Upload File

site audit report

prev
next
out of 31
Download Site Audit Report

Upload: goodrookie

Post on 05-Apr-2018

227 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 7/31/2019 Site Audit Report

    1/31

    Acunetix Website Audit

    29 January, 2009

    Detailed Scan Report

    Generated by Acunetix WVS Reporter (v6.0 Build 20081209)

  • 7/31/2019 Site Audit Report

    2/31

    Scan of http://testphp.acunetix.com:80/

    Scan information

    Scan details

    Starttime 1/29/2009 4:14:07 PM

    Finish time 1/29/2009 5:05:57 PM

    Scan time 51 minutes, 50 secondsProfile default

    Server information

    Responsive True

    Server bannerApache/2.0.55 (Ubuntu) mod_python/3.1.4 Python/2.4.3 PHP/5.1.2 mod_ssl/2.0.55OpenSSL/0.9.8a mod_perl/2.0.2 Perl/v5.8.7

    Server OS Unix

    Server technologies PHP,Perl,mod_ssl,mod_perl,mod_python,OpenSSL

    Threat level

    Alerts distribution

    High

    MediumLow

    Informational 53

    40

    7

    115

    215Total alerts found

    Alerts summary

    Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability

    Affects Variations

    1Web Server

    Cross Site Scripting

    Affects Variations

    69/guestbook.php

    34/search.php

    PHP HTML Entity Encoder Heap Overflow Vulnerability

    Affects Variations

    1PHP

    PHP version older than 5.2.1

    Affects Variations

    1PHP

    2Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    3/31

    PHP version older than 5.2.3

    Affects Variations

    1PHP

    PHP version older than 5.2.5

    Affects Variations

    1PHP

    PHP version older than 5.2.6Affects Variations

    1PHP

    PHP Zend_Hash_Del_Key_Or_Index vulnerability

    Affects Variations

    1PHP

    Proxy accepts CONNECT requests

    Affects Variations

    1Server

    SQL Injection (AS)

