[Owasp-turkey] Acunetixte Birkaç Soru
Onur YILMAZ
contact at onuryilmaz.info
Wed Feb 16 15:42:14 EST 2011
Selamlar,
- Belirtilen adresteki uygulamaya ilgili ürünün raporladığı 'admin
/ iloveyou' bilgileri ile login olabiliyor musunuz ? eğer olamıyorsanız ve
böyle bir kullanıcı da yoksa, ilgili ürün yanlış rapor üretmiş diyebiliriz.
(Weak Password)
- "Login page password-guessing attack" zafiyeti altında bildirilen
durum ise, uygulamaya kullanıcıların giriş yaptığı sayfanın deneme-yanılma
saldırına açık olduğudur.
(http://dergi.webguvenligi.org/websec/31-burp-suite-ile-deneme--yanilma-dene
timi.wgt)
- "Possible sensitive directories" kısmında bulunan klasörler
uygulamanızda gerçekten varsa, içerisinde kritik bilgiler taşıyor
olabilirler. Kontrol ederek gerek görülen klasörlere erişimi kısıtlamak
gerekebilir.
- Cookie'ler ile ilgili bildirimler için:
http://www.owasp.org/index.php/HttpOnly -
- "Password type input with autocomplete enabled" ile anlatılmak
istenen giriş alanındaki kutucuklarda otomatik tamamlamanın aktif olması.
Yani aynı bilgisayardan başka bir kullanıcı uygulamaya login oldu ise
browser bilgilerini hatırlayabilir, kötü niyetli kullanıcılar da bu
hesaplara giriş yapabilirler. <INPUT TYPE="password" AUTOCOMPLETE="off">
şeklinde bu özelliği kapatmak mümkün ki raporda da belirtilmiş zaten.
Benim gözüme çarpan bunlar oldu, kolay gelsin.
From: owasp-turkey-bounces at lists.owasp.org
[mailto:owasp-turkey-bounces at lists.owasp.org] On Behalf Of Serdar KILIÇ
Sent: Wednesday, February 16, 2011 6:43 PM
To: owasp-turkey at lists.owasp.org
Subject: [Owasp-turkey] Acunetixte Birkaç Soru
Öncelikle Herkese Kolay Gelsin Arkadaşlar
Şirketimize Ait B2B tabanlı coldfusion ile oluşturulmuş bayii kanallı
alışveriş sitemizi acunetix ile tarattım karşıma çıkan raporda
High ibareli tehditte sistemde gözükmeyen bi kullanıcı hesabı ve giriş
bilgileri yeralıyor - admin iloveyou şeklinde
Raporu aşşağıdadır bu konuda yardımlarınızı ve fikirlerinizi bekliyorum
Raporda domain ismini gizledim aramızda iyi niyetlilerin yanında kötü
niyetlilerde olabilir o yüzden gizleme gereği hissettim
Raporda yazanların kısa bir özeti yada açıkların nasıl ne şekilde kapanacağı
konusunda yardımda bulunursanız işyerindeki yerimi sağlamlaştırmış olacağım
çünkü işe yeni girdim daha deneme sürecindeyim
Şimdiden Herkese Teşekkür ederim...
Alerts summary
Weak Password
Affects
Variations
/b2b/index.cfm
1
Login page password-guessing attack
Affects
Variations
/b2b/index.cfm
1
Possible sensitive directories
Affects
Variations
/b2b/backup
1
/b2b/editor
1
/b2b/email
1
/b2b/Root
1
/b2b/root
1
/b2b/scripts
1
/b2b/TEMP
1
/b2b/temp
1
/b2b/test
1
Session Cookie without HttpOnly flag set
Affects
Variations
/
4
Session Cookie without Secure flag set
Affects
Variations
/
4
Javascript eval() usage
Affects
Variations
/b2b/index.cfm (00c3d74e1fe796d31a2e9d3b7f93a812)
1
Acunetix Website Audit
63
Password type input with autocomplete enabled
Affects
Variations
/b2b/index.cfm (00c3d74e1fe796d31a2e9d3b7f93a812)
1
Possible username or password disclosure
Affects
Variations
/railo-context/form.cfm
1
Windows Terminal Services server running
Affects
Variations
Server
1
Alert details
Weak Password
Severity
High
Type
Informational
Reported by module
Scripting (Html_Authentication_Audit.script)
Description
Manual confirmation is required for this alert.
This page is using a weak password. Acunetix WVS was able to guess the
credentials required to access this page. A weak password is short, common,
a system default, or something that could be rapidly guessed by executing a
brute force attack using a subset of all possible passwords, such as words
in the dictionary, proper names, words based on the user name or common
variations on these themes.
Impact
An attacker may access the contents of the password-protected page.
Recommendation
Enforce a strong password policy. Don't permit weak passwords or passwords
based on dictionary words.
Affected items
/b2b/index.cfm
Details
Username: admin , Password: iloveyou
Request
POST /b2b/index.cfm HTTP/1.1
Content-Length: 41
Content-Type: application/x-www-form-urlencoded
Host: ---
nection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
bkod=&fkod=2010&kname=admin&pass=iloveyou
Response
HTTP/1.1 302 Found
Content-Length: 147
Content-Type: text/html; charset=UTF-8
Location: index.cfm?ba=home.welcome
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=124287ec-9524-4c35-99e8-02db847240c5; path=/
Set-Cookie: CFTOKEN=0; path=/
Date: Wed, 16 Feb 2011 14:28:45 GMT
Connection: close
Login page password-guessing attack
Severity
Low
Type
Validation
Reported by module
Scripting (Html_Authentication_Audit.script)
Description
A common threat web developers face is a password-guessing attack known as a
brute force attack. A brute-force attack is an attempt to discover a
password by systematically trying every possible combination of letters,
numbers, and symbols
Acunetix Website Audit
65
until you discover the one correct combination that works.
This login page doesn't have any protection against password-guessing
attacks (brute force attacks). It's recommended to implement some type of
account lockout after a defined number of incorrect password attempts.
Consult Web references for more information about fixing this problem.
Impact
An attacker may attempt to discover a weak password by systematically trying
every possible combination of letters, numbers, and symbols until it
discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined
number of incorrect password attempts.
Affected items
/b2b/index.cfm
Details
The scanner tested 10 invalid credentials and no account lockout was
detected.
Request
POST /b2b/index.cfm HTTP/1.1
Content-Length: 44
Content-Type: application/x-www-form-urlencoded
Host: ---
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
bkod=&fkod=2010&kname=vrfCMo1d&pass=pHm0WMiE
Response
HTTP/1.1 302 Found
Content-Length: 147
Content-Type: text/html; charset=UTF-8
Location: index.cfm?ba=home.welcome
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=1c047f9d-1eb6-4bfd-9919-6e06891ef139; path=/
Set-Cookie: CFTOKEN=0; path=/
Date: Wed, 16 Feb 2011 14:28:44 GMT
Connection: close
Possible sensitive directories
Severity
Low
Type
Validation
Reported by module
Scripting (Possible_Sensitive_Directories.script)
Description
A possible sensitive directory has been found. This directory is not
directly linked from the website.This check looks for common sensitive
resources like backup directories, database dumps, administration pages,
temporary directories. Each one of these directories could help an attacker
to learn more about his target.
Impact
This directory may expose sensitive information that could help a malicious
user to prepare more advanced attacks.
Recommendation
Restrict access to this directory or remove it from the website.
Affected items
Acunetix Website Audit
66
/b2b/backup
Details
No details are available.
Request
GET /b2b/backup HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---/b2b/backup/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:48 GMT
Content-Length: 167
/b2b/editor
Details
No details are available.
Request
GET /b2b/editor HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/editor/ <http://---/b2b/editor/>
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:48 GMT
Content-Length: 167
/b2b/email
Details
No details are available.
Request
GET /b2b/email HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/email/ <http://---/b2b/email/>
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:46 GMT
Content-Length: 166
Acunetix Website Audit
67
/b2b/Root
Details
No details are available.
Request
GET /b2b/Root HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/Root/ <http://---/b2b/Root/>
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:47 GMT
Content-Length: 165
/b2b/root
Details
No details are available.
Request
GET /b2b/root HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/root/ <http://---/b2b/root/>
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:47 GMT
Content-Length: 165
/b2b/scripts
Details
No details are available.
Request
GET /b2b/scripts HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/scripts/ <http://---/b2b/scripts/>
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:46 GMT
Content-Length: 168
Acunetix Website Audit
68
/b2b/TEMP
Details
No details are available.
Request
GET /b2b/TEMP HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/TEMP/ <http://---/b2b/TEMP/>
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:47 GMT
Content-Length: 165
/b2b/temp
Details
No details are available.
Request
GET /b2b/temp HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/temp/ <http://---/b2b/temp/>
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:48 GMT
Content-Length: 165
/b2b/test
Details
No details are available.
Request
GET /b2b/test HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/test/ <http://---/b2b/test/>
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:48 GMT
Content-Length: 165
Acunetix Website Audit
69
Session Cookie without HttpOnly flag set
Severity
Low
Type
Informational
Reported by module
Crawler
Description
This session cookie doesn't have the HTTPOnly flag set. When a cookie is set
with the HTTPOnly flag, it instructs the browser that the cookie can only be
accessed by the server and not by client-side scripts. This is an important
security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
/
Details
Cookie name: "CFTOKEN"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
/
Details
Cookie name: "CFID"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Acunetix Website Audit
70
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
/
Details
Cookie name: "CFTOKEN"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
/
Details
Cookie name: "CFID"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
Session Cookie without Secure flag set
Severity
Low
Type
Informational
Reported by module
Crawler
Acunetix Website Audit
71
Description
This session cookie doesn't have the Secure flag set. When a cookie is set
with the Secure flag, it instructs the browser that the cookie can only be
accessed over secure SSL channels. This is an important security protection
for session cookies.
Impact
None
Recommendation
If possible, you should set the Secure flag for this cookie.
Affected items
/
Details
Cookie name: "CFID"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
/
Details
Cookie name: "CFID"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
Acunetix Website Audit
72
/
Details
Cookie name: "CFTOKEN"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
/
Details
Cookie name: "CFTOKEN"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
Javascript eval() usage
Severity
Informational
Type
Informational
Reported by module
Crawler
Description
The javascript code on this page uses the eval() function. This function
evaluates a string and execute it as javascript code. If the input string is
controlled by the user, this could lead to XSS (cross-site scripting)
vulnerabilities.
Impact
Acunetix Website Audit
73
None
Recommendation
Audit the evaluated code, making sure it's not vulnerable to XSS
vulnerabilities.
Affected items
/b2b/index.cfm (00c3d74e1fe796d31a2e9d3b7f93a812)
Details
eval(thisField).options[eval(thisField).options.length] = newOption; return
true; } function selectAll(fieldName, setTo){ if(setTo){ // specified a set
} else { setTo = 1 } var thisField = formObj(fieldName); var i = 0;
for(i=0;i < thisField.options.length;i++){ if(setTo){
thisField.options.selected = true; } else { thisField.options.selected =
false; } } } function selectDeleteOption(fieldName, optionNumber,
deleteAll){ var thisField = formObj(fieldName); if(optionNumber){
optionNumber--; } else { optionNumber = 0;} if(deleteAll){ var deleteLen =
thisField.options.length; for(var i = 0; i <= deleteLen; i++){
thisField.options[0] = null; } } else { thisField.options[optionNumber] =
null; } return true; } function selectOption(fieldName, setTo,
optionNumber){ var thisField = formObj(fieldName); if(optionNumber){
optionNumber-- } else { optionNumber = 0; } if(setTo){ ...
Request
GET /b2b/index.cfm?ba=home.welcome HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Referer: http://---/
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Length: 23218
Content-Type: text/html; charset=UTF-8
Expires: {ts '2011-02-16 14:28:29'}
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; path=/
Set-Cookie: CFTOKEN=0; path=/
Date: Wed, 16 Feb 2011 14:28:27 GMT
Connection: close
Password type input with autocomplete enabled
Severity
Informational
Type
Informational
Reported by module
Crawler
Description
When a new name and password is entered in a form and the form is submitted,
the browser asks if the password should be saved. Thereafter when the form
is displayed, the name and password are filled in automatically or are
completed as the name is entered. An attacker with local access could obtain
the cleartext password from the browser cache.
Impact
Possible sensitive information disclosure
Recommendation
The password autocomplete should be disabled in sensitive applications.
To disable autocomplete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
Acunetix Website Audit
74
/b2b/index.cfm (00c3d74e1fe796d31a2e9d3b7f93a812)
Details
Password type input named pass from form named frm with action
/b2b/index.cfm has autocomplete enabled.
Request
GET /b2b/index.cfm?ba=home.welcome HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Referer: http://---/
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Length: 23218
Content-Type: text/html; charset=UTF-8
Expires: {ts '2011-02-16 14:28:29'}
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; path=/
Set-Cookie: CFTOKEN=0; path=/
Date: Wed, 16 Feb 2011 14:28:27 GMT
Connection: close
Possible username or password disclosure
Severity
Informational
Type
Informational
Reported by module
Scripting (Text_Search.script)
Description
A username and/or password was found in this file. This information could be
sensitive.
This alert may be a false positive, manual confirmation is required.
Impact
Possible sensitive information disclosure.
Recommendation
Remove this file from your website or change its permissions to remove
access.
Affected items
/railo-context/form.cfm
Details
Pattern found:
PASSWORD=3
Request
GET /railo-context/form.cfm HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Referer: http://---/b2b/index.cfm
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Acunetix Website Audit
75
Host: ---
Connection: Keep-alive
Response
HTTP/1.1 200 OK
Content-Length: 13632
Content-Type: text/javascript
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:27 GMT
Connection: close
Windows Terminal Services server running
Severity
Informational
Type
Configuration
Reported by module
Scripting (windows_terminal_services.script)
Description
A Windows Terminal Services server is running on this host. Terminal
Services is one of the components of Microsoft Windows (both server and
client versions) that allows a user to access applications and data on a
remote computer. Microsoft's RDP implementation of Terminal Services doesn't
verify the server's identity when setting up the encryption keys for the RDP
session. This vulnerability can result in a potential man-in-the-middle
(MITM) attack.
Impact
Possible information disclosure.
Recommendation
It's recommended to restrict access to valid users and/or hosts.
Affected items
Server
Details
The Windows Terminal Services server is running on TCP port 3389.
-------------- sonraki bölüm --------------
Bir HTML eklentisi temizlendi...
URL: https://lists.owasp.org/pipermail/owasp-turkey/attachments/20110216/726d26c9/attachment-0001.html
More information about the Owasp-turkey
mailing list