Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ================================================================================
- [+] Web Application Security Report - Arachni Framework
- [~] Report generated on: 2019-04-22 23:08:24 +0700
- [~] Report false positives at: http://github.com/Arachni/arachni/issues
- [+] System settings:
- [~] ---------------
- [~] Version: 1.5.1
- [~] Seed: bc595af8655860d3e7786b7dcad2916a
- [~] Audit started on: 2019-04-22 23:04:00 +0700
- [~] Audit finished on: 2019-04-22 23:08:23 +0700
- [~] Runtime: 00:04:23
- [~] URL: https://lab12.netlab.kasetsart.org/
- [~] User agent: Arachni/v1.5.1
- [*] Audited elements:
- [~] * Links
- [~] * Forms
- [~] * Cookies
- [~] * XMLs
- [~] * JSONs
- [~] * UI inputs
- [~] * UI forms
- [*] Checks: os_cmd_injection_timing, source_code_disclosure, xss_dom_script_context, path_traversal, file_inclusion, ldap_injection, xss_event, sql_injection_timing, xxe, unvalidated_redirect_dom, csrf, code_injection, trainer, sql_injection, xss_path, xss_dom, xss_script_context, unvalidated_redirect, no_sql_injection_differential, code_injection_php_input_wrapper, sql_injection_differential, xpath_injection, xss_tag, session_fixation, xss, response_splitting, no_sql_injection, os_cmd_injection, rfi, code_injection_timing, credit_card, cookie_set_for_parent_domain, x_frame_options, unencrypted_password_forms, http_only_cookies, password_autocomplete, html_objects, ssn, mixed_resource, form_upload, insecure_cookies, captcha, insecure_cors_policy, private_ip, hsts, cvs_svn_users, emails, allowed_methods, interesting_responses, insecure_cross_domain_policy_access, insecure_client_access_policy, http_put, backup_files, backup_directories, origin_spoof_access_restriction_bypass, xst, common_admin_interfaces, backdoors, insecure_cross_domain_policy_headers, directory_listing, htaccess_limit, localstart_asp, common_directories, common_files, webdav
- [~] ===========================
- [+] 10 issues were detected.
- [+] [1] HTTP TRACE (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 1774520815
- [~] Severity: Medium
- [~] Description:
- [~]
- The `TRACE` HTTP method allows a client so send a request to the server, and
- have the same request then send back in the server's response. This allows the
- client to determine if the server is receiving the request as expected or if
- specific parts of the request are not arriving as expected.
- For example incorrect encoding or a load balancer has filtered or changed a value.
- On many default installations the `TRACE` method is still enabled.
- While not vulnerable by itself, it does provide a method for cyber-criminals to
- bypass the `HTTPOnly` cookie flag, and therefore could allow a XSS attack to
- successfully access a session token.
- Arachni has discovered that the affected page permits the HTTP `TRACE` method.
- [~] Tags: xst, methods, trace, server
- [~] CWE: http://cwe.mitre.org/data/definitions/693.html
- [~] References:
- [~] CAPEC - http://capec.mitre.org/data/definitions/107.html
- [~] OWASP - http://www.owasp.org/index.php/Cross_Site_Tracing
- [~] URL: https://lab12.netlab.kasetsart.org/
- [~] Element: server
- [~] Proof: "HTTP/1.1 200 OK"
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/
- [~] HTTP request
- TRACE / HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- Cookie: PHPSESSID=3d4fceb59hmoauo52lcvv2pqa1
- [+] [2] Missing 'Strict-Transport-Security' header (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 1277351082
- [~] Severity: Medium
- [~] Description:
- [~]
- The HTTP protocol by itself is clear text, meaning that any data that is
- transmitted via HTTP can be captured and the contents viewed. To keep data
- private and prevent it from being intercepted, HTTP is often tunnelled through
- either Secure Sockets Layer (SSL) or Transport Layer Security (TLS).
- When either of these encryption standards are used, it is referred to as HTTPS.
