developer report

Acunetix Website Audit 16 May, 2014

Developer Report

Generated by Acunetix WVS Reporter (v9.0 Build 20130904)

Scan of http://www.cerroazul.com.bo:80/

Scan information

Scan details

Start time 16/05/2014 08:49:53 a.m.Finish time 16/05/2014 09:26:18 a.m.Scan time 36 minutes, 24 secondsProfile Sql_InjectionServer informationResponsive TrueServer banner Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_fastcgi/mod_fastcgi-SNAP-0910052141Server OS UnixServer technologies PHP

Threat levelAcunetix Threat Level 3One or more high-severity type vulnerabilities have been discovered by the scanner. Amalicious user can exploit these vulnerabilities and compromise the backend databaseand/or deface your website.

Alerts distribution

HighMediumLowInformational 13

0131137Total alerts found

Knowledge baseList of client scriptsThese files contain Javascript code referenced from the website. - /common/js/accordionmenu.js- /common/js/jquery.min.js- /common/js/cargar_index.js- /common/js/banner/jquery.nivo.slider.pack.js- /common/js/banner/jquery.nivo.slider.js- /common/js/gallery_bottom/jquery.js- /common/js/gallery_bottom/jquery.easing.1.3.js- /common/js/gallery_bottom/jquery.cssAnimate.mini.js- /common/js/gallery_bottom/jquery.touchwipe.min.js- /common/js/gallery_bottom/jquery.mousewheel.min.js- /common/js/gallery_bottom/jquery.themepunch.services.min.js- /common/js/mapa.js- /common/js/gmaps.js- /common/js/login.js- /common/js/jquery.md5.js- /common/js/cargar_contacto.js- /common/js/comentario.js- /common/js/cargar_cata.js- /common/js/parametros.js- /common/js/registrarse.js

2Acunetix Website Audit

- /common/js/jquery.history.js- /common/js/jquery.galleriffic.js- /common/js/jquery.opacityrollover.js- /common/js/cargar_descripcion.js- /common/js/actualizar_visita_cata.js- /common/js/cargar_grupo.js- /common/js/buscar.js- /common/js/ubicaciones.js- /common/js/search.js- /common/jquery/jquery-1.4.2.js- /common/jquery/ui/jquery.ui.core.js- /common/jquery/ui/jquery.ui.widget.js- /common/jquery/ui/jquery.ui.position.js- /common/jquery/ui/jquery.ui.autocomplete.js- /common/jquery/jquery-1.7.js- /common/jquery/jquery-1.7.min.js List of files with inputsThese files have at least one input (GET or POST). - /common.php - 2 inputs- /mapa.php - 1 inputs- /sesion.php - 3 inputs- /about.php - 1 inputs- /index.php - 1 inputs- /contacto.php - 2 inputs- /comentario.php - 2 inputs- /common/php/empresa/get_empresas.php - 1 inputs- /common/php/search/get-datos.php - 1 inputs- /common/php/search/get_datespag2.php - 1 inputs- /common/php/catalogo/get_datos_descripcion.php - 1 inputs- /common/php/catalogo/actualizar_cata.php - 1 inputs- /common/php/contacto/get-datos.php - 1 inputs- /common/php/contacto/enviar_datos.php - 1 inputs- /common/php/comentario/get_datos.php - 1 inputs- /common/php/comentario/get-datespag.php - 1 inputs- /common/php/comentario/insertar_come.php - 1 inputs- /catalogo.php - 1 inputs- /suscribirse.php - 2 inputs- /descripcion.php - 1 inputs- /catalogo_grupo.php - 1 inputs- /empresa.php - 1 inputs- /privacidad.php - 1 inputs- /listado.php - 1 inputs List of external hostsThese hosts were linked from this website but they were not scanned because they are not listed in the list of hostsallowed.(Settings->Scanners settings->Scanner->List of hosts allowed). - maps.google.com

Alerts summary


Blind SQL InjectionAffects Variations1/about.php

1/catalogo.php2/catalogo_grupo.php1/comentario.php1/common.php2/common/php/catalogo/get_datos_descripcion.php1/common/php/comentario/get_datos.php1/common/php/search/get-datos.php1/contacto.php

