MaxPatrol: report on scan results |
21.01.2006 14:28
|
Detailed hierarchical report
Detailed information on hosts, services and vulnerabilities
|
Vulnerabilities by Host
| 1 |
 |
192.168.0.1 [border] Default.prf |
15.12.2005 13:14 15.12.2005 13:29 0:14 / MaxPatrol 7.0 Build 1554 |
| 2 |
 |
192.168.0.10 [xxx] Default.prf |
15.12.2005 13:14 15.12.2005 13:17 0:02 / MaxPatrol 7.0 Build 1554 |
Services and Vulnerabilities
| Initial name: |
192.168.0.1 |
Scan start: |
15.12.2005 13:14 |
| Reverse name: |
border |
Scan end: |
15.12.2005 13:29 |
| IP address: |
192.168.0.1 |
Scan time: |
0:14 |
| TTL: |
200 |
Profile: |
Default.prf |
| Max severity: |
high |
Scanner version: |
7.0 Build 1554 |
|
|
Description
Possible Operating System: Windows 5.0
|
|
|
|
Description
Kerio WinRoute Firewall & Proxy Server is installed on this host.
|
|
|
Service breaks connection. Access for current IP may be denied. Unidentified Service. The default service for the port is: ftp
|
|
Service breaks connection. Access for current IP may be denied. Unidentified Service. The default service for the port is: smtp
|
|
BIND version : 9.2.3 Server Name determined by heuristic mechanisms. ISC BIND 9.2.x
|
|
|
Description
DNS supports request recursion. Under some conditions, this may results in DoS condition. DNS cache poisoning via BIND, by predictable query IDs.
Solution
Allow recursion for trusted addresses only.
Links
CVE (CVE-1999-0024) : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0024
|
|
|
|
Description
It is likely this service is not a true DNS, instead it is a mirror of the service installed on another computer in the same network.
|
|
|
Server name: Microsoft-IIS/5.0 - ASP.PTstate : 200 (OK) current date/time : Thu, 15 Dec 2005 10:28:52 GMT content format : text/html content length : 1111 cache control : private The server name was confirmed by heuristic methods Microsoft IIS HTTP Server 5.x - 6.x
|
|
|
Description
SQL injection is an attack technique that can be used to extract, modify, add or delete information from database servers that are used by vulnerable web applications. SQL injection vulnerabilities are caused by an unsecured programming technique that allows client-supplied data to interfere with the syntax of SQL queries. SQL is a programming language that is used by applications to communicate with database systems. Request to perform attack: http://192.168.0.1/commentlink.asp?id=2'&hiddenname=hiddenvalue&button=GO1GET /commentlink.asp?id=2'&hiddenname=hiddenvalue&button=GO1 HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> nt-Length: 358 Content-Type: text/html Cache-control: private <font face="Arial" size=2> <p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'id=2''.</font> <p> <font face="Arial" size=2>/commentlink.asp</font><font face="A <...>
Solution
Do not use this script or fix program code.
Links
http://www.securityfocus.com/infocus/1768http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf http://www.nextgenss.com/papers/advanced_sql_injection.pdf
|
|
|
|
Description
SQL injection is an attack technique that can be used to extract, modify, add or delete information from database servers that are used by vulnerable web applications. SQL injection vulnerabilities are caused by an unsecured programming technique that allows client-supplied data to interfere with the syntax of SQL queries. SQL is a programming language that is used by applications to communicate with database systems. Request to perform attack: http://192.168.0.1/inject.asp?id=2'&hiddenname=hiddenvalue&button=GO1GET /inject.asp?id=2'&hiddenname=hiddenvalue&button=GO1 HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> -Cookie: MyCookie2=SuperCookie2; path=/ Cache-control: private <font face="Arial" size=2> <p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'id=2''.</font> <p> <font face="Arial" size=2>/inject.asp</font><font face="Arial" <...>
Solution
Do not use this script or fix program code.
