Sample WAPT Report V1.4
Transcript of Sample WAPT Report V1.4
-
8/17/2019 Sample WAPT Report V1.4
1/116
WEB APPLICATION
PENETRATION TESTINGREPORT
FOR
FROM
Assessment:
-
8/17/2019 Sample WAPT Report V1.4
2/116
Penetration Testing Report
CONTENTS1 EXECUTIVE SUMMAR !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! "
1!1 SUMMAR !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
1!# O$%ECTIVE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
1!& 'URATION!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
1!( APPROAC)!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!*
1!+ SCOPE OF ,OR- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
1!" T PE OF ASSESSMENT SE/ECTE' $ !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!0
1!* STAN'AR'S AN' FRAME,OR- FO//O,E'!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!11
1!. SUMMAR OF FIN'INS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1#
1!0 TA$U/AR SUMMAR !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1&1!12...............................................................................................RAP)ICA/ SUMMAR 1&
1!11......................................................................................................SEVERIT RATIN1(
1!1#..............................................................................................EASE OF EXP/OITATION1+
# TEC)NICA/ REPORT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 1"
#!1 ,E$ APP/ICATION VU/NERA$I/ITIES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1"
2.1.1 SQL INJECTION......................................................................................................162.1.2 NRESTRICTE! "ILE PLOA!....................................................................................222.1.# APPLICATION ALLOWS REPLAY O" AT$ENTICATION TO%EN............................................2&2.1.' INS""ICIENT AT$ENTICATION.................................................................................#12.1.( INS""ICIENT AT$ORI)ATION..................................................................................#22.1.6 !ANGEROS MET$O!S ENABLE!...............................................................................#(2.1.* REP!IATION ATTAC% ..............................................................................................#*2.1.& WEA% PASSWOR! RECO+ERY MEC$ANISM..................................................................',2.1.- CROSS SITE SCRIPTING /SS0..................................................................................'62.1.1, L!AP INJECTION..................................................................................................(12.1.11 PA!!ING ORACLE A TTAC% ......................................................................................(#
2.1.12 SESSION "I/ATION................................................................................................(62.1.1# SESSION $IJAC%ING...............................................................................................(-2.1.1' INSECRE !IRECT OBJECT RE"ERENCES....................................................................622.1.1( CROSS SITE REQEST "ORGERY CSR"0..................................................................662.1.16 CLIC%JAC%ING +LNERABILITY..............................................................................*,2.1.1* !IRECTORY IN!E/ING............................................................................................*#2.1.1& PASSWOR! TRANSMITTE! O+ER $TTP.....................................................................*(2.1.1- IMPROPER ERROR $AN!LING..................................................................................**
-
8/17/2019 Sample WAPT Report V1.4
3/116
Penetration Testing Report
2.1.2, CAPTC$A NOT IMPLEMENTE!................................................................................&,2.1.21 SENSITI+E IN"ORMATION !ISCLOSRE.......................................................................&22.1.22 PASSWOR! +ISIBLE W$ILE RESETTING PASSWOR!.......................................................&'2.1.2# SESSION TO%EN IN RL.........................................................................................&62.1.2' "RAME INJECTION..................................................................................................&*
2.1.2( OPEN RE!IRECTION..............................................................................................&-2.1.26 ABSE O" "NCTIONALITY.....................................................................................-,2.1.2* INSECRE IMPLEMENTATION O" WS!L......................................................................-22.1.2& WEA% PASSWOR! POLICY......................................................................................-(2.1.2- CONTENT SPOO"ING.............................................................................................-&2.1.#, COO%IE NOT MAR%E! $TTPONLY.........................................................................1,,2.1.#1 +ERSION !ISCLOSRE IISASP.NET.......................................................................1,22.1.#2 BAC% BTTON BROWSING....................................................................................1,(2.1.## +IEWS TATE IS NOT ENCRYPTE!..............................................................................1,&2.1.#' "ORM ATOCOMPLETE ENABLE!..........................................................................11,
& O,ASP TOP TEN #21& !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 11#
( APPEN'IX !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 11&
-
8/17/2019 Sample WAPT Report V1.4
4/116
Penetration Testing Report
'OCUMENT '3TAI/S'OCUMENT VERSION CONTRO/
'OCUMENT SU$MISSION 'ETAI/S!3te 1. May #21"C4assi56ation $4578 C9n;ent437'o67ment Type Penet3t49n Test4n5 Re=9tS78mitte9 To'esignationA99ressConta6tN7m8erE:Mai4
'OCUMENT 'ISTRI$UTION /IST
-
8/17/2019 Sample WAPT Report V1.4
5/116
Penetration Testing Report
NOTICE
T4s ;9?ment 9nt34ns 4n@9m3t49n 4 4s te 4nte77et?37 =9=et8 9@ Net9
Inte7745ene In;430 Pt. Lt;. 37s9 377e; Net9 Inte7745ene0. T4s ;9?ment 4s
ee4e; 4n 9n;ene 3n; 4ts 9ntents 3nn9t De ;4s79se; 9 9=4e; 4t9?t te=49 4tten 9nsent 9@ Net9 Inte7745ene.
N9t4n5 4n t4s ;9?ment 9nst4t?tes 3 5?33nt8 33nt8 9 74ense eF=esse; 9
4m=74e;. Net9 Inte7745ene ;4s734ms 377 743D474t8 @9 377 s? 5?33nt4es 33nt4es
3n; 74enses 4n7?;4n5 D?t n9t 74m4te; t9: "4tness @9 3 =3t4?73 =?=9se
me3nt3D474t8 n9n 4n@4n5ement 9@ 4nte77et?37 =9=et8 9 9te 45ts 9@ 3n8 t4;
=3t8 9 9@ Net9 Inte7745ene 4n;emn4t8 3n; 377 9tes. Te e3;e 4s 3;4se; t3t
t4; =3t4es 3n 3e 4nte77et?37 =9=et8 45ts t3t 3n De e7e3nt t9 t4s
;9?ment 3n; te ten97954es ;4s?sse; ee4n 3n; 4s 3;4se; t9 see te 3;4e 9@
9m=etent 7e537 9?nse7 4t9?t 9D7453t49n 9@ Net9 Inte7745ene.
Net9 Inte7745ene et34ns te 45t t9 m3e 3n5es t9 t4s ;9?ment 3t 3n8 t4me
4t9?t n9t4e. Net9 Inte7745ene m3es n9 33nt8 @9 te ?se 9@ t4s ;9?ment
3n; 3ss?mes n9 es=9ns4D474t8 @9 3n8 e9s t3t 3n 3==e3 4n te ;9?ment n9
;9es 4t m3e 3 9mm4tment t9 ?=;3te te 4n@9m3t49n 9nt34ne; ee4n.
COPYRIG$TC9=845t. Net9 Inte7745ene In;430 Pt. Lt;. A77 45ts esee;.
TRA!EMAR%SOte =9;?t 3n; 9=93te n3mes m38 De t3;em3s 9@ 9te 9m=3n4es 3n; 3e
?se; 9n78 @9 eF=73n3t49n 3n; t9 te 9nesH Denet 4t9?t 4ntent t9 4n@4n5e.
NII CONTACT 'ETAI/SN3me T4t7e M3n35e Se?4t8 AssessmentC9m=3n8A;;ess Te7. N9M9D47e N9E M347
-
8/17/2019 Sample WAPT Report V1.4
6/116
Penetration Testing Report
1 E/ECTI+E SMMARY
1.1 SMMARY
3; 3ss45ne; Net9 Inte7745ene I0 Pt. Lt;. te t3s 9@
384n5 9?t 3ssessment 3s 4n7?;e; 4n te s9=e 9@ 9.
1.2 OBJECTI+E
Te =?=9se 9@ te test 3s t9 ;etem4ne se?4t8 ?7ne3D474t4es 4n te4 eD
3==743t49nsnet9 3s 74ste; 4n te s9=e. Te tests ee 34e; 9?t 3ss?m4n5 te
4;ent4t8 9@ 3n 3tt3e 9 3 ?se 4t m37449?s 4ntent. !?e 3e 3s t3en n9t t9
3m te sees 3s e?este;.
1.# !RATION
T4s Penet3t49n Test 3s =e@9me; @9m . Te ;et347e; e=9t 3D9?t
e3 t3s 3n; 9? n;4n5s 3e ;es4De; De79.
-
8/17/2019 Sample WAPT Report V1.4
7/116
Penetration Testing Report
1.' APPROAC$
1. Pe@9me; D93; s3ns t9 4;ent4@8 =9tent437 3e3s 9@ eF=9s?e 3n; se4es2. Pe@9me; t35ete; s3ns 3n; m3n?37 4nest453t49n t9 374;3te ?7ne3D474t4es#. n;est3n; te A==743t49n'. B?47; D?s4ness D3se; test 3ses(. I;ent4e; 9m=9nents t9 534n 3ess6. I;ent4e; 3n; 374;3te; ?7ne3D474t4es*. R3ne; te ?7ne3D474t4es D3se; 9n te3t 7ee7 79ss =9tent437 3n; 74e7499; 9@
eF=794t3t49n&. I;ent4e; 4ss?es 9@ 4mme;43te 9nse?ene 3n; e9mmen;e; s97?t49ns-. !ee79=e; 79n5tem e9mmen;3t49ns t9 en3ne se?4t81,.T3ns@ee; n97e;5e t9?5 t4s e=9t
-
8/17/2019 Sample WAPT Report V1.4
8/116
'e;e4opt
-
8/17/2019 Sample WAPT Report V1.4
9/116
Penetration Testing Report
1.6 T YPE O" ASSESSMENT SELECTE! BY Sr!N
o!
Type o= PenetrationTest approa6
'es6ription Asapp4i6a84e an9
se4e6te98y ,CO1 B73 B9F
Assessment
In t4s 3==93 e 9n78 n9 te RL 9@ te
eDs4te. En?me3t49n 9@ ten97954es m3==4n5
9@ te eDs4te 4;ent43t49n 9@ @3?7t 4net49n
=94nts ;etem4n4n5 4n=?t 374;3t49n
?7ne3D474t4es 9 795437 se?4t8 ?7ne3D474t4es
3n; te OWASP t9= 1, 3tt3s 3e 377 =3t 9@ t4s
eFe4se.
N9
# G38 B9FAssessment
O@ten en9?5 3 eD 3==743t49n 4n97es
3?tent43t49n 3n; 3?t943t49n 9m=9nents. In
9;e t9 De 3D7e t9 test tese e e?est @9 3
;?mm8 ?se 39?nt 4t te 7e3st 7ee7 9@
=447e5es 4t4n te 3==743t49n. s4n5 t4s
39?nt e 3e 3D7e t9 795 4n 3n; test @9
349?s 3s 4n te 3?tent43t49n seme 3s
e77 3s 3ttem=t t9 es373te 9? =447e5es 3n;
D8=3ss 3?t943t49n est4t49ns.
Yes
& W4e7essAssessment
W4e7ess 34n5 4s ;9ne t9 53te 377 799=97es
=9ss4D7e 4n 3n 953n43t49ns 4e7ess
4n@3st?t?e. T4s 4s ;9ne 4t 3n 4ntent49n t9
534n ?n3?t94e; 3ess 3n; t9 t8 3n; eF=794t3s m? 3s es9?es 33473D7e. T4s 3t44t8
37s9 4n97es ;94n5 3 ;44n5 3n; 977et4n5
te st3t4st4s 74e s45n37 sten5t en8=t49n
t8=e SSI! et.
N9
( S9437En54nee4n5
C9nt97s 3n De =?t 9n s8stems 3n; ;e4es D?t
s3me ;9es n9t 97; t?e @9 te 9Dets ?s4n5
tese s8stems em=798eestem=934es0. S9437
En54nee4n5 4s te met9; D8 4 377 te
3es t8 3n; 5et te 9n;ent437 3n;
D?s4ness 4t437 4n@9m3t49n D8 ?s4n5 349?s
ten4?es. T4s test @9?ses 9n eF=794t4n5 3n;
n;4n5 9?t 377 te =9ss4D7e 799=97es =et34n4n5
t9 t4s ;9m34n s9 t3t 89? 953n43t49n 4s
5e3e; ?= t9 @3e s9437 en54nee4n5 3tt3s 4n
e37 74@e.
N9
+ R4s B3se;Penet3t49n
T3;4t49n37 Penet3t49n Test4n5 3==93 9n78
@9?ses 9n te ten437 ?7ne3D474t4es. B?t
N9
-
8/17/2019 Sample WAPT Report V1.4
10/116
Penetration Testing Report
Test4n5 B?s4ness R4s D3se; 3==93 n9t 9n78 @9?ses
9n te ten437 ?7ne3D474t4es D?t 37s9 9n te
4ss =es?me; t9 te D?s4ness 9@ Pe9=7e
Inte3t4e "4st test 3ses =et34n4n5 t9 te
D?s4ness te3t m9;e7 3e ;ee79=e; 3n;Penet3t49n test 4s 34e; 9?t @9?s4n5 m3978
9n te 3ses. T4s met9; 3s m3n8 3;3nt35es
9e te t3;4t49n37 Penet3t49n Test
met9;97958. An; 9ne 9@ te D455est
3;3nt35es 4t 3s 4s t3t 9@ De4n5 D?s4ness
@9?se;." S9?e C9;e
Re4e
S9?e 9;e e4e @9?ses 9n ;etet4n5 te
?7ne3D474t4es e378 4n te S9@t3e
!ee79=ment L4@e C87e S!LC0 s? 3s !3t39
3tt3s C9ss S4te S4=t4n5 /SS0 Inet49n
SQL "47e /PAT$ eet49n et.0 "47e
In7?s49neFe?t49n 3n; In@9m3t49n Le335e.
T4s met9;97958 477 e7= Pe9=7e Inte3t4e t9
79se te 799=97es ;?4n5 te ;ee79=ment 3n;
test4n5 =3se.
N9
* Penet3t49n Test4n5
Penet3t49n Test @9?ses 9n 4;ent4@84n5
?7ne3D474t4es t3t 3e 4;ent4e; ;?4n5 te
?7ne3D474t8 3ssessment =3se 3n; eF=794t4n5
te s3me t9 =94;e te 4m=3t 9@ te s3me.
N9
. +?7ne3D474t8
Assessment
+?7ne3D474t8 Assessment 4s te =9ess 9@
4;ent4@84n5 ?3nt4@84n5 3n; =494t44n5 te?7ne3D474t4es 9@ te 9m=9nents 9@ IT
4n@3st?t?e.
Yes
0 B?s4ness L954Pentest
T3;4t49n37 Penet3t49n Test4n5 3==93 9n78
@9?ses 9n te ten437 ?7ne3D474t4es. B?t
B?s4ness R4s D3se; 3==93 n9t 9n78 @9?ses
9n te ten437 ?7ne3D474t4es D?t 37s9 9n te
4ss =es?me; t9 te D?s4ness 9@ Pe9=7e
Inte3t4e "4st test 3ses =et34n4n5 t9 te
D?s4ness te3t m9;e7 3e ;ee79=e; 3n;
Penet3t49n test 4s 34e; 9?t @9?s4n5 m3978
9n te 3ses. T4s met9; 3s m3n8 3;3nt35es
9e te t3;4t49n37 Penet3t49n Test
met9;97958. An; 9ne 9@ te D455est
3;3nt35es 4t 3s 4s t3t 9@ De4n5 D?s4ness
@9?se;.
Yes
-
8/17/2019 Sample WAPT Report V1.4
11/116
Penetration Testing Report
(To know more kindly press control key and click on the type of Penetration Test
approach.)
Te Penet3t49n Test t8=es se7ete; D8 74ent 3e 3s ee; 4n te t3D7e 3D9e. It 4s4578 e9mmen;e; t9 59 4n @9 9te t8=es 9@ Penet3t49n Test t8=es 4n @?t?e=9ets @9 4m=94n5 te 9e377 se?4t8 =9st?e 9@ 89? esteeme; 953n43t49n.
-
8/17/2019 Sample WAPT Report V1.4
12/116
Penetration Testing Report
1.* S TAN!AR!S AN! "RAMEWOR% "OLLOWE!