HTML form without CSRF protectionAffects Variations1/comentario.php

1/common.php1/contacto.php1/listado.php3/sesion.php2/suscribirse.php

User credentials are sent in clear textAffects Variations1/listado.php

1/sesion.php2/suscribirse.php

Broken linksAffects Variations1/common/css/ie-css3.htc

1/common/css/menuUni.css1/common/css/minilistas_fcl.css1/common/css/minilistasfcl.css1/common/css/spritefcl.css1/common/css/spritefcl_class.css1/listado_empresas.php1/www.facebook.com/BarracaCerroAzul

Password type input with auto-complete enabledAffects Variations1/empresa.php

1/listado.php1/privacidad.php1/sesion.php1/suscribirse.php


Alert detailsBlind SQL Injection

HighSeverityValidationTypeScripting (Blind_Sql_Injection.script)Reported by module

Impact

DescriptionThis script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn'tproperly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it isrelatively easy to protect against, there is a large number of web applications vulnerable.

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of yourdatabase and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system accessfor the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shellcommands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database serverfunctions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.RecommendationYour script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability.References

OWASP Injection FlawsAcunetix SQL Injection AttackHow to check for SQL injection vulnerabilitiesSQL Injection WalkthroughOWASP PHP Top 5VIDEO: SQL Injection tutorial

Affected items

Details/about.php

URL encoded GET input id was set to 2/**/AND/**/810=810 Tests performed: - 0+0+0+2 => TRUE- 0+810*805+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 810=810 => TRUE- 2 AND 3+1-1-1=1 AND 810=810 => FALSE[ ... (line truncated)GET /about.php?id=2/**/AND/**/810%3d810 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/

Request headers


Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Details/catalogo.php

URL encoded GET input id was set to 2/**/AND/**/943=943 Tests performed: - 0+0+0+2 => TRUE- 0+943*938+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 943=943 => TRUE- 2 AND 3+1-1-1=1 AND 943=943 => FALSE[ ... (line truncated)GET /catalogo.php?id=2/**/AND/**/943%3d943 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/catalogo_grupo.php

URL encoded GET input id_fami was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"*/ =>6.63 s- if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ ...(line truncated)GET/catalogo_grupo.php?id=1&id_fami=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&id_grupo=13 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/catalogo_grupo.php

URL encoded GET input id_grupo was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/ =>9.532 s- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR" ...(line truncated)GET/catalogo_grupo.php?id=1&id_fami=3&id_grupo=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/ HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/comentario.php

URL encoded GET input id was set to 2/**/AND/**/505=505 Tests performed: - 0+0+0+2 => TRUE- 0+505*500+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 505=505 => TRUE- 2 AND 3+1-1-1=1 AND 505=505 => FALSE[ ... (line truncated)GET /comentario.php?id=2/**/AND/**/505%3d505 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/common.php

URL encoded GET input id was set to 2/**/AND/**/757=757 Tests performed: - 0+0+0+2 => TRUE- 0+757*752+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 757=757 => TRUE- 2 AND 3+1-1-1=1 AND 757=757 => FALSE[ ... (line truncated)Request headers


GET /common.php?id=2/**/AND/**/757%3d757 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Details/common/php/catalogo/get_datos_descripcion.php

URL encoded GET input id_cata was set to 9/**/AND/**/407=407 Tests performed: - 0+0+0+9 => TRUE- 0+407*402+9 => FALSE- 19-5-2-999 => FALSE- 19-5-2-3 => TRUE- 19-2*5+0+0+1-1 => TRUE- 19-2*6+0+0+1-1 => FALSE- 9 AND 2+1-1-1=1 AND 407=407 => TRUE- 9 AND 3+1-1-1=1 AND 407=407 => FALSE[/b ... (line truncated)GET/common/php/catalogo/get_datos_descripcion.php?id_cata=9/**/AND/**/407%3d407&id_empre=1HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/common/php/catalogo/get_datos_descripcion.php

URL encoded GET input id_empre was set to 1/**/AND/**/938=938 Tests performed: - 0+0+0+1 => TRUE- 0+938*933+1 => FALSE- 11-5-2-999 => FALSE- 11-5-2-3 => TRUE- 11-2*5+0+0+1-1 => TRUE- 11-2*6+0+0+1-1 => FALSE- 1 AND 2+1-1-1=1 AND 938=938 => TRUE- 1 AND 3+1-1-1=1 AND 938=938 => FALSE[/ ... (line truncated)GET/common/php/catalogo/get_datos_descripcion.php?id_cata=9&id_empre=1/**/AND/**/938%3d938HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/common/php/comentario/get_datos.php