Links
http://www.securityfocus.com/infocus/1768http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf http://www.nextgenss.com/papers/advanced_sql_injection.pdf
|
|
|
|
Description
SQL injection is an attack technique that can be used to extract, modify, add or delete information from database servers that are used by vulnerable web applications. SQL injection vulnerabilities are caused by an unsecured programming technique that allows client-supplied data to interfere with the syntax of SQL queries. SQL is a programming language that is used by applications to communicate with database systems. Request to perform attack: http://192.168.0.1/injectsession.asp?id=1'&button=GO1GET /injectsession.asp?id=1'&button=GO1 HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> Set-Cookie: SessionCheck=true; path=/ Cache-control: private <font face="Arial" size=2> <p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'id=1''.</font> <p> <font face="Arial" size=2>/injectsession.asp</font><font face= <...>
Solution
Do not use this script or fix program code.
Links
http://www.securityfocus.com/infocus/1768http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf http://www.nextgenss.com/papers/advanced_sql_injection.pdf
|
|
|
|
Description
SQL injection is an attack technique that can be used to extract, modify, add or delete information from database servers that are used by vulnerable web applications. SQL injection vulnerabilities are caused by an unsecured programming technique that allows client-supplied data to interfere with the syntax of SQL queries. SQL is a programming language that is used by applications to communicate with database systems. Request to perform attack: http://192.168.0.1/injectdot.asp?1'GET /injectdot.asp?1' HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> 4; path=/ Cache-control: private <p>For this value - 1'</p> <font face="Arial" size=2> <p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'id=1''.</font> <p> <font face="Arial" size=2>/injectdot.asp</font><font face="Ari <...>
Solution
Do not use this script or fix program code.
Links
http://www.securityfocus.com/infocus/1768http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf http://www.nextgenss.com/papers/advanced_sql_injection.pdf
|
|
|
|
Description
SQL injection is an attack technique that can be used to extract, modify, add or delete information from database servers that are used by vulnerable web applications. SQL injection vulnerabilities are caused by an unsecured programming technique that allows client-supplied data to interfere with the syntax of SQL queries. SQL is a programming language that is used by applications to communicate with database systems. Request to perform attack: POST /injectpost.asp HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 7.0) PTsecurity Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Content-Type: application/x-www-form-urlencoded Content-Length: 15 id='&button=GO1 Test details <...> -Cookie: MyCookie5=SuperCookie5; path=/ Cache-control: private <font face="Arial" size=2> <p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'id=''.</font> <p> <font face="Arial" size=2>/injectpost.asp</font><font face="Ari <...>
Solution
Do not use this script or fix program code.
Links
http://www.securityfocus.com/infocus/1768http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf http://www.nextgenss.com/papers/advanced_sql_injection.pdf
|
|
|
|
Description
Write permissions on a directory could allow a malicious user to place malicious code or scripts into a directory, run arbitrary commands or exploit the server for malicious purposes. Web pages or scripts with legitimate purposes could also be modified. Web pages could be hijacked. The following directories were found with write access (file name example: PTNSSxxxxx.txt) : /admin/
Solution
Deny write access to the listed directories.
Links
http://www.pcmag.com/article2/0,1759,11525,00.asp
|
|
|
|
Description
The forms which can post Unencrypted Sensitive data to the server detected. Forms listing: GET /commentlink.asp HTTP/1.1 id=2&hiddenname=hiddenvalue&button=GO1 GET /inject.asp HTTP/1.1 id=2&hiddenname=hiddenvalue&button=GO1 POST /injectpost.asp HTTP/1.1 id=1&button=GO1 Protocol HTTP is not secure: all traffic (including passwords) between computers is not encrypted and can be intercepted using a "sniffer" program.
Solution
Use SSL 3.0 or TLS 1.0 protocol for transferring sensitive user information.
