Welcome to Scribd!

0% found this document useful (0 votes)

100 views

Wapiti Vulnerability Report: Target: Http://123.231.148.147:8081/webservice

Uploaded by

Plokodot Plokodot

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Wapiti Vulnerability Report: Target: Http://123.231.148.147:8081/webservice

Uploaded by

Plokodot Plokodot

0% found this document useful (0 votes)

100 views7 pages

Original Title

123.231.148.147_8081_10162021_0549

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Download as pdf or txt

0% found this document useful (0 votes)

100 views7 pages

Wapiti Vulnerability Report: Target: Http://123.231.148.147:8081/webservice

Uploaded by

Plokodot Plokodot

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Download as pdf or txt

Jump to Page

You are on page 1of 7

Search inside document

Wapiti vulnerability report

Target: http://123.231.148.147:8081/webservice/
Date of the scan: Sat, 16 Oct 2021 05:49:33 +0000. Scope of the scan: folder

Summary

Category Number of vulnerabilities found

Backup file 0

Weak credentials 0

CRLF Injection 0

Content Security Policy Configuration 0

Cross Site Request Forgery 1

Potentially dangerous file 3

Command execution 0

Path Traversal 0

Fingerprint web application framework 2

Fingerprint web server 1

Htaccess Bypass 0

HTTP Secure Headers 0

HttpOnly Flag cookie 0

Category Number of vulnerabilities found

Open Redirect 0

Secure Flag cookie 0

SQL Injection 0

Server Side Request Forgery 0

Blind SQL Injection 0

Cross Site Scripting 0

XML External Entity 0

Internal Server Error 0

Resource consumption 0

Fingerprint web technology 7

Cross Site Request Forgery

Description
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute
unwanted actions on a web application in which they're currently authenticated.

Vulnerability found in /webservice/login

Description HTTP Request cURL command line
Lack of anti CSRF token

Solutions
Check if your framework has built-in CSRF protection and use it. If framework does not
have built-in CSRF protection add CSRF tokens to all state changing requests (requests
that cause actions on the site) and validate them on backend.

References
• OWASP: Testing for Cross Site Request Forgery
• OWASP: Cross-Site Request Forgery Prevention Cheat Sheet
• CWE-352: Cross-Site Request Forgery (CSRF)

Potentially dangerous file

Description
A file with potential vulnerabilities has been found on the website.

Vulnerability found in /icons/README

Description HTTP Request cURL command line

Apache default file found.

References:
https://vulners.com/osvdb/OSVDB:3233

Vulnerability found in /server-status

Description HTTP Request cURL command line

Apache server-status interface found (protected/forbidden)

Vulnerability found in /server-info
Description HTTP Request cURL command line

Apache server-info interface found (protected/forbidden)

Solutions
Make sure the script is up-to-date and restrict access to it if possible.

References
• Mitre: Search details of a CVE

Fingerprint web application framework

Description
The version of a web application framework can be identified due to the presence of its
specific fingerprints.

Vulnerability found in /webservice/

Description HTTP Request cURL command line

{"versions": ["1.0.2q"], "name": "OpenSSL", "categories": ["Web server extensions"]}

Vulnerability found in /webservice/

Description HTTP Request cURL command line
{"versions": ["5.6.40"], "name": "PHP", "categories": ["Programming languages"]}

Solutions
This is only for informational purposes.

References
• OWASP: Fingerprint Web Application Framework

Fingerprint web server

Description
The version of a web server can be identified due to the presence of its specific
fingerprints.

Vulnerability found in /webservice/

Description HTTP Request cURL command line

{"versions": ["2.4.38"], "name": "Apache", "categories": ["Web servers"]}

Solutions
This is only for informational purposes.

References
• OWASP: Fingerprint Web Server

Fingerprint web technology

Description
The use of a web technology can be deducted due to the presence of its specific
fingerprints.
Additional found in /webservice/
Description HTTP Request cURL command line

{"versions": ["2.4.38"], "name": "Apache", "categories": ["Web servers"]}

Additional found in /webservice/

Description HTTP Request cURL command line

{"versions": [], "name": "Bootstrap", "categories": ["UI frameworks"]}

Additional found in /webservice/

Description HTTP Request cURL command line

{"versions": [], "name": "jQuery", "categories": ["JavaScript libraries"]}

Additional found in /webservice/

Description HTTP Request cURL command line

{"versions": ["1.0.2q"], "name": "OpenSSL", "categories": ["Web server extensions"]}

Additional found in /webservice/
Description HTTP Request cURL command line

{"versions": ["5.6.40"], "name": "PHP", "categories": ["Programming languages"]}

Additional found in /webservice/

Description HTTP Request cURL command line

{"versions": [], "name": "reCAPTCHA", "categories": ["Security"]}

Additional found in /webservice/

Description HTTP Request cURL command line

{"versions": [], "name": "Windows Server", "categories": ["Operating systems"]}

Solutions
This is only for informational purposes.

References
• OWASP: Fingerprint Web Server
• OWASP: Fingerprint Web Application Framework

Report For Foophones: by Utkarsh Munra
Document37 pages
Report For Foophones: by Utkarsh Munra
suraj fb
No ratings yet
Concerto Digital Signage - How To Use: Quick Overview
Document7 pages
Concerto Digital Signage - How To Use: Quick Overview
Javier Battigelli
No ratings yet
Web Application Security
Document48 pages
Web Application Security
eddybhishma
No ratings yet
10a - Web Security
Document14 pages
10a - Web Security
Alif Faisal
No ratings yet
Top 10 WEB Vulnerablities
Document55 pages
Top 10 WEB Vulnerablities
Foster Romantic Status
No ratings yet
2024-10-21-ZAP-Report-SMART OFFICE
Document49 pages
2024-10-21-ZAP-Report-SMART OFFICE
dummyforvnc
No ratings yet
PentestTools WebsiteScanner Report
Document4 pages
PentestTools WebsiteScanner Report
deldengc
No ratings yet
GamaSec Example Report
Document42 pages
GamaSec Example Report
Mefistogr
No ratings yet
Site: Https://portal-Dev - Ikapture.ai: Generated On Fri, 22 Nov 2024 06:01:38 ZAP Version: 2.15.0
Document133 pages
Site: Https://portal-Dev - Ikapture.ai: Generated On Fri, 22 Nov 2024 06:01:38 ZAP Version: 2.15.0
Sunil Kumar
No ratings yet
Investigating Web Shells
Document13 pages
Investigating Web Shells
yuri
No ratings yet
Usenixsec 05
Document36 pages
Usenixsec 05
mohamedsamirnassar1993
No ratings yet
Devops Technical Test
Document6 pages
Devops Technical Test
Richard Phillips
No ratings yet
Cybersecurity
Document10 pages
Cybersecurity
vaishnav kasar
No ratings yet
VA Report API Koota
Document26 pages
VA Report API Koota
erna83agustin
No ratings yet
Developer Report PDF
Document65 pages
Developer Report PDF
Anonymous JyKPfbZBQ
No ratings yet
Introduction To Web Penetration Testing
Document60 pages
Introduction To Web Penetration Testing
matthieucolle1
No ratings yet
Developer Report: Acunetix Website Audit 23 December, 2021
Document7 pages
Developer Report: Acunetix Website Audit 23 December, 2021
BAGAS TRI RAMADANA -
No ratings yet
Website Vulnerability Scanner Report (Light)
Document4 pages
Website Vulnerability Scanner Report (Light)
MasBa
No ratings yet
Quickscan Web Zero Tg75bn
Document34 pages
Quickscan Web Zero Tg75bn
Desya kristian
No ratings yet
Cargill Web Application Scanning Report
Document27 pages
Cargill Web Application Scanning Report
Hari King
No ratings yet
Vulnerabilidad Crypto-Utils
Document5 pages
Vulnerabilidad Crypto-Utils
rjlar
No ratings yet
An toàn hệ thống web
Document74 pages
An toàn hệ thống web
nhi
No ratings yet
Browser Security Model: John Mitchell
Document74 pages
Browser Security Model: John Mitchell
nhi
No ratings yet
CEH Lesson 5 - Web Server Hacking
Document25 pages
CEH Lesson 5 - Web Server Hacking
Louise Real
No ratings yet
Vulnerabiliades - Diccionario
Document142 pages
Vulnerabiliades - Diccionario
Johan Morillo
No ratings yet
Week 3 Report
Document16 pages
Week 3 Report
fejom93713
No ratings yet
4.1 Web Application Vulnerabilities - OWASP - ZSS
Document20 pages
4.1 Web Application Vulnerabilities - OWASP - ZSS
Dhairya Thakkar
No ratings yet
crAPI VAPT
Document38 pages
crAPI VAPT
sirducky04
No ratings yet
401 & 403 Bypass CheatSheet For Ethical Hacker - Codelivly
Document9 pages
401 & 403 Bypass CheatSheet For Ethical Hacker - Codelivly
enzobouraima
No ratings yet
Webcast 116220 PDF
Document76 pages
Webcast 116220 PDF
17ajay
No ratings yet
Webappsec Intro
Document25 pages
Webappsec Intro
somendas
No ratings yet
Hacking Test
Document42 pages
Hacking Test
Nehmaiz
No ratings yet
Course Content
Document6 pages
Course Content
Guru
No ratings yet
WEB EXPLOITATION
Document18 pages
WEB EXPLOITATION
anasennassiri2004
No ratings yet
Web Penetration Testing with Kali Linux - Second Edition
From Everand
Web Penetration Testing with Kali Linux - Second Edition
Ansari Juned Ahmed
No ratings yet
Hack2Secure Web Application Security Testing Workshop LiveOnline
Document5 pages
Hack2Secure Web Application Security Testing Workshop LiveOnline
Anonymous Rp4du2
No ratings yet
Tripwire VERT Hack Lab Cheat Sheet
Document2 pages
Tripwire VERT Hack Lab Cheat Sheet
tester
No ratings yet
Webshark 1.0: A Benchmark Collection For Malicious Web Shell Detection
Document10 pages
Webshark 1.0: A Benchmark Collection For Malicious Web Shell Detection
Achraf Grini
No ratings yet
Web Application Security
Document25 pages
Web Application Security
Nipun Verma
No ratings yet
Phase2 Security Report
Document64 pages
Phase2 Security Report
Anonymous r3xb805E
No ratings yet
SANGFOR NGAF V8.0.47 Associate 2022 07 Server Security
Document61 pages
SANGFOR NGAF V8.0.47 Associate 2022 07 Server Security
Amie Nursyal
No ratings yet
Suip - Biz: Localbitcoins Vds Donation Feedback
Document1 page
Suip - Biz: Localbitcoins Vds Donation Feedback
ryo020288
No ratings yet
Snyk Top 10: Code Vulnerabilities in 2022
Document6 pages
Snyk Top 10: Code Vulnerabilities in 2022
gavam63877
No ratings yet
Scan Report
Document25 pages
Scan Report
Nguyễn Thanh Hòa
No ratings yet
PentestTools WebsiteScanner Report
Document6 pages
PentestTools WebsiteScanner Report
Hard Gamer
No ratings yet
Directory Traversal Attacks
Document3 pages
Directory Traversal Attacks
Romkant Pandey
No ratings yet
Web Application Security: Vulnerabilities, Attacks, and Countermeasures
Document72 pages
Web Application Security: Vulnerabilities, Attacks, and Countermeasures
Vikas Gupta
No ratings yet
Streamline AWS Security Incidents
Document42 pages
Streamline AWS Security Incidents
Shruti Agrawal
No ratings yet
A Survey of Web Security: Aviel D. Rubin Daniel E. Geer JR
Document8 pages
A Survey of Web Security: Aviel D. Rubin Daniel E. Geer JR
Nirmal Raj Deivasigamani
No ratings yet
19 WebSecurityThreats81
Document81 pages
19 WebSecurityThreats81
Smita R. S.
No ratings yet
C3SA Module 03 V1
Document116 pages
C3SA Module 03 V1
eshensanjula2002
No ratings yet
Requiem For A Vuln: What We Learned From Log4Shell and What Comes Next
Document33 pages
Requiem For A Vuln: What We Learned From Log4Shell and What Comes Next
Brian Markham
No ratings yet
Network Security
Document51 pages
Network Security
ct pentest
No ratings yet
Exploiting Cors Misconfigurations: For Bitcoins and Bounties
Document31 pages
Exploiting Cors Misconfigurations: For Bitcoins and Bounties
Yash Sancheti
100% (1)
BSCP1
Document4 pages
BSCP1
jhsdnck
No ratings yet
BSCP1
Document4 pages
BSCP1
jhsdnck
No ratings yet
PentestTools WebsiteScanner Report
Document4 pages
PentestTools WebsiteScanner Report
tc
No ratings yet
Checklist Đánh Giá Bảo Mật - v1
Document18 pages
Checklist Đánh Giá Bảo Mật - v1
phamducnhon
No ratings yet
SquidFaq SquidAcl
Document15 pages
SquidFaq SquidAcl
rodrigomoschetto
No ratings yet
Web Application Security by (Abdallah Elsokary)
Document38 pages
Web Application Security by (Abdallah Elsokary)
morad
No ratings yet
Effectiveness of AVs in Detecting Web Application Backdoors
Document8 pages
Effectiveness of AVs in Detecting Web Application Backdoors
blwztraining
No ratings yet
Cyber Health Check Sample Report
Document19 pages
Cyber Health Check Sample Report
Hassan Amin
No ratings yet
Cyber Laws in India
Document22 pages
Cyber Laws in India
aishwarya kamath
No ratings yet
Browser Security
Document31 pages
Browser Security
Anonymous 0XpfjKNl7
No ratings yet
ICT - Training
Document1 page
ICT - Training
Ramya Sri
No ratings yet
CCNA 2 (v5.0.3 + v6.0) Chapter 2 Exam Answers 2019 - 100% Full
Document21 pages
CCNA 2 (v5.0.3 + v6.0) Chapter 2 Exam Answers 2019 - 100% Full
Luis Blanco Belver
No ratings yet
Lecture 2 - Mobile Security 1
Document13 pages
Lecture 2 - Mobile Security 1
Stanley Chibelenje
No ratings yet
IRON-GPT Guide Enduser
Document930 pages
IRON-GPT Guide Enduser
MarcusAureliusRP
No ratings yet
Marlink - XChange v4 2 User Quick Guide
Document5 pages
Marlink - XChange v4 2 User Quick Guide
Dimitar Todorov
100% (1)
EMPOWERMENT TECHNOLOGY - Quarter 1 - Summative Test
Document2 pages
EMPOWERMENT TECHNOLOGY - Quarter 1 - Summative Test
Ma. Luisa Jalandoni
No ratings yet
DVDfab
Document2 pages
DVDfab
navas
No ratings yet
Web Cache Entanglement
Document18 pages
Web Cache Entanglement
rkreddy_pandu
No ratings yet
Wiki Syntax - Wikidot - Free and Pro Wiki Hosting
Document20 pages
Wiki Syntax - Wikidot - Free and Pro Wiki Hosting
José Carlos S. Jesus
No ratings yet
Module 9: Address Resolution: Introduction To Networks v7.0 (ITN)
Document15 pages
Module 9: Address Resolution: Introduction To Networks v7.0 (ITN)
Mohmed11 Gamal
No ratings yet
Correction Du TP NAT
Document6 pages
Correction Du TP NAT
Trux Trollux
No ratings yet
School of Information Technology and Engineering ITE1002 - Web Technologies Laboratory Assessment-4 Using Node JS, Express JS, Mongo DB
Document3 pages
School of Information Technology and Engineering ITE1002 - Web Technologies Laboratory Assessment-4 Using Node JS, Express JS, Mongo DB
Shiva
No ratings yet
SAVVAS Handout EBBasic Teacher Self-Registration 1568647168 1591308488
Document19 pages
SAVVAS Handout EBBasic Teacher Self-Registration 1568647168 1591308488
zaineddin Saadeddin
No ratings yet
IRIS Hospital-Phase 1 Development
Document11 pages
IRIS Hospital-Phase 1 Development
Anirban Ghosh
No ratings yet
Week 7 Lecture On Digital Proficiency and Fin Tech
Document36 pages
Week 7 Lecture On Digital Proficiency and Fin Tech
rajchatterjee06
No ratings yet
Sofia Perez - Mid-Term Assignment
Document2 pages
Sofia Perez - Mid-Term Assignment
Sofia Perez
No ratings yet
Opevas Sample Report
Document60 pages
Opevas Sample Report
juan
No ratings yet
(Agency) Brief - Tokopedia Affiliate
Document28 pages
(Agency) Brief - Tokopedia Affiliate
Ni Wayan Ayu
No ratings yet
Venus 29xx Series Quick Installation GuideV1.0
Document34 pages
Venus 29xx Series Quick Installation GuideV1.0
KaungMinnChain
No ratings yet
To - Arcaea Lowiro
Document38 pages
To - Arcaea Lowiro
Agung Febri
No ratings yet
Blogging Milestones in The Philippines
Document69 pages
Blogging Milestones in The Philippines
Cheryl Fuerte
No ratings yet
Administrator Course Plan PDF
Document6 pages
Administrator Course Plan PDF
Ravi Susmith
No ratings yet
Django Template Language
Document14 pages
Django Template Language
Rhoxette Nazi Pedroza
No ratings yet
Android 4 User Guide
Document12 pages
Android 4 User Guide
Sandra Carr
No ratings yet
BlockChain Cheat Sheet
Document1 page
BlockChain Cheat Sheet
Cresent Moon
No ratings yet
Thanks For Uploading!: You May Now Download Best Sexual Positions For Having An Orgasm
Document1 page
Thanks For Uploading!: You May Now Download Best Sexual Positions For Having An Orgasm
Teguh Santoso
No ratings yet