URL encoded GET input id_empre was set toif(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ Tests performed: - if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysdate(),sleep(3),0))OR"*/ =>3.105 s- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR" ...(line truncated)GET/common/php/comentario/get_datos.php?id_empre=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/ HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/common/php/search/get-datos.php

URL encoded GET input id_dpto was set to 1/**/AND/**/32=32 Tests performed: - 0+0+0+1 => TRUE- 0+32*27+1 => FALSE- 11-5-2-999 => FALSE- 11-5-2-3 => TRUE- 11-2*5+0+0+1-1 => TRUE- 11-2*6+0+0+1-1 => FALSE- 1 AND 2+1-1-1=1 AND 32=32 => TRUE- 1 AND 3+1-1-1=1 AND 32=32 => FALSE[/li ... (line truncated)GET /common/php/search/get-datos.php?id_dpto=1/**/AND/**/32%3d32&parametro= HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/contacto.php

URL encoded GET input id was set to 2/**/AND/**/918=918 Tests performed: - 0+0+0+2 => TRUE- 0+918*913+2 => FALSE- 12-5-2-999 => FALSE- 12-5-2-3 => TRUE- 12-2*5+0+0+1-1 => TRUE- 12-2*6+0+0+1-1 => FALSE- 2 AND 2+1-1-1=1 AND 918=918 => TRUE- 2 AND 3+1-1-1=1 AND 918=918 => FALSE[ ... (line truncated)Request headers


GET /contacto.php?id=2/**/AND/**/918%3d918 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.cerroazul.com.bo:80/Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*


HTML form without CSRF protectionMediumSeverityInformationalTypeCrawlerReported by module

Impact

DescriptionThis alert may be a false positive, manual confirmation is required.Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is atype of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the websitetrusts. Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more informationabout the affected HTML form.

An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRFexploit can compromise end user data and operation in case of normal user. If the targeted end user is the administratoraccount, this can compromise the entire web application.RecommendationCheck if this form requires CSRF protection and implement CSRF countermeasures if necessary.

Affected items

Details/comentario.php

Form name: Form action: http://www.cerroazul.com.bo/comentario.phpForm method: GET Form inputs: - name [Text]- comentario [TextArea]

GET /comentario.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/common.php

Form name: Form action: http://www.cerroazul.com.bo/common.phpForm method: GET Form inputs: - name [Text]- phone [Text]- mensaje [TextArea]

GET /common.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/contacto.php

Form name: Form action: http://www.cerroazul.com.bo/contacto.phpForm method: GET Form inputs: - name [Text]- correo [Text]- phone [Text]- mensaje [TextArea]

GET /contacto.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/listado.php

Form name: Form action: http://www.cerroazul.com.bo/listado.phpForm method: POST Form inputs: - txt_nombre [Text]- password [Password]

GET /listado.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/contacto.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/sesion.php

Form name: Form action: http://www.cerroazul.com.bo/sesion.phpForm method: POST Form inputs: - usuario [Text]- phone [Text]- phone [Text]- password [Text]

GET /sesion.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/sesion.php

Form name: Form action: http://www.cerroazul.com.bo/sesion.phpForm method: POST Form inputs: - phone [Text]


Request headers

Details/sesion.php

Form name: Form action: http://www.cerroazul.com.bo/sesion.phpForm method: POST Form inputs: - phone [Text]- password [Password]


Request headers


Details/suscribirse.php

Form name: Form action: http://www.cerroazul.com.bo/suscribirse.phpForm method: POST Form inputs: - txt_usuario [Text]- password [Password]

GET /suscribirse.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Form name: Form action: http://www.cerroazul.com.bo/suscribirse.phpForm method: POST Form inputs: - txt_nombre [Text]- name [Text]- phone [Text]- password [Password]


Request headers


User credentials are sent in clear textMediumSeverityInformationalTypeCrawlerReported by module

Impact

DescriptionUser credentials are transmitted over an unencrypted channel. This information should always be transferred via anencrypted channel (HTTPS) to avoid being intercepted by malicious users.

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.RecommendationBecause user credentials are considered sensitive information, should always be transferred to the server over anencrypted connection (HTTPS).

