Report Developer - LOGON
Transcript of Report Developer - LOGON
DeveloperReport
Acunetix Security Audit
22 November 2018
Generated by Acunetix
Scan of testhtml5.vulnweb.com
Scan details
Scan information
Start time 20/11/2018, 12:03:57
Start url http://testhtml5.vulnweb.com/
Host testhtml5.vulnweb.com
Scan time 4 minutes, 26 seconds
Profile Full Scan
Server information nginx/1.4.1
Responsive True
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit thesevulnerabilities and compromise the backend database and/or deface your website.
Alerts distribution
Total alerts found 25
High 11
Medium 3
Low 8
Informational 3
Alerts summary
Cross site scripting
Classification
CVSS2
Base Score: 6.4Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: PartialAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 5.3Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: NoneIntegrity Impact: LowAvailability Impact: None
CWE CWE-79
Affected items Variation
/comment 2
/like 2
/report 2
DOM-based cross site scripting
Classification
CVSS2
Base Score: 4.3Access Vector: Network_accessibleAccess Complexity: MediumAuthentication: NoneConfidentiality Impact: NoneIntegrity Impact: PartialAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 5.3Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: NoneIntegrity Impact: LowAvailability Impact: None
CWE CWE-79
Affected items Variation
Web Server 2
nginx Integer Overflow
Classification
CVSS2
Base Score: 5.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: NoneAvailability Impact: NoneExploitability: Proof_of_conceptRemediation Level: Official_fixReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 7.5Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: HighIntegrity Impact: NoneAvailability Impact: None
CVE CVE-2017-7529
CWE CWE-190
Affected items Variation
Web Server 1
nginx SPDY heap buffer overflow
Classification
CVSS2
Base Score: 5.1Access Vector: Network_accessibleAccess Complexity: HighAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: PartialAvailability Impact: PartialExploitability: Proof_of_conceptRemediation Level: Official_fixReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVE CVE-2014-0133
CWE CWE-122
Affected items Variation
Web Server 1
XML external entity injection via external file
Classification
CVSS2
Base Score: 6.8Access Vector: Network_accessibleAccess Complexity: MediumAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: PartialAvailability Impact: PartialExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 10.0Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: ChangedConfidentiality Impact: HighIntegrity Impact: HighAvailability Impact: High
CWE CWE-611
Affected items Variation
/forgotpw 1
HTML form without CSRF protection
Classification
CVSS2
Base Score: 2.6Access Vector: Network_accessibleAccess Complexity: HighAuthentication: NoneConfidentiality Impact: NoneIntegrity Impact: PartialAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 4.3Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: RequiredScope: UnchangedConfidentiality Impact: NoneIntegrity Impact: LowAvailability Impact: None
CWE CWE-352
Affected items Variation
Web Server 1
User credentials are sent in clear text
Classification
Base Score: 5.0
CVSS2
Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: NoneAvailability Impact: NoneExploitability: HighRemediation Level: WorkaroundReport Confidence: ConfirmedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 9.1Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: HighIntegrity Impact: HighAvailability Impact: None
CWE CWE-310
Affected items Variation
Web Server 1
Vulnerable Javascript library
Classification
CVSS2
Base Score: 6.4Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: PartialAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 6.5Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: LowIntegrity Impact: LowAvailability Impact: None
CWE CWE-16
Affected items Variation
/static/app/libs/sessvars.js 1
Clickjacking: X-Frame-Options header missing
Classification
Base Score: 6.8Access Vector: Network_accessible
CVSS2
Access Complexity: MediumAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: PartialAvailability Impact: PartialExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CWE CWE-693
Affected items Variation
Web Server 1
Cookie(s) without HttpOnly flag set
Classification
CVSS2
Base Score: 0.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: NoneIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1
Cookie(s) without Secure flag set
Classification
CVSS2
Base Score: 0.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: NoneIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1
Insecure response with wildcard '*' in Access-Control-Allow-Origin
Classification
CVSS2
Base Score: 0.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: NoneIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1
Login page password-guessing attack
Classification
CVSS2
