Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Password Transmitted Over HTTP
- Url http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=
- Form target action
- Classification
- PCI 2.0 6.5.4 PCI 1.2 6.5.9 OWASP A9 CWE 319 CAPEC 65 WASC 04 Vulnerability Details
- Netsparker identified that password data is sent over HTTP.
- Impact
- If an attacker can intercept network traffic he/she can steal users credentials.
- Cookie Not Marked As HttpOnly
- Url http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=
- Identified Cookie PHPSESSID
- Classification
- CWE 16 CAPEC 107 WASC 15 Vulnerability Details
- Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks.
- Impact
- During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.
- Auto Complete Enabled
- Url http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=
- Identified Field Name amember_remote_login
- Classification
- CWE 16 WASC 15 Vulnerability Details
- "Auto Complete" was enabled in one or more of the form fields. These were either "password" fields or important fields such as "Credit Card".
- Impact
- Data entered in these fields will be cached by the browser. An attacker who can access the victim's browser could steal this information. This is especially important if the application is commonly used in shared computers such as cyber cafes or airport terminals.
- PHP Version Disclosure
- Certainty
- Url http://www.heidymodel.com/
- Extracted Version 5.2.9
- Classification
- PCI 1.2 6.5.6 OWASP A6 CWE 16 CAPEC 170 WASC 45 Vulnerability Details
- Netsparker identified that the target web server is disclosing the PHP version in its HTTP response. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.
- Impact
- An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
- [Possible] Internal Path Leakage (*nix)
- Certainty
- Url http://www.heidymodel.com/amember_remote/index.php?v=-6&url=/members/&referer=3
- Identified Internal Path(s) /proc/self/fd/2\0.php
- Parameter Name amember_remote_login
- Parameter Type Post
- Attack Pattern ../../../../../../../../../../proc/self/fd/2.php
- Classification
- PCI 1.2 6.5.6 CWE 200 CAPEC 118 WASC 13 Vulnerability Details
- Netsparker identified an internal path in the document.
- Impact
- There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.
- [Possible] Internal Path Leakage (*nix)
- Certainty
- Url http://www.heidymodel.com/amember_remote/
- Identified Internal Path(s) /proc/self/fd/2\0.php
- Parameter Name amember_remote_login
- Parameter Type Post
- Attack Pattern ../../../../../../../../../../proc/self/fd/2.php
- Classification
- PCI 1.2 6.5.6 CWE 200 CAPEC 118 WASC 13 Vulnerability Details
- Netsparker identified an internal path in the document.
- Impact
- There is no direct impact however this information can help an attacker either to identify other vulnerabilities or during the exploitation of other identified vulnerabilities.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement