UiTM Negeri Sembilan Web Security Analysis

Acunetix Website Audit

22 December, 2011

Detailed Scan Report

Generated by Acunetix WVS Reporter (v7.0 Build 20100921)

Scan of http://hackerbook.sgv2.com:80/

Scan information

Scan details

Starttime 19/12/2011 9:27:59 PM

Finish time 19/12/2011 11:50:50 PM

Scan time 2 hours, 22 minutes

Profile Default

Server information

Responsive True

Server banner Apache/2.2.14 (Ubuntu)

Server OS Unix

Server technologies PHP

Threat level

Alerts distribution

High

Medium

Low

Informational 28

2

0

0

30Total alerts found

Knowledge base

List of open TCP ports

Alerts summary

2Acunetix Website Audit

Possible sensitive directories

Affects Variations

1/login

Possible sensitive files

Affects Variations

1/.htaccess

Broken links

Affects Variations

1/a

Email address found

Affects Variations

1/legal/terms.html

Password type input with autocomplete enabled

Affects Variations

1/lightbox/auth/login

1/lightbox/auth/login/index

1/lightbox/auth/login/index (177e60186c4ff03ad3b116dc0ecc546b)

1/lightbox/auth/login/index (1b0c6d09097b224971bd8d408c494f42)

1/lightbox/auth/login/index (30ab0b260f70a150bb6d67419fc6cc34)

1/lightbox/auth/login/index (3f0812576408dc837d0ba30fe794ad7c)

1/lightbox/auth/login/index (3f2ea49c4ed467ac2968885d962f4a3a)

1/lightbox/auth/login/index (455d5fb6869a713d5ffa2fb6a6183f3a)

1/lightbox/auth/login/index (45dfe7aa3aeadc85596a1ac2e0ec1c8a)

1/lightbox/auth/login/index (7286d44665ac5abace3aab5586a5a746)

1/lightbox/auth/login/index (8b12e9f4595addd0543beaf6ab8d5c8e)

1/lightbox/auth/login/index (9727730793e7546f62807fc6bb7dc7b9)

1/lightbox/auth/login/index (c2ccbf1e7c8f08004412a923c063950a)

1/lightbox/auth/login/index (da6055aa9c25eac29fc1ae2b1950e480)

1/lightbox/auth/login/index (e2fd744a875a2831ceefe9fa7fbf2507)

1/lightbox/auth/login/index (fc4798b90988e5dde1bb2061020f1336)

1/lightbox/auth/login/index (ff806fad47c288609ff0f0d8a643c757)

1/lightbox/auth/login/index/navname/login

1/lightbox/auth/login/index/navname/login (1b6403c0232d433acd94fcb046575512)

1/lightbox/auth/login/index/navname/login (e7c502e97dbe53a2ff17247ae44351e3)

2/lightbox/auth/signup

2/lightbox/auth/signup/index

2/lightbox/auth/signup/index/navname/signup


Alert details

Possible sensitive directories

LowSeverity

ValidationType

Scripting (Possible_Sensitive_Directories.script)Reported by module

Impact

Description

Recommendation

Affected items

Details

/login

GET /login HTTP/1.1

Accept: acunetix/wvs

Range: bytes=0-99999

Cookie: socialgo=o9ohbanuqe4vgou50t9m0dcno1;

cc_data=i88xvUK5QRtvsV4K7zjz0jWrZ0OHUNCjZV700pRVPGsbJZPy/ecxgBk3B/4QkzI0xyGHfTvbBttPIVU4

a4pTR4nTRA+h7NQywWP2eKecCHZ4+BhK2+/5mYPK2waLQKlEZTAYzuKLsqVswlTLb74TWUYHDlViu1UYNiLVxzIM

8ZXy3rpCe3IUIsLnwCBoPKKk1znLHU8YOVcTuPAwlF144Y96sNsHYdQK6j06Hwk9zbIeKDuZWbaFgBUJrFZopARz