Affected items

Details/listado.php

Form name: Form action: http://www.cerroazul.com.bo/listado.phpForm method: POST Form inputs: - txt_nombre [Text]- password [Password]

GET /listado.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/contacto.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/sesion.php

Form name: Form action: http://www.cerroazul.com.bo/sesion.phpForm method: POST Form inputs: - phone [Text]- password [Password] Request headers




Form name: Form action: http://www.cerroazul.com.bo/suscribirse.phpForm method: POST Form inputs: - txt_usuario [Text]- password [Password]


Request headers


Form name: Form action: http://www.cerroazul.com.bo/suscribirse.phpForm method: POST Form inputs: - txt_nombre [Text]- name [Text]- phone [Text]- password [Password]

GET /suscribirse.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalerts

Request headers


Cookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*


Broken linksInformationalSeverityInformationalTypeCrawlerReported by module

Impact

DescriptionA broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.This page was linked from the website but it is inaccessible.

Problems navigating the site.RecommendationRemove the links to this file or make it accessible.

Affected items

Details/common/css/ie-css3.htc

For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/ie-css3.htc HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common/css/menu_acor.cssAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/common/css/menuUni.css

For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/menuUni.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/common/css/minilistas_fcl.css

For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/minilistas_fcl.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/common/css/minilistasfcl.css

For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/minilistasfcl.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/common/css/spritefcl.css

For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/spritefcl.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/common/css/spritefcl_class.css

For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /common/css/spritefcl_class.css HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/listado_empresas.php

For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /listado_empresas.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/www.facebook.com/BarracaCerroAzul

For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >select Referrers Tab from the bottom of the Information pane.GET /www.facebook.com/BarracaCerroAzul HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Password type input with auto-complete enabledInformationalSeverityInformationalTypeCrawlerReported by module

Impact

DescriptionWhen a new name and password is entered in a form and the form is submitted, the browser asks if the passwordshould be saved. Thereafter when the form is displayed, the name and password are filled in automatically or arecompleted as the name is entered. An attacker with local access could obtain the cleartext password from the browsercache.

Possible sensitive information disclosureRecommendationThe password auto-complete should be disabled in sensitive applications. To disable auto-complete, you may use a code similar to:

Affected items

Details/empresa.php

Password type input named password from form with ID form-homepage-contact with action empresa.php hasautocomplete enabled.GET /empresa.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/sesion.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/listado.php

Password type input named password from form with ID form-homepage-contact with action listado.php hasautocomplete enabled.GET /listado.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/contacto.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)

Request headers


Chrome/28.0.1500.63 Safari/537.36Accept: */*

Details/privacidad.php

Password type input named password from form with ID form-homepage-contact with action privacidad.php hasautocomplete enabled.GET /privacidad.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/sesion.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/sesion.php

Password type input named password from form with ID form-homepage-contact with action sesion.php hasautocomplete enabled.GET /sesion.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Password type input named password from form with ID form-homepage-contact with action suscribirse.php hasautocomplete enabled.GET /suscribirse.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://www.cerroazul.com.bo/common.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=1870c0ffa8e2cdfe55b2a28602d6709dHost: www.cerroazul.com.boConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Scanned items (coverage report)Scanned 126 URLs. Found 22 vulnerable.

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/

No input(s) found for this URL

Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common.php

4 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETInput scheme 2Input name Input typemensaje URL encoded GETname URL encoded GETphone URL encoded GET

Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/listado_empresas.php


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/mapa.php

1 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GET

Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/sesion.php

6 input(s) found for this URLInputsInput scheme 1Input name Input typepassword URL encoded POSTphone URL encoded POSTInput scheme 2Input name Input typephone URL encoded POSTInput scheme 3Input name Input typepassword URL encoded POSTphone URL encoded POSTusuario URL encoded POST

Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/about.php

1 input(s) found for this URLInputs


Input scheme 1Input name Input typeid URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/index.php


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/contacto.php

5 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETInput scheme 2Input name Input typecorreo URL encoded GETmensaje URL encoded GETname URL encoded GETphone URL encoded GET

Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/comentario.php

3 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETInput scheme 2Input name Input typecomentario URL encoded GETname URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/reset.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/boton.css



No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/styles.css


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/menuUni.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/basefcl.css


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/spritefcl.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/base_header.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/nivo-slider.css


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/minilistasfcl.css


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/spritefcl_class.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/accordionmenu.css