- HTTP Strict Transport Security (HSTS) is an optional response header that can be
- configured on the server to instruct the browser to only communicate via HTTPS.
- This will be enforced by the browser even if the user requests a HTTP resource
- on the same server.
- Cyber-criminals will often attempt to compromise sensitive information passed
- from the client to the server using HTTP. This can be conducted via various
- Man-in-The-Middle (MiTM) attacks or through network packet captures.
- Arachni discovered that the affected application is using HTTPS however does not
- use the HSTS header.
- [~] Tags:
- [~] CWE: http://cwe.mitre.org/data/definitions/200.html
- [~] References:
- [~] OWASP - https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
- [~] Wikipedia - http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
- [~] URL: https://lab12.netlab.kasetsart.org/
- [~] Element: server
- [~] Proof: "HTTP/1.1 200 OK"
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/
- [~] HTTP request
- GET / HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- [+] [3] Password field with auto-complete (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 1603242756
- [~] Severity: Low
- [~] Description:
- [~]
- In typical form-based web applications, it is common practice for developers to
- allow `autocomplete` within the HTML form to improve the usability of the page.
- With `autocomplete` enabled (default), the browser is allowed to cache previously
- entered form values.
- For legitimate purposes, this allows the user to quickly re-enter the same data
- when completing the form multiple times.
- When `autocomplete` is enabled on either/both the username and password fields,
- this could allow a cyber-criminal with access to the victim's computer the ability
- to have the victim's credentials automatically entered as the cyber-criminal
- visits the affected page.
- Arachni has discovered that the affected page contains a form containing a
- password field that has not disabled `autocomplete`.
- [~] Tags:
- [~] References:
- [~] URL: https://lab12.netlab.kasetsart.org/regis.php
- [~] Element: form
- [~] All inputs: user, pass, repass, btn
- [~] Referring page: https://lab12.netlab.kasetsart.org/regis.php
- [~] Affected page: https://lab12.netlab.kasetsart.org/regis.php
- [~] HTTP request
- GET /regis.php HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- Cookie: PHPSESSID=3d4fceb59hmoauo52lcvv2pqa1_arachni_trainer_bc595af8655860d3e7786b7dcad2916a
- [+] [4] Password field with auto-complete (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 495624201
- [~] Severity: Low
- [~] Description:
- [~]
- In typical form-based web applications, it is common practice for developers to
- allow `autocomplete` within the HTML form to improve the usability of the page.
- With `autocomplete` enabled (default), the browser is allowed to cache previously
- entered form values.
- For legitimate purposes, this allows the user to quickly re-enter the same data
- when completing the form multiple times.
- When `autocomplete` is enabled on either/both the username and password fields,
- this could allow a cyber-criminal with access to the victim's computer the ability
- to have the victim's credentials automatically entered as the cyber-criminal
- visits the affected page.
- Arachni has discovered that the affected page contains a form containing a
- password field that has not disabled `autocomplete`.
- [~] Tags:
- [~] References:
- [~] URL: https://lab12.netlab.kasetsart.org/index.php
- [~] Element: form
- [~] All inputs: user, pass, btn
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/
- [~] HTTP request
- GET / HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- [+] [5] Missing 'X-Frame-Options' header (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 534340495
- [~] Severity: Low
- [~] Description:
- [~]
- Clickjacking (User Interface redress attack, UI redress attack, UI redressing)
- is a malicious technique of tricking a Web user into clicking on something different
- from what the user perceives they are clicking on, thus potentially revealing
- confidential information or taking control of their computer while clicking on
- seemingly innocuous web pages.
- The server didn't return an `X-Frame-Options` header which means that this website
- could be at risk of a clickjacking attack.
- The `X-Frame-Options` HTTP response header can be used to indicate whether or not
- a browser should be allowed to render a page inside a frame or iframe. Sites can
- use this to avoid clickjacking attacks, by ensuring that their content is not
- embedded into other sites.
