Scan Report
Scan Report
Scan Report
6
REPORT DATE 17-01-2020 10:09:29 Average
SCAN DURATION 00:05:23 Speed
3.47 req/sec.
Confirmed
NETSPARKER VERSION 4.8.0.13139-master-20c2f1d
SCAN SETTINGS 0
Critical
ENABLED ENGINES SQL Injection, SQL Injection (Boolean), SQL Injection (Blind), Cross-site Scripting,
13
Authentication
Command Injection, Command Injection (Blind), Local File Inclusion, Remote File
Scheduled
Inclusion, Code Evaluation, HTTP Header Injection, Open Redirection, Expression
Language Injection, Web App Fingerprint, RoR Code Execution, WebDAV, Reflected File Informational
Download, Insecure Reflected Content, XML External Entity, File Upload, Windows Short
Filename, Server-Side Request Forgery (pattern based), Server-Side Request Forgery
(DNS), SQL Injection (Out of Band), XML External Entity (Out of Band), Cross-site
Scripting (Blind), Remote File Inclusion (Out of Band), Code Evaluation (Out of Band)
URL REWRITE MODE Heuristic
DETECTED URL None
REWRITE RULES
VULNERABILITIES IMPORTANT
4%
MEDIUM
12%
LOW
35%
INFORMATION
50%
1 / 29
VULNERABILITY SUMMARY
URL Parameter Method Vulnerability Confirmed
TRACE TRACE/TRACK No
Method Detected
GET WordPress No
Detected
2 / 29
1. Out-of-date Version (Apache) 1 TOTAL
IMPORTANT
Netsparker identified you are using an out-of-date version of Apache.
Impact
Since this is an old version of the software, it may be vulnerable to attacks.
Remedy
Please upgrade your installation of Apache to the latest stable version.
Remedy References
Downloading the Apache HTTP Server
External References
CVE-2010-1452
External References
CVE-2010-1623
External References
CVE-2011-0419
Exploit
http://www.securityfocus.com/data/vulnerabilities/exploits/47820.txt
External References
CVE-2011-3192
Exploit
http://www.securityfocus.com//data/vulnerabilities/exploits/49303.c
http://www.securityfocus.com/data/vulnerabilities/exploits/49303-2.c
External References
CVE-2011-3368
Exploit
http://www.securityfocus.com//data/vulnerabilities/exploits/49957.py
External References
CVE-2012-0031
External References
CVE-2011-4317
3 / 29
Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error
state" in the backend server) via a malformed HTTP request.
External References
CVE-2011-3348
External References
CVE-2012-4557
External References
CVE-2012-4558
External References
CVE-2013-1862
External References
CVE-2013-1896
External References
CVE-2013-6438
External References
CVE-2014-0098
Classification
OWASP 2013-A9 PCI V3.1-6.2 PCI V3.2-6.2 CAPEC-310
1.1. http://103.7.64.84/
http://103.7.64.84/
Identified Version
2.2.15 (contains 4 important and 10 other vulnerabilities)
Latest Version
2.2.31
Vulnerability Database
Result is based on 30-12-2016 vulnerability database content.
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
4 / 29
Response
HTTP/1.1 302 Found
Server: Apache/2.2.15 (CentOS)
5 / 29
2. Weak Ciphers Enabled 1 TOTAL
MEDIUM
Netsparker detected that weak ciphers are enabled during secure communication (SSL).
CONFIRMED
You should allow only strong ciphers on your web server to protect secure communication with your visitors.
Impact
1
Attackers might decrypt SSL traffic between your server and your visitors.
Actions to Take
1. For Apache, you should modify the SSLCipherSuite directive in the httpd.conf.
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
2. For Microsoft IIS, you should make some changes to the system registry.
Click Start, click Run, type regedt32 or type regedit, and then click OK.
SCHANNEL\Ciphers\DES 56/56
SCHANNEL\Ciphers\RC4 64/128
SCHANNEL\Ciphers\RC4 40/128
SCHANNEL\Ciphers\RC2 56/128
SCHANNEL\Ciphers\RC2 40/128
SCHANNEL\Ciphers\NULL
SCHANNEL\Hashes\MD
Remedy
Configure your web server to disallow using weak ciphers.
External References
OWASP - Insecure Configuration Management
OWASP - Insufficient Transport Layer Protection
OWASP - Insecure Configuration Management
OWASP - Insufficient Transport Layer Protection
Classification
OWASP 2013-A6 PCI V3.1-6.5.4 PCI V3.2-6.5.4 CWE-327 CAPEC-217 WASC-4
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Base: 6.8 (Medium)
Temporal: 6.8 (Medium)
Environmental: 6.8 (Medium)
Request
[NETSPARKER] SSL Connection
Response
[NETSPARKER] SSL Connection
6 / 29
3. Invalid SSL Certificate 1 TOTAL
MEDIUM
Netsparker identified an invalid SSL certificate.
