Scribd Logo
Upload

Welcome to Scribd!

  • Report

    Uploaded by

    Miloš Urbiš
    23 views12 pages
    The penetration test report summarizes a security audit of the website www.example.com. The audit found 3 vulnerabilities and 3 warnings, including SQL injection vulnerabilities that allowed extracting the database and querying for admin credentials. The report provides details of the vulnerabilities found, their impacts, and recommendations for remediation. The overall risk to the website is rated as high due to the potential for attackers to retrieve information, delete databases, or redirect users through the identified vulnerabilities.

    Original Description:

    Original Title

    report

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The penetration test report summarizes a security audit of the website www.example.com. The audit found 3 vulnerabilities and 3 warnings, including SQL injection vulnerabilities that allowed extracting the database and querying for admin credentials. The report provides details of the vulnerabilities found, their impacts, and recommendations for remediation. The overall risk to the website is rated as high due to the potential for attackers to retrieve information, delete databases, or redirect users through the identified vulnerabilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    23 views12 pages

    Report

    Uploaded by

    Miloš Urbiš
    The penetration test report summarizes a security audit of the website www.example.com. The audit found 3 vulnerabilities and 3 warnings, including SQL injection vulnerabilities that allowed extracting the database and querying for admin credentials. The report provides details of the vulnerabilities found, their impacts, and recommendations for remediation. The overall risk to the website is rated as high due to the potential for attackers to retrieve information, delete databases, or redirect users through the identified vulnerabilities.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 12

    Penetration Test Report

    www.example.com
    John Doe

    WebPenTesting Romania Team


    Pusoiu Andrei & Ciobanu Daniel

    E-mail: audit.wpt@gmail.com
    Web: http://www.webpentesting.com
    Phone: +40 755172818 / +40 752607204

    ATTENTION: This document contains information from WebPentesting that is confidential and
    privileged. The information is intended for the private use of example.com. By accepting this document
    you agree to keep the contents in confidence and not copy, disclose, or distribute this without written
    request to and written confirmation from WebPentesting. If you are not the intended recipient, be aware
    that any disclosure, copying, or distribution of the contents of this document is prohibited.
    Penetration Test Report – example.com

    Executive Summary

    WebPentesting has been contracted to conduct a penetration vulnerability


    assessment audit against example.com. The assessment was conducted in a
    manner that simulated a malicious actor engaged in a targeted attack against the
    website with the goals of:

     Security audit of Top 10 vulnerabilities according to OWASP


     Determining the impact of a security breach

    The results of this assessment will be used by example.com to drive future


    decisions as to the direction of their information security program. All tests and
    actions were conducted under controlled conditions.

    Summary of Results
    The security audit was conducted against the address of www.example.com with
    the understanding that this domain would be considered the scope for this
    engagement.

    On example.com we have found 3 vulnerabilities and 3 warnings that need your


    attention from our TOP 10 Vulnerability assessment audit.
    Penetration Test Report – example.com

    Reconnaissance

    This section contains all the information that we have discovered about
    example.com, information that any attacker can find when conducting attacks on
    the system.

    General info
    Domain example.com
    IP 100.100.100.1
    Registered by Jon Doe
    Subdomains webmail.example.com
    ftp.example.com
    mail.example.com
    ro.example.com
    Name Servers dns1.example-ex.com
    dns2.example.com

    Technology
    Server LiteSpeed, Apache 2.2.2
    Front-end Twitter Bootstrap, jQuery
    Frameworks Wordpress 4.1.3, Zend PHP, ASP.Net
    Back-end PHP, Java,
    Database MySQL, Oracle SQL, MS SQL

    Services Port
    FTP 21
    IMAP 143
    CPanel 2083
    POP3 995/110
    SMTP 26
    Penetration Test Report – example.com

    Vulnerabilities Found

    In this section is highlighted the summary of the most critical issues that we have
    discovered during our penetration testing exercise.

    1. SQL Injection
    1.1 Vulnerability Description
    SQL Injection error based was found in the application.

    We were able to exploit this vulnerability until we extracted the database and from
    there we queried for the admin user.

    Even if the password is hashed with MD5 we were able to decrypt it and logged in
    as admin.

    URLs:

    http://example.com/movies?val=

    http://example.com/games/index/genre/Action?string=
    Penetration Test Report – example.com

    1.2. Recommendations
    All queries that are made to the database must be parameterized. Also all the input
    coming from the users must be filtered and sanitized from unwanted characters.