1. O=en WeD A==743t49n Se?4t8 P9et "3me9 OWASP02. WeD A==743t49n Se?4t8 C9ns9t4?m WASC0#. Te O=en S9?e Se?4t8 Test4n5 Met9;97958 M3n?37 OSSTMM0'. N3t49n37 Inst4t?te 9@ St3n;3;s 3n; Ten97958 NIST0
http://www.owasp.org/index.php/The_OWASP_Testing_Frameworkhttp://www.webappsec.org/http://en.wikipedia.org/wiki/The_Open_Source_Security_Testing_Methodology_Manualhttp://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technologyhttp://www.owasp.org/index.php/The_OWASP_Testing_Frameworkhttp://www.webappsec.org/http://en.wikipedia.org/wiki/The_Open_Source_Security_Testing_Methodology_Manualhttp://en.wikipedia.org/wiki/National_Institute_of_Standards_and_Technology
-
8/17/2019 Sample WAPT Report V1.4
13/116
Penetration Testing Report
1.& SMMARY O" "IN!INGS
"97794n5 t3D7e t3t s?mm34es te 74st 9@ n;4n5s ;4s9ee; ;?4n5 te =9et:Sr!No!
Tit4e Se;erity Rating Ease o= E?p4oitation
1 SQL Inet49n )I) EAS # nest4te; "47e =793; )I) EAS & A==743t49n A779s Re=738 9@
A?tent43t49n T9en
)I) MO'ERATE
( Ins?4ent A?tent43t49n )I) MO'ERATE+ Ins?4ent A?t943t49n )I) MO'ERATE" !3n5e9?s Met9;s En3D7e; )I) MO'ERATE* Re=?;43t49n Att3 )I) MO'ERATE. We3 P3ss9; Re9e8
Me3n4sm
)I) MO'ERATE
0 C9ss S4te S4=t4n5 /SS0 )I) MO'ERATE12 L!AP Inet49n )I) MO'ERATE11 P3;;4n5 O37e Att3 )I) MO'ERATE1# Sess49n "4F3t49n )I) MO'ERATE1& Sess49n $434n5 ME'IUM MO'ERATE1( Inse?e !4et ODet Re@eenes ME'IUM MO'ERATE1+ C9ss S4te Re?est "95e8 CSR"0 ME'IUM MO'ERATE1" C7434n5 +?7ne3D474t8 ME'IUM MO'ERATE1* !4et98 In;eF4n5 ME'IUM MO'ERATE1. P3ss9; T3nsm4tte; Oe $TTP ME'IUM MO'ERATE10 Im=9=e E9 $3n;74n5 ME'IUM MO'ERATE#2 CAPTC$A N9t Im=7emente; ME'IUM 'IFFICU/T
#1 Sens4t4e In@9m3t49n !4s79s?e ME'IUM 'IFFICU/T## P3ss9; +4s4D7e W47e te Resett4n5P3ss9;
/O, EAS
#& Sess49n T9en 4n RL /O, EAS #( "3me Inet49n /O, EAS #+ O=en Re;4et49n /O, EAS #" AD?se 9@ "?nt49n374t8 /O, MO'ERATE#* Inse?e Im=7ement3t49n O@ WS!L /O, MO'ERATE#. We3 P3ss9; P9748 /O, MO'ERATE#0 C9ntent S=99n5 /O, MO'ERATE&2 C994e N9t M3e; 3s $TTPOn78 /O, MO'ERATE&1 +es49n !4s79s?e IISASP.NET /O, MO'ERATE
B3 B?tt9n B9s4n5 /O, 'IFFICU/T&& +4eSt3te Is N9t En8=te; /O, 'IFFICU/T&( "9m A?t9C9m=7ete En3D7e; /O, 'IFFICU/T
-
8/17/2019 Sample WAPT Report V1.4
14/116
Penetration Testing Report
1.- TABLAR SMMARY Te @97794n5 t3D7e s?mm34es te S8stems +?7ne3D474t8 Assessment:
C3te598 !es4=t49nS8stems +?7ne3D474t8 Assessment S?mm38N?mDe 9@ S8stemsIP A;;ess #'N?mDe 9@ +?7ne3D474t4es @9?n; 1-WeD A==743t49n0
$45 Me;4?m 3n; L9 See4t8+?7ne3D474t4es
1& . 1&
VU/NERA$I/IT SUMMAR
1.1, GRAP$ICAL SMMARY
$45
Me;4?m
L9
1#
&
1#
O;era44 V74nera8i4ity rap
-
8/17/2019 Sample WAPT Report V1.4
15/116
Penetration Testing Report
1.11 SE+ERITY RATING
T4s 3t4n5 4s esee; @9 s8stem ?7ne3D474t4es t3t 477 es?7t 4n se49?s 4m=3t t9
te 953n43t49n. !e=en;4n5 9n te 4t4374t8 9@ te s8stem 4ss 9@ t4s m35n4t?;e
9?7; e=esent 3 n3n437 4m=3t 9 ;3m35e ?st9me 3n; =3tne e73t49ns4=s.
)I)It 4s 4m=e3t4e t3t e9ts De ?n;et3en 4mme;43te78 t9 m4t453te te ?7ne3D474t4es4n t4s 3te598. A77 $45 see4t8 7ee7s 3e ;ene; D8 te @97794n5 eF3m=7es:
P9tent4370 T93n $9sesP9tent4370 B3;99"47e Re3; 3n; W4tes EF=794tRem9te C9mm3n; EFe?t49n!3t3D3se Aess
!en437 9@ Se4e
ME'IUMMe;4?m te3ts 3e ;ene; D8 s9me 9@ te @97794n5 eF3m=7es:
!en437 9@ Se4enen8=te; =9t997 3ess!4s79s?e 9@ see ;et347sA==743t49n e9s
/O,
L9 te3ts 3e ;ene; D8 s9me 9@ te @97794n5 eF3m=7es:
Se4es en3D7e; 4t 3 =3st 4st98 9@ se?4t8 3sL4m4te; eF=794t 9@ e3;!4et98 D9s4n5In@9m3t49n !4s79s?eO7; s9@t3eGene37 se?4t8 e9mmen;3t49ns
-
8/17/2019 Sample WAPT Report V1.4
16/116
Penetration Testing Report
1.12 EASE O" E/PLOITATION
Tee 3e n9 579D37 =33metes t9 3ssess te 37?e 9@ t4s =33mete. Tee 3e
349?s @3t9s t3t 4n?ene te 37?e 9@ te E3se 9@ EF=794t3t49n.
EASY
An8 ?7ne3D474t8 73ss4e; 3s e3s8 9?7; De st345t@93; t9 eF=794t. Tee 9?7;De n9n te eF=794t 9;e 4n te =?D74 ;9m34n t3t 9?7; De ?se; t9 9m=9m4se tet35et. Te =9st eF=794t3t49n 4m=3t 9?7; ;e=en; 9n te t8=e 9@ se4e 9ee; 9nte s8stem.
MO'ERATEAn8 ?7ne3D474t8 73ss4e; 3s m9;e3te 9?7; nee; 3;;4t49n37 e9t 4n tems 9@ t4me
es9?es n9 9@ s8stems =9ess4n5 s=ee; et.0 A7s9 t9?5 tee 4s st345t
@93; eF=794ts 33473D7e te8 m38 9 m38 n9t 9 ;?e te 34tet?e 9 te
;es45n 9@ te net9. In t4s 3se een 4@ tee 4s 3 9m=9m4se 4t 9?7; Dee3s9n3D78 3; t9 9n7?;e. Tee 9?7; De 9te @3t9s t3t 9?7; De nee;e; t9
34; te 3tt3.
'IFFICU/TAn8 ?7ne3D474t8 73ss4e; 3s ;4?7t 9?7; De =?e78 4n@9m3t49n37. $9ee t9?5
te8 9?7; 9n78 ee37 s9me 4n@9m3t49n 3D9?t te t35et D?t 9?7; n9t 3e 3n8
n9 4ss?es 4n te =?D74 ;9m34n
-
8/17/2019 Sample WAPT Report V1.4
17/116
Penetration Testing Report
2 TEC$NICAL REPORT
2.1 WEB APPLICATION +LNERABILITIES
2.1.1 SQL INJECTION
SEVERIT /EVE/)I)
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONIns?4ent A?t943t49n
AFFECTE' SAMP/E UR/
'ESCRIPTIONSQL Inet49n 4s 3n 3tt3 ten4?e ?se; t9 eF=794t 3==743t49ns t3t 9nst?t SQL
st3tements @9m ?ses?==74e; 4n=?t. Wen s?ess@?7 te 3tt3e 4s 3D7e t9 3n5e
te 7954 9@ SQL st3tements eFe?te; 3534nst te ;3t3D3se.
ANA/SIS!?4n5 3n378s4s 4t 3s @9?n; t3t 3ete; =33mete 9@ eD 3==743t49n 3s
?7ne3D7e t9 SQL Inet49n.
As eD 3==743t49n ;4; n9t 3e =9=e es @9 4n=?t 374;3t49n t9 st9= SQL
4net49n 3tt3s s? 3s 4te74sts =33mete4e; ?e4es 3n; ?se =33mete4e;
st9e; =9e;?es.
An 3tt3e 3n s?==78 3@te; 4n=?t t9 De3 9?t 9@ te ;3t3 9nteFt 4n 4 te4
4n=?t 3==e3s 3n; 4nte@ee 4t te st?t?e 9@ te s?9?n;4n5 ?e8.
$e4oB is te samp4e Ae6te9 Samp4e UR/Dtt=:2,#.1-6.2,6.1(2G79D37UP9t379=en9?se5et=3ss9;.3s=F
P33mete N3me: ttn9
E?tra6te9 In=ormation o= 'ata8aseB3en; !3t3D3se: O37e
E?tra6te9 'ata8ase Name• CTXSYS
• MDSYS
• OLAPSYS
• PMSTM
• PORTAL
• SUGWEB
• SYS
• SYSTEM
http://203.196.206.152/Global_Portal/openhouse/getpassword.aspxhttp://203.196.206.152/Global_Portal/openhouse/getpassword.aspx
-
8/17/2019 Sample WAPT Report V1.4
18/116
Penetration Testing Report
• TMMLDEV
• UGLOBAL
• WKSYS
WMSYS
FIURE 1D S/ ERROR ON PARAMETER /OIN I'
FIURE #D S/ IN%ECTION ERROR ENERATE' $ APP/ICATION
-
8/17/2019 Sample WAPT Report V1.4
19/116
Penetration Testing Report
FIURE &D EXTRACTIN 'ATA$ASE NAME USIN S/ IN%ECTION
A7s9 4t 3s @9?n; t3t WeD se4e 4s 37s9 ?7ne3D7e t9 SQL 4net49n.
We 3e 3D7e t9 eFe?te se7et ?se @9m ;?37 ?e8 De79 4s te seens9ts @9 te
s3me:
FIURE (D ,E$ SERVICE S/ ANA/GER
-
8/17/2019 Sample WAPT Report V1.4
20/116
Penetration Testing Report
A7s9 ;?e t9 SQL Inet49n 4t 3s @9?n; t3t 3==743t49n st9es =3ss9; 4n 7e3 teFt@9m3t.
E?tra6te9 In=ormation =rom Ta84e CVH/OIN =orm Porta4I' /OINI' /HNAME /HSTAT 'EPT/O SU$H'EPT /HPASS,OR/'
1 , ACE "ACT ! ACE "ACT ACE "ACT ACE "ACT
2 , =2-*&, ENGINE "AC ENGINE "AC en54ne
# 1 A!MIN , ACE "ACT A!MINC+B A!MIN
' , AMS , AMS AMS AMS
( , APL , APL APL APL
IMPACT+349?s 3tt3s 3n De ;e74ee; 43 SQL 4net49n 4n7?;4n5 e3;4n5 9 m9;4@84n5
4t437 3==743t49n ;3t3 4nte@e4n5 4t 3==743t49n 7954 es373t4n5 =447e5es 4t4n
te ;3t3D3se 3n; eFe?t4n5 9=e3t4n5 s8stem 9mm3n;s. We ee 37s9 3D7e t9
D8=3ss OTP =3ss9; @?nt49n374t8 ?s4n5 SQL 4net49n.
An 3tt3e 3n 3ess C7e3 teFt =3ss9; 4 4s st9e; 4n ;3t3D3se.
RECOMMEN'ATION"97794n5 3e te e9mmen;3t49n t9 =eent SQL 4net49n 3tt3.
1. W4te 74st 9@ 3e=t3D7e 37?es
if (Request.QueryString[0] != null)
{
string procuctname = Request.QueryString[0];
ar rege = ne" Rege(#$%0&['][0*]&+$);
if (!rege.,s-atc(procuctname))
{
l/lmessage.et = $'n inali1 pro1uct name as /een
specifie1.$; return;
2
2
2. se P33mete4e; Q?e4es
if (Request.QueryString[0] != null)
{
string procuctname = Request.QueryString[0];
-
8/17/2019 Sample WAPT Report V1.4
21/116
Penetration Testing Report
Sql3onnection con = ne"
Sql3onnection(3onfiguration-anager.3onnectionStrings[$4563onnectionString$].3onnect
ionString);
Sql3omman1 comman1 = ne" Sql3omman1($S7873 9ro1uct6:ame
3ategory6:ame4escription ?7R7 9ro1uct6:ame =#9ro1uct6:ame$);
comman1.3omman1ype = System.4ata.3omman1ype.et;
comman1.9arameters.'11($#9ro1uct6:ame$ Sql4/ype.@ar3ar
A0).@alue = procuctname;
comman1.3onnection = con;
con.pen();
Bri1@ie"C.4ataSource = comman1.7ecuteRea1er();
Bri1@ie"C.4ata5in1();
con.3lose();
2
-
8/17/2019 Sample WAPT Report V1.4
22/116
Penetration Testing Report
#. se P33mete4e; St9e; P9e;?es
if(Request.QueryString[0] != null)
{
Sql3onnection con = ne"
Sql3onnection(3onfiguration-anager.3onnectionStrings[$4563onnectionStringC$].3onnec
tionString);
string 9ro1uct6:ame = Request.QueryString[0];
Sql3omman1 comman1 = ne" Sql3omman1($sp6Bet9ro1ucts$ con);
comman1.3omman1ype = System.4ata.3omman1ype.Store19roce1ure;
comman1.9arameters.'11($#9ro1uct6:ame$ Sql4/ype.@ar3ar).@alue =
9ro1uct6:ame;
comman1.3onnection = con;
con.pen();Bri1@ie"C.4ataSource = comman1.7ecuteRea1er();
Bri1@ie"C.4ata5in1();
con.3lose();
2
A7s9 4t 4s e9mmen;e; t9 se 3 8=t953=43778 se?e 3s 74e S$A2 @9 st94n5
=3ss9;
tt=:etet4.netD7952,12#2-st9n5=3ss9;3s4n5@93s=net.tm7.
REFERENCESQL Inet49n
tt=:en.44=e;43.9544SQLU4net49n
St9= SQL Inet49n Att3s De@9e Te8 St9= Y9?
tt=:ms;[email protected];nm354ss?es,',-SQLInet49n
$9 T9: P9tet "9m Inet49n Att3s 4n ASP.NET
tt=:ms;[email protected]?s74D386'*#-*.3s=F
http://en.wikipedia.org/wiki/SQL_injectionhttp://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/http://msdn.microsoft.com/en-us/library/ff647397.aspxhttp://en.wikipedia.org/wiki/SQL_injectionhttp://msdn.microsoft.com/msdnmag/issues/04/09/SQLInjection/http://msdn.microsoft.com/en-us/library/ff647397.aspx
-
8/17/2019 Sample WAPT Report V1.4
23/116
Penetration Testing Report
2.1.2 NRESTRICTE! "ILE PLOA!
SEVERIT /EVE/)I)
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONnest4te; "47e =793;
AFFECTE' SAMP/E UR/
'ESCRIPTION=793;e; 7es e=esent 3 s45n43nt 4s t9 3==743t49ns. Te st ste= 4n m3n8
3tt3s 4s t9 5et s9me 9;e t9 te s8stem t9 De 3tt3e;. Ten te 3tt3 9n78 nee;s
t9 n; 3 38 t9 5et te 9;e eFe?te;. s4n5 3 7e ?=793; e7=s te 3tt3e
39m=74s te st ste=.
Te 9nse?enes 9@ ?nest4te; 7e ?=793; 3n 38 4n7?;4n5 9m=7ete s8stem
t3e9e 3n 9e793;e; 7e s8stem @93;4n5 3tt3s t9 D3en; s8stems 3n;
s4m=7e ;e@3ement. It ;e=en;s 9n 3t te 3==743t49n ;9es 4t te ?=793;e; 7e
4n7?;4n5 ee 4t 4s st9e;.
ANA/SIS
Te Aete; S3m=7e RL 4s ?7ne3D7e t9 ?nest4te; 7e ?=793;.10 As te eD 3==743t49n ;9esnHt 374;3te 9ntent t8=e @9 te ?=793;e; 7es e9?7; s?ess@?778 ?=793; 3 m37449?s 7e eD se770 9n te see.We ee 3D7e t9 D8=3ss te 374;3t49n ten4?es ?se; D8 te 3==743t49n D8s?==784n5 te 7en3me st4n5 3s 7en3me.3s=F=e5
FIURE + UP/OA'IN A MA/ICIOUS FI/E STE P 1
-
8/17/2019 Sample WAPT Report V1.4
24/116
Penetration Testing Report
FIURE "D UP/OA'IN A MA/ICIOUS FI/E STEP #
FIURE *D UP/OA'IN A MA/ICIOUS FI/E STEP &
20 A@te ?=793;4n5 te 7e e ee 3D7e t9 3ess te se77 3n; D9se t9?5 te3==743t49n S9?e 7es. A7s9 3D7e t9 eFe?te OS 7ee7 9mm3n;.E?tra6te9 In=ormationDC9mm3n;: net ?seDser accounts for EE-9:7R330C
-
8/17/2019 Sample WAPT Report V1.4
25/116
Penetration Testing Report
'3Dser '1ministrator 'S9:7
-
8/17/2019 Sample WAPT Report V1.4
26/116
Penetration Testing Report
!e4e; n;4n5s 3e 4ss?es 4 3e ;4s9ee; ;?4n5 te =9ess 9@ eF=794t3t49n 9@ s9me 9te 4ss?es. Tese n;4n5s 3e Deen 45745te; De3?se te 3tt3e 3n7ee35e tese 4ss?es 4n 3 9m=9m4se; s8stem t9 ;45 ;ee=e 4nt9 te net97e3;4n5 t9 5e3te ;3m35e.$e4oB are te 'eri;e9 5n9ingsD
• WeD.9n5 3s 9n5?e; 4t $3;9;e; !3t3D3se C9nnet49n St4n5E?tra6te9 In=ormationD4ata Source=-HJJ Dser ,4=portal 9ass"or1=portalCKH
4ata Source=9'L>756:7> Dser ,4=m/suser 9ass"or1=m/suserCKH
FIURE .D CONNECTION STRIN IN ,E$!CONFI• Encryption key w! "o#n$ to %e &r$co$e$ in t&e !o#rce co$e'
IMPACTs4n5 7e ?=793; ?7ne3D474t8 3n 3tt3e 3n ?=793; m37449?s 9;e t3t 3n ?n
s8stem 7ee7 9mm3n;s D9se s8stem 7es 3n; 3n =enet3te 4ns4;e te net9.
A7s9 e 3e 37s9 3D7e t9 ;9n793; ent4e s9?e 9;e 9@ te A==743t49n ?s4n5
?=793;e; se77.
RECOMMEN'ATIONIt 4s e9mmen;e; t9 374;3te te @97794n5
• T8=e 9@ te 7es t9 De ?=793;e; 9n te see s4;e.
• C9ntentt8=e s9?7; De 374;3te; 9n te see s4;e.
• S4e 9@ te 7e
• !9 n9t sen; ?=793;e; es?mes ;4et78 43 em347 t9 te 4nten3778 em=798ees. Its9?7; De s3nne; @9 4?ses.
"47e eFtens49n 374;3t49n
string filepat = $$;
protecte1 oi1 /tnuploa163licG(o/Mect sen1er 7ent'rgs e)
{
NN@ulnera/le 3o1e
if (uploa1er.?as
-
8/17/2019 Sample WAPT Report V1.4
27/116
Penetration Testing Report
{
filepat = Serer.-ap9at($..NfilesN$ O
uploa1er.9oste1
-
8/17/2019 Sample WAPT Report V1.4
28/116
Penetration Testing Report
tt=s:.93s=.954n;eF.==nest4te;U"47eU=793;
https://www.owasp.org/index.php/Unrestricted_File_Uploadhttps://www.owasp.org/index.php/Unrestricted_File_Upload
-
8/17/2019 Sample WAPT Report V1.4
29/116
Penetration Testing Report
2.1.# APPLICATION ALLOWS REPLAY O" AT$ENTICATION TO%EN
SEVERIT /EVE/)I)
EASE OF EXP/OITATIONEAS
VU/NERA$I/IT C/ASSIFICATIONInse?e Im=7ement3t49n 9@ A?tent43t49n T9enRe=78 Att3
AFFECTE' SAMP/E UR/
'ESCRIPTIONA e=738 3tt3 9?s en 3n 3tt3e 9=4es 3 ste3m 9@ mess35es Deteen t9
=3t4es 3n; e=738s te ste3m t9 9ne 9 m9e 9@ te =3t4es. n7ess m4t453te; te9m=?tes s?Det t9 te 3tt3 =9ess te ste3m 3s 7e54t4m3te mess35es es?7t4n54n 3 3n5e 9@ D3; 9nse?enes s? 3s e;?n;3nt 9;es 9@ 3n 4tem.
ANA/SIS Te WeD D3se; SSO 4m=7ement3t49n 3s @9?n; t9 De ?7ne3D7e t9 e=738 3tt3. Tet9en 5ene3t49n 3s @9?n; t9 De 8=t953=43778 e3 4 ;9es n9t 5ene3te3n;9m 4=e teFt @9 3 54en ?se 3n; 97e =33mete. Te ?se s=e4 4=e teFt3n De 5ene3te; @9m te De79 RL 3n; ten te s3me t9en 3n De ?se; t9 7954n9n De37@ 9@ te ?se.
FIURE 0D TO-EN ENERATION
FIURE 12D TO-EN FOR PERSONA/ NO ! 11.&1*
-
8/17/2019 Sample WAPT Report V1.4
30/116
Penetration Testing Report
FIURE 11D SUCCESSFU/ /OIN ,IT) T)E TO-EN
IMPACTAn8 ?se 3n 7954n 4nt9 te s8stem 9n De37@ 9@ te 9te ?se D8 n94n5 4s=es9n37 n?mDe 3n; 5ene3t4n5 te 8=t953=4 37?e @9 te ?7ne3D7e RL.
RECOMMEN'ATIONBe79 3e te e9mmen;3t49ns @9 Re=738 9@ 3?tent43t49n t9ens:
• Gene3te 3 8=t953=4 sten5t 9net4me 3n;9m t9en 4 m?st De:o A779e; t9 De ?se; 9neo s3D7e @9 te ?se 4t 3s e3te;o T3nsm4tte; 43 $TTPS
• It 4s e9mmen;e; t9 4m=7ement n9ne t9en 3s t4s 477 =eent @9m Re=78
3tt3.• T4me st3m=4n5 4s 3n9te 38 9@ =eent4n5 3 e=738 3tt3 D8 s45n4n5 te
e?est 4t 3 t4meD3se; t9en 3s 3 =33mete 3n; set 3n eF=43t49n t4me 9nt3t t9en. Te ?sen3me 3n; t4mest3m= 3n De 3se; 3n; =3sse; 3s 3=33mete 3n; ten te s3me =33mete s9?7; De ee; @9 4ts 374;4t8.
I@ @e3s4D7e ?se W4n;9s I;ent4@8 "9?n;3t49n @9 eD D3se; S4n57e S45nOn.
REFERENCERe=78 Att3
tt=s:.93s=.954n;eF.==Test4n5U@9UWSURe=738UOWASPWS,,*0
W4n;9s I;ent4t8 "9?n;3t49ntt=:ms;[email protected]?s74D38#**1(1.3s=F
tt=:D795s.ms;n.9mD?s4s;e34e2,12,#1#4n;9s3?ese?4t8Dest
=3t4es=3t(734msD3se;4;ent4t8s4n57es45n9n.3s=F
Im=7ement4n5 N9nett=:en.44=e;43.9544C8=t953=4Un9ne
https://www.owasp.org/index.php/Testing_for_WS_Replay_(OWASP-WS-007)http://msdn.microsoft.com/en-us/library/hh377151.aspxhttp://blogs.msdn.com/b/usisvde/archive/2012/03/13/windows-azure-security-best-practices-part-5-claims-based-identity-single-sign-on.aspxhttp://blogs.msdn.com/b/usisvde/archive/2012/03/13/windows-azure-security-best-practices-part-5-claims-based-identity-single-sign-on.aspxhttp://en.wikipedia.org/wiki/Cryptographic_noncehttps://www.owasp.org/index.php/Testing_for_WS_Replay_(OWASP-WS-007)http://msdn.microsoft.com/en-us/library/hh377151.aspxhttp://blogs.msdn.com/b/usisvde/archive/2012/03/13/windows-azure-security-best-practices-part-5-claims-based-identity-single-sign-on.aspxhttp://blogs.msdn.com/b/usisvde/archive/2012/03/13/windows-azure-security-best-practices-part-5-claims-based-identity-single-sign-on.aspxhttp://en.wikipedia.org/wiki/Cryptographic_nonce
-
8/17/2019 Sample WAPT Report V1.4
31/116
Penetration Testing Report
tt=s:44.se4en9.9m4n;eF.==t4t7eVIm=7ement4n5U3UN9ne
https://wiki.servicenow.com/index.php?title=Implementing_a_Noncehttps://wiki.servicenow.com/index.php?title=Implementing_a_Nonce
-
8/17/2019 Sample WAPT Report V1.4
32/116
Penetration Testing Report
2.1.' INS""ICIENT AT$ENTICATION
SEVERIT /EVE/)I)
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONIns?4ent A?tent43t49n
AFFECTE' SAMP/E UR/
'ESCRIPTIONIns?4ent A?tent43t49n 9?s en 3 eD s4te =em4ts 3n 3tt3e t9 3ess
sens4t4e 9ntent 9 @?nt49n374t8 4t9?t 34n5 t9 =9=e78 3?tent43te. WeDD3se;3;m4n4st3t49n t997s 3e 3 599; eF3m=7e 9@ eD s4tes =94;4n5 3ess t9 sens4t4e
@?nt49n374t8. !e=en;4n5 9n te s=e4 9n74ne es9?e tese eD 3==743t49ns
s9?7; n9t De ;4et78 3ess4D7e 4t9?t e?44n5 te ?se t9 =9=e78 e4@8 te4
4;ent4t8.
ANA/SIS
IMPACT T4s e3ness 3n 7e3; t9 te eF=9s?e 9@ es9?es 9 @?nt49n374t8 t9 ?n4nten;e;
?se =9ss4D78 =94;4n5 3tt3es 4t sens4t4e 4n@9m3t49n 9 een eFe?te 3D4t389;e.
A7s9 4t 4s ;4?7t t9 ee= 3 t3 9@ te 3t44t4es =e@9me; 4n 3==743t49n 4t ?se
m34n5 3n5es 4t9?t 3?tent43t4n5 4mse7@.
Att3e 3n 7954n 4t 3n8 ?se 3s 3==743t49n 3779s ;4et 7954n 4 9n78 nee;s
4t4m Pes9n37 n9.
RECOMMEN'ATIONIt 4s e9mmen;e; t9 4m=7ement st9n5 3?tent43t49n 3n; 3?t943t49n me3n4sm
De@9e 3ess4n5 3n8 sens4t4e 4n@9m3t49n 9 ,e8 Ser;i6es. se 3n 3?tent43t49n
@3me9 9 74D38 s? 3s MemDes4= 3n; R97e P94;e 4 s4=s 4t .Net 2.,OWASP ESAPI A?tent43t49n @e3t?e et.
REFERENCEIns?4ent A?tent43t49n
tt=:=9ets.eD3==se.95=35e1#2'6-#-Ins?4entX2,A?tent43t49n
WeD Se4e A?tent43t49n
http://projects.webappsec.org/w/page/13246939/Insufficient%20Authenticationhttp://projects.webappsec.org/w/page/13246939/Insufficient%20Authentication
-
8/17/2019 Sample WAPT Report V1.4
33/116
Penetration Testing Report
tt=:ms;[email protected]?s74D386*,;*Vs.*10.3s=F
http://msdn.microsoft.com/en-us/library/w67h0dw7(v=vs.71).aspxhttp://msdn.microsoft.com/en-us/library/w67h0dw7(v=vs.71).aspx
-
8/17/2019 Sample WAPT Report V1.4
34/116
-
8/17/2019 Sample WAPT Report V1.4
35/116
Penetration Testing Report
FIURE 1#D CREATE OF REUISITIONS STEP 1
Ste= 2: C74 De79 RL @9 A==937 C74 9n Sent T9 PRO @9 B994n5 D?tt9n
tt=:2,#.1-6.2,6.1(2579D37U=9t37T3e7UB994n5F1413((=5#1'(F,3;;D(03==937sen;t9=9.3s=Ft3e7n9V*,,(
FIURE 1& D APPROVE OF REUISITIONS STEP #
FIURE 1(D TRAVE/ REUEST ION SENT TO PRO
http://203.196.206.152/global_portal/Travel_Booking/(x1ik1a55pkqg3145x0addbj5)/approval/sendtopro.aspx?travelno=700835http://203.196.206.152/global_portal/Travel_Booking/(x1ik1a55pkqg3145x0addbj5)/approval/sendtopro.aspx?travelno=700835http://203.196.206.152/global_portal/Travel_Booking/(x1ik1a55pkqg3145x0addbj5)/approval/sendtopro.aspx?travelno=700835http://203.196.206.152/global_portal/Travel_Booking/(x1ik1a55pkqg3145x0addbj5)/approval/sendtopro.aspx?travelno=700835
-
8/17/2019 Sample WAPT Report V1.4
36/116
Penetration Testing Report
Ste= #: Ce te St3t?s 9@ Re?4s4t49n
FIURE 1+D VERIF T)E STATUS OF REUISITION
RECOMMEN'ATIONIt 4s e9mmen;e; t9 4m=7ement st9n5 3?t943t49n 4n te 3==743t49n.
• !44;e te s9@t3e 4nt9 3n9n8m9?s n9m37 =447e5e; 3n; 3;m4n4st3t4e
3e3s. Re;?e te 3tt3 s?@3e D8 3e@?778 m3==4n5 97es 4t ;3t3 3n;
@?nt49n374t8. se 97eD3se; 3ess 9nt97 RBAC0 t9 en@9e te 97es 3t te
3==9=43te D9?n;34es.
N9te t3t t4s 3==93 m38 n9t =9tet 3534nst 949nt37 3?t943t49n 4.e. 4t477 n9t =9tet 3 ?se @9m 3tt34n5 9tes 4t te s3me 97e.
• Ens?e t3t 89? =e@9m 3ess 9nt97 es e73te; t9 89? D?s4ness 7954.
Tese es m38 De ;4eent t3n te 3ess 9nt97 es t3t 89? 3==78 t9m9e 5ene4 es9?es s? 3s 7es 9nnet49ns =9esses mem98 3n;
;3t3D3se e9;s.• "9 eD 3==743t49ns m3e s?e t3t te 3ess 9nt97 me3n4sm 4s en@9e;
9et78 3t te see s4;e 9n ee8 =35e. ses s9?7; n9t De 3D7e t9 3ess
3n8 ?n3?t94e; @?nt49n374t8 9 4n@9m3t49n D8 s4m=78 e?est4n5 ;4et
3ess t9 t3t =35e.• One 38 t9 ;9 t4s 4s t9 ens?e t3t 377 =35es 9nt34n4n5 sens4t4e 4n@9m3t49n
3e n9t 3e; 3n; t3t 377 s? =35es est4t 3ess t9 e?ests t3t 3e
39m=3n4e; D8 3n 3t4e 3n; 3?tent43te; sess49n t9en 3ss943te; 4t 3
?se 9 3s te e?4e; =em4ss49ns t9 3ess t3t =35e.• se te 3ess 9nt97 3=3D474t4es 9@ 89? 9=e3t4n5 s8stem 3n; see
en49nment 3n; ;ene 89? 3ess 9nt97 74sts 39;4n578. se 3 ;e@3?7t
;en8 =9748 en ;en4n5 tese ACLs.•
REFERENCEIns?4ent A?t943t49ntt=:=9ets.eD3==se.95Ins?4entA?t943t49n
-
8/17/2019 Sample WAPT Report V1.4
37/116
Penetration Testing Report
2.1.6 !ANGEROS MET$O!S ENABLE!
SEVERIT /EVE/)I)
EASE OF EXP/OITATIONEAS
VU/NERA$I/IT C/ASSIFICATIONSee M4s9n5?3t49n
AFFECTE' SAMP/E UR/See M4s9n5?3t49n
'ESCRIPTIONSee M4s9n5?3t49n 3tt3s eF=794t 9n5?3t49n e3nesses @9?n; 4n eD
sees 3n; 3==743t49n sees. M3n8 sees 9me 4t ?nneess38 ;e@3?7t 3n;s3m=7e 7es 4n7?;4n5 3==743t49ns 9n5?3t49n 7es s4=ts 3n; eD =35es. Te8
m38 37s9 3e ?nneess38 se4es en3D7e; s? 3s 9ntent m3n35ement 3n;
em9te 3;m4n4st3t49n @?nt49n374t8. !eD?554n5 @?nt49ns m38 De en3D7e; 9
3;m4n4st3t4e @?nt49ns m38 De 3ess4D7e t9 3n9n8m9?s ?ses.
Sees m38 4n7?;e e77n9n ;e@3?7t 39?nts 3n; =3ss9;s. "347?e t9 @?778 79
;9n 9 3;en te see m38 7e3e 4m=9=e78 set 7e 3n; ;4et98 =em4ss49ns.
M4s9n5?e; SSL et43tes 3n; en8=t49n sett4n5s te ?se 9@ ;e@3?7t et43tes
3n; 4m=9=e 3?tent43t49n 4m=7ement3t49n 4t eFten37 s8stems m38 9m=9m4se
te 9n;ent4374t8 9@ 4n@9m3t49n.
+eD9se 3n; 4n@9m3t4e e9 mess35es m38 es?7t 4n ;3t3 7e335e 3n; te
4n@9m3t49n ee37e; 9?7; De ?se; t9 @9m?73te te neFt 7ee7 9@ 3tt3. In9et
9n5?3t49ns 4n te see s9@t3e m38 =em4t ;4et98 4n;eF4n5 3n; =3t
t3es37 3tt3s.
ANA/SIS!?4n5 3n378s4s 4t 3s @9?n; t3t De79 ment49ne; !3n5e9?s $TTP met9;s eeen3D7e; 9n te see.
• PT
• !e7ete• T3e
• COPY
• MO+E
• M%COL
• PROP"IN!
• SEARC$
-
8/17/2019 Sample WAPT Report V1.4
38/116
Penetration Testing Report
• LOC%
• NLOC%
IMPACTAs WeD!A+ 3s 9n5?e; 4t 4te =em4ss49n en3D7e 9n te em9te see
3tt3e 3n 3D7e t9 ?=793; se77 9n te see. T4s 3n 7e3; t9 9m=9m4se 9@ ent4e
s8stem 3s 3tt3e 3n ?n OS 7ee7 9mm3n; 9n te t35et see. A7s9 WeD!A+ 37s9
3s M9;4@8 3n; !e7ete met9; en3D7e ;?e t9 4 3tt3e 3n m9;4@8 3n; ;e7ete
3n8 7e @9m te em9te 3==743t49n see.
A7s9 Att3es m38 3D?se $TTP TRACE met9; t9 534n 3ess t9 4n@9m3t49n 4n $TTPe3;es s? 3s 994es 3n; 3?tent43t49n ;3t3.
RECOMMEN'ATIONIt 4s e9mmen;e; t3t est4t 3ess @9 377 ;3n5e9?s met9; 3n; 4@ 4t 4s n9t De4n5
?se; ;4s3D7e 4t.
"9 ;4s3D74n5 ;3n5e9?s met9; ?se IIS L9;9n
tt=:[email protected]?s74D38;;'(,#*2.3s=F
REFERENCE$9 t9 ;4s3D7e WeD!A+ @9 IIS 6tt=:.=9=m3t43n.9mt4=snt4s2,,-,(2,9t9;4s3D7eeD;34n44s6
W4te$3t C9sss4te T34n5 P3=ett=:.54se?4t8.9m4te3tm49W$W4teP3=eU/STUeD99.=;@
M?7t4=7e WeD Sees !3n5e9?s $TTP Met9; TRACEtt=:9s;D.95s99s;D&**
http://technet.microsoft.com/en-us/library/dd450372.aspxhttp://www.popmartian.com/tipsntricks/2009/05/20/howto-disable-webdav-in-iis-6/http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdfhttp://osvdb.org/show/osvdb/877http://technet.microsoft.com/en-us/library/dd450372.aspxhttp://www.popmartian.com/tipsntricks/2009/05/20/howto-disable-webdav-in-iis-6/http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdfhttp://osvdb.org/show/osvdb/877
-
8/17/2019 Sample WAPT Report V1.4
39/116
Penetration Testing Report
2.1.* REP!IATION ATTAC%
SEVERIT )I)
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONRe=?;43t49n 3tt3
AFFECTE' SAMP/E UR/
'ESCRIPTIONA e=?;43t49n 3tt3 3==ens en 3n 3==743t49n 9 s8stem ;9es n9t 3;9=t 9nt97s
t9 =9=e78 t3 3n; 795 ?sesH 3t49ns t?s =em4tt4n5 m37449?s m3n4=?73t49n 9
@954n5 te 4;ent43t49n 9@ ne 3t49ns. T4s 3tt3 3n De ?se; t9 3n5e te
3?t94n5 4n@9m3t49n 9@ 3t49ns eFe?te; D8 3 m37449?s ?se 4n 9;e t9 795 9n5
;3t3 t9 795 7es. Its ?s35e 3n De eFten;e; t9 5ene37 ;3t3 m3n4=?73t49n 4n te n3me
9@ 9tes 4n 3 s4m473 m3nne 3s s=99n5 m347 mess35es. I@ t4s 3tt3 t3es =73e
te ;3t3 st9e; 9n 795 7es 3n De 9ns4;ee; 4n374; 9 m4s7e3;4n5.
ANA/SISA e=?;43t49n 3tt3 3==ens en 3n 3==743t49n 9 s8stem ;9es n9t 3;3=t 9nt97s
t9 =9=e78 t3 3n; 795 ?sesH 3t49ns t?s =em4tt4n5 m37449?s m3n4=?73t49n 9
@954n5 te 4;ent43t49n 9@ ne 3t49ns. T4s 3tt3 3n De ?se; t9 3n5e te3?t94n5 4n@9m3t49n 9@ 3t49ns eFe?te; D8 3 m37449?s ?se 4n 9;e t9 795 9n5
;3t3 t9 795 7es.
T9 34ee t4s e 3e t9 =e@9m te ste=s ment49ne; De79
• Ste= 1: L955e; 4n 4t +APTSER# ?se.
• Ste= 2: C3=t?e te A;; J9e e?est.
FIURE 1"D A'' %O-E REUEST
-
8/17/2019 Sample WAPT Report V1.4
40/116
Penetration Testing Report
Ste= #: C3n5e te $4;;enseUI! +37?e t9 11 4 e=esent M S34t3R34 se.
FIURE 1*D C)ANE ) I''EN USER I' VA/UE
• Ste= ': S?Dm4t te e?est.
FIURE 1.D SUCCESSFU// A''E' %O-E
• Ste= (: S?ess@?778 e3te; e?est ;et347s D8 M S34t3 R34 ?se.
FIURE 10D %O-E )AS $EEN CREATE' $ SARITA RA%IV REPU'IATION ATTAC- SUCCESSFU/
IMPACT T4s 4ss?e t35ets te 39?nt3D474t8 9@ te t3ns3t49ns =e@9me; D8 te ?ses 9@ te3==743t49n. A ?se ABC 3n =e@9m 3 t3ns3t49n 3n; m3e s9me9ne e7sees=9ns4D7e @9 =e@9m4n5 t3t t3ns3t49n.In t4s 3se 3n 3tt3e 3n 3;; 3 ;4st?D4n5 mess35e t9 ?se A 3n; m3e ?se Bes=9ns4D7e @9 sen;4n5 te mess35e.
-
8/17/2019 Sample WAPT Report V1.4
41/116
Penetration Testing Report
T4s 3tt3 3n De ?se; t9 3n5e te e9; e3t9 n3me 4n te 3==743t49n teeD8tee 4s n9 39?nt3D474t8 @9 te ;3t3 e73te; 9=e3t49ns.It 3s 37s9 =9ss4D7e @9 3n 3tt3e t9 3;; 9e ;3t3 @9 4 tee 3s n9
?st9me 4nte3t49n e?4e;. "9 s?ess@?7 3tt3 3n 3tt3e nee; t9 s4m=78 3@t
s? e?est 3n; ?st nee; t9 3n5e $4;;enseUI! 37?e 4n t3t e?est.T4s
$4;;enseUI! e=esent te =es9n37 n9 4 477 =94nt t9 ?se.A7s9 t4s 477 De3
te A9?nt3D474t8 9@ te WeD 3==743t49n.
RECOMMEN'ATION Te 3==743t49n s9?7; n9t De 79554n5 3n8 ?se s?==74e; 4n=?t. I@ 3t 377 te D?s4ness
e?4ement ;4t3tes t9 795 3 ?se s?==74e; 4n=?t ten 4t 4s 4578 e9mmen;e; t3t
89? 374;3te te ?se 4n=?t. A7s9 @9 9=e3t49ns t3t e?4e; t9 De 7955e; @9m te
3?;4t t347 =94nt 9@ 4e s9?7; De =4e; @9m te 7955e; 9n sess49n ?se.
REFERENCE
Re=?;43t49n Att3tt=s:.93s=.954n;eF.==Re=?;43t49nUAtt3
https://www.owasp.org/index.php/Repudiation_Attackhttps://www.owasp.org/index.php/Repudiation_Attack
-
8/17/2019 Sample WAPT Report V1.4
42/116
Penetration Testing Report
2.1.& WEA% PASSWOR! RECO+ERY MEC$ANISM
SEVERIT )I)
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONB9en A?tent43t49n 3n; Sess49n M3n35ement
AFFECTE' SAMP/E UR/
'ESCRIPTION
Ins?4ent P3ss9; Re9e8 4s en 3 eD s4te =em4ts 3n 3tt3e t9 477e537789Dt34n 3n5e 9 e9e 3n9te ?seHs =3ss9;. C9nent49n37 eD s4te3?tent43t49n met9;s e?4e ?ses t9 se7et 3n; ememDe 3 =3ss9; 9=3ss=3se. Te ?se s9?7; De te 9n78 =es9n t3t n9s te =3ss9; 3n; 4t m?stDe ememDee; =e4se78.
ANA/SISBe79 3e te 4ss?es @9?n; 9n =3ss9; e9e8 me3n4sm:
1. Att3e 3n 3n5e 4t4m =3ss9; D8 ?st n94n5 4s ;3te 9@ B4t 43n De et4ee; @9m De79 ment49n RL.In@9m3t49n Le335e 9@ !3te 9@ B4t D8 3n54n5 =Un9 =33mete.tt=:2,#.1-6.2,6.1(2G79D37UP9t37m8t3t3m9t9s$9me"9msmUEm=UA77U!et347s.3s=F=Un9V6((*-&KD;38V1tt=:2,#.1-6.2,6.1(2G79D37UP9t37MBS5,@;Dn(m?t53?5s;820L954nC9mm9n"9ms@mUs45nU?=.3s=F3t49nVe54ste Ye3 3n De 5?esse; D8 3n 3tt3e 3s tee 4s n9 se L99?t P9748 Deen4m=7emente;.se L99?t P9748 me3ns t3t 3@te #( 3ttem=ts te ?se s9?7; De 79e;9?t @9m 3ess4n5 te 3==743t49n 3n; m?st 9nt3t te 3;m4n4st3t9 @9esett4n5 te =3ss9;.
http://203.196.206.152/Global_Portal/mytatamotors/Home/Forms/m_Emp_All_Details.aspx?p_no=655798&bday=1http://203.196.206.152/Global_Portal/mytatamotors/Home/Forms/m_Emp_All_Details.aspx?p_no=655798&bday=1http://203.196.206.152/Global_Portal/MBS/(gj0fdbn5chmutgauzgscdyr2)/Login/Common/Forms/frm_sign_up.aspx?action=registerhttp://203.196.206.152/Global_Portal/MBS/(gj0fdbn5chmutgauzgscdyr2)/Login/Common/Forms/frm_sign_up.aspx?action=registerhttp://203.196.206.152/Global_Portal/MBS/(gj0fdbn5chmutgauzgscdyr2)/Login/Common/Forms/frm_sign_up.aspx?action=registerhttp://203.196.206.152/Global_Portal/mytatamotors/Home/Forms/m_Emp_All_Details.aspx?p_no=655798&bday=1http://203.196.206.152/Global_Portal/mytatamotors/Home/Forms/m_Emp_All_Details.aspx?p_no=655798&bday=1http://203.196.206.152/Global_Portal/MBS/(gj0fdbn5chmutgauzgscdyr2)/Login/Common/Forms/frm_sign_up.aspx?action=registerhttp://203.196.206.152/Global_Portal/MBS/(gj0fdbn5chmutgauzgscdyr2)/Login/Common/Forms/frm_sign_up.aspx?action=registerhttp://203.196.206.152/Global_Portal/MBS/(gj0fdbn5chmutgauzgscdyr2)/Login/Common/Forms/frm_sign_up.aspx?action=register
-
8/17/2019 Sample WAPT Report V1.4
43/116
Penetration Testing Report
We 3e 3D7e t9 5et ;3te 9@ D4t 9@ em=798ee D8 3n54n5 =Un9 37?e t9
6((*-&.De79 seens9t e=esent te s3me:
FIURE #2D ETTIN 'ATE OF $IRT)
Resett4n5 =3ss9; 9@ 6((*-& D8 544n5 ;3te 9@ D4t eFt3te; 4n 3D9e seens9t
3n; D?te @94n5 8e3 De79 seens9t e=esent te s3me:
FIURE #1D FOROT PASS,OR' FOR "++*0.
FIURE ##D $RUTE FORCIN EAR PARAMETER
-
8/17/2019 Sample WAPT Report V1.4
44/116
-
8/17/2019 Sample WAPT Report V1.4
45/116
Penetration Testing Report
tt=:2,#.1-6.2,6.1(2G79D37UP9t37MBSt37(8'(8nmmn((9;33FD0L954nC9mm9n"9ms@mU5etU=3ss9;.3s=F
• Ente 37?e P11 4n L954n I! =ess S?Dm4t D?tt9n.