    Affects Variations

    2/AJAX/infoartist.php

    2/artists.php

    Apache 2.x version older than 2.0.61

    Affects Variations

    1Web Server

    Apache 2.x version older than 2.0.63

    Affects Variations1Web Server

    Apache Mod_SSL Log Function Format String Vulnerability

    Affects Variations

    1mod_ssl

    Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability

    Affects Variations

    1mod_ssl

    Open proxy serverAffects Variations

    1Server

    PHP enable_dl enabled

    Affects Variations

    1Web Server

    PHP errors enabled

    Affects Variations

    1/

    3Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    4/31

    Application error message

    Affects Variations

    7/AJAX/infoartist.php

    7/AJAX/infocateg.php

    7/AJAX/infotitle.php

    2/artists.php

    5/listproducts.php

    2/showimage.php

    Hidden form input named price was found

    Affects Variations

    7/product.php

    TRACE Method Enabled

    Affects Variations

    1Web Server

    User credentials are sent in clear text

    Affects Variations

    1/login.php

    1/signup.php

    Broken links

    Affects Variations

    1/privacy.php

    1/secured/office_files/filelist.xml

    4Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    5/31

    Files found in the application directory but not linked

    Affects Variations

    1/_mmServerScripts/MMHTTPDB.php

    1/_mmServerScripts/mysql.php

    1/404.php

    1/acunetix_file_inclusion_test

    1/acunetix_md5_random.php

    1/acunetix_not_execute

    1/acunetix_rfi_test.php

    1/acunetix_xsl_inclusion_test.xsl

    1/admin/create.sql

    1/blade_phpinfo.php

    1/Connections/DB_Connection.php

    1/CVS/Entries

    1/CVS/Entries.Log

    1/CVS/Repository

    1/CVS/Root

    1/database_connect.php

    1/dot.gif1/favicon.ico

    1/Flash/add.fla

    1/index.bak

    1/logout.php

    1/pi.php

    1/pictures/1.jpg

    1/pictures/1.jpg.tn

    1/pictures/2.jpg

    1/pictures/2.jpg.tn

    1/pictures/3.jpg

    1/pictures/3.jpg.tn

    1/pictures/4.jpg

    1/pictures/4.jpg.tn

    1/pictures/5.jpg

    1/pictures/5.jpg.tn

    1/pictures/6.jpg

    1/pictures/6.jpg.tn

    1/pictures/7.jpg

    1/pictures/7.jpg.tn

    1/pictures/8.jpg

    1/pictures/8.jpg.tn1/secured

    1/secured/database_connect.php

    1/secured/index.php

    1/secured/office.htm

    1/sendcommand.php

    1/Templates/main_dynamic_template.dwt.php

    1/testphp.tar.gz

    1/wvstests/pmwiki_2_1_19/scripts/version.php

    1/xss.js

    1/xss.swf

    5Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    6/31

    Password type input with autocomplete enabled

    Affects Variations

    1/login.php

    2/signup.php

    6Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    7/31

    Alert details

    Apache Mod_Rewrite Off-By-One Buffer Overflow Vulnerability

    HighSeverity

    ConfigurationType

    Version checkReported by module

    Impact

    Description

    Affected items

    Details

    Web Server

    Cross Site Scripting

    HighSeverity

    ValidationType

    Parameter manipulationReported by module

    Impact

    Description

    Affected items

    Details

    /guestbook.php

    7Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    8/31

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details/guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    8Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    9/31

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    9Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    10/31

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details/guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    10Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    11/31

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details/guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    Details

    /guestbook.php

    11Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    12/31

  • 7/31/2019 Site Audit Report

    13/31

    Details

    /search.php

    Details

    /search.php

    Details/search.php

    Details

    /search.php

    Details

    /search.php

    Details/search.php

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    13Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    14/31

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    Details

    /search.php

    Details/search.php

    Details

    /search.php

    Details

    /search.php

    Details/search.php

    Details

    /search.php

    Details

    /search.php

    Details/search.php

    Details

    /search.php

    Details

    /search.php

    Details/search.php

    14Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    15/31

    Details

    /search.php

    PHP HTML Entity Encoder Heap Overflow Vulnerability

    HighSeverity

    ConfigurationTypeVersion checkReported by module

    Impact

    Description

    Affected items

    Details

    PHP

    PHP version older than 5.2.1

    HighSeverity

    ConfigurationType

    Version checkReported by module

    Description

    15Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    16/31

    Impact

    Affected items

    Details

    PHP

    PHP version older than 5.2.3

    HighSeverity

    ConfigurationType

    Version checkReported by module

    Impact

    Description

    Affected items

    Details

    PHP

    16Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    17/31

    PHP version older than 5.2.5

    HighSeverity

    ConfigurationType

    Version checkReported by module

    Impact

    Description

    Affected items

    Details

    PHP

    PHP version older than 5.2.6

    HighSeverity

    ConfigurationType

    Version checkReported by module

    Description

    17Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    18/31

    Impact

    Affected items

    Details

    PHP

    PHP Zend_Hash_Del_Key_Or_Index vulnerability

    HighSeverity

    ConfigurationType

    Version checkReported by module

    Impact

    Description

    Affected items

    Details

    PHP

    Proxy accepts CONNECT requests

    HighSeverity

    ConfigurationType

    ScriptingReported by module

    Description

    18Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    19/31

    Impact

    Affected items

    Details

    Server

    SQL Injection (AS)

    HighSeverity

    ValidationType

    Parameter manipulationReported by module

    Impact

    Description

    Affected items

    Details

    /AJAX/infoartist.php

    Details

    /AJAX/infoartist.php

    Details

    /artists.php

    Details

    /artists.php

    Apache 2.x version older than 2.0.61

    MediumSeverity

    ConfigurationType

    Version checkReported by module19Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    20/31