Host: hackerbook.sgv2.com:80

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)

Request

HTTP/1.0 302 Found

Date: Mon, 19 Dec 2011 13:47:41 GMT

Server: Apache/2.2.14 (Ubuntu)

X-Powered-By: PHP/5.3.2-1ubuntu4.9

Location: /login/show?return_url=

Vary: Accept-Encoding

Content-Length: 0

Connection: close

Content-Type: text/html; charset=utf-8

Response

Possible sensitive files

LowSeverity

ValidationType

Scripting (Possible_Sensitive_Files.script)Reported by module

Description


Impact

Recommendation

Affected items

Details

/.htaccess

GET /.htaccess HTTP/1.1

Accept: acunetix/wvs

Range: bytes=0-99999





Host: hackerbook.sgv2.com:80


Accept-Encoding: gzip,deflate


Request

HTTP/1.0 206 Partial Content

Date: Mon, 19 Dec 2011 13:48:09 GMT


Last-Modified: Fri, 16 Dec 2011 18:07:51 GMT

ETag: "2dd153-38d-4b4397aaaebc0"

Accept-Ranges: bytes

Content-Length: 909

Content-Range: bytes 0-908/909

Connection: close

Content-Type: text/plain

Response

Broken links

InformationalSeverity

InformationalType

CrawlerReported by module

Impact

Description

Recommendation

Affected items

Details

/a

GET /a HTTP/1.1

Pragma: no-cache

Request


Acunetix-Aspect: enabled

Acunetix-Aspect-Password: *****

Acunetix-Aspect-Queries: filelist;aspectalerts

Referer: http://hackerbook.sgv2.com/





Host: hackerbook.sgv2.com


HTTP/1.0 404 Not Found

Date: Mon, 19 Dec 2011 13:44:38 GMT



X-Error: Could not locate page "a".


Connection: close


Content-Length: 8034

Response

Email address found


InformationalType

Scripting (Text_Search.script)Reported by module

Impact

Description

Recommendation

Affected items

Details

/legal/terms.html

GET /legal/terms.html HTTP/1.1

Pragma: no-cache




Referer: http://hackerbook.sgv2.com/lightbox/auth/signup

Cookie: socialgo=rv9uhdna4cb0j0tclcam13ft67




Request

Response


HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:45 GMT


Last-Modified: Fri, 16 Dec 2011 18:07:51 GMT

ETag: "484e5e-d0cc-4b4397aaaebc0"

Accept-Ranges: bytes



Connection: close

Content-Type: text/html

Password type input with autocomplete enabled


InformationalType

CrawlerReported by module

Impact

Description

Recommendation

Affected items

Details

/lightbox/auth/login

GET /lightbox/auth/login HTTP/1.1

Pragma: no-cache








Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:06 GMT





Connection: close


Response


Details

/lightbox/auth/login/index

GET /lightbox/auth/login/index HTTP/1.1

Pragma: no-cache








Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:06 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (177e60186c4ff03ad3b116dc0ecc546b)

POST /lightbox/auth/login/index?return_url=/lightbox/account/messages&source=lightbox

HTTP/1.1

Pragma: no-cache




Referer: http://hackerbook.sgv2.com/lightbox/auth/login/index

Content-Length: 235

Content-Type: application/x-www-form-urlencoded

Cookie: socialgo=o9ohbanuqe4vgou50t9m0dcno1




button-cancel=Cancel&commit=Log%20in&login%5b_csrf_token%5d=61cd4ddd1c482372e1d223e56141

fa6f&login%5bemail%5d=ukumcqwc&login%5bpassword%5d=sdynirof&login%5bpersistent_login%5d=

true&login%5breturn_url%5d=%2flightbox%2faccount%2fmessages

Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:31:47 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (1b0c6d09097b224971bd8d408c494f42)

Request


POST /lightbox/auth/login/index?return_url=/lightbox/account/settings&source=lightbox

HTTP/1.1

Pragma: no-cache





Content-Length: 235







fa6f&login%5bemail%5d=drxwdlfb&login%5bpassword%5d=sushunmt&login%5bpersistent_login%5d=

true&login%5breturn_url%5d=%2flightbox%2faccount%2fsettings

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:31:47 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (30ab0b260f70a150bb6d67419fc6cc34)

POST /lightbox/auth/login/index?return_url=/lightbox/account/changePhoto&source=lightbox

HTTP/1.1

Pragma: no-cache





Content-Length: 238







fa6f&login%5bemail%5d=smtwphop&login%5bpassword%5d=xyrencfl&login%5bpersistent_login%5d=

true&login%5breturn_url%5d=%2flightbox%2faccount%2fchangePhoto

Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:32:36 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (3f0812576408dc837d0ba30fe794ad7c)



HTTP/1.1

Pragma: no-cache





Content-Length: 238







fa6f&login%5bemail%5d=uujumerh&login%5bpassword%5d=rmleqsgr&login%5bpersistent_login%5d=


Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:31:44 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (3f2ea49c4ed467ac2968885d962f4a3a)


HTTP/1.1

Pragma: no-cache





Content-Length: 205







fa6f&login%5bemail%5d=smtwphop&login%5bpassword%5d=eqtrhweb&login%5breturn_url%5d=%2flig

htbox%2faccount%2fchangePhoto

Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:31:46 GMT





Connection: close


Response


Details

/lightbox/auth/login/index (455d5fb6869a713d5ffa2fb6a6183f3a)


HTTP/1.1

Pragma: no-cache





Content-Length: 238







fa6f&login%5bemail%5d=uujumerh&login%5bpassword%5d=wteukrpt&login%5bpersistent_login%5d=


Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:32:36 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (45dfe7aa3aeadc85596a1ac2e0ec1c8a)

POST /lightbox/auth/login/index HTTP/1.1

Pragma: no-cache





Content-Length: 178






button-cancel=Cancel&commit=Log%20in&login%5b_csrf_token%5d=d71d16c5c05d925a84ba0b138feb

ce61&login%5bemail%5d=poyjbdux&login%5bpassword%5d=wwgumwcq&login%5breturn_url%5d=ahdouh

ta

Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:45 GMT





Connection: close


Response


Details

/lightbox/auth/login/index (7286d44665ac5abace3aab5586a5a746)

POST /lightbox/auth/login/index HTTP/1.1

Pragma: no-cache





Content-Length: 211







ce61&login%5bemail%5d=ddyvovds&login%5bpassword%5d=yyewcjgf&login%5bpersistent_login%5d=

true&login%5breturn_url%5d=kmlwxvcp

Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:45 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (8b12e9f4595addd0543beaf6ab8d5c8e)

GET /lightbox/auth/login/index?return_url=/lightbox/account/editProfile&source=lightbox

HTTP/1.1

Pragma: no-cache




Referer: http://hackerbook.sgv2.com/lightbox/account/editProfile





Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:30:13 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (9727730793e7546f62807fc6bb7dc7b9)


POST

/lightbox/auth/login/index?return_url=/lightbox/account/changePhoto/index&source=lightbo

x HTTP/1.1

Pragma: no-cache





Content-Length: 246







fa6f&login%5bemail%5d=dkxajafo&login%5bpassword%5d=qcxujgev&login%5bpersistent_login%5d=

true&login%5breturn_url%5d=%2flightbox%2faccount%2fchangePhoto%2findex

Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:31:51 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (c2ccbf1e7c8f08004412a923c063950a)

GET /lightbox/auth/login/index?return_url=/lightbox/account/messages&source=lightbox

HTTP/1.1

Pragma: no-cache




Referer: http://hackerbook.sgv2.com/lightbox/account/messages





Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:30:12 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (da6055aa9c25eac29fc1ae2b1950e480)

POST /lightbox/auth/login/index?return_url=/lightbox/account/editProfile&source=lightbox

HTTP/1.1

Request


Pragma: no-cache





Content-Length: 238







fa6f&login%5bemail%5d=kqgpmfji&login%5bpassword%5d=rchqygbl&login%5bpersistent_login%5d

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:31:51 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (e2fd744a875a2831ceefe9fa7fbf2507)

GET /lightbox/auth/login/index?return_url=/lightbox/account/changePhoto&source=lightbox

HTTP/1.1

Pragma: no-cache




Referer: http://hackerbook.sgv2.com/lightbox/account/changePhoto





Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:30:15 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (fc4798b90988e5dde1bb2061020f1336)

GET

/lightbox/auth/login/index?return_url=/lightbox/account/changePhoto/index&source=lightbo

x HTTP/1.1

Pragma: no-cache




Request


Referer: http://hackerbook.sgv2.com/lightbox/account/changePhoto/index




HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:29:51 GMT





Connection: close


Response

Details

/lightbox/auth/login/index (ff806fad47c288609ff0f0d8a643c757)

GET /lightbox/auth/login/index?return_url=/lightbox/account/settings&source=lightbox

HTTP/1.1

Pragma: no-cache




Referer: http://hackerbook.sgv2.com/lightbox/account/settings





Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:30:18 GMT





Connection: close


Response

Details

/lightbox/auth/login/index/navname/login

GET /lightbox/auth/login/index/navname/login HTTP/1.1

Pragma: no-cache









Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:00 GMT




Response



Connection: close

Details

/lightbox/auth/login/index/navname/login (1b6403c0232d433acd94fcb046575512)

POST /lightbox/auth/login/index/navname/login HTTP/1.1

Pragma: no-cache




Referer: http://hackerbook.sgv2.com/lightbox/auth/login/index/navname/login

Content-Length: 211







ce61&login%5bemail%5d=ygkiewgq&login%5bpassword%5d=gsrbrsfj&login%5bpersistent_login%5d=

true&login%5breturn_url%5d=ewrfjkby

Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:16 GMT





Connection: close


Response

Details

/lightbox/auth/login/index/navname/login (e7c502e97dbe53a2ff17247ae44351e3)

POST /lightbox/auth/login/index/navname/login HTTP/1.1

Pragma: no-cache




Referer: http://hackerbook.sgv2.com/lightbox/auth/login/index/navname/login

Content-Length: 178







ce61&login%5bemail%5d=mecjnhfr&login%5bpassword%5d=yhnhrvob&login%5breturn_url%5d=klkssw

yu

Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:16 GMT





Response


Connection: close

Details

/lightbox/auth/signup

GET /lightbox/auth/signup HTTP/1.1

Pragma: no-cache








Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:06 GMT





Connection: close


Response

Details

/lightbox/auth/signup

GET /lightbox/auth/signup HTTP/1.1

Pragma: no-cache








Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:06 GMT





Connection: close


Response

Details

/lightbox/auth/signup/index

GET /lightbox/auth/signup/index HTTP/1.1

Pragma: no-cache




Request





HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:06 GMT





Connection: close


Response

Details

/lightbox/auth/signup/index

GET /lightbox/auth/signup/index HTTP/1.1

Pragma: no-cache








Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:06 GMT





Connection: close


Response

Details

/lightbox/auth/signup/index/navname/signup

GET /lightbox/auth/signup/index/navname/signup HTTP/1.1

Pragma: no-cache









Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:00 GMT





Connection: close


Response


Details

/lightbox/auth/signup/index/navname/signup

GET /lightbox/auth/signup/index/navname/signup HTTP/1.1

Pragma: no-cache









Request

HTTP/1.0 200 OK

Date: Mon, 19 Dec 2011 13:28:00 GMT





Connection: close


Response


UiTM Negeri Sembilan Web Security Analysis

Documents

Transcript of UiTM Negeri Sembilan Web Security Analysis