Protocol:
TCP
Port:
443
Plugin Name:
jQuery < 3.4.0 Prototype Pollution
Synopsis:
jQuery < 3.4.0 Prototype Pollution
Description:
According to its self-reported version number, jQuery is prior to 3.4.0. Therefore, it may be
affected by a prototype pollution vulnerability due to 'extend' function that can be tricked into
modifying the prototype of 'Object
'.
Solution:
Upgrade to jQuery version 3.4.0 or later.
See Also:
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
Output:
Plugin ID:
98072
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Common Directories Detection
Synopsis:
Common Directories Detection
Description:
Scanner has detected a common directory on the remote web server.
Web applications are often made up of multiple files and directories. It is possible that over time
some directories may become unreferenced (unused) by the web application and forgotten about
by the administrator or developer. Because web applications are built using common frameworks,
they contain common directories that can be discovered (independent of server).
During the initial reconnaissance stages of an attack, cyber-criminals will attempt to locate
unreferenced directories in the hope that the directory will assist in further compromise of the web
application. To achieve this, they will make thousands of requests using word lists containing
common names. The response headers from the server will then indicate if the directory exists.
Solution:
If directories are unreferenced, then they should be removed from the web root and/or the
application directory.
Preventing access without authentication may also be an option and can stop a client from
being able to view the contents of a file; however, it is still likely that the directory structure will be
able to be discovered.
Using obscure directory names is implementing 'security through obscurity' and is not a
recommended option.
See Also:
https://www.owasp.org/index.php/Forced_browsing
Output:
URL
-----
Detection Information
-----------------------
Input Type : server
Proof
-------
HTTP/1.1 301 Moved Permanently
Request
---------
GET /WEB/images HTTP/1.1

| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=UrQZdE+y3c9Bifcd1dV
Lk1wJDIjbqBCZM+w7UhOvwm5SYsPLdKuzzSqeYaPPon1+YidYMmK8bad1P8NTzXF8BSHbCQ
SciDQXntmqTDX7qp6gpSUqWs2fjah36Bc7;AWSALBCORS=UrQZdE+y3c9Bifcd1dVLk1wJDIjbq
BCZM+w7UhOvwm5SYsPLdKuzzSqeYaPPon1+YidYMmK8bad1P8NTzXF8BSHbCQSciDQXntm
qTDX7qp6gpSUqWs2fjah36Bc7;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUb
t3yx6qQGS5nXtfQZ4fVXchhA6cdmPMbJdH7BA;_gat=1;_gid=GA1.2.533059777.1584890516;_ga
=GA1.2.2119926822.1584890516
Response
----------
HTTP/1.1 301 Moved Permanently

| Date: Sun, 22 Mar 2020 15:22:38 GMT
| Content-Type: text/html; charset=iso-8859-1
| Set-Cookie:
AWSALB=QUHbJzQtozhsu0y7r/UhzbsPaD9DJMVsEO9vL+nnSTx5YuAnLfJ7bxzP4qK/EY/L3vkN
nViPVCPh0nqQy75gjEN9NJkHQn7lBdudMXKtp5BSAtT8qwEc0v45xoeV; Expires=Sun, 29 Mar
2020 15:22:38 GMT; Path=/
| Set-Cookie:
AWSALBCORS=QUHbJzQtozhsu0y7r/UhzbsPaD9DJMVsEO9vL+nnSTx5YuAnLfJ7bxzP4qK/EY/
L3vkNnViPVCPh0nqQy75gjEN9NJkHQn7lBdudMXKtp5BSAtT8qwEc0v45xoeV; Expires=Sun, 29
Mar 2020 15:22:38 GMT; Path=/; SameSite=None; Secure
| Location: http://bono.yomequedoencasa.pe/WEB/images/
| CF-Cache-Status: DYNAMIC
| CF-RAY: 5780e8c2f9ab3de8-PRG
|
| HTTP/1.1 301 Moved Permanently
| Date: Sun, 22 Mar 2020 15:22:38 GMT
| Location: https://bono.yomequedoencasa.pe/WEB/
| CF-RAY: 5780e8c65ca47bca-PRG
|
| HTTP/1.1 200 OK
| Date: Sun, 22 Mar 2020 15:22:38 GMT
| Content-Type: text/html; charset=utf-8
| Set-Cookie:
AWSALB=UAqFxKPBtxa4yXx8E4wByLCtV1olEUdI8+fZ5gtaufJvoMnAh9DnGaXr4iA9RxC6DlcuJe
D9rrQoalfwbjcBDv+Z4BVVochWNn4jskYyLeB7/rWqCE6wJzbRW7qh; Expires=Sun, 29 Mar 2020
15:22:38 GMT; Path=/
| Set-Cookie:
AWSALBCORS=UAqFxKPBtxa4yXx8E4wByLCtV1olEUdI8+fZ5gtaufJvoMnAh9DnGaXr4iA9RxC6
DlcuJeD9rrQoalfwbjcBDv+Z4BVVochWNn4jskYyLeB7/rWqCE6wJzbRW7qh; Expires=Sun, 29
| Expires: Thu, 19 Nov 1981 08:52:00 GMT
| Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
| Pragma: no-cache
| X-XSS-Protection: 1;mode=block
| CF-RAY: 5780e8c68bcb3de8-PRG
|
| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" lang="es">
|
| <head>
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><script
type="text/javascript">(window.NREUM||(NREUM={})).loader_config={licenseKey:"NRJS-
4cd16aca84d2c3c139a",applicationID:"614428541"};window.NREUM||(NREUM={}),__nr_require=f
unction(e,n,t){function r(t){if(!n[t]){var i=n[t]={exports:{}};e[t][0].call(i.exports,function(n){var
i=e[t][1][n];return r(i||n)},i,i.exports)}return n[t].exports}if("function"==typeof __nr_require)return
__nr_require;for(var i=0;i<t.length;i++)r(t[i]);return r}({1:[function(e,n,t){function r(){}function
i(e,n,t){return function(){return o(e,[u.now()].concat(f(arguments)),n?null:this,t),n?void 0:this}}var
o=e("handle"),a=e(4),f=e(5),c=e("ee").get("tracer"),u=e("loader"),s=NREUM;"undefined"==typeof
window.newrelic&&(newrelic=s);var
p=["setPageViewName","setCustomAttribute","setErrorHandler","finished","addToTrace","inlineHit"
,"addRelease"],l="api-",d=l+"ixn-
";a(p,function(e,n){s[n]=i(l+n,!0,"api")}),s.addPageAction=i(l+"addPageAction",!0),s.setCurrentRout
eName=i(l+"routeName",!0),n.exports=newrelic,s.interaction=function(){return(new r).get()};var
m=r.prototype={createTracer:function(e,n){var t={},r=this,i="function"==typeof n;return
o(d+"tracer",[u.now(),e,t],r),function(){if(c.emit((i?"":"no-")+"fn-start",[u.now(),r,i],t),i)try{return
n.apply(this,arguments)}catch(e){throw c.emit("fn-err",[arguments,this,e],t),e}finally{c.emit("fn-
end",[u.now()],t)}}}};a("actionText,setName,setAttribute,save,ignore,onEnd,getContext,end,get".spl
it(","),function(e,n){m[n]=i(d+n)}),newrelic.noticeError=function(e,n){"string"==typeof e&&(e=new
Error(e)),o("err",[e,u.now(),!1,n])}},{}],2:[function(e,n,t){function r(e,n){var
t=e.getEntries();t.forEach(function(e){"first-
paint"===e.name?c("timing",["fp",Math.floor(e.startTime)]):"first-contentful-
paint"===e.name&&c("timing",["fcp",Math.floor(e.startTime)])})}function i(e,n){var
t=e.getEntries();t.length>0&&c("lcp",[t[t.length-1]])}function o(e){if(e instanceof s&&!l){var
n,t=Math.round(e.timeStamp);n=t>1e12?Date.now()-t:u.now()-
t,l=!0,c("timing",["fi",t,{type:e.type,fid:n}])}}if(!("init"in NREUM&&"page_view_timing"in
NREUM.init&&"enabled"in
NREUM.init.page_view_timing&&NREUM.init.page_view_timing.enabled===!1)){var
a,f,c=e("handle"),u=e("loader"),s=NREUM.o.EV;if("PerformanceObserver"in
window&&"function"==typeof window.PerformanceObserver){a=new
PerformanceObserver(r),f=new
PerformanceObserver(i);try{a.observe({entryTypes:["paint"]}),f.observe({entryTypes:["largest-
contentful-paint"]})}catch(p){}}if("addEventListener"in document){var
l=!1,d=["click","keydown","mousedown","pointerdown","touchstart...
Plugin ID:
98063
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named '_gid' that does not set the
HttpOnly flag.
Plugin ID:
98064
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
sent in clear text.
Solution:
`secure` flag set.
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned cookie '_ga' without the Secure flag set.
Plugin ID:
98138
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Screenshot
Synopsis:
Screenshot
Description:
Screenshot of the target web page, see attached image. This screenshot should show you the
target page we are launching the scan against.
If the image is not of the intended target page, please check the provided url in the scan
configuration.
Solution:
N/A
See Also:
N/A
Output:
WAS Scanner has taken a screenshot of the page at url 'https://bono.yomequedoencasa.pe/WEB/'
with dimensions 1600x1200.
Please see the attachment for the screenshot image.
Plugin ID:
98056
CVE:
N/A
CVSS:
5.8
RiskFactor:
Medium
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Missing HTTP Strict Transport Security Policy
Synopsis:
Missing HTTP Strict Transport Security Policy
Description:
The HTTP protocol by itself is clear text, meaning that any data that is
transmitted via HTTP can be captured and the contents viewed. To keep data
private and prevent it from being intercepted, HTTP is often tunnelled through
either Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
When either of these encryption standards are used, it is referred to as HTTPS.
HTTP Strict Transport Security (HSTS) is an optional response header that can be
configured on the server to instruct the browser to only communicate via HTTPS.
This will be enforced by the browser even if the user requests a HTTP resource
on the same server.
Cyber-criminals will often attempt to compromise sensitive information passed

from the client to the server using HTTP. This can be conducted via various
Man-in-The-Middle (MiTM) attacks or through network packet captures.
Scanner discovered that the affected application is using HTTPS however does not
use the HSTS header.
Solution:
Depending on the framework being used the implementation methods will vary, however it is
advised that the `Strict-Transport-Security` header be configured on the server.
One of the options for this header is `max-age`, which is a representation (in milliseconds)
determining the time in which the client's browser will adhere to the header policy.
Depending on the environment and the application this time period could be from as low as
minutes to as long as days.
See Also:
https://tools.ietf.org/html/rfc6797
Output:
The scanner did not find any Strict-Transport-Security header in the response returned by the
target when querying URL 'https://bono.yomequedoencasa.pe/WEB/':
HTTP/1.1 200 OK
Date: Sun, 22 Mar 2020 15:21:53 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie:
AWSALB=vsoGeaRTi0EbBmPvtUcb2RaZNBvsulDG+aRcXsUunFhA/cWfGbcebTGwSYMbFldz/nl
HivXW3BiUMWrR8hF+9/wJvr4xIiYvYNlvBy01QVHuebJNXNEtppPfb+gU; Expires=Sun, 29 Mar
2020 15:21:53 GMT; Path=/
Set-Cookie:
AWSALBCORS=vsoGeaRTi0EbBmPvtUcb2RaZNBvsulDG+aRcXsUunFhA/cWfGbcebTGwSYMb
Fldz/nlHivXW3BiUMWrR8hF+9/wJvr4xIiYvYNlvBy01QVHuebJNXNEtppPfb+gU; Expires=Sun, 29
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1;mode=block
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-
ct"
Server: cloudflare
CF-RAY: 5780e7a7fd2ec769-AMS
Content-Encoding: gzip
Plugin ID:
98063
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named 'AWSALBCORS' that does not
set the HttpOnly flag.
Plugin ID:
98019
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Network Timeout Encountered
Synopsis:
Network Timeout Encountered
Description:
Provides a report of network timeouts encountered during the scan, showing URLs and the
number of timeouts for each URL.
Note that assessment will stop on any URLs in timeout state, and timeouts may increase
significantly the overal duration of the scan.
Solution:
Check your web application logs and verify that it is functioning as expected and can handle
significant amounts of traffic generated by the scanner.
Additionally, the scan policy may be edited to optimize the performance settings.
See Also:
N/A
Output:
5 timeouts encountered for URL
'https://bono.yomequedoencasa.pe/WEB/default/index/validate?documento=792&fecha=00/00/00
00&sessionToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODQ4OTA1MzksIm
V4cCI6MTU4NDg5MDYxOSwiZGF0YSI6W119.V0Xumfw4BN-
utW8NfuupGt3BGbub9SZvDgGTAl2IiWk&captcha=NESS'
5 timeouts encountered for URL
'https://bono.yomequedoencasa.pe/WEB/default/index/validate?documento=&fecha=00/00/0000&
sessionToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODQ4OTA2MDUsImV4
cCI6MTU4NDg5MDY4NSwiZGF0YSI6W119.Hqv6n2i0-rlpyonH2dBcjAqes_CBIUa-
rW84oQt4OIU&captcha='
7 timeouts encountered for URL 'https://bono.yomequedoencasa.pe/console/login/LoginForm.jsp'
1 timeouts encountered for URL 'https://bono.yomequedoencasa.pe/WEB/'
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/WEB/.git/config
Proof
-------
Request
---------
GET /WEB/.git/config HTTP/1.1

| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=AB/VZqsCG0aVCiWCk
04tmExxX5sulWr0/6YavoubfXkL3TIfX1eFxF80oPW6D3adwMAye1ybeC2nhHKPO06s+Wmr7wQ
Y8hRyMOhzUJH/xVCGvh9wg5F0/lUV21oN;AWSALBCORS=AB/VZqsCG0aVCiWCk04tmExxX5s
ulWr0/6YavoubfXkL3TIfX1eFxF80oPW6D3adwMAye1ybeC2nhHKPO06s+Wmr7wQY8hRyMOhz
UJH/xVCGvh9wg5F0/lUV21oN;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt
3yx6qQGS5nXtfQZ4fVXchhA6cdmPMbJdH7BA;_gat=1;_gid=GA1.2.533059777.1584890516;_ga
=GA1.2.2119926822.1584890516
Response
----------

| Date: Sun, 22 Mar 2020 15:22:13 GMT
| CF-RAY: 5780e82879adc84f-AMS
|
| <head>
0RTveTvetuGuXXzMElxsWQRwA+270jiyeov...
Plugin ID:
112530
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
SSL/TLS Versions Supported
Synopsis:
SSL/TLS Versions Supported
Description:
This plugin displays information about the SSL/TLS versions supported by remote server for
HTTPS connection.
Solution:
N/A
See Also:
N/A
Output:
Protocol Supported
---------------------
SSLv2 No
SSLv3 No
TLS 1.0 Yes
TLS 1.1 Yes
TLS 1.2 Yes
Plugin ID:
112546
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
TLS 1.1 Deprecated Protocol
Synopsis:
TLS 1.1 Deprecated Protocol
Description:
The remote server offers deprecated TLS 1.1 protocol.
Solution:
Reconfigure the affected application, if possible to avoid the use of deprecated TLS 1.1 protocol
versions and enable TLS 1.2 or later.
See Also:
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
Output:
Protocol Supported
---------------------
TLS 1.1 Yes
Plugin ID:
115540
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named '_gid' that does not set the
SameSite cookie flag correctly.
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/
Proof
-------
Request
---------
GET / HTTP/1.1
| User-Agent: ";print 28763*4196403;#
| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=1voVsAJznkq213lX0y5
Usw1aGEBel7oZOwQLQobBAeDYUW1YiUIJO3rozgEEiNWaQN0uB9QJ6Atch5AO8E4Ttv5kzcz/y
efOUhI69JbkFJGrfLcnEOqzln1PK+NV;AWSALBCORS=1voVsAJznkq213lX0y5Usw1aGEBel7oZ
OwQLQobBAeDYUW1YiUIJO3rozgEEiNWaQN0uB9QJ6Atch5AO8E4Ttv5kzcz/yefOUhI69JbkFJG
rfLcnEOqzln1PK+NV;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3yx6qQG
S5nXtfQZ4fVXchhA6cdmPMbJdH7BA;_gid=GA1.2.533059777.1584890516;_ga=GA1.2.2119926
822.1584890516
Response
----------

| Date: Sun, 22 Mar 2020 15:48:30 GMT
| CF-RAY: 57810eaa8d997b94-PRG
|
| <head>
0RTveTvetuGu...
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/CriOS/.test
Proof
-------
Request
---------
GET /CriOS/.test HTTP/1.1

| User-Agent: ";print 28763*4196403;#
| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=z65rGAVq3steMWUBpt
zGHhznA4CZSQtEui6rAyPUPV4NrVCrH9VUpBl7QWjmmiLYQSV5szeLzma/DT4uKR3Ic4CnOgkl
0/oIXtnsKocPSbOZBJ0qVpYOCKtEu+YD;AWSALBCORS=z65rGAVq3steMWUBptzGHhznA4CZ
SQtEui6rAyPUPV4NrVCrH9VUpBl7QWjmmiLYQSV5szeLzma/DT4uKR3Ic4CnOgkl0/oIXtnsKocP
SbOZBJ0qVpYOCKtEu+YD;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3yx
6qQGS5nXtfQZ4fVXchhA6cdmPMbJdH7BA;_gid=GA1.2.533059777.1584890516;_ga=GA1.2.21
19926822.1584890516
Response
----------

| Date: Sun, 22 Mar 2020 15:53:08 GMT
| CF-RAY: 578115735cc9d911-AMS
|
| <head>
0RTveTvetuGu...
Plugin ID:
98009
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Web Application Sitemap
Synopsis:
Web Application Sitemap
Description:
Publishes the sitemap of the web application as seen by the scan.
Solution:
N/A
See Also:
N/A
Output:
The scan has discovered 41 distinct URLs, 6 of which are in the target scope.
From these 6 URLs, 28 have been effectively crawled and 0 led to an error:
- 3 with error "Timeout was reached"
Response times ranged between 0.013628s and 0.753288s.
Here is the distribution of URL types for this web application:

- 5 as "text/html"
- 2 as "image/png"
- 10 as "text/css"
- 8 as "application/javascript"
- 1 as "image/gif"
- 1 as "text/javascript"
You can access the complete list of URLs with the information collected by the scan as an
attachment to this plugin.
Plugin ID:
98064
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
sent in clear text.
Solution:
`secure` flag set.
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned cookie '__cfduid' without the Secure flag set.
Plugin ID:
98064
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
sent in clear text.
Solution:
`secure` flag set.
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned cookie '__cflb' without the Secure flag set.
Plugin ID:
112529
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Missing 'X-Content-Type-Options' Header
Synopsis:
Missing 'X-Content-Type-Options' Header
Description:
The HTTP 'X-Content-Type-Options' response header prevents the browser from MIME-sniffing a
response away from the declared content-type.
The server did not return a correct 'X-Content-Type-Options' header, which means that this
website could be at risk of a Cross-Site Scripting (XSS) attack.
Solution:
Configure your web server to include an 'X-Content-Type-Options' header with a value of 'nosniff'.
See Also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
Output:
URL
-----
Proof
-------
HTTP/1.1 200 OK
Request
---------
GET /WEB/ HTTP/1.1

| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=6E2qxa8i6tgGQjl0tyJ+B
Ln+GiiFpd+MW9DhYmdaX1ovLHlQwHVTswkUfOme0Vzt8GPxhh7pdsJxSpzHAUVr12V10UA2W
TjBXIA6uT1noZ91W0dLC+OmApyE7qRK;AWSALBCORS=6E2qxa8i6tgGQjl0tyJ+BLn+GiiFpd+M
W9DhYmdaX1ovLHlQwHVTswkUfOme0Vzt8GPxhh7pdsJxSpzHAUVr12V10UA2WTjBXIA6uT1no
Z91W0dLC+OmApyE7qRK;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3yx
6qQGS5nXtfQZ4fVXchhA6cdmPMbJdH7BA
Response
----------
HTTP/1.1 200 OK
| Date: Sun, 22 Mar 2020 15:21:53 GMT
| Set-Cookie:
AWSALB=vsoGeaRTi0EbBmPvtUcb2RaZNBvsulDG+aRcXsUunFhA/cWfGbcebTGwSYMbFldz/nl
HivXW3BiUMWrR8hF+9/wJvr4xIiYvYNlvBy01QVHuebJNXNEtppPfb+gU; Expires=Sun, 29 Mar
2020 15:21:53 GMT; Path=/
| Set-Cookie:
AWSALBCORS=vsoGeaRTi0EbBmPvtUcb2RaZNBvsulDG+aRcXsUunFhA/cWfGbcebTGwSYMb
Fldz/nlHivXW3BiUMWrR8hF+9/wJvr4xIiYvYNlvBy01QVHuebJNXNEtppPfb+gU; Expires=Sun, 29
| Pragma: no-cache
| CF-RAY: 5780e7a7fd2ec769-AMS
|
|
| <head>
type="text/javascript">(window.NREUM||(NREUM={})).loader_config={licenseKey:"NRJS-
unction(e,n,t){function r(t){if(!n[t]){var i=n[t]={exports:{}};e[t][0].call(i.exports,function(n){var
i=e[t][1][n];return r(i||n)},i,i.exports)}return n[t].exports}if("function"==typeof __nr_require)return
__nr_require;for(var i=0;i<t.length;i++)r(t[i]);return r}({1:[function(e,n,t){function r(){}function
i(e,n,t){return function(){return o(e,[u.now()].concat(f(arguments)),n?null:this,t),n?void 0:this}}var
o=e("handle"),a=e(4),f=e(5),c=e("ee").get("tracer"),u=e("loader"),s=NREUM;"undefined"==typeof
window.newrelic&&(newrelic=s);var
p=["setPageViewName","setCustomAttribute","setErrorHandler","finished","addToTrace","inlineHit"
,"addRelease"],l="api-",d=l+"ixn-
";a(p,function(e,n){s[n]=i(l+n,!0,"api")}),s.addPageAction=i(l+"addPageAction",!0),s.setCurrentRout
eName=i(l+"routeName",!0),n.exports=newrelic,s.interaction=function(){return(new r).get()};var
m=r.prototype={createTracer:function(e,n){var t={},r=this,i="function"==typeof n;return
o(d+"tracer",[u.now(),e,t],r),function(){if(c.emit((i?"":"no-")+"fn-start",[u.now(),r,i],t),i)try{return
n.apply(this,arguments)}catch(e){throw c.emit("fn-err",[arguments,this,e],t),e}finally{c.emit("fn-
end",[u.now()],t)}}}};a("actionText,setName,setAttribute,save,ignore,onEnd,getContext,end,get".spl
it(","),function(e,n){m[n]=i(d+n)}),newrelic.noticeError=function(e,n){"string"==typeof e&&(e=new
Error(e)),o("err",[e,u.now(),!1,n])}},{}],2:[function(e,n,t){function r(e,n){var
t=e.getEntries();t.forEach(function(e){"first-
paint"===e.name?c("timing",["fp",Math.floor(e.startTime)]):"first-contentful-
paint"===e.name&&c("timing",["fcp",Math.floor(e.startTime)])})}function i(e,n){var
t=e.getEntries();t.length>0&&c("lcp",[t[t.length-1]])}function o(e){if(e instanceof s&&!l){var
n,t=Math.round(e.timeStamp);n=t>1e12?Date.now()-t:u.now()-
t,l=!0,c("timing",["fi",t,{type:e.type,fid:n}])}}if(!("init"in NREUM&&"page_view_timing"in
NREUM.init&&"enabled"in
NREUM.init.page_view_timing&&NREUM.init.page_view_timing.enabled===!1)){var
a,f,c=e("handle"),u=e("loader"),s=NREUM.o.EV;if("PerformanceObserver"in
window&&"function"==typeof window.PerformanceObserver){a=new
PerformanceObserver(r),f=new
PerformanceObserver(i);try{a.observe({entryTypes:["paint"]}),f.observe({entryTypes:["largest-
contentful-paint"]})}catch(p){}}if("addEventListener"in document){var
l=!1,d=["click","keydown","mousedown","pointerdown","touchstart"];d.forEach(function(e){documen
t.addEventListener(e,o,!1)})}}},{}],3:[function(e,n,t){function
r(e,n){if(!i)return!1;if(e!==i)return!1;if(!n)return!0;if(!o)return!1;for(var
t=o.split("."),r=n.split("."),a=0;a<r.length;a++)if(r[a]!==t[a])return!1;return!0}var
i=null,o=null,a=/Version\/(\S+)\s+Safari/;if(navigator.userAgent){var
f=navigator.userAgent,c=f.match(a);c&&f.indexOf("Chrome")===-1&&f.indexOf("Chromium")===-
1&&(i="Safari",o=c[1])}n.exports={agent:i,version:o,match:r}},{}],4:[function(e,n,t){function
r(e,n){var t=[],r="",o=0;for(r in e)i.call(e,r)&&(t[o]=n(r,e[r]),o+=1);return t}var
i=Object.prototype.hasOwnProperty;n.exports=r},{}],5:[function(e,n,t){function
r(e,n,t){n||(n=0),"undefined"==typeof t&&(t=e?e.length:0);for(var r=-1,i=t-
n||0,o=Array(i<0?0:i);++r<i;)o[r]=e[n+r];return
o}n.exports=r},{}],6:[function(e,n,t){n.exports={exists:"undefined"!=typeof
window.performance&&window.performance.timing&&"undefined"!=typeof
window.performance.timing.navigationStart}},{}],ee:[function(e,n,t){function r(){}function
i(e){function n(e){return e&&e instanceof r?e:e?c(e,f,o):o()}function t(t,r,i,o){if(!l.ab...
Plugin ID:
112496
CVE:
N/A
CVSS:
6.1
RiskFactor:
Medium
Host:
Protocol:
TCP
Port:
443
Plugin Name:
TLS 1.0 Weak Protocol
Synopsis:
TLS 1.0 Weak Protocol
Description:
The remote server offers deprecated TLS 1.0 protocol which can lead to weaknesses.
Solution:
Reconfigure the affected application, if possible to avoid the use of deprecated TLS 1.0 protocol.
See Also:
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
Output:
Protocol Supported
---------------------
TLS 1.0 Yes
Plugin ID:
115491
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
SSL/TLS Cipher Suites Supported
Synopsis:
SSL/TLS Cipher Suites Supported
Description:
This plugin displays supported SSL/TLS cipher suites.
Solution:
N/A
See Also:
N/A
Output:
Protocol Cipher Suite Name (RFC) OpenSSL Name Encryption
KeyExchange Bits
------------------------------------------------------------------------------------------------------------------------------
TLS1.0 TLS_RSA_WITH_3DES_EDE_CBC_SHA DES-CBC3-SHA
3DES RSA 168
TLS1.0 TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA AES
RSA 128
RSA 256
TLS1.0 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ECDHE-RSA-AES128-SHA
AES ECDH 128
AES ECDH 256
RSA 128
RSA 256
AES ECDH 128
AES ECDH 256
RSA 128
RSA 256
TLS1.2 TLS_RSA_WITH_AES_128_CBC_SHA256 AES128-SHA256
AES RSA 128
TLS1.2 TLS_RSA_WITH_AES_256_CBC_SHA256 AES256-SHA256
AES RSA 256
TLS1.2 TLS_RSA_WITH_AES_128_GCM_SHA256 AES128-GCM-SHA256
AESGCM RSA 128
TLS1.2 TLS_RSA_WITH_AES_256_GCM_SHA384 AES256-GCM-SHA384
AESGCM RSA 256
AES ECDH 128
AES ECDH 256
TLS1.2 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ECDHE-ECDSA-AES128-
SHA256 AES ECDH 128
TLS1.2 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ECDHE-ECDSA-AES256-
SHA384 AES ECDH 256
TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 ECDHE-RSA-AES128-
SHA256 AES ECDH 128
TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 ECDHE-RSA-AES256-
SHA384 AES ECDH 256
TLS1.2 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 ECDHE-ECDSA-AES128-
GCM-SHA256 AESGCM ECDH 128
TLS1.2 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ECDHE-ECDSA-AES256-
GCM-SHA384 AESGCM ECDH 256
TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ECDHE-RSA-AES128-GCM-
SHA256 AESGCM ECDH 128
TLS1.2 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ECDHE-RSA-AES256-GCM-
SHA384 AESGCM ECDH 256
Plugin ID:
98393
CVE:
N/A
CVSS:
4.3
RiskFactor:
Medium
Host:
Protocol:
TCP
Port:
443
Plugin Name:
jQuery UI < 1.12.0 Cross-Site Scripting
Synopsis:
jQuery UI < 1.12.0 Cross-Site Scripting
Description:
According to its self-reported version number, jQuery UI is prior to 1.12.0. Therefore, it may be
affected by a cross-site scripting vulnerability due to improper escaping of the closeText property.
Solution:
Upgrade to jQuery UI version 1.12.0 or later.
See Also:
https://github.com/jquery/api.jqueryui.com/issues/281
Output:
Plugin ID:
98119
CVE:
N/A
CVSS:
7.5
RiskFactor:
High
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Blind NoSQL Injection (differential analysis)
Synopsis:
Blind NoSQL Injection (differential analysis)
Description:
A NoSQL injection occurs when a value originating from the client's request is
used within a NoSQL call without prior sanitisation.
This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data,
or use the additional functionality of the database server to take control of
further server components.
Scanner discovered that the affected page and parameter are vulnerable. This
injection was detected as scanner was able to inject specific NoSQL queries that
if vulnerable result in the responses for each injection being different. This is
known as a blind NoSQL injection vulnerability.
Solution:
The most effective remediation against NoSQL injection attacks is to ensure that NoSQL API
calls are not constructed via string concatenation that includes unsanitized data.
Sanitization is best achieved using existing escaping libraries.
See Also:
https://www.owasp.org/index.php/Testing_for_NoSQL_injection
Output:
URL
-----
Detection Information
-----------------------
Input Type : cookie
Input Name : __cflb
Injected Payload : 1'||this'
Proof
-------
1'||this' for TRUE statement and 1'||!this' for FALSE statement
Request
---------
GET /WEB/ HTTP/1.1