    Impact

    Description

    Affected items

    Details

    Web Server

    Apache 2.x version older than 2.0.63

    MediumSeverity

    ConfigurationType

    Version checkReported by module

    Description

    20Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    21/31

    Impact

    Affected items

    Details

    Web Server

    Apache Mod_SSL Log Function Format String Vulnerability

    MediumSeverity

    ValidationType

    Version checkReported by module

    Impact

    Description

    Affected items

    Details

    mod_ssl

    Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability

    MediumSeverity

    ValidationType

    Version checkReported by module

    Impact

    Description

    Affected items

    21Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    22/31

    Details

    mod_ssl

    Open proxy server

    MediumSeverity

    ConfigurationTypeScriptingReported by module

    Impact

    Description

    Affected items

    Details

    Server

    PHP enable_dl enabled

    MediumSeverity

    ConfigurationType

    AspectReported by module

    Impact

    Description

    Affected items

    Details

    Web Server

    PHP errors enabled

    MediumSeverity

    ConfigurationType

    AspectReported by module

    Description

    22Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    23/31

    Impact

    Affected items

    Details

    /

    Application error message

    LowSeverity

    ValidationType

    Parameter manipulationReported by module

    Impact

    Description

    Affected items

    Details

    /AJAX/infoartist.php

    Details

    /AJAX/infoartist.php

    Details

    /AJAX/infoartist.php

    Details

    /AJAX/infoartist.php

    Details

    /AJAX/infoartist.php

    Details

    /AJAX/infoartist.php

    Details

    /AJAX/infoartist.php

    23Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    24/31

    Details

    /AJAX/infocateg.php

    Details

    /AJAX/infocateg.php

    Details

    /AJAX/infocateg.php

    Details

    /AJAX/infocateg.php

    Details

    /AJAX/infocateg.php

    Details

    /AJAX/infocateg.php

    Details

    /AJAX/infocateg.php

    Details

    /AJAX/infotitle.php

    Details

    /AJAX/infotitle.php

    Details

    /AJAX/infotitle.php

    Details

    /AJAX/infotitle.php

    Details

    /AJAX/infotitle.php

    Details

    /AJAX/infotitle.php

    Details

    /AJAX/infotitle.php

    Details

    /artists.php

    24Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    25/31

    Details

    /artists.php

    Details

    /listproducts.php

    Details

    /listproducts.php

    Details

    /listproducts.php

    Details

    /listproducts.php

    Details

    /listproducts.php

    Details

    /showimage.php

    Details

    /showimage.php

    Hidden form input named price was found

    LowSeverity

    InformationalType

    CrawlerReported by module

    Impact

    Description

    Affected items

    Details

    /product.php

    Details

    /product.php

    25Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    26/31

    Details

    /product.php

    Details

    /product.php

    Details

    /product.php

    Details

    /product.php

    Details

    /product.php

    TRACE Method Enabled

    LowSeverity

    ValidationType

    CGI TesterReported by module

    Impact

    Description

    Affected items

    Details

    Web Server

    User credentials are sent in clear text

    LowSeverity

    InformationalType

    CrawlerReported by module

    Impact

    Description

    Affected items

    26Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    27/31

    Details

    /login.php

    Details

    /signup.php

    Broken links

    InformationalSeverity

    InformationalType

    CrawlerReported by module

    Impact

    Description

    Affected items

    Details

    /privacy.php

    Details

    /secured/office_files/filelist.xml

    Files found in the application directory but not linked

    InformationalSeverity

    InformationalType

    CrawlerReported by module

    Impact

    Description

    Affected items

    Details

    /_mmServerScripts/MMHTTPDB.php

    Details

    /_mmServerScripts/mysql.php

    Details

    /404.php

    27Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    28/31

    Details

    /acunetix_file_inclusion_test

    Details

    /acunetix_md5_random.php

    Details

    /acunetix_not_execute

    Details

    /acunetix_rfi_test.php

    Details

    /acunetix_xsl_inclusion_test.xsl

    Details

    /admin/create.sql

    Details

    /blade_phpinfo.php

    Details

    /Connections/DB_Connection.php

    Details

    /CVS/Entries

    Details

    /CVS/Entries.Log

    Details

    /CVS/Repository

    Details

    /CVS/Root

    Details

    /database_connect.php

    Details

    /dot.gif

    Details

    /favicon.ico

    28Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    29/31

    Details

    /Flash/add.fla

    Details

    /index.bak

    Details

    /logout.php

    Details

    /pi.php

    Details

    /pictures/1.jpg

    Details

    /pictures/1.jpg.tn

    Details

    /pictures/2.jpg

    Details

    /pictures/2.jpg.tn

    Details

    /pictures/3.jpg

    Details

    /pictures/3.jpg.tn

    Details

    /pictures/4.jpg

    Details

    /pictures/4.jpg.tn

    Details

    /pictures/5.jpg

    Details

    /pictures/5.jpg.tn

    Details

    /pictures/6.jpg

    29Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    30/31

    Details

    /pictures/6.jpg.tn

    Details

    /pictures/7.jpg

    Details

    /pictures/7.jpg.tn

    Details

    /pictures/8.jpg

    Details

    /pictures/8.jpg.tn

    Details

    /secured

    Details

    /secured/database_connect.php

    Details

    /secured/index.php

    Details

    /secured/office.htm

    Details

    /sendcommand.php

    Details

    /Templates/main_dynamic_template.dwt.php

    Details

    /testphp.tar.gz

    Details

    /wvstests/pmwiki_2_1_19/scripts/version.php

    Details

    /xss.js

    Details

    /xss.swf

    Password type input with autocomplete enabled30Acunetix Website Audit

  • 7/31/2019 Site Audit Report

    31/31

    InformationalSeverity

    InformationalType

    CrawlerReported by module

    Impact

    Description

    Affected items

    Details

    /login.php

    Details

    /signup.php

    Details

    /signup.php


Audit report - MTO Groupmtogroup.com.au/ASQA 2013 audit report.pdf · 2017. 10. 23. · Audit reason 2 n/a Audit reason 3 n/a Activity type Site visit Address of site/s visited Unit