CONFIRMED
An SSL certificate can be created and signed by anyone. You should have a valid SSL certificate to make your visitors sure about the secure communication between your website and
them. If you have an invalid certificate, your visitors will have trouble distinguishing between your certificate and those of attackers.
1
Impact
Attackers can perform man-in-the-middle attacks and observe the encryption traffic between your website and its visitors.
Remedy
Fix the problem with your SSL certificate to provide secure communication between your website and its visitors.
External References
OWASP - Insecure Configuration Management
OWASP - Insufficient Transport Layer Protection
OWASP - Insecure Configuration Management
OWASP - Insufficient Transport Layer Protection
Classification
OWASP 2013-A6 PCI V3.1-6.5.4 PCI V3.2-6.5.4 CWE-295 CAPEC-459 WASC-4
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Base: 6.8 (Medium)
Temporal: 6.8 (Medium)
Environmental: 6.8 (Medium)
List of Problems
The Name on the security certificate does not match the name of the site - CN=*.netdatavault.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated
Request
[NETSPARKER] SSL Connection
Response
[NETSPARKER] SSL Connection
7 / 29
4. Insecure Transportation Security Protocol Supported (SSLv3) 1 TOTAL
MEDIUM
Netsparker detected that insecure transportation security protocol (SSLv3) is supported by your web server.
CONFIRMED
SSLv3 has several flaws. An attacker can cause connection failures and they can trigger the use of SSL 3.0 to exploit vulnerabilities like POODLE.
Impact
1
Attackers can perform man-in-the-middle attacks and observe the encryption traffic between your website and its visitors.
Remedy
Configure your web server to disallow using weak ciphers. You need to restart the web server to enable changes.
For Apache, adjust the SSLProtocol directive provided by the mod_ssl module. This directive can be set either at the server level or in a virtual host configuration.
For Nginx, locate any use of the directive ssl_protocols in the nginx.conf file and remove SSLv3.
For Microsoft IIS, you should make some changes on the system registry.
1. Click on Start and then Run, type regedt32 or regedit, and then click OK.
2. In Registry Editor, locate the following registry key or create if it does not exist:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
External References
How to disable SSlv3
OWASP - Insecure Configuration Management
OWASP - Insufficient Transport Layer Protection
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
This POODLE Bites: Exploiting The SSL 3.0 Fallback
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012
OWASP - Insecure Configuration Management
OWASP - Insufficient Transport Layer Protection
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
Classification
OWASP 2013-A6 PCI V3.1-6.5.4 PCI V3.2-6.5.4 CWE-327 CAPEC-217 WASC-4
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Base: 6.8 (Medium)
Temporal: 6.1 (Medium)
Environmental: 6.1 (Medium)
Request
[NETSPARKER] SSL Connection
Response
[NETSPARKER] SSL Connection
8 / 29
5. Version Disclosure (Apache) 1 TOTAL
LOW
Netsparker identified a version disclosure (Apache) in the target web server's HTTP response.
This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.
Impact
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Remedy
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
Remedy References
Apache ServerTokens Directive
Classification
CWE-205 CAPEC-170 WASC-45 HIPAA-164.306(A), 164.308(A)
5.1. http://103.7.64.84/
http://103.7.64.84/
Extracted Version
2.2.15
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 302 Found
Server: Apache/2.2.15 (CentOS)
9 / 29
6. Version Disclosure (PHP) 1 TOTAL
LOW
Netsparker identified a version disclosure (PHP) in target web server's HTTP response.
This information can help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.
Impact
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Remedy
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
Classification
CWE-205 CAPEC-170 WASC-45 HIPAA-164.306(A), 164.308(A)
6.1. https://103.7.64.84/
https://103.7.64.84/
Extracted Version
5.6.40
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: http://103.7.64.84/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 301 Moved Permanently
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.40
Vary: Accept-Encoding,User-Agent
Expires: Sun, 19 Jan 2020 04:32:08 GMT
Content-Length: 20
Content-Type: text/html; charset=UTF-8
Content-Encoding:
Location: https://www.netdatavault.com/
Date: Fri, 17 Jan 2020 04:32:08 GMT
Cache-Control: max-age=172800
10 / 29
7. TRACE/TRACK Method Detected 5 TOTAL
LOW
Netsparker detected the TRACE/TRACK method is allowed.
Impact
It is possible to bypass the HttpOnly cookie limitation and read the cookies in a cross-site scripting attack by using the TRACE/TRACK method within an XmlHttpRequest. This is not possible with modern
browsers, so the vulnerability can only be used when targeting users with unpatched and old browsers.
Remedy
Disable this method in all production systems. Even though the application is not vulnerable to cross-site scripting, a debugging feature such as TRACE/TRACK should not be required in a production system
and therefore should be disabled.
