0% found this document useful (0 votes)

1K views5 pages

Web Application Report Avaintcon Ex

XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser. A malicious user would need to trick a victim into visiting the URL with The XSS payload.

Uploaded by

api-55206651

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

1K views5 pages

Web Application Report Avaintcon Ex

Uploaded by

api-55206651

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 5

AVAINTCON Consulting 1250 Rene Lvesques W Suite 2200 Montreal, Quebec H3B 4W8

Scan Results Report

Data Information Type: Author: Company: Generation date: WAS Scan Result Robert Woodlock AVAINTCON Consulting 11 Sep 2012 07:16PM GMT+0000 Settings Sort Criteria Sort by descending Severity

Scan Information
Title Scan Type Launch Mode Start Date End Date Web Application Target URL Authentication Record Option Profile Web Application Vulnerability Scan - avaintcon.com Vulnerability Scheduled 08 Sep 2012 06:00AM GMT+0000 08 Sep 2012 09:20AM GMT+0000 avaintcon.com http://avaintcon.com/ None Initial WAS Options

Scan Summary
Security Risk Authentication Status None 00:08:27 273 Links 7161 Links 03:10:31 95,117

Crawling Phase
Crawl Duration # Links Crawled # Links In Queue

Vulnerability Assessment Phase

Assessment Time # Requests

Findings By Type

Sensitive Content By Group

Vulnerabilities by Group / Level

Name XSS SQL PATH INFO

Level 1 6 0 0 10

Level 2 0 0 46 0

Level 3 0 0 0 1

Level 4 0 0 0 0

Level 5 6 0 0 0

Total 12 0 46 11

Vulnerabilities by OWASP

Top WASC Threats

Code A-1 A-2 A-3 A-4 A-5 A-6 A-7 A-8 A-9 A-10

# Vulns 0 12 0 46 0 1 0 46 0 0

Results
150001 / Cross-Site Scripting (XSS)

Reflected Cross-Site Scripting (XSS) Vulnerabilities

URL: http://avaintcon.com/forums/index.php?app=core&do=search&fromsearch=1&module=search&section=search CWE IDs: OWASP References: WASC References: Vulnerable Parameter: Description: CWE-79 A2: Cross-Site Scripting (XSS) WASC-8: CROSS-SITE SCRIPTING search_app_filters[forums][noPreview] XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser. For example, a Web application might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user-supplied data contain characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's Web browser. The XSS payload is echoed in HTML document returned by the request. An XSS payload may consist of HTML, JavaScript or other content that will be rendered by the browser. In order to exploit this vulnerability, a malicious user would need to trick a victim into visiting the URL with the XSS payload. Impact: XSS exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via XSS because it enables an attacker to execute dynamic code. Consequently, any capability or feature available to the Web browser (for example HTML, JavaScript, Flash and Java applets) can be used to as a part of a compromise. Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers. Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element or JavaScript. Results

Solution:

Authenticated: Form Entry Point: Payload :

http://avaintcon.com/forums/index.php?app=core&do=search&fromMainBar=1&module=search search_app=forums&search_term=1&andor_type=and&search_content=both&search_tags=1&search_app_filters[core][sortKey]=date&search_author=1&search_app_filters[core][sortDir]=0&se arch_date_start=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[members][searchInKey]=memb

Result :