- [~] Tags:
- [~] CWE: http://cwe.mitre.org/data/definitions/693.html
- [~] References:
- [~] MDN - https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
- [~] RFC - http://tools.ietf.org/html/rfc7034
- [~] OWASP - https://www.owasp.org/index.php/Clickjacking
- [~] URL: https://lab12.netlab.kasetsart.org/
- [~] Element: server
- [~] Proof: "HTTP/1.1 200 OK"
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/
- [~] HTTP request
- GET / HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- [+] [6] Interesting response (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 895858860
- [~] Severity: Informational
- [~] Description:
- [~]
- The server responded with a non 200 (OK) nor 404 (Not Found) status code.
- This is a non-issue, however exotic HTTP response status codes can provide useful
- insights into the behavior of the web application and assist with the penetration test.
- [~] Tags: interesting, response, server
- [~] References:
- [~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
- [~] URL: https://lab12.netlab.kasetsart.org/index.php
- [~] Element: server
- [~] Proof: "HTTP/1.1 302 Found"
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/index.php
- [~] HTTP request
- POST /index.php HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Referer: https://lab12.netlab.kasetsart.org/index.php
- Origin: https://lab12.netlab.kasetsart.org
- Content-Type: application/x-www-form-urlencoded
- Content-Length: 11
- Cookie: PHPSESSID=3d4fceb59hmoauo52lcvv2pqa1
- Accept-Language: en-US,*
- user=&pass=
- [+] [7] Interesting response (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 176711166
- [~] Severity: Informational
- [~] Description:
- [~]
- The server responded with a non 200 (OK) nor 404 (Not Found) status code.
- This is a non-issue, however exotic HTTP response status codes can provide useful
- insights into the behavior of the web application and assist with the penetration test.
- [~] Tags: interesting, response, server
- [~] References:
- [~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
- [~] URL: https://lab12.netlab.kasetsart.org/cgi-bin/
- [~] Element: server
- [~] Proof: "HTTP/1.1 403 Forbidden"
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/cgi-bin/
- [~] HTTP request
- GET /cgi-bin/ HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- Cookie: PHPSESSID=3d4fceb59hmoauo52lcvv2pqa1
- [+] [8] Interesting response (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 2968602822
- [~] Severity: Informational
- [~] Description:
- [~]
- The server responded with a non 200 (OK) nor 404 (Not Found) status code.
- This is a non-issue, however exotic HTTP response status codes can provide useful
- insights into the behavior of the web application and assist with the penetration test.
- [~] Tags: interesting, response, server
- [~] References:
- [~] w3.org - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
- [~] URL: https://lab12.netlab.kasetsart.org/Arachni-bc595af8655860d3e7786b7dcad2916a
- [~] Element: server
- [~] Proof: "HTTP/1.1 100 Continue"
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/Arachni-bc595af8655860d3e7786b7dcad2916a
- [~] HTTP request
- PUT /Arachni-bc595af8655860d3e7786b7dcad2916a HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- Cookie: PHPSESSID=3d4fceb59hmoauo52lcvv2pqa1
- Content-Length: 55
- Expect: 100-continue
- Created by Arachni. PUTbc595af8655860d3e7786b7dcad2916a
- [+] [9] Insecure cookie (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 2311377353
- [~] Severity: Informational
- [~] Description:
- [~]
- HTTP by itself is a stateless protocol. Therefore the server is unable to determine
- which requests are performed by which client, and which clients are authenticated
- or unauthenticated.
- The use of HTTP cookies within the headers, allows a web server to identify each
- individual client and can therefore determine which clients hold valid
- authentication, from those that do not. These are known as session cookies.
- When a cookie is set by the server (sent the header of an HTTP response) there
- are several flags that can be set to configure the properties of the cookie and
- how it is to be handled by the browser.
- One of these flags is known as the `secure` flag. When the secure flag is set,
- the browser will prevent it from being sent over a clear text channel (HTTP) and
- only allow it to be sent when an encrypted channel is used (HTTPS).
- Arachni discovered that a cookie was set by the server without the secure flag
- being set. Although the initial setting of this cookie was via an HTTPS
- connection, any HTTP link to the same server will result in the cookie being
- send in clear text.