    Please read the documentation on how you can make your queries safe and prevent
    SQL Injection from happening.

    https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet

    2. Stored XSS Injection


    2.1. Vulnerability Description
    An attacker can inject JavaScript code into one of your page URL in multiple
    forms, encodings and compile it returning data from it.
    Penetration Test Report – example.com

    Page:

    http://example.com/email?email=%3Cform%20action=%22hacking.php%22%3E
    %20Credit%20card%20Number:%3Cbr%3E%20%3Cinput%20type=%22text%22
    %20name=%22firstname%22%20value=%22Credit%20Card%20Number%22%3
    E%20%3Cbr%3E%20CCV2:%3Cbr%3E%20%3Cinput%20type=%22text%22%2
    0name=%22lastname%22%20value=%22CCV2%22%3E%20%3Cbr%3E%3Cbr
    %3E%20%3Cinput%20type=%22submit%22%20value=%22Submit%22%3E%20
    %3C/form%3E%20%3Cp%3EIn%20order%20to%20receive%20a%20full%20acc
    ount%20registered,%20please%20fill%20the%20fields%20bellow%20on%20Hol
    musk%22.%3C/p%3E

    1.2. Recommendations
    Input must be filtered and special characters must be escaped before displaying it
    to the users or before inserting it to the database.

    https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
    Penetration Test Report – example.com

    3. Missing Function Level Access Control


    3.1. Vulnerability Description
    Changing the ID of the user from the URL, you can access other user’s accounts
    and change details including password.

    Page:

    http://example.com/user/update/id/75

    1.2. Recommendations
    User’s session must be verified for each URL accessed. In this way you can
    prevent users from accessing unauthorized data.

    https://www.owasp.org/index.php/Top_10_2013-A7-
    Missing_Function_Level_Access_Control
    Penetration Test Report – example.com

    3. Warnings
    1. Web Server disclosure

    First step in attacking a website is fingerprinting the technologies that were used
    when it was build. In this way the hacker can exploit know vulnerabilities about
    these technologies on your application. Your website disclosures the server type on
    the response of certain pages.

    http://example.com/wp/

    This warning can be fixed by blocking server signature from server configuration.

    2. Known Wordpress admin panel not changed

    Everyone knows that wp-admin/wp-login is default admin page from Wordpress


    CMS. Also it is known that this page tells you when you have typed the right user
    but the wrong password. In this way the attacker can enumerate users and brute-
    force the passwords.

    http://example.com/blog/wp-login.php

    You can fix this by changing the default admin page to other page.

    3. Possible Shell Shock Bash vulnerability

    Remote command execution may be possible to be done on your server because of


    running a possible vulnerable CPanel version.

    Your CPanel returns a page that is specific to this vulnerability although we didn’t
    manage to exploit it, this does not mean that a high skilled attacker cannot do it.

    http://mail.example.com/cgi-sys/entropysearch.cgi

    To learn more on this:

    https://blog.sucuri.net/2014/09/bash-vulnerability-shell-shock-thousands-of-
    cpanel-sites-are-high-risk.html
    Penetration Test Report – example.com

    Risk Rating
    The overall risk posed by example.com as a result of this penetration test is
    HIGH.

    Attacks on your website will have high impact on the system. Through these
    vulnerabilities an attacker can extract all details about your business or users or
    simple delete the entire databases or use the website to redirect data users to other
    websites.

    1. SQL Injection
    Rating: HIGH
    Affected Systems: example.com
    Description: The attacker has direct access to the
    database
    Impact: Information can be retrieved, database
    deleted.
    Remediation: Queries parameterized

    2. Stored XSS Scripting


    Rating: HIGH
    Affected Systems: example.com
    Description: JavaScript can be injected into the page
    Impact: User data can be retrieved from the
    website. Accounts stolen
    Remediation: Input must be sanitized

    3. Missing Function Level Access


    Control
    Rating: HIGH
    Affected Systems: example.com
    Penetration Test Report – example.com

    Description: Users can access other user’s account


    details and edit them
    Impact: Users can lose their accounts and
    someone else can use them
    Remediation: Check Session for each user

    4.Warnings
    Rating: MEDIUM
    Affected Systems: example.com
    Description: Information Disclosure
    Impact: An attacker can find a lot of information
    about your system
    Remediation: Server configuration

    Conducted Attacks/ Components Tested

    This section contains the most important attacks or components tested and
    conducted on example.com and the overall status for each of them. In this section
    are included all the attacks, not only the ones for which the application had
    vulnerabilities.

    Vulnerability Description Status


    SQL Injection on Contact FAIL
    form and Comment forms
    XSS Scripting in comment FAIL
    forms
    DDOS attack PASS
    Penetration Test Report – example.com

    Security Misconfiguration FAIL

    ClickJacking FAIL

    Application Vulnerability Scanned with dynamic N/A


    Scanning testing tools
    Port scanning Scanned with port N/A
    scanning tool
    Penetration Test Report – example.com

    WebPenTesting
    Thank you for choosing our services!

    Feel free to contact us again for retesting your website after you fix the
    vulnerabilities found or after you add new functionalities.

    Also if you consider our services useful please recommend us to other website
    owners.

    Send us your feedback anytime!

    WebPenTesting team

    webpentesting.com
    audit.wpt@gmail.com

    You might also like