ers&search_app_filters[forums][noPreview]=1%20%3Cscript%3E_q_q%3Drandom()%3C%2Fscript%3E&search_app_filters[members][members][sortKey]=date&search_app_filters[members][ members][sortDir]=0&search_app_filters[members][comments][sortKey]=date&search_date_end=1&search_app_filters[forums][pCount]=1&search_app_filters[members][comments][sortDir]=0& search_app_filters[forums][pViews]=1&submit=Search%20Now ums][sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[foru ms][sortDir]=0&search_app_filters[forums][noPreview]=1 <script>_q_q=random()</script>&search_app_filters[forums][pCount]=1&search_app_filters[forums][pViews]=1&search_app_filters[forums][searchInKey]=&search_term=1& amp;search_app=forums'>Forums</a></li><li ><a href='http://avaintcon.com/forums/index.php? %00<script>_q=random(@REQUESTID@)</script> [sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[forums][s ortDir]=0&search_app_filters[forums][noPreview]=<script>_q=random(X157834420Y14Z)</script>&search_app_filters[forums][pCount]=1&search_app_filters[forums][pViews]=1 &search_app_filters[forums][searchInKey]=&search_term=1&search_app=forums'>Forums</a></li><li ><a href='http://avaintcon.com/forums/inde search_app=forums&search_term=1&andor_type=and&search_content=both&search_tags=1&search_app_filters[core][sortKey]=date&search_author=1&search_app_filters[core][sortDir]=0&se arch_date_start=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[members][searchInKey]=memb ers&search_app_filters[forums][noPreview]=%22'%3E%3Cqqs%20%60%3b!-%3D%26%7b()%7d%3E&search_app_filters[members][members][sortKey]=date&search_app_filters[members][members][sortDir]=0&search_app_filters[members][comments][sortKey]=date&s earch_date_end=1&search_app_filters[forums][pCount]=1&search_app_filters[members][comments][sortDir]=0&search_app_filters[forums][pViews]=1&submit=Search%20Now s[forums][sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[f orums][sortDir]=0&search_app_filters[forums][noPreview]="'><qqs `;!-=&{()}>&search_app_filters[forums][pCount]=1&search_app_filters[forums][pViews]=1&search_app_filters[forums][searchInKey]=&search_term=1&search_app=forums' >Forums</a></li><li ><a href='http://avaintcon.com/forums/index.php?app=cor '%20onEvent=@REQUESTID@%20 ='active'><a href='http://avaintcon.com/forums/index.php?app=core&module=search&do=search&andor_type=and&sid=e6a1fec63d100798fa3b4773043fd7a1&search_author=1&a mp;search_date_start=1&search_date_end=1&search_app_filters[forums][sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]=d ate&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[forums][noPreview]=' onEvent=X1578344 "%20onEvent=@REQUESTID@%20 comment: A significant portion of the XSS test payload appeared in the web page, but the page's DOM was not modified as expected for a successful exploit. This result should be manually verified to determine its accuracy. ='active'><a href='http://avaintcon.com/forums/index.php?app=core&module=search&do=search&andor_type=and&sid=d11ef30f7a3e33b8814dc477a250717c&search_author=1&a mp;search_date_start=1&search_date_end=1&search_app_filters[forums][sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]=d ate&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[forums][noPreview]=" onEvent=X1578344

Payload : Result :

Payload :

Result :

Payload : Result :

Payload :

Result :

search_app=forums&search_term=1&andor_type=and&search_content=both&search_tags=1&search_app_filters[core][sortKey]=date&search_author=1&search_app_filters[core][sortDir]=0&se arch_date_start=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[members][searchInKey]=memb ers&search_app_filters[forums][noPreview]=%22'%3E%3Cqss%3E&search_app_filters[members][members][sortKey]=date&search_app_filters[members][members][sortDir]=0&search_app_filt ers[members][comments][sortKey]=date&search_date_end=1&search_app_filters[forums][pCount]=1&search_app_filters[members][comments][sortDir]=0&search_app_filters[forums][pViews]= 1&submit=Search%20Now filters[forums][sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filt ers[forums][sortDir]=0&search_app_filters[forums][noPreview]="'><qss>&search_app_filters[forums][pCount]=1&search_app_filters[forums][pViews]=1&search_app_filters[f orums][searchInKey]=&search_term=1&search_app=forums'>Forums</a></li><li ><a href='http://avaintcon.com/forums/index.php?app=core& "'><qss%20a=@REQUESTID@> forums][sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[for ums][sortDir]=0&search_app_filters[forums][noPreview]="'><qss a=X157834420Y14Z>&search_app_filters[forums][pCount]=1&search_app_filters[forums][pViews]=1&search_app_filters[forums][searchInKey]=&search_term=1&searc h_app=forums'>Forums</a></li><li ><a href='http://avaintcon.com/forums/index.php?app=

Payload : Result :

150001

/ Cross-Site Scripting (XSS)

