Professional Documents
Culture Documents
Comprehensive New Https Public Riamoneytransfer Com
Comprehensive New Https Public Riamoneytransfer Com
Scan Detail
Target https://public.riamoneytransfer.com/
Scan Type Full Scan
Start Time Sep 21, 2021, 6:58:24 PM GMT+2
Scan Duration 30 minutes
Requests 1783
Average Response Time 499ms
Maximum Response Time 13224ms
Discovered Hosts riamoneytransfer.be
riamoneytransfer.com
0 0 4 2
High Medium Low Informational
High 0 0
Medium 0 0
Low 4 4
Informational 2 2
Total 6 6
1
2
Informational
Instances
Access-Control-Allow-Origin header with wild… 1
Web Application Firewall detected 1
Low Severity
Instances
Cookies with missing, inconsistent or contrad… 1
Cookies without HttpOnly flag set 1
Cookies without Secure flag set 1
Others 1
3
Impacts
SEVERITY IMPACT
Low 1
Cookies with missing, inconsistent or contradictory properties
Low 1
Cookies without HttpOnly flag set
Low 1
Cookies without Secure flag set
Low 1
Session cookies scoped to parent domain
Informational 1
Access-Control-Allow-Origin header with wildcard (*) value
Informational 1
Web Application Firewall detected
4
Cookies with missing, inconsistent or contradictory
properties
At least one of the following cookies properties causes the cookie to be invalid or incompatible with either
a different property of the same cookie, of with the environment the cookie is being used in. Although this
is not a vulnerability in itself, it will likely lead to unexpected behavior by the application, which in turn
may cause secondary security issues.
Impact
Cookies will not be stored, or submitted, by web browsers.
https://public.riamoneytransfer.com/ Verified
https://public.riamoneytransfer.com/
Set-Cookie:
TS013e9518=0145201f852409125d5a6ce3e534ec8bb880360ad171b34500cff0dcf82d7d8827fefa
1ff60ba83d0bad9eec4cfbe28497e3d72897; Path=/; Domain=.riamoneytransfer.com
When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".
https://public.riamoneytransfer.com/
Set-Cookie:
TS7d475593027=08e03c57a8ab2000817d9d0c65770705fa70a1bf2349546535675030aa25f1b15bb
07ba6e0e5664808c18f20ed11300012e59b41b63cac66b24d798c8c97f47e8ad1918e95e1aec1129f
6e6d797ae4f3cde34b1c59c154ed444576030c7a9749;Path=/
5
- Cookie without SameSite attribute.
When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS013e9518=0145201f85dd732ce45914f94e901062b25fb7a1124ad216e207634fa5b5bae9067b90
1f329aed6b3f4e1add933b52f4b435bfc474; Path=/; Domain=.riamoneytransfer.com
When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS7d475593027=08e03c57a8ab20004258375c490e63f631f7ccdd494675332a16af45d8123340182
d8f9c20153e92084deea1be1130000d9cdf1aa268aa0896eddfde7fab104cc632dd55c170ca2ae68d
3eecd2a1c7d20ae9ac9bf37d86d7eedee138df9a18c8;Path=/
When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".
https://public.riamoneytransfer.com/
Set-Cookie:
TS013e9518=0145201f85a68db3d98eb06cfb6f4373a806663dba9ae1b79b44b638a948477e11e476
9d78b04a83abbcd433b923747accd556764b; Path=/; Domain=.riamoneytransfer.com
6
This cookie has the following issues:
When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".
https://public.riamoneytransfer.com/
Set-Cookie:
TS7d475593027=08e03c57a8ab2000b28edee6040ae9ade703028e6124bcf6e9fcb83bdcd0befe8ed
877def20e0e3a0870d9f25a113000dcbc2fce909ca35054daae69f43428ade2936e50310d001c6d38
3e365ccaa33e37352f4a94ccb812190c338888bc02ba;Path=/
When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS013e9518=0145201f85a68db3d98eb06cfb6f4373a806663dba9ae1b79b44b638a948477e11e476
9d78b04a83abbcd433b923747accd556764b; Path=/; Domain=.riamoneytransfer.com
When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".
