Report Affected Items

[Pages:120]Affected Items Report

Acunetix Security Audit

2023-08-11

Generated by Acunetix 1

Selected vulnerabilities

Scan details

Scan information Start url Host



Threat level

Acunetix Threat Level 3

One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.

Alerts distribution

Total alerts found

1

High

1

Medium

0

Low

0

Informational

0

2

Affected items

Web Server Alert group Severity Description Recommendations Alert variants

Details

SQL injection High SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server. Use parameterized queries when dealing with SQL queries that contain user input. Parameterized queries allow the database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.

HTTP Header input Referer was set to bk9903qS'; waitfor delay '0:0:6' --

Tests performed:

A43iGMod'; waitfor delay '0:0:15' -- => 20.008 SVzqLHFk'; waitfor delay '0:0:6' -- => 20.009 NE08NzuH'; waitfor delay '0:0:3' -- => 20.009 uPlFyjOF'; waitfor delay '0:0:15' -- => 20.014 Z5YYr4MK'; waitfor delay '0:0:0' -- => 0.685 jIPH5K68'; waitfor delay '0:0:0' -- => 0.582 bk9903qS'; waitfor delay '0:0:6' -- => 20.013

GET / HTTP/1.1

Original value:

Referer: bk9903qS'; waitfor delay '0:0:6' --

User-Agent: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)

X-Requested-With: XMLHttpRequest

3

Scanned items (coverage report)



4

Selected vulnerabilities

Scan details

Scan information Start url Host



Threat level

Acunetix Threat Level 3

One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.

Alerts distribution

Total alerts found

1

High

1

Medium

0

Low

0

Informational

0

5

Affected items

Web Server Alert group Severity Description Recommendations Alert variants

Details

SQL injection High SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server. Use parameterized queries when dealing with SQL queries that contain user input. Parameterized queries allow the database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.

HTTP Header input User-Agent was set to 0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z

Tests performed:

0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z => 20.012 0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z => 20.011 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z => 0.286 0'XOR(if(now()=sysdate(),sleep(3),0))XOR'Z => 20.001 0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z => 20.014 0'XOR(if(now()=sysdate(),sleep(0),0))XOR'Z => 0.283 0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z => 20.004

GET / HTTP/1.1

Original value: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; 360SE)

Referer:

User-Agent: 0'XOR(if(now()=sysdate(),sleep(6),0))XOR'Z

X-Requested-With: XMLHttpRequest

6

Scanned items (coverage report)



7

Selected vulnerabilities

Scan details

Scan information Start url Host



Threat level

Acunetix Threat Level 3

One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.

Alerts distribution

Total alerts found

1

High

1

Medium

0

Low

0

Informational

0

8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download