External References
Cross Site Tracing
US-CERT VU#867593
Classification
OWASP 2013-A5 CWE-16 CAPEC-107 WASC-14
7.1. http://103.7.64.84/
http://103.7.64.84/
Certainty
Request
TRACE / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N7242288S
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Content-Length: 0
Response
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Content-Type: message/http
Transfer-Encoding: chunked
Date: Fri, 17 Jan 2020 04:31:59 GMT
TRACE / HTTP/1.1
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N7242288S
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: 103.7.64.84
Content-Length: 0
Accept-Encoding: gzip, deflate
7.2. https://103.7.64.84/robots.txt
https://103.7.64.84/robots.txt
Certainty
Request
TRACE /robots.txt HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: https://103.7.64.84/robots.txt
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N2396935S
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Content-Length: 0
Response
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Content-Type: message/http
Transfer-Encoding: chunked
Date: Fri, 17 Jan 2020 04:32:21 GMT
Referer: https://103.7.64.84/robots.txt
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N2396935S
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: 103.7.64.84
Content-Length: 0
Accept-Encoding: gzip, deflate
7.3. https://103.7.64.84/sitemap.xml
https://103.7.64.84/sitemap.xml
Certainty
Request
TRACE /sitemap.xml HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: https://103.7.64.84/sitemap.xml
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N5712244S
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Content-Length: 0
11 / 29
Response
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Content-Type: message/http
Transfer-Encoding: chunked
Date: Fri, 17 Jan 2020 04:32:13 GMT
Referer: https://103.7.64.84/sitemap.xml
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N5712244S
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: 103.7.64.84
Content-Length: 0
Accept-Encoding: gzip, deflate
7.4. https://103.7.64.84/wp-admin/
https://103.7.64.84/wp-admin/
Certainty
Request
TRACE /wp-admin/ HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: https://103.7.64.84/robots.txt
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N87970S
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Content-Length: 0
Response
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Content-Type: message/http
Transfer-Encoding: chunked
Date: Fri, 17 Jan 2020 04:32:21 GMT
Referer: https://103.7.64.84/robots.txt
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N87970S
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: 103.7.64.84
Content-Length: 0
Accept-Encoding: gzip, deflate
7.5. https://103.7.64.84/wp-admin/admin-ajax.php
https://103.7.64.84/wp-admin/admin-ajax.php
Certainty
Request
TRACE /wp-admin/admin-ajax.php HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: https://103.7.64.84/robots.txt
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N13342390S
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Content-Length: 0
Response
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Content-Type: message/http
Transfer-Encoding: chunked
Date: Fri, 17 Jan 2020 04:32:17 GMT
Referer: https://103.7.64.84/robots.txt
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
X-NS: N13342390S
Cache-Control: no-cache
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Host: 103.7.64.84
Content-Length: 0
Accept-Encoding: gzip, deflate
12 / 29
8. Insecure Transportation Security Protocol Supported (TLS 1.0) 1 TOTAL
LOW
Netsparker detected that insecure transportation security protocol (TLS 1.0) is supported by your web server.
CONFIRMED
TLS 1.0 has several flaws. An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST (Browser Exploit Against SSL/TLS).
Websites using TLS 1.0 will be considered non-compliant by PCI after 30 June 2018. 1
Impact
Attackers can perform man-in-the-middle attacks and observe the encryption traffic between your website and its visitors.
Remedy
Configure your web server to disallow using weak ciphers. You need to restart the web server to enable changes.
For Apache, adjust the SSLProtocol directive provided by the mod_ssl module. This directive can be set either at the server level or in a virtual host configuration.
For Nginx, locate any use of the directive ssl_protocols in the nginx.conf file and remove TLSv1.
For Microsoft IIS, you should make some changes on the system registry.
1. Click on Start and then Run, type regedt32 or regedit, and then click OK.
2. In Registry Editor, locate the following registry key or create if it does not exist:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\
External References
How to disable TLS v1.0
OWASP - Insecure Configuration Management
OWASP - Insufficient Transport Layer Protection
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012
Date Change for Migrating from SSL and Early TLS
Browser Exploit Against SSL/TLS Attack (BEAST)
Classification
OWASP 2013-A6 PCI V3.1-6.5.4 PCI V3.2-6.5.4 CWE-327 CAPEC-217 WASC-4
Request
[NETSPARKER] SSL Connection
Response
[NETSPARKER] SSL Connection
13 / 29
9. [Possible] Phishing by Navigating Browser Tabs 1 TOTAL
LOW
Opened windows through normal hrefs with target="_blank" can modify window.opener.location and replace the parent webpage with something else, even on a different origin.
While this doesn't allow script execution, it does allow phishing attacks that silently replace the parent tab.
Impact
If the links lack of rel="noopener noreferrer" attribute, third party site can change the URL of source tab using window.opener.location.assign and trick the user as if he is still in a trusted page and lead him
to enter his secret information or credentials to this malicious copy.
Remedy
To prevent pages from abusing window.opener, use rel=noopener. This ensures window.opener is null in Chrome 49 and Opera 36.
For older browsers and in Firefox, you could use rel=noreferrer which also disables the Referer HTTP header.
External References
Target="_blank" - the most underestimated vulnerability ever
Blankshield & reverse tabnabbing attacks
Classification
OWASP 2013-A5
9.1. https://103.7.64.84/?%2527%2522--
%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252fqo8ljpmoa
bg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme%2522%253e%253c
%252fscRipt%253e
https://103.7.64.84/?%2527%2522--%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%2...