• N9 +4e P35e S9?e 89? 477 n; De79 4n@9m3t49n
E?tra6te9 In=ormationDinput name=$1n'ns"er$ i1=$1n'ns"er$ type=$i11en$ alue=$9CCIHC$ NTinput name=$1n9ass"or1$ i1=$1n9ass"or1$ type=$i11en$ alue=$est#CKH$ NT
Security Question Answer: P118316
Password: Test@123
FIURE #+D STEP 1 ,EA- PASS,OR' MEC)ANISM
FIURE #"D STEP # ,EA- PASS,OR' MEC)ANISM
A7s9 4t 3s 37s9 @9?n; t3t =3ss9; e9e8 me3n4sm 4m=7emente; D8
3==743t49n 3s @9?n; t9 De e3 3s se?4t8 ?est49n 3nse @9 m9st 9@ te se 4s
@9?n; t9 s3me.
http://203.196.206.152/Global_Portal/MBS/(wtal5y45yrnmmn55odaavxbv)/Login/Common/Forms/frm_get_password.aspxhttp://203.196.206.152/Global_Portal/MBS/(wtal5y45yrnmmn55odaavxbv)/Login/Common/Forms/frm_get_password.aspxhttp://203.196.206.152/Global_Portal/MBS/(wtal5y45yrnmmn55odaavxbv)/Login/Common/Forms/frm_get_password.aspxhttp://203.196.206.152/Global_Portal/MBS/(wtal5y45yrnmmn55odaavxbv)/Login/Common/Forms/frm_get_password.aspxhttp://203.196.206.152/Global_Portal/MBS/(wtal5y45yrnmmn55odaavxbv)/Login/Common/Forms/frm_get_password.aspxhttp://203.196.206.152/Global_Portal/MBS/(wtal5y45yrnmmn55odaavxbv)/Login/Common/Forms/frm_get_password.aspx
-
8/17/2019 Sample WAPT Report V1.4
46/116
Penetration Testing Report
-
8/17/2019 Sample WAPT Report V1.4
47/116
Penetration Testing Report
IMPACTAn 3tt3e 9?7; 534n ?n3?t94e; 3ess t9 te s8stem D8 et4e4n5 7e54t4m3te
?seHs 3?tent43t49n e;ent437s. An 3tt3e 9?7; ;en8 se4e t9 7e54t4m3te s8stem
?ses D8 73?n4n5 3 D?te @9e 3tt3 9n te =3ss9; e9e8 me3n4sm ?s4n5
=es9n37 n9 9@ 7e54t4m3te ?ses.
RECOMMEN'ATION• T9 =eent 3n 3tt3e @9m @94n5 He9e8H 9@ te =3ss9; te 3==743t49n
s9?7; 4m=7ement 3n 3;;4t49n37 ste= @9 e9e8 9@ =3ss9;. An89ne 3ttem=t4n5t9 esete9e te =3ss9; s9?7; 3nse 3 Hse?4t8 ?est49nH 9se 3nse 4s9n78 n9n t9 te 9454n37 ?se.
• !9 n9t ?se st3n;3; e3 se?4t8 ?est49ns 3n; ?se see37 se?4t8 ?est49ns.
• !4s3D7e te =3ss9; e9e8 @?nt49n374t8 3@te 3 et34n sm3770 n?mDe 9@ 4n9et 5?esses.
• R3te t3n em3474n5 te 9454n37 =3ss9; 4n =734nteFt t9 te ?seHs em34739?nt 3 9net4me t9en RL 3n De 5ene3te; 4 te ?se 3n 4s4t 3n; HsetH4se =3ss9;. T4s 477 e7= =eent s9?7;es?n5 3tt3s.
REFERENCEIns?4ent P3ss9; Re9e8tt=:=9ets.eD3==se.95Ins?4entP3ss9;Re9e8
OWASP "959t P3ss9; Ce3t Seettt=s:.93s=.954n;eF.=="959tUP3ss9;UCe3tUSeet
http://projects.webappsec.org/Insufficient-Password-Recoveryhttps://www.owasp.org/index.php/Forgot_Password_Cheat_Sheethttp://projects.webappsec.org/Insufficient-Password-Recoveryhttps://www.owasp.org/index.php/Forgot_Password_Cheat_Sheet
-
8/17/2019 Sample WAPT Report V1.4
48/116
Penetration Testing Report
2.1.- CROSS SITE SCRIPTING /SS0
SEVERIT /EVE/)I)
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONC9ssS4te S4=t4n5
AFFECTE' SAMP/E UR/
'ESCRIPTION/SS C9ssS4te S4=t4n50 3779s 3n 3tt3e t9 eFe?te 3 ;8n3m4 s4=t J33s4=t
+DS4=t0 4n te 9nteFt 9@ te 3==743t49n. T4s 3779s see37 ;4eent 3tt39==9t?n4t4es m9st78 434n5 te ?ent sess49n 9@ te ?se 9 3n54n5 te 799 9@
te =35e D8 3n54n5 te $TML 9n te 8 t9 ste37 te ?seHs e;ent437s. T4s
3==ens De3?se te 4n=?t entee; D8 3 ?se 3s Deen 4nte=ete; 3s
$TMLJ33s4=t+DS4=t D8 te D9se.
/SS t35ets te ?ses 9@ te 3==743t49n 4nste3; 9@ te see. A7t9?5 t4s 4s 3
74m4t3t49n s4ne 4t 3779s 3tt3es t9 43 9te ?sesH sess49n 3n 3tt3e m45t
3tt3 3n 3;m4n4st3t9 t9 534n @?77 9nt97 9e te 3==743t49n.
ANA/SIS
It 3s @9?n; t3t te 3==743t49n ;9es n9t 374;3te 37?es 9@ 377 =33metes s?Dm4tte;D8 te ?se.In te 3D9e RLs 3n 3tt3e 4s 3D7e t9 sen; m37449?s 4n=?t @9 te =33metesment49ne; 4 4s ten en;ee; D3 9n te eD=35e 4t9?t 3n8 374;3t49n.
Att3 +et9 se; "9 /SS:• >37et;9?ment.994e0
• >NII
Te seens9ts De79 s9 t3t te tFtC3te598 =33mete 4s e;4te; t9 3e 3 s4=t
t35 4 =4nts 9?t te 994e 37?e 4n te 37et D9F. T4s 9?7; 37s9 De ?se; t9 795
te 994e 37?e t9 3n eFten37 s4te 4 4s 9nt977e; D8 3tt3e.
-
8/17/2019 Sample WAPT Report V1.4
49/116
Penetration Testing Report
FIURE #*D CROSS SITE SCRIPTIN ON TXTCATEOR
FIURE #.D EXECUTION OF CROSS S ITE SCRIPTIN
Be79 seens9t s9 t3t =33mete 3tU4; 4s 3ete; 4t IE S=e4 /SS.N9te: T3t t4s /SS 3tt3 9s 9n78 t9?5 3n IE D9se0
-
8/17/2019 Sample WAPT Report V1.4
50/116
Penetration Testing Report
FIURE #0D IE SPECIFIC XSS
IMPACTAn 3tt3e 3n ?se /SS t9 sen; 3 m37449?s s4=t t9 3n ?ns?s=et4n5 ?se. Te en;
?ses D9se 3s n9 38 t9 n9 t3t te s4=t s9?7; n9t De t?ste; 3n; 477
eFe?te te s4=t. Be3?se 4t t4ns te s4=t 3me @9m 3 t?ste; s9?e tem37449?s s4=t 3n 3ess 3n8 994es sess49n t9ens 9 9te sens4t4e
4n@9m3t49n et34ne; D8 89? D9se 3n; ?se; 4t t3t s4te. Tese s4=ts 3n een
e4te te 9ntent 9@ te $TML =35e.
RECOMMEN'ATION"97794n5 3e te e9mmen;3t49n @9 9ss s4te s4=t4n5 3tt3.
1. W4te 74st =33mete 37?es 4.e. 3e=t 9n78 te n9n 599;.
if(Request.QueryString[0]!=null){
string pro1uctname = Request.QueryString[0];
ar rege = ne" Rege(#$%[aU']{CK02+$);
if (!rege.,s-atc(pro1uctname))
{
l/lmessage.et = $'n inali1 1ata as /een su/mitte1.$;
2
2
2. En9;e $TML 9?t=?t
string searcGey"or1 = Request.QueryString[0];
if(Request.QueryString[0]!=null)
{
-
8/17/2019 Sample WAPT Report V1.4
51/116
Penetration Testing Report
l/lmessage.et = $Searc results for Gey"or1 $ O
?ttpDtility.?tml7nco1e(searcGey"or1);
2
#. En9;e RL 9?t=?t
if( Request.QueryString[0]!=null)
{
string searcGey"or1 = Request.QueryString[0];
l/lmsg.et = $Searc results for Gey"or1 $ O 7nco1er.Drl7nco1e(searcGey"or1);
2
'. En3D7e ASP.NET e?est 374;3t49n =9=et8
PageD
V# 9age 8anguage=$3W$ @ali1ateRequest=$false$VT
Web.config:
system."e/T
pages @ali1ateRequest=$true$ NT
Nsystem."e/T
(. Ant4/SS L4D38
if( Request.QueryString[0]!=null)
{
string searcGey"or1 = Request.QueryString[0];
l/lmsg.et = $Searc results for Gey"or1 $ O 7nco1er.?tml7nco1e(searcGey"or1);
2
-
8/17/2019 Sample WAPT Report V1.4
52/116
Penetration Testing Report
REFERENCE$tt=t474t8.$tm7En9;e Met9;
tt=:ms;[email protected]?s74D38s8stem.eD.tt=?t474t8.tm7en9;e.3s=F
Ant4 /SS EF3m=7estt=:ms;[email protected]?s74D3833-*#&1#.3s=F
M49s9@t Ant4C9ss S4te S4=t4n5 L4D38
tt=:[email protected]?s;9n793;;e@3?7t.3s=F
http://msdn.microsoft.com/en-us/library/system.web.httputility.htmlencode.aspxhttp://msdn.microsoft.com/en-us/library/aa973813.aspxhttp://www.microsoft.com/en-us/download/default.aspxhttp://msdn.microsoft.com/en-us/library/system.web.httputility.htmlencode.aspxhttp://msdn.microsoft.com/en-us/library/aa973813.aspxhttp://www.microsoft.com/en-us/download/default.aspx
-
8/17/2019 Sample WAPT Report V1.4
53/116
Penetration Testing Report
2.1.1, L!AP INJECTION
SEVERIT /EVE/)I)
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONL!AP Inet49n
AFFECTE' SAMP/E UR/
'ESCRIPTIONL!AP Inet49n 4s 3n 3tt3 ten4?e ?se; t9 eF=794t eD s4tes t3t 9nst?t L!AP
st3tements @9m ?ses?==74e; 4n=?t.L45te45t !4et98 Aess P9t997 L!AP0 4s 3n 9=enst3n;3; =9t997 @9 D9t
?e84n5 3n; m3n4=?73t4n5 /.(,, ;4et98 se4es. Te L!AP =9t997 ?ns 9e
Intenet t3ns=9t =9t997s s? 3s TCP. WeD 3==743t49ns m38 ?se ?ses?==74e;
4n=?t t9 e3te ?st9m L!AP st3tements @9 ;8n3m4 eD =35e e?ests.
Wen 3 eD 3==743t49n @347s t9 =9=e78 s3n4t4e ?ses?==74e; 4n=?t 4t 4s =9ss4D7e @9
3n 3tt3e t9 37te te 9nst?t49n 9@ 3n L!AP st3tement.
ANA/SIS
IMPACTWen 3n 3tt3e 4s 3D7e t9 m9;4@8 3n L!AP st3tement te =9ess 477 ?n 4t tes3me =em4ss49ns 3s te 9m=9nent t3t eFe?te; te 9mm3n;. e.5. !3t3D3se
see WeD 3==743t49n see WeD see et.0. T4s 3n 3?se se49?s se?4t8
=9D7ems ee te =em4ss49ns 53nt te 45ts t9 ?e8 m9;4@8 9 em9e 3n8t4n5
4ns4;e te L!AP tee. Te s3me 3;3ne; eF=794t3t49n ten4?es 33473D7e 4n SQL
Inet49n 3n 37s9 De s4m47378 3==74e; 4n L!AP Inet49n.
RECOMMEN'ATION Te es3=e se?ene @9 =9=e78 ?s4n5 ?se s?==74e; 4n=?t 4nt9 L!AP ;4es
;e=en;4n5 9n 4@ te ?se 4n=?t 4s ?se; t9 e3te te !N !4st4n5?4se; N3me0 9 ?se;
3s =3t 9@ te se3 7te. Te 74st4n5 De79 s9s te 33te t3t nee;s t9 De
es3=e 3n; te 3==9=43te es3=e met9; @9 e3 3se.
Use9 in 'N : Re7ires J es6ape• K
• Z
• [
• V
-
8/17/2019 Sample WAPT Report V1.4
54/116
Penetration Testing Report
• <
• >
•
• \
•
•
• H
•
Use9 in Fi4ter: Re7ires KJASCIIL es6ape• ]^2&_
• 0 ]^2-_
• ^ ]^(_
• ]^23_
• ]^2@_
• NL ]^,_
REFERENCEWASC
tt=:=9ets.eD3==se.95=35e1#2'6-'*L!APX2,Inet49n
http://projects.webappsec.org/w/page/13246947/LDAP%20Injectionhttp://projects.webappsec.org/w/page/13246947/LDAP%20Injection
-
8/17/2019 Sample WAPT Report V1.4
55/116
Penetration Testing Report
2.1.11 PA!!ING ORACLE A TTAC%
SEVERIT /EVE/)I)
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONSee M4s9n5?3t49n
AFFECTE' UR/
'ESCRIPTIONSee M4s9n5?3t49n 3tt3s eF=794t 9n5?3t49n e3nesses @9?n; 4n eD
sees 3n; 3==743t49n sees. M3n8 sees 9me 4t ?nneess38 ;e@3?7t 3n;s3m=7e 7es 4n7?;4n5 3==743t49ns 9n5?3t49n 7es s4=ts 3n; eD =35es. Te8m38 37s9 3e ?nneess38 se4es en3D7e; s? 3s 9ntent m3n35ement 3n;em9te 3;m4n4st3t49n @?nt49n374t8. !eD?554n5 @?nt49ns m38 De en3D7e; 93;m4n4st3t4e @?nt49ns m38 De 3ess4D7e t9 3n9n8m9?s ?ses.
Sees m38 4n7?;e e77n9n ;e@3?7t 39?nts 3n; =3ss9;s. "347?e t9 @?778 79;9n 9 3;en te see m38 7e3e 4m=9=e78 set 7e 3n; ;4et98 =em4ss49ns.M4s9n5?e; SSL et43tes 3n; en8=t49n sett4n5s te ?se 9@ ;e@3?7t et43tes3n; 4m=9=e 3?tent43t49n 4m=7ement3t49n 4t eFten37 s8stems m38 9m=9m4sete 9n;ent4374t8 9@ 4n@9m3t49n.
+eD9se 3n; 4n@9m3t4e e9 mess35es m38 es?7t 4n ;3t3 7e335e 3n; te4n@9m3t49n ee37e; 9?7; De ?se; t9 @9m?73te te neFt 7ee7 9@ 3tt3. In9et9n5?3t49ns 4n te see s9@t3e m38 =em4t ;4et98 4n;eF4n5 3n; =3tt3es37 3tt3s.
ANA/SIS!?4n5 3n378s4s 4t 3s @9?n; t3t eD 3==743t49n 3s ?7ne3D7e t9 O37e =3;;4n53tt3.
O37e 4s 3 me3n4sm 4ns4;e 3 4=e 3=3D7e 9@ =94;4n5 +374; 9 In374; 3nse@9 3 54en 4=eteFt. Tee@9e P3;;4n5 O37e 4s 3 me3n4sm 3=3D7e t93nse ete te =3;;4n5 9@ te =94;e; 4=eteFt 4s 374; 9 n9t.
In 8=t953=8 te =3;;4n5 937e 3tt3 4s 3n 3tt3 9n te CBC m9;e 9@ 9=e3t49n ee te 937e 7e3s ;3t3 3D9?t ete te =3;;4n5 9@ 3n en8=te;mess35e 4s 9et 9 n9t. T4s 3n 3779 3tt3es t9 ;e8=t 3n; s9met4mesen8=t0 mess35es t9?5 te 937e ?s4n5 te 937eHs e8 4t9?t n94n5 teen8=t49n e8.We 3e 3D7e t9 n; En8=te; 37?e: G22D5A1%5U#(B@7Q4A=5AAAAAAAAAAAAAAAAAAAAA1
-
8/17/2019 Sample WAPT Report V1.4
56/116
Penetration Testing Report
FIURE &2D ORAC/E PA''IN ERROR
FIURE &1D $RUTE FORCE ENCRPTE' VA/UE FOR ORAC/E PA''IN ATTAC-
IMPACTs4n5 te ?7ne3D474t8 te 3tt3e m38 ;e8=t 377 te sens4t4e ;3t3 sent D8ASP.NET 3==743t49n t9 3 74ent 4.e. 994es +4eSt3te RL st4n5s 4;;en e7;s et.