https://public.riamoneytransfer.com/9773732
7
Set-Cookie:
TS7d475593027=08e03c57a8ab2000cac12d744855df04f350ed0ee7c065d56ad6f0c2e0596e7ff1e
7545de1732f4708c3eb172c11300048afa23bbd2b79af54daae69f43428ad1a8466d6e3f6a706a9d5
d37a407bd2277abac210a076a29f4f3dacafa5bfe271;Path=/
When cookies lack the SameSite attribute, Web browsers may apply different and
sometimes unexpected defaults. It is therefore recommended to add a SameSite
attribute with an appropriate value of either "Strict", "Lax", or "None".
Request
GET / HTTP/1.1
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: a0bf8055ccec2c04b35d6a15476e0ba1
Acunetix-Aspect-ScanID: 14174106889640333128
Acunetix-Aspect-Queries: filelist;aspectalerts;packages
Referer: https://public.riamoneytransfer.com/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4512.0 Safari/537.36
Host: public.riamoneytransfer.com
Connection: Keep-alive
Recommendation
Ensure that the cookies configuration complies with the applicable standards.
References
MDN | Set-Cookie
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
Securing cookies with cookie prefixes
https://www.sjoerdlangkemper.nl/2017/02/09/cookie-prefixes/
Cookies: HTTP State Management Mechanism
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05
8
Cookies without HttpOnly flag set
One or more cookies don't have the HttpOnly flag set. When a cookie is set with the HttpOnly flag, it
instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This
is an important security protection for session cookies.
Impact
Cookies can be accessed by client-side scripts.
https://public.riamoneytransfer.com/ Verified
https://public.riamoneytransfer.com/
Set-Cookie:
TS013e9518=0145201f852409125d5a6ce3e534ec8bb880360ad171b34500cff0dcf82d7d8827fefa
1ff60ba83d0bad9eec4cfbe28497e3d72897; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/
Set-Cookie:
TS7d475593027=08e03c57a8ab2000817d9d0c65770705fa70a1bf2349546535675030aa25f1b15bb
07ba6e0e5664808c18f20ed11300012e59b41b63cac66b24d798c8c97f47e8ad1918e95e1aec1129f
6e6d797ae4f3cde34b1c59c154ed444576030c7a9749;Path=/
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS013e9518=0145201f85dd732ce45914f94e901062b25fb7a1124ad216e207634fa5b5bae9067b90
1f329aed6b3f4e1add933b52f4b435bfc474; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/9773732
9
Set-Cookie:
TS7d475593027=08e03c57a8ab20004258375c490e63f631f7ccdd494675332a16af45d8123340182
d8f9c20153e92084deea1be1130000d9cdf1aa268aa0896eddfde7fab104cc632dd55c170ca2ae68d
3eecd2a1c7d20ae9ac9bf37d86d7eedee138df9a18c8;Path=/
https://public.riamoneytransfer.com/
Set-Cookie:
TS013e9518=0145201f85a68db3d98eb06cfb6f4373a806663dba9ae1b79b44b638a948477e11e476
9d78b04a83abbcd433b923747accd556764b; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/
Set-Cookie:
TS7d475593027=08e03c57a8ab2000b28edee6040ae9ade703028e6124bcf6e9fcb83bdcd0befe8ed
877def20e0e3a0870d9f25a113000dcbc2fce909ca35054daae69f43428ade2936e50310d001c6d38
3e365ccaa33e37352f4a94ccb812190c338888bc02ba;Path=/
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS013e9518=0145201f85a68db3d98eb06cfb6f4373a806663dba9ae1b79b44b638a948477e11e476
9d78b04a83abbcd433b923747accd556764b; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS7d475593027=08e03c57a8ab2000cac12d744855df04f350ed0ee7c065d56ad6f0c2e0596e7ff1e
7545de1732f4708c3eb172c11300048afa23bbd2b79af54daae69f43428ad1a8466d6e3f6a706a9d5
d37a407bd2277abac210a076a29f4f3dacafa5bfe271;Path=/
Request
GET / HTTP/1.1
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: a0bf8055ccec2c04b35d6a15476e0ba1
Acunetix-Aspect-ScanID: 14174106889640333128
Acunetix-Aspect-Queries: filelist;aspectalerts;packages
Referer: https://public.riamoneytransfer.com/
10
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4512.0 Safari/537.36
Host: public.riamoneytransfer.com
Connection: Keep-alive
Recommendation
If possible, you should set the HttpOnly flag for these cookies.