SITE EVALUATION REPORT - World Bank · Site evaluation report: ... strength and potential providers of GSM network at the site 4. Audit of ... Regarding the aspects covered by the

Site Audit Webinar

Work Health and Safety Aggregated On-Site Audit Report · Work Health and Safety Aggregated On-Site Audit Report. ... EY Work Health and Safety Aggregated On-Site Audit Report 3

Example report · Web viewRN,MBA NZQA 8086 6.00 Total Audit Hours on site 15.50 Total Audit Hours off site (system generated) 16.00 Total Audit Hours 31.50 Staff Records Reviewed

Monthly Environmental Monitoring and Audit Report · Section 4 : Environmental Site Inspection summarises the audit findings of the monthly site inspection undertaken within this

University Of Wollongong Main Campus Site Report...ENERGY AUDIT REPORT University Of Wollongong Main Campus Site Report Prepared by Version 5.6 August 2007 Disclaimer: EMET Consultants

Example Competitive SEO Site Audit Report from Analyticsseo.com SEO Software

Audit de-site

Prison Rape Elimination Act (PREA) Audit Report Adult ... Unit.pdf• Special Needs Report • Hotline Calls Report (for last 12 months) Outreach Prior to On-Site Audit: The auditor

SITE CONTAMINATION AUDIT SYSTEM SITE CONTAMINATION AUDIT ... · (a) provide a site contamination audit report to the person who commissioned the audit; and (b) at the same time, provide—

SEO site audit sample report which you must have to check

Audit site web

BUK - Site Audit Report 0

Report Site Audit AOR (Combine 2G-3G) 110576_XL Sitanggal Brebes

Trauma Audit and Site Visit Report - Pittsburgh Trauma Au… · Trauma Audit and Site Visit Report Allegheny County Children’s Court Fifth Judicial District of Pennsylvania Court

Site Audit Pics

Audit Site Internet

AUDIT REPORT - City and County of Denver Official Site · AUDIT REPORT Mayor’s Office Office of Sustainability December 2016 Office of the Auditor Audit Services Division City and

Site Audit: Overview

Site Audit - NTEPA

Site Audit Report Overarching Remedial Action Plan

Site country: China Site name: Team Concepts Printing Fty ... 4-Plliar_SZX-41092... · Audit company: Intertek Report reference: ... Site name: Team Concepts Printing Fty SMETA Audit

Site Audit Protocol

WEBSITE AUDIT REPORT Analysis Report-V3.pdfCompetitor Analysis: Overview Domain: yourdomain.com Competitive Metrics: Site Audit & Traffic Sources Competition Metrics: Site Audit Competitive

Mastergroup Lot 11 Trust Site Audit Report & Site Audit

Canadian Surgical Site Infection Prevention Audit … Audit... · Canadian Surgical Site Infection Prevention Audit Month – February 2016 RECAP REPORT . 3. KEY FACTS . Surgical

WASTE AUDIT REPORT - McMaster University Audit 2011.pdf · an off site location for audit and analysis. ... WASTE AUDIT REPORT PAGE 11 HOW WASTE IS PRODUCED AND DECISIONS AFFECTING

Audit Committee Presentations - Chapters Site€¦ · 14/05/2019  · Audit Committee . briefing on financial reporting . by CFO or CAO Audit Committee report by . internal auditors

117623109-001-R-Rev0-Woodlawn Compliance Audit · PDF fileThis report presents the Independent Environmental Audit Report (IEAR) for the Woodlawn Bioreactor Facility (the site)

Site Audit

Follow-up on Audit of Undistributed Site Costs Finds ... for Improving the Environment Audit Report Follow-up on Audit of Undistributed Site Costs Finds Corrective Actions Not Complete

Site Audit Report - Major Projects

Guide to Completing a SMETA Report · Audit Company: 3 Squares Audit ... Guide to Completing a SMETA Report Supplier name: XXXX Toy manufacturing Co. Ltd Site country: China Site

Audit Report with GMP Questionnaire - TLI … Report with GMP... · Web viewThis is the template audit report. SITE of AUDIT cGMP Audit Report Site Visit Dates: FILL IN for CLIENT