Ten te 3tt3e m38 n; 89? en8=t49n =3ss=3se 3n5e te en8=te; ;3t33n; sen; te m9;4e; 9ntent D3 t9 te see. "9 eF3m=7e te 3tt3e m384m=es9n3te 4mse7@ 3s 3 s8stem 3;m4n4st3t9.
RECOMMEN'ATIONM49s9@t 3s e7e3se; 3 =3t t9 F te ?7ne3D474t8. It 4s st9n578 e9mmen;e; t93==78 te De79 =3t: tt=:[email protected]?sse?4t8D?77et4nMS1,,*,
http://technet.microsoft.com/en-us/security/bulletin/MS10-070http://technet.microsoft.com/en-us/security/bulletin/MS10-070
-
8/17/2019 Sample WAPT Report V1.4
57/116
Penetration Testing Report
It 4s e9mmen;e; t3t 3 P3t M3n35ement =9ess s9?7; De ;ee79=e; t9 ens?e
e5?73 3==743t49n 9@ se?4t8 =3tes.
REFERENCEOWASP Inse?e C9n5?3t49n M3n35ementtt=:.93s=.954n;eF.==Inse?eUC9n5?3t49nUM3n35ement
P3;;4n5 937e 3tt3tt=:en.44=e;43.9544P3;;4n5U937eU3tt3
http://www.owasp.org/index.php/Insecure_Configuration_Managementhttp://en.wikipedia.org/wiki/Padding_oracle_attackhttp://www.owasp.org/index.php/Insecure_Configuration_Managementhttp://en.wikipedia.org/wiki/Padding_oracle_attack
-
8/17/2019 Sample WAPT Report V1.4
58/116
-
8/17/2019 Sample WAPT Report V1.4
59/116
Penetration Testing Report
FIURE &&D /OE' AFTER COO-IE
0 L95 9?t 9@ te 3==743t49n: C994e:ASP.NETUSess49nI;V 4s7?1('tFn((ne9;t@#
FIURE &(D /OOUT AFTER COO-IE;0 Re7954n 4t9?t 79s4n5 te D9se :C994e: ASP.NETUSess49nI;V 4s7?1('tFn((ne9;t@#
FIURE &+D RE /OE' IN APP/ICATION
S4ne te C994e 37?es 3e s3me 4n 377 te 3D9e 3ses ten 4t 3n 7e3; t9 Sess49n"4F3t49n Att3.
IMPACTA@te 3 s?ess@?7 3tt3 te 3tt3e 534ns 9m=7ete 3ess t9 ?ses sess49n 3n;=e@9m 9=e3t49ns 9n te ?seHs De37@ 9se sess49n 3s 43e;.
-
8/17/2019 Sample WAPT Report V1.4
60/116
-
8/17/2019 Sample WAPT Report V1.4
61/116
Penetration Testing Report
2.1.1# SESSION $IJAC%ING
SEVERIT ME'IUM
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONA==743t49n M4s9n5?3t49n
AFFECTE' SAMP/E UR/
'ESCRIPTION
Te Sess49n $434n5 3tt3 9ns4sts 9@ te eF=794t3t49n 9@ te eD sess49n 9nt97me3n4sm 4 4s n9m3778 m3n35e; @9 3 sess49n t9en.Be3?se tt= 9mm?n43t49n ?ses m3n8 ;4eent TCP 9nnet49ns te eD seenee;s 3 met9; t9 e95n4e ee8 ?ses 9nnet49ns. Te m9st ?se@?7 met9;;e=en;s 9n 3 t9en t3t te WeD See sen;s t9 te 74ent D9se 3@te 3 s?ess@?774ent 3?tent43t49n. A sess49n t9en 4s n9m3778 9m=9se; 9@ 3 st4n5 9@ 343D7e4t 3n; 4t 9?7; De ?se; 4n ;4eent 38s 74e 4n te RL 4n te e3;e 9@ te tt=e?4s4t49n 3s 3 994e 4n 9te =3ts 9@ te e3;e 9@ te tt= e?est 9 8et 4n teD9;8 9@ te tt= e?4s4t49n.
ANA/SISIt 3s @9?n; t3t te 3==743t49n 4s ?7ne3D7e t9 Sess49n $434n5 3tt3. Te
@97794n5 ste=s ee =e@9me; t9 eF=794t te ?7ne3D474t8:
Ste= 1: O=en "4e@9F 3n; 795 4n 3s +APTSER#
Ste= 2: G3D te 994e @9m "4e@9F
FIURE &"D SESSION )I%AC-IN STEP 1: VICTIM /OE' IN APP/ICATION
Ste= #: O=en "4e@9F B9se !4eent S8stem0 3n; 4s4t te 7954n =35e 3n; 3;; te
994e.
-
8/17/2019 Sample WAPT Report V1.4
62/116
Penetration Testing Report
FIURE &*D A''IN V ICTIM COO-IE ON ATTAC-ER S STEM
-
8/17/2019 Sample WAPT Report V1.4
63/116
Penetration Testing Report
Ste= ': N9 s4m=78 3ess te RL 4n "4e@9F 3n; 534n 3ess t9 +APTSER#
39?nt
FIURE &.D SESSION ) I%AC- SUCCESSFU/
IMPACTA@te s?ess@?778 434n5 3 sess49n te 3tt3e 534ns 9m=7ete 3ess t9 ?seHs;3t3 3n; 4s =em4tte; t9 =e@9m 9=e3t49ns 4m=es9n3t4n5 te ?se 9se sess49n3s 43e;.
RECOMMEN'ATION T9 =eent m4s?se 9@ 3 374; sess49n st4t sess49n m3n35ement =9744es m?st De =?t4n =73e. Te @97794n5 =3t4es 3n @9779e; @9 Dette sess49n m3n35ement:
1. se $TTPS 3n; m3 C994es 3s Se?e2. Ee8 ne sess49n s9?7; 3e 3 ;4eent sess49n t9en 4.e. M8C994e
=33mete 37?e s9?7; 3n5e 9n e3 7954n eent0#. Te sess49n s9?7; 3e 3 t4me9?t =9748 s9 t3t te sess49n 795s9?t
3?t9m3t43778 3@te 3 =e;ene; t4me 9@ 4n3t44t8. Te s9te te t4me teDette.'. !9 n9t 3779 9n?ent sess49ns.
REFERENCEG?3;4n5 A534nst Sess49n $434n5 In ASP.NETtt=s:.93s=.954n;eF.==Test4n5U@9UEF=9se;USess49nU+343D7esUOWASPSM,,'0
OWASP T9= 1, 2,1,A#B9en A?tent43t49n 3n; Sess49n M3n35ementtt=:.;e3m4n9;e.net@9?mst9=461(,#5?3;4n53534nstsess49n434n5
4n3s=net
"9474n5 Sess49n $434n5 Attem=tstt=:ms;[email protected]?sm3534ne#,,(,,.3s=F
Peent C9n?ent Sess49nstt=:5ees4tD795s.net"e34e2,1,,(1*=eent4n53?se@9m34n5m?7t4=7e9n?entsess49ns.3s=F
https://www.owasp.org/index.php/Testing_for_Exposed_Session_Variables_(OWASP-SM-004)https://www.owasp.org/index.php/Testing_for_Exposed_Session_Variables_(OWASP-SM-004)http://www.dreamincode.net/forums/topic/61503-guarding-against-session-hijacking-in-aspnet/http://www.dreamincode.net/forums/topic/61503-guarding-against-session-hijacking-in-aspnet/http://msdn.microsoft.com/en-us/magazine/cc300500.aspxhttp://geekswithblogs.net/Frez/archive/2010/05/17/preventing-a-user-from-having-multiple-concurrent-sessions.aspxhttp://geekswithblogs.net/Frez/archive/2010/05/17/preventing-a-user-from-having-multiple-concurrent-sessions.aspxhttps://www.owasp.org/index.php/Testing_for_Exposed_Session_Variables_(OWASP-SM-004)https://www.owasp.org/index.php/Testing_for_Exposed_Session_Variables_(OWASP-SM-004)http://www.dreamincode.net/forums/topic/61503-guarding-against-session-hijacking-in-aspnet/http://www.dreamincode.net/forums/topic/61503-guarding-against-session-hijacking-in-aspnet/http://msdn.microsoft.com/en-us/magazine/cc300500.aspxhttp://geekswithblogs.net/Frez/archive/2010/05/17/preventing-a-user-from-having-multiple-concurrent-sessions.aspxhttp://geekswithblogs.net/Frez/archive/2010/05/17/preventing-a-user-from-having-multiple-concurrent-sessions.aspx
-
8/17/2019 Sample WAPT Report V1.4
64/116
Penetration Testing Report
-
8/17/2019 Sample WAPT Report V1.4
65/116
-
8/17/2019 Sample WAPT Report V1.4
66/116
-
8/17/2019 Sample WAPT Report V1.4
67/116
Penetration Testing Report
FIURE (1D A//O,E' O$%ECT $ USER ' I/IP
FIURE (#D ACCESSIN PASS ,)IC) 'I/IP ,AS NOT AUT)ORIGE' FOR
IMPACTS? 3s 3n 9m=9m4se 377 te ;3t3 t3t 3n De e@eene; D8 te =33mete.
n7ess te n3me s=3e 4s s=3se 4ts e3s8 @9 3n 3tt3e t9 3ess 377 33473D7e ;3t3
9@ t3t t8=e.
s4n5 t4s 4nse?e ;4et 9Det e@eene ?7ne3D474t8 3n 3tt3e 3n 4e 9te
?se ;3t3 4 3s n9t 3?t94e; D8 ?st 3n54n5 =33mete t9 neFt =e;4t3D7e
37?e.
-
8/17/2019 Sample WAPT Report V1.4
68/116
Penetration Testing Report
RECOMMEN'ATIONBe79 4s te e9mmen;3t49n @9 Inse?e !4et ODet:
• Ce 4@ te se 4s 4n sess49n 3n; 3s =447e5es t9 3ess te =3t4?73es9?e. se R97e B3se; Aess C9nt97s ?s4n5
•
M4n4m4e ?se 3D474t8 t9 =e;4t 9Det I!sN3mes• !9nt eF=9se te 3t?37 I!n3me 9@ 9Dets
"9779 te 74n De79 @9 4m=7ement4n5 te 3D9e e9mmen;3t49ns
tt=:.t98?nt.9m2,1,,-93s=t9=1,@9net;ee79=es=3t'.tm7
REFERENCEInse?e !4et ODet Re@eene
tt=s:.93s=.954n;eF.==T9=U1,U2,,*Inse?eU!4etUODetURe@eene
http://www.troyhunt.com/2010/09/owasp-top-10-for-net-developers-part-4.htmlhttps://www.owasp.org/index.php/Top_10_2007-Insecure_Direct_Object_Referencehttp://www.troyhunt.com/2010/09/owasp-top-10-for-net-developers-part-4.htmlhttps://www.owasp.org/index.php/Top_10_2007-Insecure_Direct_Object_Reference
-
8/17/2019 Sample WAPT Report V1.4
69/116
Penetration Testing Report
2.1.1( CROSS SITE REQEST "ORGERY CSR"0
SEVERIT ME'IUM
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONC9ssS4te Re?est "95e8
AFFECTE' SAMP/E UR/
'ESCRIPTION
A 9sss4te e?est @95e8 4s 3n 3tt3 t3t 4n97es @94n5 3 4t4m t9 sen; 3n $TTPe?est t9 3 t35et ;est4n3t49n 4t9?t te4 n97e;5e 9 4ntent 4n 9;e t9 =e@9m
3n 3t49n 3s te 4t4m. Te ?n;e784n5 3?se 4s 3==743t49n @?nt49n374t8 ?s4n5
=e;4t3D7e RL@9m 3t49ns 4n 3 e=e3t3D7e 38. Te n3t?e 9@ te 3tt3 4s t3t
CSR" eF=794ts te t?st t3t 3 eD s4te 3s @9 3 ?se
ANA/SIS Tee 3e et34n 9=e3t49ns 4n te 3==743t49n 4 3e 9ns4;ee; sens4t4e. Tese9=e3t49ns m3e 4s4D7e 3n5es t9 te 3==743t49n 3n; te4 4nte3t49n 4t 9te9m=9nents.It 3s @9?n; t3t De79 ment49ne; 9=e3t49ns 3n De =e@9me; D8 s?Dm4tt4n5 3
s4n57e e?est t9 te see D8 3 7955e; 4n ?se.
Be79 Seens9t e=esent te CSR" 9n O437 Em347 P33mete.
-
8/17/2019 Sample WAPT Report V1.4
70/116
Penetration Testing Report
FIURE (&D $EFORE CSRF EXECUTION
Be79 4s te 3@te; $TML 9;e 4 477 77 4t4m 9437 em347 3;;ess 3n;
37ten3t4e em347 3;;ess D8 3n 3tt3e em347 3;;ess 4 4ss?n4783;316(`5m347.9m.
FIURE ((D CRAFTE' )TM/ PAE FOR CSRF POC
W47e 4t4m 4s 37e3;8 7955e; 4n e 477 4s4t 3tt3e 3@te; tm7 =35e 3n; 74 9n
s?Dm4t @9m.
FIURE (+D ,)I/E /OIN V ICTIM VISIT ATTAC-ER )TM/ PAE
-
8/17/2019 Sample WAPT Report V1.4
71/116
Penetration Testing Report
FIURE ("D AFTER C/IC- SU$MIT IT ,I// RE'IRECT TO )OME PAE
A@te 744n5 s?Dm4t @9m 4@ 89? n9t4e 4t4m 9437 em347 3;;ess 3n; 37ten3t4e
em347 3;;ess 3s Deen 3n5e; t9 3tt3e em347 s?n47.83;316(`5m34.9m
FIURE (*D ATTAC-ER EMAI/ I' )AS $EEN A''E' TO VICTIM PROFI/E
C3@te; S3m=7e CSR" RL @9 P?D74se; !9?ment:tt=:2,#.1-6.2,6.1(2G79D37UP9t37m8t3t3m9t9s4n@9U=9748St?t?eUm5mt3;m4n=?D;9.3s=F3t=?DV"K3t3V"K3tU4;V12K;9U4;V2K=?DV"Ks9tVt4t7eKst8=eVYesK=35eV,
Be79 seens9t s9 t3t 4@ 7955e; 4n 4t4m 74 9n 3D9e RL 4t 477 ;4et78=?D74se; te ;9?ment 4t 3t 4; 12 3n; ;9 4; 2.
http://203.196.206.152/Global_Portal/mytatamotors/info_policy/Structure_mgmt/admin/pubdoc.aspx?catpub=F&catarc=F&cat_id=12&doc_id=2&pub=F&sort=title&stype=Yes&page=0http://203.196.206.152/Global_Portal/mytatamotors/info_policy/Structure_mgmt/admin/pubdoc.aspx?catpub=F&catarc=F&cat_id=12&doc_id=2&pub=F&sort=title&stype=Yes&page=0http://203.196.206.152/Global_Portal/mytatamotors/info_policy/Structure_mgmt/admin/pubdoc.aspx?catpub=F&catarc=F&cat_id=12&doc_id=2&pub=F&sort=title&stype=Yes&page=0http://203.196.206.152/Global_Portal/mytatamotors/info_policy/Structure_mgmt/admin/pubdoc.aspx?catpub=F&catarc=F&cat_id=12&doc_id=2&pub=F&sort=title&stype=Yes&page=0http://203.196.206.152/Global_Portal/mytatamotors/info_policy/Structure_mgmt/admin/pubdoc.aspx?catpub=F&catarc=F&cat_id=12&doc_id=2&pub=F&sort=title&stype=Yes&page=0http://203.196.206.152/Global_Portal/mytatamotors/info_policy/Structure_mgmt/admin/pubdoc.aspx?catpub=F&catarc=F&cat_id=12&doc_id=2&pub=F&sort=title&stype=Yes&page=0
-
8/17/2019 Sample WAPT Report V1.4
72/116
Penetration Testing Report
FIURE (.D CSRF ON PU$/IS) 'OCUMENT
IMPACTAs te n3me 4n;43tes t4s 4s 3 e?est @95e8 3tt3 4n 4 te 3tt3e
4m=es9n3tes 3n9te 7e54t4m3te ?se 4n t35et4n5 te 4t4m eDs4te. !e=en;4n5 9n
te @?nt49n374t8 =94;e; D8 te eD 3==743t49n t3t 4s De4n5 t35ete; te 4m=3t3n 38 @9m 3nn983nes t9 3;m4n4st3t4e 9nt97 @9 te 3tt3e.