Parameters
Parameter Type Value
%2527%2522-- GET
%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cs
cRipt%2520src%253d%2522%252f%252fqo8ljpmoabg5toyruuj5x
u77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%
252346%253bme%2522%253e%253c%252fscRipt%253e
External Links
https://twitter.com/NDVCloudFactory
https://www.facebook.com/NetDataVaultIDCandCloudServices
https://www.linkedin.com/company/netdatavault-data-center-and-cloud-services?trk=company_logo
Certainty
Request
GET /?%2527%2522--%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252fqo8ljpmoabg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme%2522%253e%253c%252fscRipt%253e HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: http://103.7.64.84/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
…
at best fits your application.</p>
<h4><strong>Call +91 129-2250400</strong></h4></div>
</aside><aside id="sociable_widget-3" class="widget clearfix socials-wg"><ul class="atpsocials"><li><a href="https://twitter.com/NDVCloudFactory" target="_blank"><i class="fa fa-twitter fa-lg" title="Twitter"></i> </a></li><li><a
href="https://www.facebook.com/NetDataVaultIDCandCloudServices" target="_blank"><i class="fa fa-facebook fa-lg" title="Facebook"></i> </a></li><li><a href="https://www.linkedin.com/company/netdatavault-data-center-and-cloud-services?
trk=company_logo" target="_blank"><i class="fa fa-linkedin fa-lg" title="LinkedIn"></i> </a></li></ul></aside> </div></div>
<div class="clear"></div>
14 / 29
10. Email Address Disclosure 1 TOTAL
INFORMATION
Netsparker identified an email address disclosure.
Impact
Email addresses discovered within the application can be used by both spam email engines and also brute-force tools. Furthermore, valid email addresses may lead to social engineering attacks.
Remedy
Use generic email addresses such as contact@ or info@ for general communications and remove user/people-specific email addresses from the website; should this be required, use submission forms for this
purpose.
External References
Wikipedia - Email Spam
Classification
CWE-200 CAPEC-118 WASC-13 OWASP-PC-C7
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base: 5.3 (Medium)
Temporal: 5.3 (Medium)
Environmental: 5.3 (Medium)
10.1. https://103.7.64.84/c:/boot.ini
https://103.7.64.84/c:/boot.ini
Certainty
Request
GET /c:/boot.ini HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: http://103.7.64.84/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
…
ne"><span class="icon"><i class="icon-phone"></i></span><span class="details">+91-129-2250400</span></p><p><span class="icon"><i class="icon-envelope"></i></span><span class="details"><a
href="mailto:[email protected]">[email protected]</a></span></p><p><span class="icon"><i class="icon-link"></i></span><span class="details"><a href="http://www.netdatavault.com">http://www.netdatavault.com</a></span></p></div></aside>
</div><div
…
15 / 29
11. Sitemap Detected 1 TOTAL
INFORMATION
Netsparker detected a sitemap file on the target website.
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
Classification
OWASP-PC-C7
11.1. https://103.7.64.84/sitemap.xml
https://103.7.64.84/sitemap.xml
Certainty
Request
GET /sitemap.xml HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
…
iso-8859-1
Content-Encoding:
Location: https://103.7.64.84/sitemap.xml
Date: Fri, 17 Jan 2020 04:32:12 GMT
Cache-Control: max-age=172800
16 / 29
12. Robots.txt Detected 1 TOTAL
INFORMATION
Netsparker detected a Robots.txt file with potentially sensitive content.
CONFIRMED
Impact
Depending on the content of the file, an attacker might discover hidden directories and files.
1
Remedy
Ensure you have nothing sensitive exposed within this file, such as the path of an administration panel. If disallowed paths are sensitive and you want to keep it from unauthorized access, do not write them
in the Robots.txt, and ensure they are correctly protected by means of authentication.
Robots.txt is only used to instruct search robots which resources should be indexed and which ones are not.
The following block can be used to tell the crawler to index files under /web/ and ignore the rest:
User-Agent: *
Allow: /web/
Disallow: /
Please note that when you use the instructions above, search engines will not index your website except for the specified directories.
If you want to hide certain section of the website from the search engines X-Robots-Tag can be set in the response header to tell crawlers whether the file should be indexed or not:
By using X-Robots-Tag you don't have to list the these files in your Robots.txt.
It is also not possible to prevent media files from being indexed by putting using Robots Meta Tags. X-Robots-Tag resolves this issue as well.
For Apache, the following snippet can be put into httpd.conf or an .htaccess file to restrict crawlers to index multimedia files without exposing them in Robots.txt
<Files ~ "\.pdf$">
# Don't index PDF files.
Header set X-Robots-Tag "noindex, nofollow"
</Files>
<Files ~ "\.(png|jpe?g|gif)$">
#Don't index image files.