| Cookie:
__cflb=1'||this';__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=Mg5lLAS
vSjtBszGzcNczgPhBRMWtEAkMneomH0y2IANp9gRz9DbpIXzwoQtRVimkRmvc4boKDo8t8RiiOB
r6Ub/ePN9yzfiNGbCh/PCxaCuGM3nFRPbT5aueN/eq;AWSALBCORS=Mg5lLASvSjtBszGzcNczg
PhBRMWtEAkMneomH0y2IANp9gRz9DbpIXzwoQtRVimkRmvc4boKDo8t8RiiOBr6Ub/ePN9yzfiN
GbCh/PCxaCuGM3nFRPbT5aueN/eq;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;_gid=GA1.2
.533059777.1584890516;_ga=GA1.2.2119926822.1584890516
Response
----------
HTTP/1.1 200 OK
| Date: Sun, 22 Mar 2020 15:25:52 GMT
| Set-Cookie:
AWSALB=4amIbTBQ2KFDJb+UUoO4BnCpe8mkW6qsbQ5I7QVvLtr0StACr6ZrFjfLUdW899qy7ln
ReHXL06UoKJ/7fy2w+5zZdpi9IZVhAQqICApe5mo6YQ+3KDgwmqGOFoRT; Expires=Sun, 29
Mar 2020 15:25:52 GMT; Path=/
| Pragma: no-cache
| Set-Cookie:
AWSALBCORS=4amIbTBQ2KFDJb+UUoO4BnCpe8mkW6qsbQ5I7QVvLtr0StACr6ZrFjfLUdW89
9qy7lnReHXL06UoKJ/7fy2w+5zZdpi9IZVhAQqICApe5mo6YQ+3KDgwmqGOFoRT; Expires=Sun,
29 Mar 2020 15:25:52 GMT; Path=/; SameSite=None; Secure
| Set-Cookie:
__cflb=025XxgSfaXvioNAMq8tTdGtBAjV5JJyDDcp1BBneYfLMXhdrrf1HKikiQ1FTCL19GdekwDTz
mF8PEN4vkTTB2L; SameSite=Lax; path=/; expires=Mon, 23-Mar-20 14:25:52 GMT; HttpOnly
| CF-RAY: 5780ed7e8a579ccf-AMS
|
|
| <head>
type="text/javascript">(window.NREUM||(NREUM={})).loader_config={xpid:"VgACWVJaChAGVV
BXAQADUlc=",licenseKey:"NRJS-
unction(t,n,e){function r(e){if(!n[e]){var o=n[e]={exports:{}};t[e][0].call(o.exports,function(n){var
o=t[e][1][n];return r(o||n)},o,o.exports)}return n[e].exports}if("function"==typeof __nr_require)return
__nr_require;for(var o=0;o<e.length;o++)r(e[o]);return r}({1:[function(t,n,e){function
r(t){try{s.console&&console.log(t)}catch(n){}}var
o,i=t("ee"),a=t(21),s={};try{o=localStorage.getItem("__nr_flags").split(","),console&&"function"==typ
eof console.log&&(s.console=!0,o.indexOf("dev")!==-1&&(s.dev=!0),o.indexOf("nr_dev")!==-
1&&(s.nrDev=!0))}catch(c){}s.nrDev&&i.on("internal-error",function(t){r(t.stack)}),s.dev&&i.on("fn-
err",function(t,n,e){r(e.stack)}),s.dev&&(r("NR AGENT IN DEVELOPMENT MODE"),r("flags:
"+a(s,function(t,n){return t}).join(", ")))},{}],2:[function(t,n,e){function r(t,n,e,r,s){try{p?p-=1:o(s||new
UncaughtException(t,n,e),!0)}catch(f){try{i("ierr",[f,c.now(),!0])}catch(d){}}return"function"==typeof
u&&u.apply(this,a(arguments))}function UncaughtException(t,n,e){this.message=t||"Uncaught
error with no additional information",this.sourceURL=n,this.line=e}function o(t,n){var
e=n?null:c.now();i("err",[t,e])}var
i=t("handle"),a=t(22),s=t("ee"),c=t("loader"),f=t("gos"),u=window.onerror,d=!1,l="nr@seenError",p=
0;c.features.err=!0,t(1),window.onerror=r;try{throw new Error}catch(h){"stack"in
h&&(t(9),t(8),"addEventListener"in window&&t(5),c.xhrWrappable&&t(10),d=!0)}s.on("fn-
start",function(t,n,e){d&&(p+=1)}),s.on("fn-
err",function(t,n,e){d&&!e[l]&&(f(e,l,function(){return!0}),this.thrown=!0,o(e))}),s.on("fn-
end",function(){d&&!this.thrown&&p>0&&(p-=1)}),s.on("internal-
error",function(t){i("ierr",[t,c.now(),!0])})},{}],3:[function(t,n,e){t("loader").features.ins=!0},{}],4:[functi
on(t,n,e){function
r(t){}if(window.performance&&window.performance.timing&&window.performance.getEntriesByTy
pe){var
o=t("ee"),i=t("handle"),a=t(9),s=t(8),c="learResourceTimings",f="addEventListener",u="resourcetim
ingbufferfull",d="bstResource",l="resource",p="-start",h="-
end",m="fn"+p,w="fn"+h,v="bstTimer",g="pushState",y=t("loader");y.features.stn=!0,t(7),"addEvent
Listener"in window&&t(5);var x=NREUM.o.EV;o.on(m,function(t,n){var e=t[0];e instanceof
x&&(this.bstStart=y.now())}),o.on(w,function(t,n){var e=t[0];e instanceof
x&&i("bst",[e,n,this.bstStart,y.now()])}),a.on(m,function(t,n,e){this.bstStart=y.now(),this.bstType=e})
,a.on(w,function(t,n){i(v,[n,this.bstStart,y.now(),this.bstType])}),s.on(m,function(){this.bstStart=y.no
w()}),s.on(w,function(t,n){i(v,[n,this.bstStart,y.now(),"requestAnimationFrame"])}),o.on(g+p,function
(t){this.time=y.now(),this.startPath=location.pathname+location.hash}),o.on(g+h,function(t){i("bstHi
st",[location.pathname+location.hash,this.startPath,this.time])}),f in
window.performance&&(window.performance["c"+c]?window.performance[f](u,function(t){i(d,[wind
ow.performance.getEntriesByType(l)]),window.performance["c"+c]()},!1):window.performance[f]("w
ebkit"+u,function(t){i(d,[window.performance.getEntriesByType(l)]),window.performance["webkitC"
+c]()},!1)),document[f]("scroll",r,{passive:!0}),document[f]("keypress",r,!1),document[f]("click",r,!1)}},
{}],5:[function(t,n,e){function r(t){for(var
n=t;n&&!n.hasOwnProperty(u);)n=Object.getPrototypeOf(n);n&&o(n)}function
o(t){s.inPlace(t,[u,d],"-",i)}function i(t,n){retu...
Plugin ID:
98063
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named '_ga' that does not set the
HttpOnly flag.
Plugin ID:
98064
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
sent in clear text.
Solution:
`secure` flag set.
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned cookie '_gid' without the Secure flag set.
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/WEB/default/index/validate?documento=792&fecha=00/00/000
0&sessionToken=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODQ4OTA1MzksImV
4cCI6MTU4NDg5MDYxOSwiZGF0YSI6W119.V0Xumfw4BN-
utW8NfuupGt3BGbub9SZvDgGTAl2IiWk&captcha=NESS
Proof
-------
Request
---------
GET
/WEB/default/index/validate?documento=792&fecha=00/00/0000&sessionToken=eyJ0eXAiOiJKV
1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODQ4OTA1MzksImV4cCI6MTU4NDg5MDYxOSwiZGF
0YSI6W119.V0Xumfw4BN-utW8NfuupGt3BGbub9SZvDgGTAl2IiWk&captcha=NESS HTTP/1.1
| User-Agent: ";print 28763*4196403;#
| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=BxtYeYUAe+1wdH6GN
MtPF2iJpRWqAnDTKn9gEtNyWyejDMWPc8k7pQ3z/TAv8JpkzjK08pOp+vf2MdXYcWiJdIG0pR+D
aUhzgKSv1oZJFza/r/Ke8QiYIpg1ptfi;AWSALBCORS=BxtYeYUAe+1wdH6GNMtPF2iJpRWqAnD
TKn9gEtNyWyejDMWPc8k7pQ3z/TAv8JpkzjK08pOp+vf2MdXYcWiJdIG0pR+DaUhzgKSv1oZJFz
a/r/Ke8QiYIpg1ptfi;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3yx6qQGS5n
XtfQZ4fVXchhA6cdmPMbJdH7BA;_gid=GA1.2.533059777.1584890516;_ga=GA1.2.2119926822.
1584890516
Response
----------