Reflected Cross-Site Scripting (XSS) Vulnerabilities

URL: http://avaintcon.com/forums/index.php?app=core&do=search&fromsearch=1&module=search&section=search CWE IDs: OWASP References: WASC References: Vulnerable Parameter: Description: CWE-79 A2: Cross-Site Scripting (XSS) WASC-8: CROSS-SITE SCRIPTING search_app_filters[forums][pViews] XSS vulnerabilities occur when the Web application echoes user-supplied data in an HTML response sent to the Web browser. For example, a Web application might include the user's name as part of a welcome message or display a home address when confirming a shipping destination. If the user-supplied data contain characters that are interpreted as part of an HTML element instead of literal text, then an attacker can modify the HTML that is received by the victim's Web browser. The XSS payload is echoed in HTML document returned by the request. An XSS payload may consist of HTML, JavaScript or other content that will be rendered by the browser. In order to exploit this vulnerability, a malicious user would need to trick a victim into visiting the URL with the XSS payload. Impact: XSS exploits pose a significant threat to a Web application, its users and user data. XSS exploits target the users of a Web application rather than the Web application itself. An exploit can lead to theft of the user's credentials and personal or financial information. Complex exploits and attack scenarios are possible via XSS because it enables an attacker to execute dynamic code. Consequently, any capability or feature available to the Web browser (for example HTML, JavaScript, Flash and Java applets) can be used to as a part of a compromise. Filter all data collected from the client including user-supplied content and browser content such as Referrer and User-Agent headers. Any data collected from the client and displayed in a Web page should be HTML-encoded to ensure the content is rendered as text instead of an HTML element or JavaScript. Results

Solution:

Authenticated: Form Entry Point: Payload : Result :

http://avaintcon.com/forums/index.php?app=core&do=search&fromMainBar=1&module=search "%20onEvent=@REQUESTID@%20 comment: A significant portion of the XSS test payload appeared in the web page, but the page's DOM was not modified as expected for a successful exploit. This result should be manually verified to determine its accuracy. ='active'><a href='http://avaintcon.com/forums/index.php?app=core&module=search&do=search&andor_type=and&sid=cac440f35c9bc195cecc12b2faf8d522&search_author=1&a mp;search_date_start=1&search_date_end=1&search_app_filters[forums][sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]=d ate&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[forums][noPreview]=1&search_app_f

Payload : Result :

"'><qss%20a=@REQUESTID@> ters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[forums][noPreview]=1&search_app_filters[foru ms][pCount]=1&search_app_filters[forums][pViews]="'><qss a=X157834420Y21Z>&search_app_filters[forums][searchInKey]=&search_term=1&search_app=forums'>Forums</a></li><li ><a href='http://avaintcon.com/forums/index.php?app=core&module=search&do=search&andor_type=and&sid=53cf79908af7130e60 '%20onEvent=@REQUESTID@%20 ='active'><a href='http://avaintcon.com/forums/index.php?app=core&module=search&do=search&andor_type=and&sid=69a301938ebcc64e831355c0413a083f&search_author=1& amp;search_date_start=1&search_date_end=1&search_app_filters[forums][sortKey]=date&search_content=both&search_tags=1&search_app_filters[forums][sortKey]= date&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[forums][noPreview]=1&search_app_f search_app=forums&search_term=1&andor_type=and&search_content=both&search_tags=1&search_app_filters[core][sortKey]=date&search_author=1&search_app_filters[core][sortDir]=0&se arch_date_start=1&search_app_filters[forums][sortKey]=date&search_app_filters[forums][forums][]=5&search_app_filters[forums][sortDir]=0&search_app_filters[members][searchInKey]=memb ers&search_app_filters[forums][noPreview]=1&search_app_filters[members][members][sortKey]=date&search_app_filters[members][members][sortDir]=0&search_app_filters[members][comme nts][sortKey]=date&search_date_end=1&search_app_filters[forums][pCount]=1&search_app_filters[members][comments][sortDir]=0&search_app_filters[forums][pViews]=1%20%3Cscript%3E_

Payload : Result :

Payload :