Header set X-Robots-Tag "noindex"
</Files>
External References
Controlling Crawling and Indexing
X-Robots-Tag: A Simple Alternate For Robots .txt and Meta Tag
Classification
OWASP-PC-C7
Request
GET /robots.txt HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 302 Found
Server: Apache/2.2.15 (CentOS)
Expires: Sun, 19 Jan 2020 04:32:16 GMT
Vary: Accept-Encoding
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1
Content-Encoding:
Location: https://103.7.64.84/robots.txt
Date: Fri, 17 Jan 2020 04:32:16 GMT
Cache-Control: max-age=172800
User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php
17 / 29
13. Out-of-date Version (PHP) 1 TOTAL
INFORMATION
Netsparker identified you are using an out-of-date version of PHP.
Impact
Since this is an old version of the software, it may be vulnerable to attacks.
Remedy
Please upgrade your installation of PHP to the latest stable version.
Remedy References
Downloading PHP
Classification
OWASP 2013-A9 PCI V3.1-6.2 PCI V3.2-6.2 CAPEC-310 OWASP-PC-C1
13.1. https://103.7.64.84/
https://103.7.64.84/
Identified Version
5.6.40
Latest Version
5.6.26
Vulnerability Database
Result is based on 30-12-2016 vulnerability database content.
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: http://103.7.64.84/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 301 Moved Permanently
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.40
Vary: Accept-Encoding,User-Agent
Expires: Sun, 19 Jan 2020 04:32:08 GMT
Content-Length: 20
Content-Type: text/html; charset=UTF-8
Content-Encoding:
Location: https://www.netdatavault.com/
Date: Fri, 17 Jan 2020 04:32:08 GMT
Cache-Control: max-age=172800
18 / 29
14. Generic Email Address Disclosure 1 TOTAL
INFORMATION
Netsparker identified a generic email address disclosure.
Impact
Generic email addresses discovered within the application.
Remedy
This is reported for informational purposes only.
You can use submission forms for this purpose to avoid automated email address harvesting tools.
External References
Wikipedia - Email Spam
Classification
CWE-200 CAPEC-118 WASC-13 OWASP-PC-C7
14.1. https://103.7.64.84/c:/boot.ini
https://103.7.64.84/c:/boot.ini
Email Address(es)
[email protected]
Certainty
Request
GET /c:/boot.ini HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: http://103.7.64.84/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
…
ne"><span class="icon"><i class="icon-phone"></i></span><span class="details">+91-129-2250400</span></p><p><span class="icon"><i class="icon-envelope"></i></span><span class="details"><a
href="mailto:[email protected]">[email protected]</a></span></p><p><span class="icon"><i class="icon-link"></i></span><span class="details"><a href="http://www.netdatavault.com">http://www.netdatavault.com</a></span></p></div></aside>
</div><div
…
19 / 29
15. HTTP Strict Transport Security (HSTS) Policy Not Enabled 1 TOTAL
INFORMATION
Netsparker identified that HTTP Strict Transport Security (HSTS) policy is not enabled.
The target website is being served from not only HTTP but also HTTPS and it lacks of HSTS policy implementation.
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTP
(HTTPS) connections. The HSTS Policy is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during
which the user agent shall access the server in only secure fashion.
When a web application issues HSTS Policy to user agents, conformant user agents behave as follows:
Automatically turn any insecure links referencing the web application into secure links. (For instance, http://example.com/some/page/ will be modified to https://example.com/some/page/ before
accessing the server.)
If the security of the connection cannot be ensured (e.g. the server's TLS certificate is self-signed), show an error message and do not allow the user to access the web application.
Remedy
Configure your webserver to redirect HTTP requests to HTTPS.
# load module
LoadModule headers_module modules/mod_headers.so
# HTTPS-Host-Configuration
<VirtualHost *:443>
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
External References
Wikipedia - HTTP Strict Transport Security
Configure HSTS (HTTP Strict Transport Security) for Apache/Nginx
Classification
OWASP-PC-C8
15.1. https://103.7.64.84/
https://103.7.64.84/
Certainty
Request
GET / HTTP/1.1
Host: www.netdatavault.com
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Set-Cookie: __cfduid=d61237aad9e40774db0664840d26a03c91579235532; expires=Sun, 16-Feb-20 04:32:12 GMT; path=/; domain=.netdatavault.com; HttpOnly; SameSite=Lax
Expires: Sun, 19 Jan 2020 04:32:13 GMT
Link: <https://www.netdatavault.com/wp-json/>; rel="https://api.w.org/"
Link: <https://www.netdatavault.com/>; rel=shortlink
Server: cloudflare
X-Powered-By: PHP/5.6.40
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Content-Encoding:
Vary: Accept-Encoding,User-Agent
CF-RAY: 55659aa13b97bc06-LHR
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Date: Fri, 17 Jan 2020 04:32:15 GMT
Cache-Control: max-age=172800
<!DOCTYPE html>
<!--[if IE 7]>
<html class="ie ie7" lang="en-US" prefix="og: http://ogp.me/ns#">
<![endif]-->
<!--[if IE 8]>
<html class="ie ie8" lang="en-US" prefix="og: http://ogp.me/ns#">
<![endif]-->
<!--[if !(IE 7) | !(IE 8) ]><!-->
<html lang="en-US" prefix="og: http://ogp.me/ns#">
<!--<![endif]-->
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="profile" href="https://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.netdatavault.com/xmlrpc.php" />
<!--[if lt IE 9]>
<script src="https://www.netdatavault.com/wp-content/themes/hostmev2/js/html5.js" type="text/javascript"></script>
<![endif]-->
<title>Cloud Data Center India, Managed VPS Hosting Server Providers - NDV</title>
<!-- This site is optimized with the Yoast SEO plugin v5.5.1 - https://yoast.com/wordpress/plugins/seo/ -->
<meta name="description" content="North India's first Tier 3 certified data center offering cloud server hosting, dedicated server hosting, VPS hosting & data center services."/>
<link rel="canonical" href="https://www.net
…
20 / 29
16. Out-of-date Version (WordPress) 1 TOTAL
INFORMATION
Netsparker identified the target web site is using WordPress and detected that it is out of date. WordPress is a free and open-source content management system (CMS) based on PHP
and MySQL.