| Date: Sun, 22 Mar 2020 15:31:12 GMT
| CF-RAY: 5780f5523b1ed92d-AMS
|
| <head>
0RTveTvetuGu...
Plugin ID:
112551
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Missing Content Security Policy
Synopsis:
Missing Content Security Policy
Description:
Content Security Policy (CSP) is a web security standard that helps to mitigate attacks like cross-
site scripting (XSS), clickjacking or mixed content issues.
CSP provides mechanisms to websites to restrict content that browsers will be allowed to load.
No CSP header has been detected on this host. This URL is flagged as an specific example.
Solution:
Configure Content Security Policy on your website by adding 'Content-Security-Policy' HTTP
header or meta tag http-equiv='Content-Security-Policy'.
See Also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
Output:
Plugin ID:
98618
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
HTTP Header Information Disclosure
Synopsis:
HTTP Header Information Disclosure
Description:
The HTTP headers sent by the remote web server disclose information that can aid an attacker,
such as the server version and technologies used by the web server.
Solution:
Modify the HTTP headers of the web server to not disclose detailed information about the
underlying web server.
See Also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Output:
The following header information disclosures have been detected on
https://bono.yomequedoencasa.pe/WEB/:
- Server: cloudflare
Plugin ID:
98527
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Missing Referrer Policy
Synopsis:
Missing Referrer Policy
Description:
Referrer Policy provides mechanisms to websites to restrict referrer information (sent in the referer
header) that browsers will be allowed to add.
No Referrer Policy header or metatag configuration has been detected.
Solution:
Configure Referrer Policy on your website by adding 'Referrer-Policy' HTTP header or meta tag
referrer in HTML.
See Also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Output:
No Referrer-Policy headers or body meta tags were found on
Plugin ID:
115540
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
See Also:
Output:
https://bono.yomequedoencasa.pe/WEB/ returned a cookie named 'AWSALB' that does not set
the SameSite cookie flag correctly.
Plugin ID:
112526
CVE:
N/A
CVSS:
2.6
RiskFactor:
Low
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Missing 'X-XSS-Protection' Header
Synopsis:
Missing 'X-XSS-Protection' Header
Description:
The HTTP 'X-XSS-Protection' response header is a feature of modern browsers that allows
websites to control their XSS auditors.
The server is not configured to return a 'X-XSS-Protection' header which means that any pages on
this website could be at risk of a Cross-Site Scripting (XSS) attack. This URL is flagged as an
specific example.
Solution:
Configure your web server to include an 'X-XSS-Protection' header with a value of '1; mode=block'
on all pages.
See Also:
https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xxxsp
Output:
URL
-----
https://bono.yomequedoencasa.pe/console/login/LoginForm.jsp
Proof
-------
HTTP/1.1 404 Not Found
Request
---------
GET /console/login/LoginForm.jsp HTTP/1.1

| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=GmIGAzMmQNHQFL27
e8+mrCXscU/Sq7gYaDHIxcCXPCclYApNkOZP3aiZdtBI2PoWVXkvJOaqZq0lSBSWQTPIAa2Girm
ZUDmiV/drGEOjOALYAX3gNRqoYqgVevjT;AWSALBCORS=GmIGAzMmQNHQFL27e8+mrCXsc
U/Sq7gYaDHIxcCXPCclYApNkOZP3aiZdtBI2PoWVXkvJOaqZq0lSBSWQTPIAa2GirmZUDmiV/dr
GEOjOALYAX3gNRqoYqgVevjT;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUb
t3yx6qQGS5nXtfQZ4fVXchhA6cdmPMbJdH7BA;_gid=GA1.2.533059777.1584890516;_ga=GA1.2
.2119926822.1584890516
Response
----------
HTTP/1.1 404 Not Found

| Date: Sun, 22 Mar 2020 15:43:00 GMT
| Set-Cookie:
AWSALB=M8CZjIT9n8p5/hDcmFso/A0sCN4pHNxj2uM4b2Wzi3fpLS/8VnIKCU4fet9cC0UXAwnT1
+KVvDhXYoiKb51tylljfR/eDuGguNqqZnRiBOpYKY43UNlWmOPKMP+/; Expires=Sun, 29 Mar
2020 15:43:00 GMT; Path=/
| Set-Cookie:
AWSALBCORS=M8CZjIT9n8p5/hDcmFso/A0sCN4pHNxj2uM4b2Wzi3fpLS/8VnIKCU4fet9cC0UX
AwnT1+KVvDhXYoiKb51tylljfR/eDuGguNqqZnRiBOpYKY43UNlWmOPKMP+/; Expires=Sun, 29
| CF-RAY: 5781069dc9cabf5f-AMS
|
| <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /console/login/LoginForm.jsp was not found on this server.</p>
</body></html>
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/console/login/tenable-wasscan-74b578a8-0ff6-4732-818f-
f870a65ada29
Proof
-------
HTTP/1.1 405 Method Not Allowed
Request
---------
PUT /console/login/tenable-wasscan-74b578a8-0ff6-4732-818f-f870a65ada29 HTTP/1.1

| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=MRW9++60ojqhYga3ar
dm6KZqXG47vUdKEKrRMxcSEko62ZoYFsqR7YuX+P4P3CTf03my3T3TmmVRGY349VVPAjrJ+
82fY7fcakASTw0ydAp6gBz/Qp/7QhzrOtHU;AWSALBCORS=MRW9++60ojqhYga3ardm6KZqXG4
7vUdKEKrRMxcSEko62ZoYFsqR7YuX+P4P3CTf03my3T3TmmVRGY349VVPAjrJ+82fY7fcakAS
Tw0ydAp6gBz/Qp/7QhzrOtHU;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3
yx6qQGS5nXtfQZ4fVXchhA6cdmPMbJdH7BA;_gid=GA1.2.533059777.1584890516;_ga=GA1.2.2
119926822.1584890516
|
| Created by Tenable WAS scan. PUT74b578a8-0ff6-4732-818f-f870a65ada29
Response
----------

| Date: Sun, 22 Mar 2020 15:43:07 GMT
| Set-Cookie:
AWSALB=6TAircMX/WFUVzLNcUPbHFKZ78P5RkgyVTNNW1uUr3PxfWVh5YuVb27/mJs9TKOD
XX5Fop/8h/qaifz8rQBNILSuKiXWujFEfmhd6feAIUsCcEhn0gD73BOGUMv3; Expires=Sun, 29 Mar
2020 15:43:07 GMT; Path=/
| Set-Cookie:
AWSALBCORS=6TAircMX/WFUVzLNcUPbHFKZ78P5RkgyVTNNW1uUr3PxfWVh5YuVb27/mJs9
TKODXX5Fop/8h/qaifz8rQBNILSuKiXWujFEfmhd6feAIUsCcEhn0gD73BOGUMv3; Expires=Sun,
| Allow: OPTIONS,GET,HEAD,POST,TRACE
| CF-RAY: 578106c4eebac85f-AMS
|
<html><head>
<title>405 Method Not Allowed</title>
</head><body>
<h1>Method Not Allowed</h1>
<p>The requested method PUT is not allowed for the URL /console/login/tenable-wasscan-
74b578a8-0ff6-4732-818f-f870a65ada29.</p>
</body></html>
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/tenable-wasscan-74b578a8-0ff6-4732-818f-f870a65ada29
Proof
-------
Request
---------
PUT /tenable-wasscan-74b578a8-0ff6-4732-818f-f870a65ada29 HTTP/1.1

| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=M7OJIJ4G54kG4Wn1P
ZuDb859U7lgxtJdUEyfsRo5A9M9HA9GywrD0vxdZIs/ZQpgSJYCAmpLeG/4LvBwzp5ctlbEHM6in5
2HuBCZpAccPtIAkg96PPwIl+9qqtNI;AWSALBCORS=M7OJIJ4G54kG4Wn1PZuDb859U7lgxtJdU
EyfsRo5A9M9HA9GywrD0vxdZIs/ZQpgSJYCAmpLeG/4LvBwzp5ctlbEHM6in52HuBCZpAccPtIAk
g96PPwIl+9qqtNI;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3yx6qQGS5n
XtfQZ4fVXchhA6cdmPMbJdH7BA;_gid=GA1.2.533059777.1584890516;_ga=GA1.2.2119926822.
1584890516
|
Response
----------

| Date: Sun, 22 Mar 2020 15:48:00 GMT
| Connection: close
| Set-Cookie:
AWSALB=abR+38De9MqZC4ZQeikS6a8k7XReMmEXkzdus3b2j92S1O0VBSn8NVf6HQYSzpzhA
wbOMT9uh+Rqa/Y6iwyTh6tFbdqeNByRawRzJ4tWIMBQVz/74uGbLHNqNb2C; Expires=Sun, 29
Mar 2020 15:48:00 GMT; Path=/
| Set-Cookie:
AWSALBCORS=abR+38De9MqZC4ZQeikS6a8k7XReMmEXkzdus3b2j92S1O0VBSn8NVf6HQY
SzpzhAwbOMT9uh+Rqa/Y6iwyTh6tFbdqeNByRawRzJ4tWIMBQVz/74uGbLHNqNb2C;
Expires=Sun, 29 Mar 2020 15:48:00 GMT; Path=/; SameSite=None; Secure
| Allow: GET,HEAD,POST,OPTIONS,TRACE
| CF-RAY: 57810df0a8e39d66-AMS
|
<html><head>
</head><body>
<p>The requested method PUT is not allowed for the URL /tenable-wasscan-74b578a8-0ff6-4732-
818f-f870a65ada29.</p>
</body></html>
Plugin ID:
98050
CVE:
N/A
CVSS:
0.0
RiskFactor:
Informational
Host:
Protocol:
TCP
Port:
443
Plugin Name:
Synopsis:
Description:
Solution:
N/A
See Also:
Output:
URL
-----
https://bono.yomequedoencasa.pe/CriOS/tenable-wasscan-74b578a8-0ff6-4732-818f-
f870a65ada29
Proof
-------
Request
---------
PUT /CriOS/tenable-wasscan-74b578a8-0ff6-4732-818f-f870a65ada29 HTTP/1.1

| Cookie:
__cfduid=d66817764fd70481504332124430f52ee1584890510;AWSALB=JNrHZQ6Uf2rnFnZz/cF
6YjpaIXZSBEqt6TOkETc0oWf9V3sp6BYDZQfjf4wap5k6lGz/jt7aJgbNtueHNuICY3vLWSw9KKIJV
JJTzte14grLwqQ7fnTVWWegWrSa;AWSALBCORS=JNrHZQ6Uf2rnFnZz/cF6YjpaIXZSBEqt6TOk
ETc0oWf9V3sp6BYDZQfjf4wap5k6lGz/jt7aJgbNtueHNuICY3vLWSw9KKIJVJJTzte14grLwqQ7fnT
VWWegWrSa;PHPSESSID=4mksb2oho4gut5d9cg84rpmtm3;__cflb=02DiuGUbt3yx6qQGS5nXtfQ
Z4fVXchhA6cdmPMbJdH7BA;_gid=GA1.2.533059777.1584890516;_ga=GA1.2.2119926822.158
4890516
|
Response
----------

| Date: Sun, 22 Mar 2020 15:52:43 GMT
| Connection: close
| Set-Cookie:
AWSALB=KvxbRX+Lgo5v8tw9aP726N/GXIw8Ne8YurLPiry8fLX0++q867QKBatfMnh77ygmX6EeT
sg9VAEqq/3bBmhFlmcKHcqB5CzqAumh9gDnQADPlF+4npmPxYnVRBEa; Expires=Sun, 29 Mar
2020 15:52:43 GMT; Path=/
| Set-Cookie:
AWSALBCORS=KvxbRX+Lgo5v8tw9aP726N/GXIw8Ne8YurLPiry8fLX0++q867QKBatfMnh77ygm
X6EeTsg9VAEqq/3bBmhFlmcKHcqB5CzqAumh9gDnQADPlF+4npmPxYnVRBEa; Expires=Sun,
| Allow: OPTIONS,GET,HEAD,POST,TRACE
| CF-RAY: 578114d4df3c9bfd-AMS
|
<html><head>
</head><body>
<p>The requested method PUT is not allowed for the URL /CriOS/tenable-wasscan-74b578a8-
0ff6-4732-818f-f870a65ada29.</p>
</body></html>

Testyomequedo PDF

Uploaded by

Copyright:

Available Formats

You might also like

Testyomequedo PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Testyomequedo PDF

Uploaded by

Copyright:

Available Formats

1.

Plugin ID Plugin Name Severity Count

GET /console/login/LoginForm.jsp HTTP/1.1

Status Code : 200

No Feature Policy header has been detected.

Engine Version 0.43.1-143

Start Time 2020-03-22 15:21:43 +0000

TRACE /WEB/ HTTP/1.1

HTTP/1.1 405 Not Allowed

GET /etc/passwd%00 HTTP/1.1

HTTP/1.1 400 Bad Request

X509v3 Subject Key Identifier:

X509v3 Certificate Policies:

Authority Information Access:

X509v3 Basic Constraints: critical

X509v3 CRL Distribution Points:

X509v3 Certificate Policies:

X509v3 Subject Key Identifier:

Signature Algorithm: sha256WithRSAEncryption

GET /WEB/images HTTP/1.1

HTTP/1.1 301 Moved Permanently

Please see the attachment for the screenshot image.

Cyber-criminals will often attempt to compromise sensitive information passed

GET /WEB/.git/config HTTP/1.1

HTTP/1.1 403 Forbidden

HTTP/1.1 403 Forbidden

GET /CriOS/.test HTTP/1.1

HTTP/1.1 403 Forbidden

Response times ranged between 0.013628s and 0.753288s.

Here is the distribution of URL types for this web application:

GET /WEB/ HTTP/1.1

Injected Payload : 1'||this'

GET /WEB/ HTTP/1.1

HTTP/1.1 403 Forbidden

GET /console/login/LoginForm.jsp HTTP/1.1

HTTP/1.1 404 Not Found

PUT /console/login/tenable-wasscan-74b578a8-0ff6-4732-818f-f870a65ada29 HTTP/1.1

HTTP/1.1 405 Method Not Allowed

PUT /tenable-wasscan-74b578a8-0ff6-4732-818f-f870a65ada29 HTTP/1.1

HTTP/1.1 405 Method Not Allowed

PUT /CriOS/tenable-wasscan-74b578a8-0ff6-4732-818f-f870a65ada29 HTTP/1.1

HTTP/1.1 405 Method Not Allowed

You might also like