Base Score: 5.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 5.3Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: NoneIntegrity Impact: NoneAvailability Impact: Low
CWE CWE-307
Affected items Variation
/login 1
OPTIONS method is enabled
Classification
CVSS2
Base Score: 5.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_defined
Report Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 7.5Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: HighIntegrity Impact: NoneAvailability Impact: None
CWE CWE-200
Affected items Variation
Web Server 1
Possible sensitive directories
Classification
CVSS2
Base Score: 5.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 7.5Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: HighIntegrity Impact: NoneAvailability Impact: None
CWE CWE-200
Affected items Variation
Web Server 1
Possible virtual host found
Classification
CVSS2
Base Score: 5.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: PartialIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_defined
Availability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 7.5Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: NoneScope: UnchangedConfidentiality Impact: HighIntegrity Impact: NoneAvailability Impact: None
CWE CWE-200
Affected items Variation
Web Server 1
Content Security Policy (CSP) not implemented
Classification
CVSS2
Base Score: 0.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: NoneIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1
Password type input with auto-complete enabled
Classification
CVSS2
Base Score: 0.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: NoneIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CVSS3
Base Score: 7.5Attack Vector: NetworkAttack Complexity: LowPrivileges Required: NoneUser Interaction: None
Scope: UnchangedConfidentiality Impact: HighIntegrity Impact: NoneAvailability Impact: None
CWE CWE-200
Affected items Variation
Web Server 1
Subresource Integrity (SRI) not implemented
Classification
CVSS2
Base Score: 0.0Access Vector: Network_accessibleAccess Complexity: LowAuthentication: NoneConfidentiality Impact: NoneIntegrity Impact: NoneAvailability Impact: NoneExploitability: Not_definedRemediation Level: Not_definedReport Confidence: Not_definedAvailability Requirement: Not_definedCollateral Damage Potential: Not_definedConfidentiality Requirement: Not_definedIntegrity Requirement: Not_definedTarget Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1
Alerts details
Cross site scripting
Severity High
Reported by module /Scripts/PerFile/XSS_in_URI_File.script
Description
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into alegitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user inputwithin the output it generates.
Impact
Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and localstorage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can thenimpersonate that user.
Furthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user.Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.
Recommendation
Apply context-dependent encoding and/or validation to user input rendered on a page
References
Cross-site Scripting (XSS) Attack - Acunetix (https://www.acunetix.com/websitesecurity/cross-site-scripting/)Types of XSS - Acunetix (https://www.acunetix.com/websitesecurity/xss/)Cross-site Scripting - OWASP (http://www.owasp.org/index.php/Cross_Site_Scripting)XSS Filter Evasion Cheat Sheet (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet)Excess XSS, a comprehensive tutorial on cross-site scripting (https://excess-xss.com/)Cross site scripting (http://en.wikipedia.org/wiki/Cross-site_scripting )
Affected items
/comment
Details
URI was set to -->1<ScRiPt>uygm(9067)</ScRiPt><!-- The input is reflected inside a comment element.
Request headers
GET /comment?id=-->1<ScRiPt>uygm(9067)</ScRiPt><!-- HTTP/1.1Referer: http://testhtml5.vulnweb.com/Connection: keep-aliveCookie: username=eAuthorization: Basic YW5vbnltb3VzOmFub255bW91cw==Accept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21/comment
Details
URL encoded GET input id was set to 696a3680438a7af53a0a54d3d26469bf--><ScRiPt >rAT0(9134)</ScRiPt><!--
The input is reflected inside a comment element.
Request headers
GET /comment?id=696a3680438a7af53a0a54d3d26469bf--><ScRiPt%20>rAT0(9134)</ScRiPt><!--HTTP/1.1Referer: http://testhtml5.vulnweb.com/
Connection: keep-aliveCookie: username=eAuthorization: Basic YW5vbnltb3VzOmFub255bW91cw==Accept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21/like
Details
URI was set to -->1<ScRiPt>trOO(9866)</ScRiPt><!-- The input is reflected inside a comment element.
Request headers
GET /like?id=-->1<ScRiPt>trOO(9866)</ScRiPt><!-- HTTP/1.1Referer: http://testhtml5.vulnweb.com/Connection: keep-aliveCookie: username=eAuthorization: Basic YW5vbnltb3VzOmFub255bW91cw==Accept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21/like
Details
URL encoded GET input id was set to 696a3680438a7af53a0a54d3d26469bf--><ScRiPt >Yvy9(9942)</ScRiPt><!--
The input is reflected inside a comment element.