Well Costs
No ratings yet
Well Costs
27 pages
Study of Cultivator, Disc Harrows, Rotavator, Bund Former, Ridger, Leveller and Puddling Implements and Their Operaion
No ratings yet
Study of Cultivator, Disc Harrows, Rotavator, Bund Former, Ridger, Leveller and Puddling Implements and Their Operaion
28 pages
Technical Specification
No ratings yet
Technical Specification
1 page
Alto Elvis Service Manual 10a 12a 15a 12ma 12sa 15sa
No ratings yet
Alto Elvis Service Manual 10a 12a 15a 12ma 12sa 15sa
19 pages
CV Hermanto Tarihoran-2
No ratings yet
CV Hermanto Tarihoran-2
1 page
Bosch Erick Brand From China
100% (2)
Bosch Erick Brand From China
36 pages
Telsmith Product Overview
No ratings yet
Telsmith Product Overview
12 pages
Master's Thesis Defense: Comparison of Noncoherent Detectors For SOQPSK and GMSK in Phase Noise Channels
No ratings yet
Master's Thesis Defense: Comparison of Noncoherent Detectors For SOQPSK and GMSK in Phase Noise Channels
55 pages
B877 Backhoe Loader Parts Catalog: Shandong Lingong Construction Machinery Co.,Ltd
No ratings yet
B877 Backhoe Loader Parts Catalog: Shandong Lingong Construction Machinery Co.,Ltd
275 pages
IPT Review
No ratings yet
IPT Review
22 pages
Lec 0.4 Computer Memory
100% (1)
Lec 0.4 Computer Memory
32 pages
Ald Software Fmea
No ratings yet
Ald Software Fmea
2 pages
Code of Practice For Demolition of Buildings 2004-Hong Kong Buildings Department-Government of
No ratings yet
Code of Practice For Demolition of Buildings 2004-Hong Kong Buildings Department-Government of
180 pages
CD 54 HCT 238
No ratings yet
CD 54 HCT 238
20 pages
Modified Distribution Method
No ratings yet
Modified Distribution Method
13 pages
Numerical Simulation of Electrical Transients: Magnetic Transients Program (EMTP) Are Used. These Computer Programs
No ratings yet
Numerical Simulation of Electrical Transients: Magnetic Transients Program (EMTP) Are Used. These Computer Programs
23 pages
PGG
No ratings yet
PGG
49 pages
45 5655 EE422 2016 1 1 1 Open Delta Transformers Connection
No ratings yet
45 5655 EE422 2016 1 1 1 Open Delta Transformers Connection
17 pages
Dyna Cam Engine
No ratings yet
Dyna Cam Engine
24 pages
Komatsu PC200-8, PC200LC-8, PC220-8, PC220LC-8 Electrical
100% (5)
Komatsu PC200-8, PC200LC-8, PC220-8, PC220LC-8 Electrical
7 pages
Take A Tour: Add Numbers Like A Champ
No ratings yet
Take A Tour: Add Numbers Like A Champ
25 pages
ShadowFox Tasks (HARD)
No ratings yet
ShadowFox Tasks (HARD)
16 pages
962 Stager Control Manual 1076301
No ratings yet
962 Stager Control Manual 1076301
20 pages
Modulair Eng
No ratings yet
Modulair Eng
5 pages
WAPT Report
No ratings yet
WAPT Report
28 pages
SCAC Inverter - ODU's V.04a
No ratings yet
SCAC Inverter - ODU's V.04a
117 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
15 pages
Job Aid: Replacing The Field Replaceable Units (Frus) For The Avaya G450 Media Gateway
No ratings yet
Job Aid: Replacing The Field Replaceable Units (Frus) For The Avaya G450 Media Gateway
18 pages
Vapt 1
No ratings yet
Vapt 1
18 pages
FM - Ag 08 - TP 088 3
No ratings yet
FM - Ag 08 - TP 088 3
64 pages
Lecture 8
No ratings yet
Lecture 8
15 pages
Hartley PDF
100% (2)
Hartley PDF
226 pages
Houzz Xss Bug Report
No ratings yet
Houzz Xss Bug Report
6 pages
Instalaçaõ Dos Injetores
No ratings yet
Instalaçaõ Dos Injetores
20 pages
GF 2010-2011 - Inglês
100% (1)
GF 2010-2011 - Inglês
140 pages
Security Primer XSS 1
No ratings yet
Security Primer XSS 1
1 page
Task1 0
No ratings yet
Task1 0
12 pages
RT Outline Training LV III
No ratings yet
RT Outline Training LV III
3 pages
Garpa Xss Bug Report
No ratings yet
Garpa Xss Bug Report
6 pages
Pib-Home Bug Report
No ratings yet
Pib-Home Bug Report
9 pages
PROJECT Yhills
No ratings yet