Impact
Since this is an old version of the software, it may be vulnerable to attacks.
Remedy
Please upgrade your installation of WordPress to the latest stable version.
Remedy References
Downloading WordPress
Classification
OWASP 2013-A9 PCI V3.1-6.2 PCI V3.2-6.2 CAPEC-310 OWASP-PC-C1
16.1. https://103.7.64.84/wp-includes/js/tw-sack.js
https://103.7.64.84/wp-includes/js/tw-sack.js
Identified Version
4.6
Latest Version
4.7
Vulnerability Database
Result is based on 30-12-2016 vulnerability database content.
Certainty
Request
GET /wp-includes/js/tw-sack.js HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Expires: Sun, 16 Feb 2020 04:33:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 1543
Last-Modified: Wed, 13 Sep 2017 13:07:38 GMT
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Encoding:
Date: Fri, 17 Jan 2020 04:33:35 GMT
ETag: "802c7-1369-55911d8131a80"
Cache-Control: max-age=2592000
function sack(file) {
this.xmlhttp = null;
this.resetData = function() {
this.method = "POST";
this.queryStringSeparator = "?";
this.argumentSeparator = "&";
this.URLString = "";
this.encodeURIString = true;
this.execute = false;
this.element = null;
this.elementObj = null;
this.requestFile = file;
this.vars = new Object();
this.responseStatus = new Array(2);
};
this.resetFunctions = function() {
this.onLoading = function() { };
this.onLoaded = function() { };
this.onInteractive = function() { };
this.onCompletion = function() { };
this.onError = function() { };
this.onFail = function() { };
};
this.reset = function() {
this.resetFunctions();
this.resetData();
};
this.createAJAX = function() {
try {
this.xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e1) {
try {
this.xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e2) {
this.xmlhttp = null;
}
}
if (! this.xmlhttp) {
if (typeof XMLHttpRequest != "undefined") {
this.xmlhttp = new XMLHttpRequest();
} else {
this.failed = true;
}
}
};
21 / 29
17. WordPress Detected 1 TOTAL
INFORMATION
Netsparker identified that the target web site is using WordPress. WordPress is a free and open-source content management system (CMS) based on PHP and MySQL.
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
Classification
OWASP-PC-C7
17.1. https://103.7.64.84/wp-includes/js/tw-sack.js
https://103.7.64.84/wp-includes/js/tw-sack.js
Identified Version
4.6
Latest Version
4.7
Vulnerability Database
Result is based on 30-12-2016 vulnerability database content.
Certainty
Request
GET /wp-includes/js/tw-sack.js HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Expires: Sun, 16 Feb 2020 04:33:35 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 1543
Last-Modified: Wed, 13 Sep 2017 13:07:38 GMT
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Encoding:
Date: Fri, 17 Jan 2020 04:33:35 GMT
ETag: "802c7-1369-55911d8131a80"
Cache-Control: max-age=2592000
function sack(file) {
this.xmlhttp = null;
this.resetData = function() {
this.method = "POST";
this.queryStringSeparator = "?";
this.argumentSeparator = "&";
this.URLString = "";
this.encodeURIString = true;
this.execute = false;
this.element = null;
this.elementObj = null;
this.requestFile = file;
this.vars = new Object();
this.responseStatus = new Array(2);
};
this.resetFunctions = function() {
this.onLoading = function() { };
this.onLoaded = function() { };
this.onInteractive = function() { };
this.onCompletion = function() { };
this.onError = function() { };
this.onFail = function() { };
};
this.reset = function() {
this.resetFunctions();
this.resetData();
};
this.createAJAX = function() {
try {
this.xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e1) {
try {
this.xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e2) {
this.xmlhttp = null;
}
}
if (! this.xmlhttp) {
if (typeof XMLHttpRequest != "undefined") {
this.xmlhttp = new XMLHttpRequest();
} else {
this.failed = true;
}
}
};
22 / 29
18. OPTIONS Method Enabled 1 TOTAL
INFORMATION
Netsparker detected that OPTIONS method is allowed. This issue is reported as extra information.
CONFIRMED
Impact
Information disclosed from this page can be used to gain additional information about the target system.
1
Remedy
Disable OPTIONS method in all production systems.
External References
Testing for HTTP Methods and XST (OWASP-CM-008)
HTTP/1.1: Method Definitions
Classification
OWASP 2013-A5 CWE-16 CAPEC-107 WASC-14
Allowed methods
GET,HEAD,POST,OPTIONS,TRACE
Request
OPTIONS /sitemap.xml HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: https://103.7.64.84/sitemap.xml
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Content-Length: 0
Response
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Expires: Sun, 19 Jan 2020 04:33:34 GMT
Vary: Accept-Encoding,User-Agent
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 20
Content-Type: text/xml
Content-Encoding:
Date: Fri, 17 Jan 2020 04:33:34 GMT
Cache-Control: max-age=172800
23 / 29
19. Apache Web Server Identified 1 TOTAL
INFORMATION
Netsparker identified a web server (Apache) in the target web server's HTTP response.
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
External References
Apache ServerTokens Directive
Classification
OWASP-PC-C7
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Base: 5.3 (Medium)
Temporal: 5.1 (Medium)
Environmental: 5.1 (Medium)
19.1. http://103.7.64.84/
http://103.7.64.84/
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 302 Found
Server: Apache/2.2.15 (CentOS)
Expires: Sun, 19 Jan 2020 04:31:58 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Content-Length: 236
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Content-Encoding:
Location: https://103.7.64.84/
Date: Fri, 17 Jan 2020 04:31:58 GMT
Cache-Control: max-age=172800
24 / 29
20. Missing X-XSS Protection Header 1 TOTAL
INFORMATION
Netsparker detected a missing X-XSS-Protection header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
Remedy
Add the X-XSS-Protection header with a value of "1; mode= block".
X-XSS-Protection: 1; mode=block
External References
MSDN - Internet Explorer 8 Security Features
Internet Explorer 8 XSS Filter
Classification
HIPAA-164.308(A) OWASP-PC-C9
20.1. http://103.7.64.84/
http://103.7.64.84/
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 302 Found
Server: Apache/2.2.15 (CentOS)
Expires: Sun, 19 Jan 2020 04:31:58 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Content-Length: 236
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Content-Encoding:
Location: https://103.7.64.84/
Date: Fri, 17 Jan 2020 04:31:58 GMT
Cache-Control: max-age=172800
25 / 29
21. Subresource Integrity (SRI) Not Implemented 1 TOTAL
INFORMATION
Subresource Integrity (SRI) provides a mechanism to check integrity of the resource hosted by third parties like Content Delivery Networks (CDNs) and verifies that the fetched
resource has been delivered without unexpected manipulation.
SRI does this using hash comparison mechanism. In this way, hash value declared in HTML elements (for now only script and link elements are supported) will be compared with the hash value of the
resource hosted by third party.
Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.
Remedy
Using Subresource Integrity is simply to add integrity attribute to the script tag along with a base64 encoded cryptographic hash value.
The hash algorithm must be one of sha256, sha384 or sha512, followed by a '-' character.
External References
Subresource Integrity
Do not let your CDN betray you: Use Subresource Integrity
Web Application Security with Subresource Integrity
SRI Hash Generator
Classification
21.1. https://103.7.64.84/?%2527%2522--
%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252fqo8ljpmoa
bg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme%2522%253e%253c
%252fscRipt%253e
https://103.7.64.84/?%2527%2522--%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%2...