- [~] Tags:
- [~] CWE: http://cwe.mitre.org/data/definitions/200.html
- [~] References:
- [~] SecureFlag - OWASP - https://www.owasp.org/index.php/SecureFlag
- [~] URL: https://lab12.netlab.kasetsart.org/
- [~] Element: cookie
- [~] All inputs: PHPSESSID
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/
- [~] HTTP request
- GET / HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- [+] [10] HttpOnly cookie (Trusted)
- [~] ~~~~~~~~~~~~~~~~~~~~
- [~] Digest: 2971506258
- [~] Severity: Informational
- [~] Description:
- [~]
- HTTP by itself is a stateless protocol. Therefore the server is unable to determine
- which requests are performed by which client, and which clients are authenticated
- or unauthenticated.
- The use of HTTP cookies within the headers, allows a web server to identify each
- individual client and can therefore determine which clients hold valid
- authentication, from those that do not. These are known as session cookies.
- When a cookie is set by the server (sent the header of an HTTP response) there
- are several flags that can be set to configure the properties of the cookie and
- how it is to be handled by the browser.
- The `HttpOnly` flag assists in the prevention of client side-scripts (such as
- JavaScript) accessing and using the cookie.
- This can help prevent XSS attacks targeting the cookies holding the client's
- session token (setting the `HttpOnly` flag does not prevent, nor safeguard against
- XSS vulnerabilities themselves).
- [~] Tags:
- [~] CWE: http://cwe.mitre.org/data/definitions/200.html
- [~] References:
- [~] HttpOnly - OWASP - https://www.owasp.org/index.php/HttpOnly
- [~] URL: https://lab12.netlab.kasetsart.org/
- [~] Element: cookie
- [~] All inputs: PHPSESSID
- [~] Referring page: https://lab12.netlab.kasetsart.org/
- [~] Affected page: https://lab12.netlab.kasetsart.org/
- [~] HTTP request
- GET / HTTP/1.1
- Host: lab12.netlab.kasetsart.org
- Accept-Encoding: gzip, deflate
- User-Agent: Arachni/v1.5.1
- Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
- Accept-Language: en-US,en;q=0.8,he;q=0.6
- X-Arachni-Scan-Seed: bc595af8655860d3e7786b7dcad2916a
- [+] Plugin data:
- [~] ---------------
- [*] Health map
- [~] ~~~~~~~~~~~~~~
- [~] Description: Generates a simple list of safe/unsafe URLs.
- [~] Legend:
- [+] No issues
- [-] Has issues
- [-] https://lab12.netlab.kasetsart.org/
- [-] https://lab12.netlab.kasetsart.org/Arachni-bc595af8655860d3e7786b7dcad2916a
- [-] https://lab12.netlab.kasetsart.org/cgi-bin/
- [+] https://lab12.netlab.kasetsart.org/home.php
- [-] https://lab12.netlab.kasetsart.org/index.php
- [+] https://lab12.netlab.kasetsart.org/logout.php
- [-] https://lab12.netlab.kasetsart.org/regis.php
- [~] Total: 7
- [+] Without issues: 2
- [-] With issues: 5 ( 71% )
- [~] Report saved at: /home/srakrn/Downloads/arachni-1.5.1-0.5.12/bin/lab12.netlab.kasetsart.org 2019-04-22 23_08_23 +0700.afr [0.02MB]
- [~] Audited 13 page snapshots.
- [~] Duration: 00:04:23
- [~] Processed 7059/7059 HTTP requests.
- [~] -- 254.512 requests/second.
- [~] Processed 225/225 browser jobs.
- [~] -- 0.289 second/job.
- [~] Currently auditing https://lab12.netlab.kasetsart.org/home.php
- [~] Burst response time sum 2.594 seconds
- [~] Burst response count 310
- [~] Burst average response time 0.008 seconds
- [~] Burst average 0.0 requests/second
- [~] Timed-out requests 0
- [~] Original max concurrency 20
- [~] Throttled max concurrency 20
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement