[Owasp-turkey] Acunetixte Birkaç Soru
Serdar KILIÇ
serdarkilic at hotmail.it
Thu Feb 17 02:40:23 EST 2011
Onur bey verdiğiniz bilgiler için teşekkür ederim
<INPUT TYPE="password" AUTOCOMPLETE="off"> şeklinde belirttiğiniz ibarenin kapanmasını nasıl sağlarız yani hangi dosyada değişiklik yapmamız gerekir.
Umut bey sizede teşekkür ederim sizde haklısınız fakat ben elimden geldği kadarıyla gizlemeye çalıştım Ferruh beyde aynı konuyla ilgili mail attı bana.
Bu mail listesinde gelen mailin ip adresini yetkililer haricinde gören birileri yoktur diye düşünüp anonym mail atmadım...
Date: Thu, 17 Feb 2011 00:25:44 +0200
From: umutinetas at gmail.com
To: owasp-turkey at lists.owasp.org
Subject: Re: [Owasp-turkey] Acunetixte Birkaç Soru
Merhaba,
Benim burada dikkat çekmek istediğim başka bir konu var. Tabi ki bu OWASP listesi BT Güvenlik uzmanlarından oluşmakta ve hepimiz etik olarak bulunduğumuz yerin ve elde ettiğimiz bilgilerin bizi ne gibi sorumluluk altına soktuğundan haberdarız. Bu listedeki kimsenin, açıkları gönderen Serdar Kılıç başta olmak üzere iyi niyetinden şüphem bulunmamakta.
Ancak gene de kurumsal açıkların bu tip public sayılabilecek listelerde bu şekilde paylaşılması taraftarı değilim.
Serdar arkadaşımız haklı olarak domain adını gizlediğinden bahsetmiş, ancak gerek mevcut sosyal ağlardan gerekse mail atılan ortamlardan (bkz: X-Originating-IP) firma adı,URL vs. kolaylıkla bulunabilir,
Dahası eğer aşağıdaki gibi "Weak Password" açıkları varsa, bu paylaşılan bilgiler iş yerindeki yeri sağlamlaştırmak bi kenara; çok daha kötü sonuçlar doğurabilir.
Benim tavsiyem bu tip bilgilerin olabildiğince "anonymous" kalarak sorulması yada NDA yapılmış bir Bilgi Güvenliği firmasından destek alınmasıdır.
Kolay gelsin,
Umut
2011/2/16 Onur YILMAZ <contact at onuryilmaz.info>
Selamlar,
- Belirtilen adresteki uygulamaya ilgili ürünün raporladığı ‘admin / iloveyou’ bilgileri ile login olabiliyor musunuz ? eğer olamıyorsanız ve böyle bir kullanıcı da yoksa, ilgili ürün yanlış rapor üretmiş diyebiliriz. (Weak Password)
- “Login page password-guessing attack” zafiyeti altında bildirilen durum ise, uygulamaya kullanıcıların giriş yaptığı sayfanın deneme-yanılma saldırına açık olduğudur. (http://dergi.webguvenligi.org/websec/31-burp-suite-ile-deneme--yanilma-denetimi.wgt)
- “Possible sensitive directories” kısmında bulunan klasörler uygulamanızda gerçekten varsa, içerisinde kritik bilgiler taşıyor olabilirler. Kontrol ederek gerek görülen klasörlere erişimi kısıtlamak gerekebilir.
- Cookie’ler ile ilgili bildirimler için: http://www.owasp.org/index.php/HttpOnly -
- “Password type input with autocomplete enabled” ile anlatılmak istenen giriş alanındaki kutucuklarda otomatik tamamlamanın aktif olması. Yani aynı bilgisayardan başka bir kullanıcı uygulamaya login oldu ise browser bilgilerini hatırlayabilir, kötü niyetli kullanıcılar da bu hesaplara giriş yapabilirler. <INPUT TYPE="password" AUTOCOMPLETE="off"> şeklinde bu özelliği kapatmak mümkün ki raporda da belirtilmiş zaten.
Benim gözüme çarpan bunlar oldu, kolay gelsin.
From: owasp-turkey-bounces at lists.owasp.org [mailto:owasp-turkey-bounces at lists.owasp.org] On Behalf Of Serdar KILIÇ
Sent: Wednesday, February 16, 2011 6:43 PM
To: owasp-turkey at lists.owasp.org
Subject: [Owasp-turkey] Acunetixte Birkaç Soru
Öncelikle Herkese Kolay Gelsin Arkadaşlar
Şirketimize Ait B2B tabanlı coldfusion ile oluşturulmuş bayii kanallı alışveriş sitemizi acunetix ile tarattım karşıma çıkan raporda
High ibareli tehditte sistemde gözükmeyen bi kullanıcı hesabı ve giriş bilgileri yeralıyor - admin iloveyou şeklinde
Raporu aşşağıdadır bu konuda yardımlarınızı ve fikirlerinizi bekliyorum
Raporda domain ismini gizledim aramızda iyi niyetlilerin yanında kötü niyetlilerde olabilir o yüzden gizleme gereği hissettim
Raporda yazanların kısa bir özeti yada açıkların nasıl ne şekilde kapanacağı konusunda yardımda bulunursanız işyerindeki yerimi sağlamlaştırmış olacağım çünkü işe yeni girdim daha deneme sürecindeyim
Şimdiden Herkese Teşekkür ederim...
Alerts summary
Weak Password
Affects
Variations
/b2b/index.cfm
1
Login page password-guessing attack
Affects
Variations
/b2b/index.cfm
1
Possible sensitive directories
Affects
Variations
/b2b/backup
1
/b2b/editor
1
/b2b/email
1
/b2b/Root
1
/b2b/root
1
/b2b/scripts
1
/b2b/TEMP
1
/b2b/temp
1
/b2b/test
1
Session Cookie without HttpOnly flag set
Affects
Variations
/
4
Session Cookie without Secure flag set
Affects
Variations
/
4
Javascript eval() usage
Affects
Variations
/b2b/index.cfm (00c3d74e1fe796d31a2e9d3b7f93a812)
1
Acunetix Website Audit
63
Password type input with autocomplete enabled
Affects
Variations
/b2b/index.cfm (00c3d74e1fe796d31a2e9d3b7f93a812)
1
Possible username or password disclosure
Affects
Variations
/railo-context/form.cfm
1
Windows Terminal Services server running
Affects
Variations
Server
1
Alert details
Weak Password
Severity
High
Type
Informational
Reported by module
Scripting (Html_Authentication_Audit.script)
Description
Manual confirmation is required for this alert.
This page is using a weak password. Acunetix WVS was able to guess the credentials required to access this page. A weak password is short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name or common variations on these themes.
Impact
An attacker may access the contents of the password-protected page.
Recommendation
Enforce a strong password policy. Don't permit weak passwords or passwords based on dictionary words.
Affected items
/b2b/index.cfm
Details
Username: admin , Password: iloveyou
Request
POST /b2b/index.cfm HTTP/1.1
Content-Length: 41
Content-Type: application/x-www-form-urlencoded
Host: ---
nection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
bkod=&fkod=2010&kname=admin&pass=iloveyou
Response
HTTP/1.1 302 Found
Content-Length: 147
Content-Type: text/html; charset=UTF-8
Location: index.cfm?ba=home.welcome
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=124287ec-9524-4c35-99e8-02db847240c5; path=/
Set-Cookie: CFTOKEN=0; path=/
Date: Wed, 16 Feb 2011 14:28:45 GMT
Connection: close
Login page password-guessing attack
Severity
Low
Type
Validation
Reported by module
Scripting (Html_Authentication_Audit.script)
Description
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols
Acunetix Website Audit
65
until you discover the one correct combination that works.
This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web references for more information about fixing this problem.
Impact
An attacker may attempt to discover a weak password by systematically trying every possible combination of letters, numbers, and symbols until it discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
Affected items
/b2b/index.cfm
Details
The scanner tested 10 invalid credentials and no account lockout was detected.
Request
POST /b2b/index.cfm HTTP/1.1
Content-Length: 44
Content-Type: application/x-www-form-urlencoded
Host: ---
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
bkod=&fkod=2010&kname=vrfCMo1d&pass=pHm0WMiE
Response
HTTP/1.1 302 Found
Content-Length: 147
Content-Type: text/html; charset=UTF-8
Location: index.cfm?ba=home.welcome
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=1c047f9d-1eb6-4bfd-9919-6e06891ef139; path=/
Set-Cookie: CFTOKEN=0; path=/
Date: Wed, 16 Feb 2011 14:28:44 GMT
Connection: close
Possible sensitive directories
Severity
Low
Type
Validation
Reported by module
Scripting (Possible_Sensitive_Directories.script)
Description
A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of these directories could help an attacker to learn more about his target.
Impact
This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.
Recommendation
Restrict access to this directory or remove it from the website.
Affected items
Acunetix Website Audit
66
/b2b/backup
Details
No details are available.
Request
GET /b2b/backup HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---/b2b/backup/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:48 GMT
Content-Length: 167
/b2b/editor
Details
No details are available.
Request
GET /b2b/editor HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/editor/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:48 GMT
Content-Length: 167
/b2b/email
Details
No details are available.
Request
GET /b2b/email HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/email/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:46 GMT
Content-Length: 166
Acunetix Website Audit
67
/b2b/Root
Details
No details are available.
Request
GET /b2b/Root HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/Root/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:47 GMT
Content-Length: 165
/b2b/root
Details
No details are available.
Request
GET /b2b/root HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/root/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:47 GMT
Content-Length: 165
/b2b/scripts
Details
No details are available.
Request
GET /b2b/scripts HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/scripts/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:46 GMT
Content-Length: 168
Acunetix Website Audit
68
/b2b/TEMP
Details
No details are available.
Request
GET /b2b/TEMP HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/TEMP/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:47 GMT
Content-Length: 165
/b2b/temp
Details
No details are available.
Request
GET /b2b/temp HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/temp/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:48 GMT
Content-Length: 165
/b2b/test
Details
No details are available.
Request
GET /b2b/test HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Host: ---:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Location: http://---:80/b2b/test/
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:48 GMT
Content-Length: 165
Acunetix Website Audit
69
Session Cookie without HttpOnly flag set
Severity
Low
Type
Informational
Reported by module
Crawler
Description
This session cookie doesn't have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
/
Details
Cookie name: "CFTOKEN"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
/
Details
Cookie name: "CFID"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Acunetix Website Audit
70
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
/
Details
Cookie name: "CFTOKEN"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
/
Details
Cookie name: "CFID"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
Session Cookie without Secure flag set
Severity
Low
Type
Informational
Reported by module
Crawler
Acunetix Website Audit
71
Description
This session cookie doesn't have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL channels. This is an important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the Secure flag for this cookie.
Affected items
/
Details
Cookie name: "CFID"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
/
Details
Cookie name: "CFID"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
Acunetix Website Audit
72
/
Details
Cookie name: "CFTOKEN"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
/
Details
Cookie name: "CFTOKEN"
Cookie domain: "---"
Request
GET / HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Thu, 17 Jun 2010 11:28:04 GMT
Accept-Ranges: bytes
ETag: "bda9f02610ecb1:0"
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:26 GMT
Content-Length: 69
Javascript eval() usage
Severity
Informational
Type
Informational
Reported by module
Crawler
Description
The javascript code on this page uses the eval() function. This function evaluates a string and execute it as javascript code. If the input string is controlled by the user, this could lead to XSS (cross-site scripting) vulnerabilities.
Impact
Acunetix Website Audit
73
None
Recommendation
Audit the evaluated code, making sure it's not vulnerable to XSS vulnerabilities.
Affected items
/b2b/index.cfm (00c3d74e1fe796d31a2e9d3b7f93a812)
Details
eval(thisField).options[eval(thisField).options.length] = newOption; return true; } function selectAll(fieldName, setTo){ if(setTo){ // specified a set } else { setTo = 1 } var thisField = formObj(fieldName); var i = 0; for(i=0;i < thisField.options.length;i++){ if(setTo){ thisField.options.selected = true; } else { thisField.options.selected = false; } } } function selectDeleteOption(fieldName, optionNumber, deleteAll){ var thisField = formObj(fieldName); if(optionNumber){ optionNumber--; } else { optionNumber = 0;} if(deleteAll){ var deleteLen = thisField.options.length; for(var i = 0; i <= deleteLen; i++){ thisField.options[0] = null; } } else { thisField.options[optionNumber] = null; } return true; } function selectOption(fieldName, setTo, optionNumber){ var thisField = formObj(fieldName); if(optionNumber){ optionNumber-- } else { optionNumber = 0; } if(setTo){ ...
Request
GET /b2b/index.cfm?ba=home.welcome HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Referer: http://---/
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Length: 23218
Content-Type: text/html; charset=UTF-8
Expires: {ts '2011-02-16 14:28:29'}
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; path=/
Set-Cookie: CFTOKEN=0; path=/
Date: Wed, 16 Feb 2011 14:28:27 GMT
Connection: close
Password type input with autocomplete enabled
Severity
Informational
Type
Informational
Reported by module
Crawler
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
Impact
Possible sensitive information disclosure
Recommendation
The password autocomplete should be disabled in sensitive applications.
To disable autocomplete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
Acunetix Website Audit
74
/b2b/index.cfm (00c3d74e1fe796d31a2e9d3b7f93a812)
Details
Password type input named pass from form named frm with action /b2b/index.cfm has autocomplete enabled.
Request
GET /b2b/index.cfm?ba=home.welcome HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Referer: http://---/
Host: ---
Connection: Keep-alive
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Response
HTTP/1.1 200 OK
Content-Length: 23218
Content-Type: text/html; charset=UTF-8
Expires: {ts '2011-02-16 14:28:29'}
Server: Microsoft-IIS/7.0
Set-Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; path=/
Set-Cookie: CFTOKEN=0; path=/
Date: Wed, 16 Feb 2011 14:28:27 GMT
Connection: close
Possible username or password disclosure
Severity
Informational
Type
Informational
Reported by module
Scripting (Text_Search.script)
Description
A username and/or password was found in this file. This information could be sensitive.
This alert may be a false positive, manual confirmation is required.
Impact
Possible sensitive information disclosure.
Recommendation
Remove this file from your website or change its permissions to remove access.
Affected items
/railo-context/form.cfm
Details
Pattern found:
PASSWORD=3
Request
GET /railo-context/form.cfm HTTP/1.1
Pragma: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Referer: http://---/b2b/index.cfm
Cookie: CFID=115ff7c8-9ebd-436b-9965-d0e222c89566; CFTOKEN=0
Acunetix Website Audit
75
Host: ---
Connection: Keep-alive
Response
HTTP/1.1 200 OK
Content-Length: 13632
Content-Type: text/javascript
Server: Microsoft-IIS/7.0
Date: Wed, 16 Feb 2011 14:28:27 GMT
Connection: close
Windows Terminal Services server running
Severity
Informational
Type
Configuration
Reported by module
Scripting (windows_terminal_services.script)
Description
A Windows Terminal Services server is running on this host. Terminal Services is one of the components of Microsoft Windows (both server and client versions) that allows a user to access applications and data on a remote computer. Microsoft's RDP implementation of Terminal Services doesn't verify the server's identity when setting up the encryption keys for the RDP session. This vulnerability can result in a potential man-in-the-middle (MITM) attack.
Impact
Possible information disclosure.
Recommendation
It's recommended to restrict access to valid users and/or hosts.
Affected items
Server
Details
The Windows Terminal Services server is running on TCP port 3389.
_______________________________________________
Owasp-turkey mailing list
Owasp-turkey at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-turkey
_______________________________________________ Owasp-turkey mailing list Owasp-turkey at lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-turkey
-------------- sonraki bölüm --------------
Bir HTML eklentisi temizlendi...
URL: https://lists.owasp.org/pipermail/owasp-turkey/attachments/20110217/210563d5/attachment-0001.html
More information about the Owasp-turkey
mailing list