RECOMMEN'ATION Te @97794n5 me3n4sms 3n De ?se; t9 =eent CSR" 3tt3s:
1. Im=7ement te ?se 9@ 3n;9m CSR" t9ens @9 377en5e es=9nse. Te sees9?7; 5ene3te 3 3n;9m t9en @9 377 =35es 9nt34n4n5 sens4t4e 9=e3t49ns.Wen te ?se s?Dm4ts te e?est te CSR" t9en s9?7; 37s9 De sent 379n5. Te see s9?7; e4@8 te 9454n37 t9en 37?e 3n; 9n78 ten =9ess te?se e?est.
2. Te 3==743t49n 3n 4m=7ement 3 st9n5 CAPTC$A ?st De@9e 3n8 sens4t4ee?est 3s t9 De s?Dm4tte;.
#. !e=en;4n5 9n te 4t4374t8 9@ te 9=e3t49n te 3==743t49n 9?7; 3s te ?set9 eente te4 39?nt =3ss9;.'. It 4s 37s9 neess38 t9 ens?e t3t te 3==743t49n ;9es n9t s?e @9m 3n8
C9ssS4te S4=t4n5 +?7ne3D474t4es. /SS m38 De ?se; t9 D8=3ss te CSR"=9tet49ns 4m=7emente; D8 te 3==743t49n.
A7s9 4t 4s e9mmen;e; ?se +4eSt3tese%e8 =9=et8 4t4n te +4est3te. P7e3see@e De79 RL @9 te s3me.tt=s:.93s=.954n;eF.==C9ssS4teURe?estU"95e8UCSR"0UPeent49nUCe3tUSeeta+4est3teU.2&ASP.NET.2-
REFERENCEC9ssS4te Re?est "95e8
tt=:=9ets.eD3==se.95C9ssS4teRe?est"95e8MS!Ntt=:ms;[email protected]?s74D38ms-*2-6-.3s=F
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Viewstate_.28ASP.NET.29https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Viewstate_.28ASP.NET.29http://projects.webappsec.org/Cross-Site-Request-Forgeryhttp://msdn.microsoft.com/en-us/library/ms972969.aspxhttps://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Viewstate_.28ASP.NET.29https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Viewstate_.28ASP.NET.29http://projects.webappsec.org/Cross-Site-Request-Forgeryhttp://msdn.microsoft.com/en-us/library/ms972969.aspx
-
8/17/2019 Sample WAPT Report V1.4
73/116
Penetration Testing Report
2.1.16 CLIC%JAC%ING +LNERABILITY
SEVERIT /EVE/ME'IUM
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONCLCI%JAC%ING Att3
AFFECTE' SAMP/E UR/
'ESCRIPTIONCLIC%JAC%ING 37s9 n9n 3s 3 I e;ess 3tt3 4s en 3n 3tt3e ?ses m?7t4=7e
t3ns=3ent 9 9=3?e 738es t9 t4 3 ?se 4nt9 744n5 9n 3 D?tt9n 9 74n 9n3n9te =35e en te8 ee 4nten;4n5 t9 74 9n te t9= 7ee7 =35e. T?s te3tt3e 4s 434n5 74s me3nt @9 te4 =35e 3n; 9?t4n5 tem t9 9te 3n9te=35e m9st 74e78 9ne; D8 3n9te 3==743t49n ;9m34n 9 D9t.s4n5 3 s4m473 ten4?e e8st9es 3n 37s9 De 43e;. W4t 3 3e@?778 3@te;9mD4n3t49n 9@ st87e seets 4@3mes 3n; teFt D9Fes 3 ?se 3n De 7e; t9 De74eete8 3e t8=4n5 4n te =3ss9; t9 te4 em347 9 D3n 39?nt D?t 3e 4nste3; t8=4n54nt9 3n 4n4s4D7e @3me 9nt977e; D8 te 3tt3e.
ANA/SISIt 3s @9?n; t3t 3==743t49n 3s ?7ne3D7e t9 CLIC%JAC%ING 3tt3.Be79 3e te ste= =e@9me; t9 34ee t4sBe79 seens9t s9s Eent N3me 3s;3s 4s ee; 3s =?D74se;.
FIURE (0D C/IC-%AC-IN STEP 1
Att3e e3te tm7 7e 4n 4 3tt3e 793; ?7ne3D7e RL 4n 4s 4@3me 4t
4n4s4D7e 4@3me.
-
8/17/2019 Sample WAPT Report V1.4
74/116
Penetration Testing Report
Be79 seens9t e=esent te s3me.
FIURE +2D C/IC- %AC-IN IFRAME STE P #
W47e 4t4m 4s 37e3;8 7955e; 4n +4t4m +4s4t Att3e ;9m34n 3n; C74s 9n C74 Me
B?tt9n.
FIURE +1D C/IC-%AC-IN STEP &
A@te C744n5 C74 Me D?tt9n 4@ 89? n9t4e eent n3me 4t 3s;3s 3s Deen
?n=?D74se;.
FIURE +#D C/IC- %AC-IN SUCCESSFU/
-
8/17/2019 Sample WAPT Report V1.4
75/116
Penetration Testing Report
IMPACT T4s m38 =9tent43778 t4 3 5en?4ne ?se 4nt9 744n5 9n s9met4n5 ;4eent t9 3tte ?se =ee4es te8 3e 744n5 9n t?s =9tent43778 @97794n5 9 4n4t4n5 s9meeF4st4n5 9nnet49ns 9 n9neF4st4n5 4n te4 =97e.
RECOMMEN'ATION Tee 3e t9 m34n 38s t9 =eent C7434n5:
1. Sen;4n5 te =9=e D9se es=9nse e3;es t3t 4nst?t te D9se t9 n9t3779 @3m4n5 @9m 9te ;9m34ns
2. Em=7984n5 ;e@ens4e 9;e 4n te I t9 ens?e t3t te ?ent @3me 4s tem9st t9= 7ee7 4n;9.
"9 m9e 4n@9m3t49n 9n C4i6a6ing 9e=ensett=s:.93s=.954n;eF.==C7434n5U!e@enseUCe3tUSeet
REFERENCE
A==743t49n M4s9n5?3t49ntt=:=9ets.eD3==se.95A==743t49nM4s9n5?3t49nC7434n5 ;e@ensett=s:.93s=.954n;eF.==C7434n5U!e@enseUCe3tUSeet
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheethttp://projects.webappsec.org/Application-Misconfigurationhttps://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheethttps://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheethttp://projects.webappsec.org/Application-Misconfigurationhttps://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
-
8/17/2019 Sample WAPT Report V1.4
76/116
Penetration Testing Report
2.1.1* !IRECTORY IN!E/ING
SEVERIT /EVE/ME'IUM
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONInse?e In;eF4n5
AFFECTE' SAMP/E UR/
'ESCRIPTIONInse?e In;eF4n5 4s 3 te3t t9 te ;3t3 9n;ent4374t8 9@ te eDs4te. In;eF4n5 eD
s4te 9ntents 43 3 =9ess t3t 3s 3ess t9 7es 4 3e n9t s?==9se; t9 De=?D7478 3ess4D7e 3s te =9tent437 9@ 7e34n5 4n@9m3t49n 3D9?t te eF4stene 9@ s? 7es 3n; 3D9?t te4 9ntent. In te =9ess 9@ 4n;eF4n5 s? 4n@9m3t49n 4s977ete; 3n; st9e; D8 te 4n;eF4n5 =9ess 4 3n 73te De et4ee; 37De4t n9tt4437780 D8 3 ;etem4ne; 3tt3e t8=43778 t9?5 3 se4es 9@ ?e4es t9 te se3en54ne. Te 3tt3e ;9es n9t t3t te se?4t8 m9;e7 9@ te se3 en54ne. Ass? t4s 3tt3 4s s?Dt7e 3n; e8 3; t9 ;etet 3n; t9 @947 4ts n9t e3s8 t9;4st4n5?4s te 3tt3es ?e4es @9m 3 7e54t4m3te ?ses ?e4es.
ANA/SISIt 3s @9?n; t3t te ;4et98 74st4n5 3s en3D7e; 9n te Aete; S3m=7e RLs 9@ te3==743t49n.Be79 seens9t s9 te ;4et98 74st4n5 3s en3D7e 9n 3D9e ment49ne; RL.
FIURE +&D 'IRECTOR IN'EXIN
-
8/17/2019 Sample WAPT Report V1.4
77/116
-
8/17/2019 Sample WAPT Report V1.4
78/116
Penetration Testing Report
2.1.1& PASSWOR! TRANSMITTE! O+ER $TTP
SEVERIT ME'IUM
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONIns?4ent T3ns=9t L38e P9tet49n
AFFECTE' SAMP/E UR/
'ESCRIPTIONIns?4ent t3ns=9t 738e =9tet49n 3779s 9mm?n43t49n t9 De eF=9se; t9
?nt?ste; t4;=3t4es =94;4n5 3n 3tt3 et9 t9 9m=9m4se 3 eD 3==743t49n
3n;9 ste37 sens4t4e 4n@9m3t49n. WeDs4tes t8=43778 ?se Se?e S9ets L38e
T3ns=9t L38e Se?4t8 SSLTLS0 t9 =94;e en8=t49n 3t te t3ns=9t 738e.
$9ee ?n7ess te eDs4te 4s 9n5?e; t9 ?se SSLTLS 3n; 9n5?e; t9 ?se
SSLTLS =9=e78 te eDs4te m38 De ?7ne3D7e t9 t3 4ntee=t49n 3n;
m9;43t49n.
ANA/SISIt 3s @9?n; t3t te sens4t4e ;3t3 ?se e;ent437s0 3e sent 43 te =734nteFt
=9t997 $TTP t9 te 3D9e RLs.
-
8/17/2019 Sample WAPT Report V1.4
79/116
Penetration Testing Report
FIURE +(D PASS,OR' TRANSMITTE' OVER )TTP
IMPACTSens4t4e ;3t3 74e ?se e;ent437s 3n; e;4t 3; n?mDes s?Dm4tte; 9e 3n
?nen8=te; 9nnet49n 3e ?7ne3D7e t9 4ntee=t49n D8 3n 3tt3e 9 4s s?4t3D78
=9s4t49ne; 9n te net9. T4s 4n7?;es 3n8 m37449?s =3t8 793te; 9n te ?seHs
9n net9 4t4n te4 ISP 4t4n te ISP ?se; D8 te 3==743t49n 3n; 4t4n te
3==743t49nHs 9st4n5 4n@3st?t?e. Een 4@ s4te; net9s 3e em=798e; 3t s9me
9@ tese 793t49ns ten4?es eF4st t9 4?ment t4s ;e@ense 3n; m9n4t9 te t3
=3ss4n5 t9?5 s4tes.
RECOMMEN'ATIONS4ne ?se e;ent437s 3e ?s?3778 9ns4;ee; sens4t4e 4n@9m3t49n 4t 4s
e9mmen;e; t9 De sent t9 te see 9e 3n en8=te; 9nnet49n.
"97794n5 te 74n De79 t9 4m=7ement SSL 9n IIS
tt=:[email protected]&*(
REFERENCEIns?4ent T3ns=9t L38e P9tet49n
tt=:=9ets.eD3==se.95Ins?4entT3ns=9tL38eP9tet49n
OWASP T9= 1, 2,1,A-Ins?4ent T3ns=9t L38e P9tet49n
tt=:.93s=.954n;eF.==T9=U1,U2,1,A-
Ins?4entUT3ns=9tUL38eUP9tet49n
http://support.microsoft.com/kb/299875http://projects.webappsec.org/Insufficient-Transport-Layer-Protectionhttp://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protectionhttp://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protectionhttp://support.microsoft.com/kb/299875http://projects.webappsec.org/Insufficient-Transport-Layer-Protectionhttp://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protectionhttp://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
-
8/17/2019 Sample WAPT Report V1.4
80/116
Penetration Testing Report
2.1.1- IMPROPER ERROR $AN!LING
SEVERIT ME'IUM
EASE OF EXP/OITATION'IFFICU/T
VU/NERA$I/IT C/ASSIFICATIONIn@9m3t49n Le335e
AFFECTE' SAMP/E UR/
'ESCRIPTION
In@9m3t49n Le335e 4s 3n 3==743t49n e3ness ee 3n 3==743t49n ee37ssens4t4e ;3t3 s? 3s ten437 ;et347s 9@ te eD 3==743t49n en49nment 9 ?se
s=e4 ;3t3. Sens4t4e ;3t3 m38 De ?se; D8 3n 3tt3e t9 eF=794t te t35et eD
3==743t49n 4ts 9st4n5 net9 9 4ts ?ses.
ANA/SISIt 3s 9Dsee; t3t te 3==743t49n ;4s=738s e9 mess35es @9m te
3==743t49n;3t3D3se ;4et78 t9 te en;?se.
It ;4s79ses te De79 4n@9m3t49n t9 te en; se
• Inten37 IP A;;ess
•
St3 T3e• !3t3D3se In@9m3t49n
• Inten37 P3t !4s79s?e
FIURE ++D IMPROPER ERROR )AN'/IN
-
8/17/2019 Sample WAPT Report V1.4
81/116
Penetration Testing Report
IMPACTE9 ;4s79s?es 9@ 3==743t49ns e7= 3n 3tt3e 4n 5ett4n5 s=e4 4n@9m3t49n 9n te
3==743t49ns De4n5 ?se; 4n te net9. T4s 9?7; en3D7e te 3tt3e t9 9nent3te
m9e 9n te ?7ne3D474t4es 9@ t3t 3==743t49n. $ene es49n ;4s79s?es s4m=74@8 te
t3s 9@ 3n 3tt3e.
RECOMMEN'ATIONASP.NET =94;es 3 s4m=7e 8et =9e@?7 38 t9 ;e37 4t e9s t3t 9? 4n 89? eD
3==743t49ns. !ene ?st9m e9 =35es s? t3t te8 54e 9? m4n4m?m 3m9?nt 9@
4n@9m3t49n 9?t 4n 3se 9@ 3n e9 9n;4t49n.
1. !ene ?st9m e9 =35es 4n eD.9n5
custom7rrors mo1e=$Remotenly$ 1efaultRe1irect=$Nerror.asp$T
error status3o1e=$A0H$ re1irect=$XN
-
8/17/2019 Sample WAPT Report V1.4
82/116
-
8/17/2019 Sample WAPT Report V1.4
83/116
Penetration Testing Report
2.1.2, CAPTC$A NOT IMPLEMENTE!
SEVERIT /EVE/ME'IUM
EASE OF EXP/OITATION'IFFICU/T
VU/NERA$I/IT C/ASSIFICATIONIns?4ent Ant43?t9m3t49n
AFFECTE' SAMP/E UR/
'ESCRIPTIONIns?4ent Ant43?t9m3t49n 9?s en 3 eD 3==743t49n =em4ts 3n 3tt3e t9
3?t9m3te 3 =9ess t3t 3s 9454n3778 ;es45ne; t9 De =e@9me; 9n78 4n 3 m3n?37@3s49n 4.e. D8 3 ?m3n eD ?se.