Parameters
Parameter Type Value
%2527%2522-- GET
%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cs
cRipt%2520src%253d%2522%252f%252fqo8ljpmoabg5toyruuj5x
u77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%
252346%253bme%2522%253e%253c%252fscRipt%253e
Certainty
Request
GET /?%2527%2522--%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252fqo8ljpmoabg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme%2522%253e%253c%252fscRipt%253e HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Referer: http://103.7.64.84/
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
26 / 29
Response
…
1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='contact-form-7-css' href='https://www.netdatavault.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.9' type='text/css' media='all' />
<link rel='stylesheet' id='rs-plugin-settings-css' href='https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/css/settings.css?ver=4.6.93' type='text/css' media='all' />
<style id='rs-plugin-settings-inline-css' type='text/css'>
@import url(http://fonts.googleapis.com/css?family=Open+Sans:400,800,300,700);.tp-caption.roundedimage img{-webkit-border-radius:300px; -moz-border-radius:300px; border-radius:300px}
</style>
<link rel='stylesheet' id='SFSImainCss-css' href='https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='hostmev2-style-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/style.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-animate-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/animate.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-prettyphoto-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/prettyPhoto.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-shortcodes-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/shortcodes.css?ver=2.0' type='text/css' media='all' />
<link rel='stylesheet' id='iva-fortawesome-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/fortawesome/font-awesome.css?ver=2.0' type='text/css' media='all' />
<link rel='stylesheet' id='iva-fontawesome-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/fontawesome/css/font-awesome.css?ver=4.0' type='text/css' media='all' />
<link rel='stylesheet' id='iva-jplayer.blue.monday-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/blue.monday/jplayer.blue.monday.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-datepicker-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/framework/admin/css/datepicker.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-flexslider-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/flexslider.css?ver=1' type='text/css' media='all' />
<link rel='stylesheet' id='iva-responsive-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/responsive.css?ver=all' type='text/css' media='all' />
<link rel='stylesheet' id='iva-owl-style-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/owl.carousel.css?ver=1' type='text/css' media='all' />
<link rel='stylesheet' id='iva-owl-theme-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/owl.theme.css?ver=1' type='text/css' media='all' />
<script type='text/javascript'>
/* <![CDATA[ */
var atp_panel = {"SiteUrl":"https:\/\/www.netdatavault.com\/wp-content\/themes\/hostmev2"};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-includes/js/jquery/jquery.js?ver=1.12.4'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?ver=4.6.93'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.6.93'></script>
<link rel='https://api.w.org/' href='https://www.netdatavault.com/wp-json/' />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.netdatavault.com/xmlrpc.php?rsd"
…
jFOTkdDVDVRZG9HOC9ic1RXN2UwbWhNZGQ2b2E2UUF2WXY0NWZDTm05WlAvMFUxVGg4eVV8YWtEdGlqWEYvZGptYmhlWnFqM3E1Mm1lellzMUhHbWd4blFiOE1MZWY3ND0=" content="nj7bC3HYfwVy5MjT9pcl"/>
<!-- Google Fonts -->
<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,700%7C" rel="stylesheet" type="text/css" />
body { background-color:#f
…
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
})();
</script>
27 / 29
22. Content Security Policy (CSP) Not Implemented 1 TOTAL
INFORMATION
CSP is an added layer of security that helps to mitigate mainly Cross-site Scripting attacks.
CSP can be enabled instructing the browser with a Content-Security-Policy directive in a response header;
or in a meta tag;
In the above example, you can restrict script loading only to the same domain. It will also restrict inline script executions both in the element attributes and the event handlers. There are various directives
which you can use by declaring CSP:
script-src: Restricts the script loading resources to the ones you declared. By default, it disables inline script executions unless you permit to the evaluation functions and inline scripts by the unsafe-
eval and unsafe-inline keywords.
base-uri: Base element is used to resolve relative URL to absolute one. By using this CSP directive, you can define all possible URLs which could be assigned to base-href attribute of the document.
frame-ancestors: It is very similar to X-Frame-Options HTTP header. It defines the URLs by which the page can be loaded in an iframe.
frame-src / child-src: frame-src is the deprecated version of child-src. Both define the sources that can be loaded by iframe in the page. (Please note that frame-src was brought back in CSP 3)
object-src : Defines the resources that can be loaded by embedding such as Flash files, Java Applets.
img-src: As its name implies, it defines the resources where the images can be loaded from.
connect-src: Defines the whitelisted targets for XMLHttpRequest and WebSocket objects.
default-src: It is a fallback for the directives that mostly ends with -src suffix. When the directives below are not defined, the value set to default-src will be used instead:
child-src
connect-src
font-src
img-src
manifest-src
media-src
object-src
script-src
style-src
When setting the CSP directives, you can also use some CSP keywords:
In addition to CSP keywords, you can also use wildcard or only a scheme when defining whitelist URLs for the points. Wildcard can be used for subdomain and port portions of the URLs:
It is also possible to set a CSP in Report-Only mode instead of forcing it immediately in the migration period. Thus you can see the violations of the CSP policy in the current state of your web site while
migrating to CSP:
Impact
There is no direct impact of not implementing CSP on your website. However, if your website is vulnerable to a Cross-site Scripting attack CSP can prevent successful exploitation of that vulnerability. By not
implementing CSP you’ll be missing out this extra layer of security.
Actions to Take
Enable CSP on your website by sending the Content-Security-Policy in HTTP response headers that instruct the browser to apply the policies you specified.
Apply the whitelist and policies as strict as possible.
Rescan your application to see if Netsparker identifies any weaknesses in your policies.
Remedy
Enable CSP on your website by sending the Content-Security-Policy in HTTP response headers that instruct the browser to apply the policies you specified.
External References
An Introduction to Content Security Policy
Content Security Policy (CSP)
Classification
OWASP-PC-C9
22.1. http://103.7.64.84/
http://103.7.64.84/
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
28 / 29
Response
HTTP/1.1 302 Found
Server: Apache/2.2.15 (CentOS)
Expires: Sun, 19 Jan 2020 04:31:58 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Content-Length: 236
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Content-Encoding:
Location: https://103.7.64.84/
Date: Fri, 17 Jan 2020 04:31:58 GMT
Cache-Control: max-age=172800
29 / 29