Impact
Cookies could be sent over unencrypted channels.
https://public.riamoneytransfer.com/ Verified
https://public.riamoneytransfer.com/
Set-Cookie:
TS013e9518=0145201f852409125d5a6ce3e534ec8bb880360ad171b34500cff0dcf82d7d8827fefa
1ff60ba83d0bad9eec4cfbe28497e3d72897; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/
Set-Cookie:
TS7d475593027=08e03c57a8ab2000817d9d0c65770705fa70a1bf2349546535675030aa25f1b15bb
07ba6e0e5664808c18f20ed11300012e59b41b63cac66b24d798c8c97f47e8ad1918e95e1aec1129f
6e6d797ae4f3cde34b1c59c154ed444576030c7a9749;Path=/
https://public.riamoneytransfer.com/9773732
11
Set-Cookie:
TS013e9518=0145201f85dd732ce45914f94e901062b25fb7a1124ad216e207634fa5b5bae9067b90
1f329aed6b3f4e1add933b52f4b435bfc474; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS7d475593027=08e03c57a8ab20004258375c490e63f631f7ccdd494675332a16af45d8123340182
d8f9c20153e92084deea1be1130000d9cdf1aa268aa0896eddfde7fab104cc632dd55c170ca2ae68d
3eecd2a1c7d20ae9ac9bf37d86d7eedee138df9a18c8;Path=/
https://public.riamoneytransfer.com/
Set-Cookie:
TS013e9518=0145201f85a68db3d98eb06cfb6f4373a806663dba9ae1b79b44b638a948477e11e476
9d78b04a83abbcd433b923747accd556764b; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/
Set-Cookie:
TS7d475593027=08e03c57a8ab2000b28edee6040ae9ade703028e6124bcf6e9fcb83bdcd0befe8ed
877def20e0e3a0870d9f25a113000dcbc2fce909ca35054daae69f43428ade2936e50310d001c6d38
3e365ccaa33e37352f4a94ccb812190c338888bc02ba;Path=/
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS013e9518=0145201f85a68db3d98eb06cfb6f4373a806663dba9ae1b79b44b638a948477e11e476
9d78b04a83abbcd433b923747accd556764b; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS7d475593027=08e03c57a8ab2000cac12d744855df04f350ed0ee7c065d56ad6f0c2e0596e7ff1e
7545de1732f4708c3eb172c11300048afa23bbd2b79af54daae69f43428ad1a8466d6e3f6a706a9d5
d37a407bd2277abac210a076a29f4f3dacafa5bfe271;Path=/
12
Request
GET / HTTP/1.1
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: a0bf8055ccec2c04b35d6a15476e0ba1
Acunetix-Aspect-ScanID: 14174106889640333128
Acunetix-Aspect-Queries: filelist;aspectalerts;packages
Referer: https://public.riamoneytransfer.com/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4512.0 Safari/537.36
Host: public.riamoneytransfer.com
Connection: Keep-alive
Recommendation
If possible, you should set the Secure flag for these cookies.
Impact
None
https://public.riamoneytransfer.com/ Verified
https://public.riamoneytransfer.com/
Set-Cookie:
TS013e9518=0145201f852409125d5a6ce3e534ec8bb880360ad171b34500cff0dcf82d7d8827fefa
1ff60ba83d0bad9eec4cfbe28497e3d72897; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/9773732
13
Set-Cookie:
TS013e9518=0145201f85dd732ce45914f94e901062b25fb7a1124ad216e207634fa5b5bae9067b90
1f329aed6b3f4e1add933b52f4b435bfc474; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/
Set-Cookie:
TS013e9518=0145201f85a68db3d98eb06cfb6f4373a806663dba9ae1b79b44b638a948477e11e476
9d78b04a83abbcd433b923747accd556764b; Path=/; Domain=.riamoneytransfer.com
https://public.riamoneytransfer.com/9773732
Set-Cookie:
TS013e9518=0145201f85a68db3d98eb06cfb6f4373a806663dba9ae1b79b44b638a948477e11e476
9d78b04a83abbcd433b923747accd556764b; Path=/; Domain=.riamoneytransfer.com
Request
GET / HTTP/1.1
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: a0bf8055ccec2c04b35d6a15476e0ba1
Acunetix-Aspect-ScanID: 14174106889640333128
Acunetix-Aspect-Queries: filelist;aspectalerts;packages
Referer: https://public.riamoneytransfer.com/
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4512.0 Safari/537.36
Host: public.riamoneytransfer.com
Connection: Keep-alive
Recommendation
If possible, the session cookies should be scoped strictly to a sub-domain.
14
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web
page to be requested from another domain outside the domain from which the resource originated. The
Access-Control-Allow-Origin header indicates whether a resource can be shared based on the value of the
Origin request header, "*", or "null" in the response.
If a website responds with Access-Control-Allow-Origin: * the requested resource allows sharing with
every origin. Therefore, any website can make XHR (XMLHTTPRequest) requests to the site and access the
responses.
Impact
Any website can make XHR requests to the site and access the responses.
https://public.riamoneytransfer.com/
Affected paths (max. 25):
/
/9773732
Request
GET / HTTP/1.1
Origin: https://public.riamoneytransfer.com
Cookie:
TS013e9518=0145201f852409125d5a6ce3e534ec8bb880360ad171b34500cff0dcf82d7d8827fefa1ff60ba83d0bad9eec4
cfbe28497e3d72897;
TS7d475593027=08e03c57a8ab2000817d9d0c65770705fa70a1bf2349546535675030aa25f1b15bb07ba6e0e5664808c18f
20ed11300012e59b41b63cac66b24d798c8c97f47e8ad1918e95e1aec1129f6e6d797ae4f3cde34b1c59c154ed444576030c
7a9749
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4512.0 Safari/537.36
Host: public.riamoneytransfer.com
Connection: Keep-alive
Recommendation
Check whether Access-Control-Allow-Origin: * is appropriate for the resource/response.
References
15
http://www.w3.org/TR/cors/
CrossOriginRequestSecurity
https://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity
Impact
You may receive incorrect/incomplete results when scanning a server protected by an IPS/IDS/WAF. Also, if
the WAF detects a number of attacks coming from the scanner, the IP address can be blocked after a few
attempts.
https://public.riamoneytransfer.com/
Detected F5 ASM (11.4.0 or newer) from [Main ASM Cookie]
Request
GET /9773732 HTTP/1.1
Cookie:
TS013e9518=0145201f852409125d5a6ce3e534ec8bb880360ad171b34500cff0dcf82d7d8827fefa1ff60ba83d0bad9eec4
cfbe28497e3d72897;
TS7d475593027=08e03c57a8ab2000817d9d0c65770705fa70a1bf2349546535675030aa25f1b15bb07ba6e0e5664808c18f
20ed11300012e59b41b63cac66b24d798c8c97f47e8ad1918e95e1aec1129f6e6d797ae4f3cde34b1c59c154ed444576030c
7a9749
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/92.0.4512.0 Safari/537.36
Host: public.riamoneytransfer.com
Connection: Keep-alive
Recommendation
16
If possible, it's recommended to scan an internal (development) version of the web application where the
WAF is not active.
17
Coverage
https://public.riamoneytransfer.com
9773732
18