ANA/SISIt 3s 9Dsee; t3t CAPTC$A 4s n9t 4m=7emente; 9n te 7954n =35e 9@ te3==743t49n.s4n5 t4s ?7ne3D474t8 3n 3tt3e 3n 3?t9m3te te 7954n =9ess 3n; =e@9m 3D?te @9e 3tt3.Be79 seens9t s9s D?te @9e 9n T3e7B994n5 A==743t49n @9 se+APTSER#
FIURE +" D CAPTC)A NOT IMP/EMENTE'
IMPACT!?e t9 4ns?4ent 3nt43?t9m3t49n 3n 3tt3e 3n ?se 3?t9m3te; t997s t9 =e@9mm37449?s 3t44t4es 9n te 3==743t49n 4 m38 7e3; 4nt9 ?n3?t94e; 3ess.
RECOMMEN'ATION
-
8/17/2019 Sample WAPT Report V1.4
84/116
Penetration Testing Report
It 4s e9mmen;e; t9 3e CAPTC$A 4m=7emente; t9 ens?e n9 3?t9m3te; s4=ts 9D9ts 3n ?n 9n te 377 te 4n=?t @9ms 9n te Aete; S3m=7e RL.A7s9 4t 4s e9mmen;e; t9 ?se se L99?t P9748 4n 4 ?se m?st De 799?t 4n3se 9@ #( @347e; 3ttem=t.
REFERENCEIns?4ent Ant43?t9m3t49ntt=:=9ets.eD3==se.95Ins?4ent\Ant43?t9m3t49n
http://projects.webappsec.org/Insufficient+Anti-automationhttp://projects.webappsec.org/Insufficient+Anti-automation
-
8/17/2019 Sample WAPT Report V1.4
85/116
Penetration Testing Report
2.1.21 SENSITI+E IN"ORMATION !ISCLOSRE
SEVERIT /EVE/ME'IUM
EASE OF EXP/OITATION'IFFICU/T
VU/NERA$I/IT C/ASSIFICATIONIn@9m3t49n Le335e
AFFECTE' SAMP/E UR/
'ESCRIPTIONIn@9m3t49n Le335e 4s 3n 3==743t49n e3ness ee 3n 3==743t49n ee37s
sens4t4e ;3t3 s? 3s ten437 ;et347s 9@ te eD 3==743t49n en49nment 9 ?ses=e4 ;3t3. Sens4t4e ;3t3 m38 De ?se; D8 3n 3tt3e t9 eF=794t te t35et eD3==743t49n 4ts 9st4n5 net9 9 4ts ?ses.
ANA/SIS!?4n5 3n378s4s 4t 3s @9?n; t3t 3==743t49n @347e; t9 =9tet te sens4t4e4n@9m3t49n 74e 795 Em347 I; Inten37 IP K Inten37 =3t 4 4s ;4et78 3ess4D7e9e te 4ntenet.tt=:2,#.1-6.2,6.1([email protected]=FEFt3te; In@9m3t49n:tt=:1*2.2'.6.1-1s3e;L954nUAR.s=tt=:2,#.1-6.2,6.1(2G79D37UP9t37m8t3t3m9t9s$9me"[email protected]=FsU?seV9+6\R+e-RL-C2%,Y/FVVK3==U9;eVA11,EFt3te; In@9m3t49n:tt=:1*2.1&.*&.1,n9mesess49ns5ene3tett=:2,#.1-6.2,6.1(2G79D37UP9t374n@9U=9748St?t?eUm5mt?se=35e.3s=F Te @97794n5 em347 3;;esses ee ;4s79se; 4n te es=9nse:asmita.gate#tatamotors .com1ilip.trie1i#tatamotors .com1nG#tatamotors.comniGat.si11iqui #tatamotors.comnmg#tatamotors.compra1eep#tatamotors.comsacin.sarma#tatamotors .comsanMay.1ureMa#tatamotors .comsantanu.sapale #tatamotors.com
http://203.196.206.152/Global_Portal/mytatamotors/AssetDetails/frm_BMC.aspxhttp://172.24.6.191/shared/Login_AR.jsphttp://203.196.206.152/Global_Portal/mytatamotors/Home/Forms/frm_CheckUser.aspx?s_user=oVh6+RVe9RL9C2Kk0cYXxw==&app_code=A110http://203.196.206.152/Global_Portal/mytatamotors/Home/Forms/frm_CheckUser.aspx?s_user=oVh6+RVe9RL9C2Kk0cYXxw==&app_code=A110http://172.18.78.10/knome/sessions/generatehttp://203.196.206.152/Global_Portal/info_policy/Structure_mgmt/user/page.aspxhttp://203.196.206.152/Global_Portal/mytatamotors/AssetDetails/frm_BMC.aspxhttp://172.24.6.191/shared/Login_AR.jsphttp://203.196.206.152/Global_Portal/mytatamotors/Home/Forms/frm_CheckUser.aspx?s_user=oVh6+RVe9RL9C2Kk0cYXxw==&app_code=A110http://203.196.206.152/Global_Portal/mytatamotors/Home/Forms/frm_CheckUser.aspx?s_user=oVh6+RVe9RL9C2Kk0cYXxw==&app_code=A110http://172.18.78.10/knome/sessions/generatehttp://203.196.206.152/Global_Portal/info_policy/Structure_mgmt/user/page.aspx
-
8/17/2019 Sample WAPT Report V1.4
86/116
-
8/17/2019 Sample WAPT Report V1.4
87/116
Penetration Testing Report
2.1.22 PASSWOR! +ISIBLE W$ILE RESETTING PASSWOR!
SEVERIT /EVE//O,
EASE OF EXP/OITATIONEAS
VU/NERA$I/IT C/ASSIFICATIONIn@9m3t49n Le335e
AFFECTE' UR/
'ESCRIPTIONIn@9m3t49n Le335e 4s 3n 3==743t49n e3ness ee 3n 3==743t49n ee37s
sens4t4e ;3t3 s? 3s ten437 ;et347s 9@ te eD 3==743t49n en49nment 9 ?ses=e4 ;3t3. Sens4t4e ;3t3 m38 De ?se; D8 3n 3tt3e t9 eF=794t te t35et eD3==743t49n 4ts 9st4n5 net9 9 4ts ?ses.
ANA/SIS!?4n5 3n378s4s 4t 3s @9?n; t3t eset ?se @?nt49n374t8 3s =3ss9; e7; 4n4s4D7e m9;e.
FIURE +.D PASS,OR' IN V ISI$/E MO'E
IMPACTAtt3e 3n ?se s9?7;e s?n5 ten4?es t9 5et te 35ent =3ss9; 4 4s4s4D7e ;4et78 47e eset ?se =3ss9; D8 te 3;m4n4st3t9.
RECOMMEN'ATIONIt 4s e9mmen;e; t3t te =3ss9; e7; s9?7; n9t De 4s4D7e ;4et78
Be79 4s te e9mmen;3t49n @9 n9t ;4s=7384n5 =3ss9;• input type=Ypass"or1Y alue=YY NT
-
8/17/2019 Sample WAPT Report V1.4
88/116
Penetration Testing Report
REFERENCEIn@9m3t49n Le335ett=:=9ets.eD3==se.95In@9m3t49nLe335e
http://projects.webappsec.org/Information-Leakagehttp://projects.webappsec.org/Information-Leakage
-
8/17/2019 Sample WAPT Report V1.4
89/116
Penetration Testing Report
2.1.2# SESSION TO%EN IN RL
SEVERIT /EVE//O,
EASE OF EXP/OITATIONEAS
AFFECTE' SAMP/E UR/
ANA/SIS!?4n5 3n378s4s 4t 3s @9?n; t3t eD 3==743t49n 9nt34ns 3 sess49n t9en 4n GETRL.
FIURE +0D SESSION TO-EN IN UR/
IMPACTSens4t4e 4n@9m3t49n 4t4n RLs m38 De 7955e; 4n 349?s 793t49ns 4n7?;4n5 te?seHs D9se te eD see 3n; 3n8 @93; 9 eese =9F8 sees Deteente t9 en;=94nts. RLs m38 37s9 De ;4s=738e; 9nseen D99m3e; 9 em347e;39?n; D8 ?ses. Te8 m38 De ;4s79se; t9 t4; =3t4es 43 te Re@ee e3;e en3n8 9s4te 74ns 3e @9779e;. P734n5 sess49n t9ens 4nt9 te RL 4ne3ses te 4st3t te8 477 De 3=t?e; D8 3n 3tt3e.
RECOMMEN'ATIONIt 4s e9mmen;e; t9 ?se 994eD3se; sess49n 3te t3t 4m=7ement4n5 C994e7esssess49n. Te 3==743t49n s9?7; ?se 3n 37ten3t4e me3n4sm @9 t3nsm4tt4n5 sess49n t9enss? 3s $TTP 994es 9 4;;en e7;s 4n @9ms t3t 3e s?Dm4tte; ?s4n5 te POSTmet9;.
Cooie4ess ASP!NET Te 3t47e De79 e4es te =9s 3n; 9ns 9@ 994e7ess sess49ns 3n; ;4s?sses 8 89?
s9?7; 394; st94n5 37?3D7e 4n@9m3t49n 4n te sess49n st3te.tt=:ms;[email protected]?s74D3833'*-#1'.3s=F
REFERENCESess49n "4F3t49n
tt=s:.93s=.954n;eF.==Sess49nUF3t49n
http://msdn.microsoft.com/en-us/library/aa479314.aspxhttps://www.owasp.org/index.php/Session_fixationhttp://msdn.microsoft.com/en-us/library/aa479314.aspxhttps://www.owasp.org/index.php/Session_fixation
-
8/17/2019 Sample WAPT Report V1.4
90/116
Penetration Testing Report
2.1.2' "RAME INJECTION
SEVERIT /EVE//O,
EASE OF EXP/OITATIONEAS
VU/NERA$I/IT C/ASSIFICATION"3me Inet49n
AFFECTE' SAMP/E UR/
'ESCRIPTION"3me 4net49n 9?s en 3 @3me 9n 3 ?7ne3D7e eD =35e ;4s=738s 3n9te eD
=35e 43 3 ?se9nt9773D7e 4n=?t.
ANA/SIS!?4n5 3n378s4s 4t 3s @9?n; t3t 3==743t49n 3s ?7ne3D7e t9 @3me 4net49n?7ne3D474t8.Be79 4s te seens9t @9 te s3me:
FIURE "2D FRAME IN%ECTION
-
8/17/2019 Sample WAPT Report V1.4
91/116
Penetration Testing Report
IMPACTAn 3tt3e m45t ?se t4s ?7ne3D474t8 t9 e;4et ?ses t9 9te m37449?s eDs4test3t 3e ?se; @9 =4s4n5 3n; s4m473 3tt3s.
RECOMMEN'ATIONBe79 4s te e9mmen;3t49n @9 "3me Inet49n:
• Wee =9ss4D7e ;9 n9t ?se ?sesH 4n=?t @9 RLs.
• I@ 89? ;en4te78 nee; ;8n3m4 RLs m3e 3 74st 9@ 374; 3e=te; RLs 3n; ;9n9t 3e=t 9te RLs.
• Ens?e t3t 89? 9n78 3e=t RLs 4 3e 793te; 9n 3e=te; ;9m34ns.
REFERENCE"3me Inet49n
tt=s:.m34t?n3se?4t8.9m@3me4net49n
https://www.mavitunasecurity.com/frame-injection/https://www.mavitunasecurity.com/frame-injection/
-
8/17/2019 Sample WAPT Report V1.4
92/116
Penetration Testing Report
2.1.2( OPEN RE!IRECTION
SEVERIT /EVE//O,
EASE OF EXP/OITATIONEAS
VU/NERA$I/IT C/ASSIFICATIONO=en Re;4et49n
AFFECTE' SAMP/E UR/
'ESCRIPTIONO=en e;4et49n 9?s en 3 ?7ne3D7e eD =35e 4s De4n5 e;4ete; t9 3n9te
eD =35e 43 3 ?se9nt9773D7e 4n=?t.
ANA/SIS!?4n5 3n378s4s 4t 3s @9?n; t3t 3==743t49n 3s ?7ne3D7e t9 O=en Re;4et49nIss?e.
IMPACTAn 3tt3e 3n ?se t4s ?7ne3D474t8 t9 e;4et ?ses t9 9te m37449?s eDs4tes4 3n De ?se; @9 =4s4n5 3n; s4m473 3tt3s.
RECOMMEN'ATION
Be79 4s te e9mmen;3t49n @9 te s3me:• Wee =9ss4D7e ;9 n9t ?se ?sesH 4n=?t @9 RLs.
• I@ 89? ;en4te78 nee; ;8n3m4 RLs m3e 3 74st 9@ 374; 3e=te; RLs 3n; ;9n9t 3e=t 9te RLs.
• Ens?e t3t 89? 9n78 3e=t RLs 4 3e 793te; 9n 3e=te; ;9m34ns.
REFERENCEO=en Re;4et49n
tt=:.93s=.954n;eF.==O=enUe;4et
http://www.owasp.org/index.php/Open_redirecthttp://www.owasp.org/index.php/Open_redirect
-
8/17/2019 Sample WAPT Report V1.4
93/116
Penetration Testing Report
2.1.26 ABSE O" "NCTIONALITY
SEVERIT /O,
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONAD?se 9@ "?nt49n374t8
AFFECTE' SAMP/E UR/
'ESCRIPTIONAD?se 9@ "?nt49n374t8 4s 3n 3tt3 ten4?e t3t ?ses 3 eD s4teHs 9n @e3t?es 3n;
@?nt49n374t8 t9 3tt3 4tse7@ 9 9tes. AD?se 9@ "?nt49n374t8 3n De ;es4De; 3s te
3D?se 9@ 3n 3==743t49nHs 4nten;e; @?nt49n374t8 t9 =e@9m 3n ?n;es43D7e 9?t9me.
Tese 3tt3s 3e 34e; es?7ts s? 3s 9ns?m4n5 es9?es 4?ment4n5
3ess 9nt97s 9 7e34n5 4n@9m3t49n. Te =9tent437 3n; 7ee7 9@ 3D?se 477 38 @9m
eD s4te t9 eD s4te 3n; 3==743t49n t9 3==743t49n. AD?se 9@ @?nt49n374t8 3tt3s 3e
9@ten 3 9mD4n3t49n 9@ 9te 3tt3 t8=es 3n;9 ?t474e 9te 3tt3 et9s.
ANA/SISWeD A==743t49ns t3t sen; m347 m?st De 3e@?7 t9 n9t 3779 te ?se 9m=7ete
9nt97 9e mess35e e3;es 3n; 9ntent. I@ 3n 3tt3e 3n 9nt97 te "9m T9S?Det 3n; B9;8 9@ 3 mess35e 3n; tee 3e n9 3nt43?t9m3t49n 9nt97s 4n =73e
em347 @?nt49ns 3n De t?ne; 4nt9 s=3me738 e47es.
-
8/17/2019 Sample WAPT Report V1.4
94/116
-
8/17/2019 Sample WAPT Report V1.4
95/116
Penetration Testing Report
2.1.2* INSECRE IMPLEMENTATION O" WS!L
SEVERIT /O,
EASE OF EXP/OITATIONMO'ERATE
VU/NERA$I/IT C/ASSIFICATIONA==743t49n M4s9n5?3t49n
AFFECTE' SAMP/E UR/
'ESCRIPTION
A==743t49n M4s9n5?3t49n 3tt3s eF=794t 9n5?3t49n e3nesses @9?n; 4n eD3==743t49ns. M3n8 3==743t49ns 9me 4t ?nneess38 3n; ?ns3@e @e3t?es s? 3s
;eD?5 3n; QA @e3t?es en3D7e; D8 ;e@3?7t. Tese @e3t?es m38 =94;e 3 me3ns @9
3 3e t9 D8=3ss 3?tent43t49n met9;s 3n; 534n 3ess t9 sens4t4e 4n@9m3t49n
=e3=s 4t e7e3te; =447e5es.
ANA/SISIt 3s 9Dsee; t3t te eDse4es 4 3e 9ns?me; D8 te 3==743t49n 3e
3ess4D7e t9 3n ?n3?tent43te; ?se.
Tese eDse4es 3e 377e; D8 te