PROJECT Yhills
27 pages
Week 20220 Report
No ratings yet
Week 20220 Report
28 pages
2025 03 24 ZAP Report
No ratings yet
2025 03 24 ZAP Report
6 pages
XSS - Cross-Site Scripting
No ratings yet
XSS - Cross-Site Scripting
29 pages
Example Vulnerability Scan
No ratings yet
Example Vulnerability Scan
74 pages
Cips 2014 0178
No ratings yet
Cips 2014 0178
35 pages
Lect24.1&25 - XSS and Its Demonstration Using DVWA
No ratings yet
Lect24.1&25 - XSS and Its Demonstration Using DVWA
44 pages
Topic 5 - Web Application Security
No ratings yet
Topic 5 - Web Application Security
50 pages
Cross Site Scripting XSS
No ratings yet
Cross Site Scripting XSS
31 pages
TASK1
No ratings yet
TASK1
12 pages
Lecture 6 Webapps
No ratings yet
Lecture 6 Webapps
36 pages
Vulnerability Disclosure Form
No ratings yet
Vulnerability Disclosure Form
1 page
Dvwa2 Sample Report
No ratings yet
Dvwa2 Sample Report
11 pages
Web Security Basics 1
No ratings yet
Web Security Basics 1
16 pages
15067CEM Resit
No ratings yet
15067CEM Resit
20 pages
15067CEM Resit
No ratings yet
15067CEM Resit
17 pages
Chapter Five - Web App Sec
No ratings yet
Chapter Five - Web App Sec
64 pages
Cross Script Xss
No ratings yet
Cross Script Xss
3 pages
Week10 P
No ratings yet
Week10 P
37 pages
Vulnerabilities in Modern Web Applications
100% (1)
Vulnerabilities in Modern Web Applications
34 pages
Dvwa
No ratings yet
Dvwa
13 pages
Must Know Hacking!3
No ratings yet
Must Know Hacking!3
60 pages
Introduction To WASP
No ratings yet
Introduction To WASP
44 pages
Cross Site Scripting Ethical Hacking Lab Exercise
No ratings yet
Cross Site Scripting Ethical Hacking Lab Exercise
10 pages
2023-01-10 Hostedscan Report
No ratings yet
2023-01-10 Hostedscan Report
30 pages
XSS Attacks and Defenses: John Mitchell
No ratings yet
XSS Attacks and Defenses: John Mitchell
44 pages
Task 2
No ratings yet
Task 2
10 pages
Demo.testfireVAPT Report
No ratings yet
Demo.testfireVAPT Report
65 pages
9hrsmanuellpezowasptop10 120626094334 Phpapp02
No ratings yet
9hrsmanuellpezowasptop10 120626094334 Phpapp02
40 pages
Cross Site Scripting Cheat Sheet
No ratings yet
Cross Site Scripting Cheat Sheet
3 pages
Web Application Security
No ratings yet
Web Application Security
48 pages
3.2 Web Application Attacks
No ratings yet
3.2 Web Application Attacks
23 pages
Cross Site Scripting (XSS) : by Amit Tyagi
0% (1)
Cross Site Scripting (XSS) : by Amit Tyagi
31 pages
Web Security Interview Question
No ratings yet
Web Security Interview Question
8 pages
Xss - Cross-Site Scripting
No ratings yet
Xss - Cross-Site Scripting
43 pages
Was 4
No ratings yet
Was 4
117 pages
Introduction To Web-Application Penetration Testing
No ratings yet
Introduction To Web-Application Penetration Testing
27 pages
Sessionals 1 - Vapt Pratical Lab Assignment
No ratings yet
Sessionals 1 - Vapt Pratical Lab Assignment
12 pages
Web Application Security: Vulnerabilities, Attacks, and Countermeasures
No ratings yet
Web Application Security: Vulnerabilities, Attacks, and Countermeasures
72 pages
2020-02-09 - Introduction To The OWASP Top Ten
No ratings yet
2020-02-09 - Introduction To The OWASP Top Ten
45 pages
Cross Site Scripting
No ratings yet
Cross Site Scripting
3 pages
Owasp Top 10
No ratings yet
Owasp Top 10
41 pages
OWASP Top 10 - 2010 Presentation
No ratings yet
OWASP Top 10 - 2010 Presentation
41 pages
Why Hackers Don T Care About Your Firewall: Seba Deleersnyder
No ratings yet
Why Hackers Don T Care About Your Firewall: Seba Deleersnyder
48 pages
Forecepts Tech Sharing OWASP Top 10 (2013)
No ratings yet
Forecepts Tech Sharing OWASP Top 10 (2013)
29 pages
OWASP Top 10 - 2010
No ratings yet
OWASP Top 10 - 2010
41 pages
OWASP Top 10 - 2010
No ratings yet
OWASP Top 10 - 2010
41 pages