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/minilistas_fcl.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/gallery_bottom/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/gallery_bottom/style.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/gallery_bottom/settings.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/gallery_bottom/css-family.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/menuuni.css



No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/style2.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/menuicon.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/catalogo.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/listas_fcl.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/img


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/basic.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/galleriffic-3.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/menu_acor.css


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/css/ie-css3.htc


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/empresas/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/uploads/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/uploads/catalogo/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/uploads/catalogo/thumb/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/banners/



No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/images_menu/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/gallery_bottom/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/images/site


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/accordionmenu.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.min.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_index.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/banner/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/banner/jquery.nivo.slider.pack.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/banner/jquery.nivo.slider.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.easing.1.3.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.cssAnimate.mini.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.touchwipe.min.js



No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.mousewheel.min.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gallery_bottom/jquery.themepunch.services.min.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/mapa.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/gmaps.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/login.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.md5.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_contacto.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/comentario.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_cata.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/parametros.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/registrarse.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.history.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.galleriffic.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/jquery.opacityrollover.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_descripcion.js



No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/actualizar_visita_cata.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/cargar_grupo.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/buscar.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/ubicaciones.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/js/search.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/base/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/base/jquery.ui.all.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/base/jquery.ui.theme.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/themes/base/jquery.ui.autocomplete.css


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/jquery-1.4.2.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/jquery.ui.core.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/jquery.ui.widget.js



No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/jquery.ui.position.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/ui/jquery.ui.autocomplete.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/jquery-1.7.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/jquery/jquery-1.7.min.js


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/site


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/site/common


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/imagenes


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/layout_miarroba


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/layout_miarroba/sprites


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/empresa/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/empresa/get_empresas.php

1 input(s) found for this URLInputsInput scheme 1Input name Input typeid_dpto URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/search/


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/search/get-datos.php



Input scheme 1Input name Input typeid_dpto URL encoded GETparametro URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/search/get_paginador2.php


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/search/get_datespag2.php

1 input(s) found for this URLInputsInput scheme 1Input name Input typevf_param URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/catalogo/


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/catalogo/get_datos_descripcion.php

2 input(s) found for this URLInputsInput scheme 1Input name Input typeid_cata URL encoded GETid_empre URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/catalogo/actualizar_cata.php

2 input(s) found for this URLInputsInput scheme 1Input name Input typeid_cata URL encoded GETid_empre URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/contacto/


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/contacto/get-datos.php

1 input(s) found for this URLInputsInput scheme 1Input name Input typeid_empre URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/contacto/enviar_datos.php



Input scheme 1Input name Input typecorreo URL encoded GETid_empre URL encoded GETmensaje URL encoded GETnombre URL encoded GETtelefono URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/get_datos.php

1 input(s) found for this URLInputsInput scheme 1Input name Input typeid_empre URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/get-paginador.php


No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/get-datespag.php

1 input(s) found for this URLInputsInput scheme 1Input name Input typevf_param URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/common/php/comentario/insertar_come.php

4 input(s) found for this URLInputsInput scheme 1Input name Input typedescripcion URL encoded GETid_empre URL encoded GETid_padre URL encoded GETnombre URL encoded GET

Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/catalogo.php


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/suscribirse.php



Input scheme 1Input name Input typepassword URL encoded POSTtxt_usuario URL encoded POSTInput scheme 2Input name Input typename URL encoded POSTpassword URL encoded POSTphone URL encoded POSTtxt_nombre URL encoded POST

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/descripcion.php

2 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETid_cata URL encoded GET

Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/catalogo_grupo.php

3 input(s) found for this URLInputsInput scheme 1Input name Input typeid URL encoded GETid_fami URL encoded GETid_grupo URL encoded GET

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/www.facebook.com


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/www.facebook.com/BarracaCerroAzul


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/empresa.php

2 input(s) found for this URLInputsInput scheme 1Input name Input typepassword URL encoded POSTtxt_usuario URL encoded POST

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/ubicacion.php


Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/privacidad.php



Input scheme 1Input name Input typepassword URL encoded POSTtxt_usuario URL encoded POST

Vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/listado.php

2 input(s) found for this URLInputsInput scheme 1Input name Input typepassword URL encoded POSTtxt_nombre URL encoded POST

No vulnerabilities has been identified for this URLURL: http://www.cerroazul.com.bo/undefined



developer report

Documents