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Request to perform attack: GET /xssutf1.asp?str=%2BADw%2Dscript%2BAD4%2Dalert(document%2Ecookie)%2BADsAPA%2D%2Fscript%2BAD4XSS@%2Bxscript-XSS%2B/xscript-.com&button=GO HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> <html> String : <b>+ADw-script+AD4-alert(document.cookie)+ADsAPA-/script+AD4XSS@ +xscript-XSS+/xscript-.com</b> </html> <...>
Solution
Do not use this script or fix program code.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Request to perform attack: GET /commentlink.asp?id=2XSS@%2Bxscript-XSS%2B/xscript-.com&hiddenname=hiddenvalue&button=GO1 HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> rivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'id=2XSS@ +xscript-XSS+/xscript-.com'.</font> <p> <font face="Arial" size=2>/commentlink.asp</font><font face="Arial" size=2>, line 11</font> <...>
Solution
Do not use this script or fix program code.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Request to perform attack: GET /inject.asp?id=2XSS@%2Bxscript-XSS%2B/xscript-.com&hiddenname=hiddenvalue&button=GO1 HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> rivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'id=2XSS@ +xscript-XSS+/xscript-.com'.</font> <p> <font face="Arial" size=2>/inject.asp</font><font face="Arial" size=2>, line 15</font> <...>
Solution
Do not use this script or fix program code.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Request to perform attack: GET /injectsession.asp?id=1XSS@%2Bxscript-XSS%2B/xscript-.com&button=GO1 HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> rivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'id=1XSS@ +xscript-XSS+/xscript-.com'.</font> <p> <font face="Arial" size=2>/injectsession.asp</font><font face="Arial" size=2>, line 14</font> <...>
Solution
Do not use this script or fix program code.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Request to perform attack: GET /xss.asp?str=exampleXSS@<xscript>XSS</xscript>.com&button=GO HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> <html> String : <b>exampleXSS@ <xscript>XSS</xscript>.com</b> </html> <...>
Solution
Do not use this script or fix program code.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Request to perform attack: GET /injectdot.asp?1XSS@<xscript>XSS</xscript>.com HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> <p>For this value - 1XSS@ <xscript>XSS</xscript>.com</p> <font face="Arial" size=2> <p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font> <p> <font face="Arial" size=2>[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'id=1XSS@&l <...>
Solution
Do not use this script or fix program code.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Request to perform attack: GET /xssreferer.asp?print=1 HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Referer: XSS@<xscript>XSS</xscript>.com Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> <html> URL of page : <a href='XSS@ <xscript>XSS</xscript>.com'>XSS@ <xscript>XSS</xscript>.com</a><br> <br> <b>Version for printing</b> <br> <h2>Some text for viewing and printing ...</h2> </html> <...>
Solution
Do not use this script or fix program code.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Request to perform attack: GET /useragent.asp HTTP/1.1 Host: 192.168.0.1 User-Agent: <xscript>XSS</xscript> (compatible; <xscript>XSS</xscript>; <xscript>XSS</xscript>) <xscript>XSS</xscript> Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> <html> Your User-Agent: <xscript>XSS</xscript> (compatible; <xscript>XSS</xscript>; <xscript>XSS</xscript>) <xscript>XSS</xscript></html> <...>
Solution
Do not use this script or fix program code.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
It is possible to perform Cross Site Scripting attack. Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website. Stored XSS attacks are those where the injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Request to check attack: http://192.168.0.1/storedxss.aspGET /storedxss.asp HTTP/1.1 Host: 192.168.0.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.0) Cookie: SessionCheck=false; ASPSESSIONIDASDQQSBA=PIKNCIIDEHLBFDEPMGLKLBFO; MyCookie4=SuperCookie4; MyCookie3=SuperCookie3; MyCookie2=SuperCookie2; MyCookie=SuperCookies; Accept: text/html, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 Test details <...> le' and '1'='1exampleexample" and "1"="1http://www.ptsecurity.com/codeinject/codeexampleexampleXSS@ <xscript>XSS</xscript>.comexampleexample><!--#printenv --><example'><!--#printenv --><example"><!--#printenv -->< Content-Length: 0 HTTP/1.0 200 OK Content-Type: text/html Content-Length: 34 <html>Scanned by PTsecurity</html> example/boot.ini/boot.ini../../../../../../../../../boot.ini../.. <...>
Solution
Find a script through which performance of this attack is possible.
Links
http://www.cgisecurity.com/articles/xss-faq.shtmlhttp://www.cert.org/advisories/CA-2000-02.htmlhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;q252985http://httpd.apache.org/info/css-security/apache_specific.html
|
|
|
|
Description
Malicious users or attackers could use the information gained by browsing the directory structure of a website to refine an attack, locate unprotected directories or gain access directories and files that should not be publicly accessible. The structure of a websites directory could give a potential attacker insight into the type of web server, operating system or other software running on the system. Directories with browse access: /admin/
Solution
Deny BROWSE access to all directories unless completely necessary.
| | |
Vulnerabilities by Severity
36
2
25
1
65
Services by Severity
61
Hosts by Severity