Request headers
GET /like?id=696a3680438a7af53a0a54d3d26469bf--><ScRiPt%20>Yvy9(9942)</ScRiPt><!-- HTTP/1.1Referer: http://testhtml5.vulnweb.com/Connection: keep-aliveCookie: username=eAuthorization: Basic YW5vbnltb3VzOmFub255bW91cw==Accept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21/report
Details
URI was set to -->1<ScRiPt>PjQK(9361)</ScRiPt><!-- The input is reflected inside a comment element.
Request headers
GET /report?id=-->1<ScRiPt>PjQK(9361)</ScRiPt><!-- HTTP/1.1Referer: http://testhtml5.vulnweb.com/Connection: keep-aliveCookie: username=eAuthorization: Basic YW5vbnltb3VzOmFub255bW91cw==Accept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21/report
Details
URL encoded GET input id was set to 696a3680438a7af53a0a54d3d26469bf--><ScRiPt >0Vli(9194)</ScRiPt><!--
The input is reflected inside a comment element.
Request headers
GET /report?id=696a3680438a7af53a0a54d3d26469bf--><ScRiPt%20>0Vli(9194)</ScRiPt><!--HTTP/1.1Referer: http://testhtml5.vulnweb.com/Connection: keep-aliveCookie: username=eAuthorization: Basic YW5vbnltb3VzOmFub255bW91cw==Accept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21
DOM-based cross site scripting
Severity High
Reported by module deepscan
Description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the formof Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in theuser context allowing the attacker to access any cookies or session tokens retained by the browser.
While a traditional cross-site scripting vulnerability occurs on the server-side code, document object model based cross-sitescripting is a type of vulnerability which affects the script code in the client's browser.
Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order togather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is alsopossible to modify the content of the page presented to the user.
Recommendation
Your script should filter metacharacters from user input.
References
Acunetix Cross Site Scripting Attack (http://www.acunetix.com/websitesecurity/cross-site-scripting.htm)VIDEO: How Cross-Site Scripting (XSS) Works (http://www.acunetix.com/blog/web-security-zone/video-how-cross-site-scripting-xss-works/)The Cross Site Scripting Faq (http://www.cgisecurity.com/xss-faq.html)OWASP Cross Site Scripting (http://www.owasp.org/index.php/Cross_Site_Scripting)XSS Filter Evasion Cheat Sheet (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet)Cross site scripting (http://en.wikipedia.org/wiki/Cross-site_scripting )OWASP PHP Top 5 (http://www.owasp.org/index.php/PHP_Top_5)How To: Prevent Cross-Site Scripting in ASP.NET (http://msdn.microsoft.com/en-us/library/ms998274.aspx)
Affected items
Web Server
Details
Source: Referrer HeaderReferrer: http://www.acunetix-referrer.com/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss")Execution Sink: set HTML code (innerHTML/outerHTML/...)HTML code set:
admin is coming from <b>http://www.acunetix-referrer.com/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss")</xsstag></b> and has visited this page <b>1</b> times. ...
Stack Trace:
http://code.jquery.com/jquery-1.9.1.min.js:4:27657access@http://code.jquery.com/jquery-1.9.1.min.js:3:6720html@http://code.jquery.com/jquery-1.9.1.min.js:4:27282global code@http://testhtml5.vulnweb.com/static/app/post.js:114:17
Request headers
Web Server
Details
Source: window.namewindow.name: javascript:domxssExecutionSink(2,"'\"><xsstag>()wildxss")Execution Sink: evaluate code (eval/setTimeout/setInterval/...)Evaluated code:
this.myObj=javascript:domxssExecutionSink(2,"'\"><xsstag>()wildxss") ...
Stack Trace:
toObject@http://testhtml5.vulnweb.com/static/app/libs/sessvars.js:105:17init@http://testhtml5.vulnweb.com/static/app/libs/sessvars.js:76:36http://testhtml5.vulnweb.com/static/app/libs/sessvars.js:202:13global code@http://testhtml5.vulnweb.com/static/app/libs/sessvars.js:204:2
Request headers
nginx Integer Overflow
Severity High
Reported by module /Scripts/PerServer/Version_Check.script
Description
A security issue was identified in nginx range filter. A specially crafted request might result in an integer overflow and incorrectprocessing of ranges, potentially resulting in sensitive information leak (CVE-2017-7529). When using nginx with standardmodules this allows an attacker to obtain a cache file header if a response was returned from cache. In some configurations acache file header may contain IP address of the backend server or other sensitive information. Besides, with 3rd party modules itis potentially possible that the issue may lead to a denial of service or a disclosure of a worker process memory.
Impact
Information Disclosure, Denial of Service
Recommendation
Upgrade nginx to the latest version or apply the patch provided by the vendor.
References
nginx security advisory (CVE-2017-7529) (http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html)nginx patch (http://nginx.org/download/patch.2017.ranges.txt)CVE-2017-7529 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529)
Affected items
Web Server
Details
Current version is : nginx/1.4..
Request headers
nginx SPDY heap buffer overflow
Severity High
Reported by module /Scripts/PerServer/Version_Check.script
Description
A heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remoteattackers to execute arbitrary code via a crafted request. The problem affects nginx compiled with the ngx_http_spdy_modulemodule (which is not compiled by default) and without --with-debug configure option, if the "spdy" option of the "listen" directive isused in a configuration file.
Impact
An attacker can cause a heap memory buffer overflow in a worker process by using a specially crafted request, potentiallyresulting in arbitrary code execution
Recommendation
Upgrade nginx to the latest version or apply the patch provided by the vendor.
References
nginx security advisory (CVE-2014-0133) (http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html)nginx patch (http://nginx.org/download/patch.2014.spdy2.txt)CVE-2014-0133 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133)
Affected items
Web Server
Details
Current version is : nginx/1.4.1.
Request headers
XML external entity injection via external file
Severity High
Reported by module /Scripts/PerScheme/XML_External_Entity_Injection.script
Description
XML supports a facility known as "external entities", which instruct an XML processor to retrieve and perform an inline include ofXML located at a particular URI. An external XML entity can be used to append or modify the document type declaration (DTD)associated with an XML document. An external XML entity can also be used to include XML within the content of an XMLdocument.
Now assume that the XML processor parses data originating from a source under attacker control. Most of the time the processorwill not be validating, but it MAY include the replacement text thus initiating an unexpected file open operation, or HTTP transfer, orwhatever system ids the XML processor knows how to access.
below is a sample XML document that will use this functionality to include the contents of a local file (/etc/passwd)
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE acunetix [
<!ENTITY acunetixent SYSTEM "file:///etc/passwd">
]>
<xxx>&acunetixent;</xxx>
Impact
Attacks can include disclosing local files, which may contain sensitive data such as passwords or private user data, using file:schemes or relative paths in the system identifier. Since the attack occurs relative to the application processing the XMLdocument, an attacker may use this trusted application to pivot to other internal systems, possibly disclosing other internal contentvia http(s) requests.
Recommendation
If possible it's recommended to disable parsing of XML external entities.
References
CWE-611: Information Exposure Through XML External Entity Reference (http://cwe.mitre.org/data/definitions/611.html)XXE (Xml eXternal Entity) attack (http://archive.cert.uni-stuttgart.de/bugtraq/2002/10/msg00421.html)XML External Entity (XXE) Processing (https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing)
Affected items
/forgotpw
Details
Custom POST input text/xml was set to <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE acunetix [ <!ENTITYacunetixent SYSTEM "http://hitfQH7MCQr1L.bxss.me/"> ]> <xxx>&acunetixent;</xxx>
An HTTP request was initiated for the domain hitfQH7MCQr1L.bxss.me which indicates that this script is vulnerable to XXEinjection.
HTTP request details:
IP address: 176.28.50.165User agent: Python-urllib/1.17
Request headers
POST /forgotpw HTTP/1.1Content-Type: text/xmlConnection: keep-aliveCookie: username=eAuthorization: Basic YW5vbnltb3VzOmFub255bW91cw==Accept: */*Accept-Encoding: gzip,deflateContent-Length: 156Host: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21<?xml version="1.0" encoding="utf-8"?><!DOCTYPE acunetix [<!ENTITY acunetixent SYSTEM "http://hitfQH7MCQr1L.bxss.me/">]><xxx>&acunetixent;</xxx>
HTML form without CSRF protection
Severity Medium
Reported by module /Crawler/12-Crawler_Form_NO_CSRF.js
Description
This alert requires manual confirmation
Cross-Site Request Forgery (CSRF, or XSRF) is a vulnerability wherein an attacker tricks a victim into making a request the victimdid not intend to make. Therefore, with CSRF, an attacker abuses the trust a web application has with a victim's browser.
Acunetix found an HTML form with no apparent anti-CSRF protection implemented. Consult the 'Attack details' section for moreinformation about the affected HTML form.
Impact
An attacker could use CSRF to trick a victim into accessing a website hosted by the attacker, or clicking a URL containingmalicious or unauthorized requests.
CSRF is a type of 'confused deputy' attack which leverages the authentication and authorization of the victim when the forgedrequest is being sent to the web server. Therefore, if a CSRF vulnerability could affect highly privileged users such asadministrators full application compromise may be possible.
Recommendation
Verify if this form requires anti-CSRF protection and implement CSRF countermeasures if necessary.
The recommended and the most widely used technique for preventing CSRF attacks is know as an anti-CSRF token, alsosometimes referred to as a synchronizer token. The characteristics of a well designed anti-CSRF system involve the followingattributes.
The anti-CSRF token should be unique for each user sessionThe session should automatically expire after a suitable amount of timeThe anti-CSRF token should be a cryptographically random value of significant lengthThe anti-CSRF token should be cryptographically secure, that is, generated by a strong Pseudo-Random Number Generator(PRNG) algorithmThe anti-CSRF token is added as a hidden field for forms, or within URLs (only necessary if GET requests cause statechanges, that is, GET requests are not idempotent)The server should reject the requested action if the anti-CSRF token fails validation
When a user submits a form or makes some other authenticated request that requires a Cookie, the anti-CSRF token should beincluded in the request. Then, the web application will then verify the existence and correctness of this token before processingthe request. If the token is missing or incorrect, the request can be rejected.
References
What is Cross Site Reference Forgery (CSRF)? (https://www.acunetix.com/websitesecurity/csrf-attacks/)Cross-Site Request Forgery (CSRF) Prevention Cheatsheet (https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet)The Cross-Site Request Forgery (CSRF/XSRF) FAQ (http://www.cgisecurity.com/csrf-faq.html)Cross-site Request Forgery (https://en.wikipedia.org/wiki/Cross-site_request_forgery)
Affected items
Web Server
Details
Request headers
GET / HTTP/1.1Cookie: username=adminAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
User credentials are sent in clear text
Severity Medium
Reported by module /Crawler/12-Crawler_User_Credentials_Plain_Text.js
Description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encryptedchannel (HTTPS) to avoid being intercepted by malicious users.
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
Recommendation
Because user credentials are considered sensitive information, should always be transferred to the server over an encryptedconnection (HTTPS).
Affected items
Web Server
Details
Request headers
GET / HTTP/1.1Cookie: username=adminAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21Connection: Keep-alive
Vulnerable Javascript library
Severity Medium
Reported by module /Scripts/PerFile/Javascript_Libraries_Audit.script
Description
You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library.Consult Attack details and Web References for more information about the affected library and the vulnerabilities that werereported.
Impact
Consult References for more information.
Recommendation
Upgrade to the latest version.
Affected items
/static/app/libs/sessvars.js
Details
Detected Javascript library sessvars version 1.00.
The version was detected from file content.
References:
http://www.thomasfrank.se/sessionvars.html
Request headers
GET /static/app/libs/sessvars.js HTTP/1.1Cookie: username=adminAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21Connection: Keep-alive
Clickjacking: X-Frame-Options header missing
Severity Low
Reported by module /Scripts/PerServer/Clickjacking_X_Frame_Options.script
Description
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user intoclicking on something different from what the user perceives they are clicking on, thus potentially revealing confidentialinformation or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. TheX-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a pageinside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into othersites.
Impact
The impact depends on the affected web application.
Recommendation
Configure your web server to include an X-Frame-Options header. Consult Web references for more information about thepossible values for this header.
References
The X-Frame-Options response header (https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options)Clickjacking (http://en.wikipedia.org/wiki/Clickjacking)OWASP Clickjacking (https://www.owasp.org/index.php/Clickjacking)Defending with Content Security Policy frame-ancestors directive(https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet#Defending_with_Content_Security_Policy_frame-ancestors_directive)Frame Buster Buster (http://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed)
Affected items
Web Server
Details
Request headers
GET / HTTP/1.1Connection: keep-aliveCookie: username=adminAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21
Cookie(s) without HttpOnly flag set
Severity Low
Reported by module /RPA/Cookie_Without_HttpOnly.js
Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that thecookie can only be accessed by the server and not by client-side scripts. This is an important security protection for sessioncookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
Web Server
Details
[object Object]
Request headers
POST /login HTTP/1.1Content-Type: application/x-www-form-urlencodedCookie: username=adminAccept: */*Accept-Encoding: gzip,deflateContent-Length: 29Host: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21Connection: Keep-alivepassword=admin&username=admin
Cookie(s) without Secure flag set
Severity Low
Reported by module /RPA/Cookie_Without_Secure.js
Description
This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookiecan only be accessed over secure SSL channels. This is an important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the Secure flag for this cookie.
Affected items
Web Server
Details
[object Object]
Request headers
POST /login HTTP/1.1Content-Type: application/x-www-form-urlencodedCookie: username=adminAccept: */*Accept-Encoding: gzip,deflateContent-Length: 29Host: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21Connection: Keep-alivepassword=admin&username=admin
Insecure response with wildcard '*' in Access-Control-Allow-Origin
Severity Low
Reported by module /Scripts/PerFolder/Access_Control_Allow_Origin_Dir.script
Description
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to berequested from another domain outside the domain from which the resource originated. The Access-Control-Allow-Origin headerindicates whether a resource can be shared based by returning the value of the Origin request header, "*", or "null" in theresponse.
If a website responds with Access-Control-Allow-Origin: * the requested resource allows sharing with every origin. Therefore, anywebsite can make XHR (XMLHTTPRequest) requests to your site and access the responses. It's not recommended to use theAccess-Control-Allow-Origin: * header.
Impact
Any website can make XHR requests to your site and access the responses.
Recommendation
Is recommended not to use Access-Control-Allow-Origin: *. Instead the Access-Control-Allow-Origin header should contain the listof origins that can make COR requests.
References
Test Cross Origin Resource Sharing (OTG-CLIENT-007)(https://www.owasp.org/index.php/Test_Cross_Origin_Resource_Sharing_(OTG-CLIENT-007))Cross-origin resource sharing (https://en.wikipedia.org/wiki/Cross-origin_resource_sharing)Cross-Origin Resource Sharing (http://www.w3.org/TR/cors/)CrossOriginRequestSecurity (https://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity)
Affected items
Web Server
Details
Request headers
GET / HTTP/1.1Cookie: username=adminAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21
Connection: Keep-alive
Login page password-guessing attack
Severity Low
Reported by module /Scripts/PerScheme/Html_Authentication_Audit.script
Description
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is anattempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until youdiscover the one correct combination that works.
This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended toimplement some type of account lockout after a defined number of incorrect password attempts. Consult Web references for moreinformation about fixing this problem.
Impact
An attacker may attempt to discover a weak password by systematically trying every possible combination of letters, numbers, andsymbols until it discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
References
Blocking Brute Force Attacks (http://www.owasp.org/index.php/Blocking_Brute_Force_Attacks)
Affected items
/login
Details
The scanner tested 10 invalid credentials and no account lockout was detected.
Request headers
POST /login HTTP/1.1Content-Type: application/x-www-form-urlencodedReferer: http://testhtml5.vulnweb.com/Connection: keep-aliveAccept: */*Accept-Encoding: gzip,deflateContent-Length: 35Host: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21password=xWzJdcPx&username=PqKtYLUH
OPTIONS method is enabled
Severity Low
Reported by module /Scripts/PerServer/Options_Server_Method.script
Description
HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported bythe web server, it represents a request for information about the communication options available on the request/response chainidentified by the Request-URI.
Impact
The OPTIONS method may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Recommendation
It's recommended to disable OPTIONS Method on the web server.
References
Testing for HTTP Methods and XST (OWASP-CM-008)(https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_(OWASP-CM-008))
Affected items
Web Server
Details
Methods allowed: HEAD, OPTIONS, GET.
Request headers
OPTIONS / HTTP/1.1Connection: keep-aliveAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21
Possible sensitive directories
Severity Low
Reported by module /Scripts/PerFolder/Possible_Sensitive_Directories.script
Description
A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for commonsensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of thesedirectories could help an attacker to learn more about his target.
Impact
This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.
Recommendation
Restrict access to this directory or remove it from the website.
References
Web Server Security and Database Server Security (http://www.acunetix.com/websitesecurity/webserver-security/)
Affected items
Web Server
Details
Request headers
GET /static/app/services HTTP/1.1Accept: acunetix/wvsRange: bytes=0-99999Connection: keep-aliveCookie: username="WEB-INF\\web.xml"Authorization: Basic YW5vbnltb3VzOmFub255bW91cw==Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21
Possible virtual host found
Severity Low
Reported by module /Scripts/PerServer/VirtualHost_Audit.script
Description
Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server (or pool ofservers). This allows one server to share its resources, such as memory and processor cycles, without requiring all servicesprovided to use the same host name.
This web server is responding differently when the Host header is manipulated and various common virtual hosts are tested. Thiscould indicate there is a Virtual Host present.
Impact
Possible sensitive information disclosure.
Recommendation
Consult the virtual host configuration and check if this virtual host should be publicly accessible.
References
Virtual hosting (http://en.wikipedia.org/wiki/Virtual_hosting)
Affected items
Web Server
Details
Virtual host: localhostResponse:
<!DOCTYPE html><html><head><title>Welcome to nginx!</title><style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; }</style></head><body><h1>Welcome to nginx!</h1><p>If you see this page, the nginx web server is successfully installed andworking. Further configuration is required.</p>
<p>For online documentation and support please refer to<a href="http://nginx.org/">nginx.org</a>.<br/>Commercial support is available at<a href
Virtual host: servicesResponse:
Request headers
Content Security Policy (CSP) not implemented
Severity Informational
Reported by module /httpdata/CSP_not_implemented.js
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, includingCross Site Scripting (XSS) and data injection attacks.
Content Security Policy (CSP) can be implemented by adding a Content-Security-Policy header. The value of this header is astring containing the policy directives describing your Content Security Policy. To implement CSP, you should define lists ofallowed origins for the all of the types of resources that your site utilizes. For example, if you have a simple site that needs to loadscripts, stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP header could look likethe following:
Content-Security-Policy:
default-src 'self';
script-src 'self' https://code.jquery.com;
It was detected that your web application doesn't implement Content Security Policy (CSP) as the CSP header is missing from theresponse. It's recommended to implement Content Security Policy (CSP) into your web application.
Impact
CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as cross-site scripting/XSS attacks,attacks that require embedding a malicious resource, attacks that involve malicious use of iframes, such as clickjacking attacks,and others.
Recommendation
It's recommended to implement Content Security Policy (CSP) into your web application. Configuring Content Security Policyinvolves adding the Content-Security-Policy HTTP header to a web page and giving it values to control resources the user agentis allowed to load for that page.
References
Content Security Policy (CSP) (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)Implementing Content Security Policy (https://hacks.mozilla.org/2016/02/implementing-content-security-policy/)
Affected items
Web Server
Details
Request headers
GET / HTTP/1.1Cookie: username=adminAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21Connection: Keep-alive
Password type input with auto-complete enabled
Severity Informational
Reported by module /Crawler/12-Crawler_Password_Input_Autocomplete.js
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should besaved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name isentered. An attacker with local access could obtain the cleartext password from the browser cache.
Impact
Possible sensitive information disclosure.
Recommendation
The password auto-complete should be disabled in sensitive applications. To disable auto-complete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
Web Server
Details
Request headers
GET / HTTP/1.1Cookie: username=adminAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21Connection: Keep-alive
Subresource Integrity (SRI) not implemented
Severity Informational
Reported by module /RPA/SRI_Not_Implemented.js
Description
Subresource Integrity (SRI) is a security feature that enables browsers to verify that third-party resources they fetch (for example,from a CDN) are delivered without unexpected manipulation. It works by allowing developers to provide a cryptographic hash thata fetched file must match.
Third-party resources (such as scripts and stylesheets) can be manipulated. An attacker that has access or has hacked thehosting CDN can manipulate or replace the files. SRI allows developers to specify a base64-encoded cryptographic hash of theresource to be loaded. The integrity attribute containing the hash is then added to the <script> HTML element tag. The integritystring consists of a base64-encoded hash, followed by a prefix that depends on the hash algorithm. This prefix can either besha265, sha384 or sha512.
The script loaded from the external URL specified in the Details section doesn't implement Subresource Integrity (SRI). It'srecommended to implement Subresource Integrity (SRI) for all the scripts loaded from external hosts.
Impact
An attacker that has access or has hacked the hosting CDN can manipulate or replace the files.
Recommendation
Use the SRI Hash Generator link (from the References section) to generate a <script> element that implements SubresourceIntegrity (SRI).
For example, you can use the following <script> element to tell a browser that before executing the https://example.com/example-framework.js script, the browser must first compare the script to the expected hash, and verify that there's a match.
<script src="https://example.com/example-framework.js"
integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
crossorigin="anonymous"></script>
References
Subresource Integrity (https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity)SRI Hash Generator (https://www.srihash.org/)
Affected items
Web Server
Details
Request headers
GET / HTTP/1.1Cookie: username=adminAccept: */*Accept-Encoding: gzip,deflateHost: testhtml5.vulnweb.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)Chrome/41.0.2228.0 Safari/537.21Connection: Keep-alive
Scanned items (coverage report)
http://testhtml5.vulnweb.com/http://testhtml5.vulnweb.com/ajax/http://testhtml5.vulnweb.com/ajax/archivehttp://testhtml5.vulnweb.com/ajax/latesthttp://testhtml5.vulnweb.com/ajax/popularhttp://testhtml5.vulnweb.com/commenthttp://testhtml5.vulnweb.com/contacthttp://testhtml5.vulnweb.com/forgotpwhttp://testhtml5.vulnweb.com/likehttp://testhtml5.vulnweb.com/loginhttp://testhtml5.vulnweb.com/logouthttp://testhtml5.vulnweb.com/reporthttp://testhtml5.vulnweb.com/static/http://testhtml5.vulnweb.com/static/app/http://testhtml5.vulnweb.com/static/app/app.jshttp://testhtml5.vulnweb.com/static/app/controllers/http://testhtml5.vulnweb.com/static/app/controllers/controllers.jshttp://testhtml5.vulnweb.com/static/app/libs/http://testhtml5.vulnweb.com/static/app/libs/sessvars.jshttp://testhtml5.vulnweb.com/static/app/partials/http://testhtml5.vulnweb.com/static/app/partials/about.htmlhttp://testhtml5.vulnweb.com/static/app/partials/archive.htmlhttp://testhtml5.vulnweb.com/static/app/partials/carousel.htmlhttp://testhtml5.vulnweb.com/static/app/partials/contact.htmlhttp://testhtml5.vulnweb.com/static/app/partials/itemsList.htmlhttp://testhtml5.vulnweb.com/static/app/partials/latest.htmlhttp://testhtml5.vulnweb.com/static/app/partials/popular.htmlhttp://testhtml5.vulnweb.com/static/app/partials/redir.htmlhttp://testhtml5.vulnweb.com/static/app/post.jshttp://testhtml5.vulnweb.com/static/app/services/http://testhtml5.vulnweb.com/static/app/services/itemsService.jshttp://testhtml5.vulnweb.com/static/css/http://testhtml5.vulnweb.com/static/css/style.csshttp://testhtml5.vulnweb.com/static/img/