Professional Documents
Culture Documents
Report
Report
www.example.com
John Doe
E-mail: audit.wpt@gmail.com
Web: http://www.webpentesting.com
Phone: +40 755172818 / +40 752607204
ATTENTION: This document contains information from WebPentesting that is confidential and
privileged. The information is intended for the private use of example.com. By accepting this document
you agree to keep the contents in confidence and not copy, disclose, or distribute this without written
request to and written confirmation from WebPentesting. If you are not the intended recipient, be aware
that any disclosure, copying, or distribution of the contents of this document is prohibited.
Penetration Test Report – example.com
Executive Summary
Summary of Results
The security audit was conducted against the address of www.example.com with
the understanding that this domain would be considered the scope for this
engagement.
Reconnaissance
This section contains all the information that we have discovered about
example.com, information that any attacker can find when conducting attacks on
the system.
General info
Domain example.com
IP 100.100.100.1
Registered by Jon Doe
Subdomains webmail.example.com
ftp.example.com
mail.example.com
ro.example.com
Name Servers dns1.example-ex.com
dns2.example.com
Technology
Server LiteSpeed, Apache 2.2.2
Front-end Twitter Bootstrap, jQuery
Frameworks Wordpress 4.1.3, Zend PHP, ASP.Net
Back-end PHP, Java,
Database MySQL, Oracle SQL, MS SQL
Services Port
FTP 21
IMAP 143
CPanel 2083
POP3 995/110
SMTP 26
Penetration Test Report – example.com
Vulnerabilities Found
In this section is highlighted the summary of the most critical issues that we have
discovered during our penetration testing exercise.
1. SQL Injection
1.1 Vulnerability Description
SQL Injection error based was found in the application.
We were able to exploit this vulnerability until we extracted the database and from
there we queried for the admin user.
Even if the password is hashed with MD5 we were able to decrypt it and logged in
as admin.
URLs:
http://example.com/movies?val=
http://example.com/games/index/genre/Action?string=
Penetration Test Report – example.com
1.2. Recommendations
All queries that are made to the database must be parameterized. Also all the input
coming from the users must be filtered and sanitized from unwanted characters.
Please read the documentation on how you can make your queries safe and prevent
SQL Injection from happening.
https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
Page:
http://example.com/email?email=%3Cform%20action=%22hacking.php%22%3E
%20Credit%20card%20Number:%3Cbr%3E%20%3Cinput%20type=%22text%22
%20name=%22firstname%22%20value=%22Credit%20Card%20Number%22%3
E%20%3Cbr%3E%20CCV2:%3Cbr%3E%20%3Cinput%20type=%22text%22%2
0name=%22lastname%22%20value=%22CCV2%22%3E%20%3Cbr%3E%3Cbr
%3E%20%3Cinput%20type=%22submit%22%20value=%22Submit%22%3E%20
%3C/form%3E%20%3Cp%3EIn%20order%20to%20receive%20a%20full%20acc
ount%20registered,%20please%20fill%20the%20fields%20bellow%20on%20Hol
musk%22.%3C/p%3E
1.2. Recommendations
Input must be filtered and special characters must be escaped before displaying it
to the users or before inserting it to the database.
https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
Penetration Test Report – example.com
Page:
http://example.com/user/update/id/75
1.2. Recommendations
User’s session must be verified for each URL accessed. In this way you can
prevent users from accessing unauthorized data.
https://www.owasp.org/index.php/Top_10_2013-A7-
Missing_Function_Level_Access_Control
Penetration Test Report – example.com
3. Warnings
1. Web Server disclosure
First step in attacking a website is fingerprinting the technologies that were used
when it was build. In this way the hacker can exploit know vulnerabilities about
these technologies on your application. Your website disclosures the server type on
the response of certain pages.
http://example.com/wp/
This warning can be fixed by blocking server signature from server configuration.
http://example.com/blog/wp-login.php
You can fix this by changing the default admin page to other page.
Your CPanel returns a page that is specific to this vulnerability although we didn’t
manage to exploit it, this does not mean that a high skilled attacker cannot do it.
http://mail.example.com/cgi-sys/entropysearch.cgi
https://blog.sucuri.net/2014/09/bash-vulnerability-shell-shock-thousands-of-
cpanel-sites-are-high-risk.html
Penetration Test Report – example.com
Risk Rating
The overall risk posed by example.com as a result of this penetration test is
HIGH.
Attacks on your website will have high impact on the system. Through these
vulnerabilities an attacker can extract all details about your business or users or
simple delete the entire databases or use the website to redirect data users to other
websites.
1. SQL Injection
Rating: HIGH
Affected Systems: example.com
Description: The attacker has direct access to the
database
Impact: Information can be retrieved, database
deleted.
Remediation: Queries parameterized
4.Warnings
Rating: MEDIUM
Affected Systems: example.com
Description: Information Disclosure
Impact: An attacker can find a lot of information
about your system
Remediation: Server configuration
This section contains the most important attacks or components tested and
conducted on example.com and the overall status for each of them. In this section
are included all the attacks, not only the ones for which the application had
vulnerabilities.
ClickJacking FAIL
WebPenTesting
Thank you for choosing our services!
Feel free to contact us again for retesting your website after you fix the
vulnerabilities found or after you add new functionalities.
Also if you consider our services useful please recommend us to other website
owners.
WebPenTesting team
webpentesting.com
audit.wpt@gmail.com