Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
103 views

Website Vulnerability Scanner Report (Light)

The light scan of the website identified 3 medium and 2 low level vulnerabilities in the PHP code. It also found that the SSL certificate is not trusted and several server software and technologies are disclosed including PHP, ASP.NET, and jQuery. The report recommends upgrading software, configuring a trusted SSL certificate, and removing information that identifies the server platform and software.

Uploaded by

Roberto Sihombing
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
103 views

Website Vulnerability Scanner Report (Light)

The light scan of the website identified 3 medium and 2 low level vulnerabilities in the PHP code. It also found that the SSL certificate is not trusted and several server software and technologies are disclosed including PHP, ASP.NET, and jQuery. The report recommends upgrading software, configuring a trusted SSL certificate, and removing information that identifies the server platform and software.

Uploaded by

Roberto Sihombing
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Website Vulnerability Scanner Report (Light)

Get a PRO Account to unlock the FULL capabilities of this scanner

See wh at th e FULL scan n er can d o

Perform in-depth website scanning and discover high risk vulnerabilities.

Testi n g areas Li gh t scan Fu l l scan

Website fingerprinting  

Version-based vulnerability detection  


Common configuration issues  

SQL injection  

Cross-Site Scripting  

Local/Remote File Inclusion  

Remote command execution  

Discovery of sensitive files  

 https://mitra.atrbpn.go.id/

Summary

Ov erall risk lev el: Risk rat ings: Scan informat ion:
H igh High: 1 Start time: 2019-10-21 08:56:57 UTC+03
Medium: 1 Finish time: 2019-10-21 08:57:18 UTC+03

Low: 2 Scan duration: 21 sec

Info: 6 Tests performed: 10/10

Scan status: Finished

Findings

 Vulnerabilities found for server-side software


Ris k A ffe c te d
C VS S C VE S umma ry E xploit
Le ve l s oftwa re

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before
PHP
 7.5 CVE-2019-9641 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in N/A
5.4.20
exif_process_IFD_in_TIFF.

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14,
and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are
present in mbstring regular expression functions when supplied with invalid
multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, PHP
 7.5 CVE-2019-9023 N/A
ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, 5.4.20
ext/mbstring/oniguruma/enc/unicode.c, and
ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression
pattern contains invalid multibyte sequences.

1/5
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14,
and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in
the PHAR extension may allow an attacker to read allocated or unallocated
PHP
 7.5 CVE-2019-9021 memory past the actual data when trying to parse the file name, a different N/A
5.4.20
vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext
in ext/phar/phar.c.

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14,
and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an PHP
 7.5 CVE-2019-9020 N/A
invalid memory access (heap out of bounds read or read after free). This is related 5.4.20
to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c.

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x
before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute
PHP
 7.5 CVE-2015-4643 arbitrary code via a long reply to a LIST command, leading to a heap-based buffer N/A
5.4.20
overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-
4022.

 Details

Ris k de s c ription:
These vulnerabilities expose the affected applications to the risk of unauthorized access to confidential data and possibly to denial of service
attacks. An attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to attack the
system.

Re c omme nda tion:


We recommend you to upgrade the affected software to the latest version in order to eliminate the risk of these vulnerabilities.

 Server SSL certificate is not trusted


Httpsconnectionpool(host='mitra.atrbpn.go.id', port=443): max retries exceeded with url: / (caused by sslerror(sslerror(1, u'[ssl: certificate_ver
ify_failed] certificate verify failed (_ssl.c:661)'),))
URL: https://mitra.atrbpn.go.id/

 Details

Ris k de s c ription:
The SSL certificate presented by the web server is not trusted by web browsers. This makes it really difficult for humans to distinguish between
the real certificate presented by the server and a fake SSL certificate. An attacker could easily mount a man-in-the-middle attack in order to
sniff the SSL communication by presenting the user a fake SSL certificate.

Re c omme nda tion:


We recommend you to configure a trusted SSL certificate for the web server.

Here are some examples of how to configure SSL for various servers:
Apache: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
Nginx: http://nginx.org/en/docs/http/configuring_https_servers.html

 Server software and technology found

S oftwa re / Ve rs ion C a te g ory

IIS 10.0 Web Servers

PHP 5.4.20 Programming Languages

Microsoft ASP.NET Web Frameworks

Twitter Bootstrap Web Frameworks

Font Awesome Font Scripts

Google Maps Maps

Lightbox JavaScript Frameworks

OWL Carousel Widgets

2/5
jQuery JavaScript Frameworks

 Details

Ris k de s c ription:
An attacker could use this information to mount specific attacks against the identified software type and version.

Re c omme nda tion:


We recommend you to eliminate the information which permit the identification of software platform, technology, server and operating system:
HTTP server headers, HTML meta information, etc.

More information about this issue:


https://www.owasp.org/index.php/Fingerprint_Web_Server_(OTG-INFO-002).

 Missing HTTP security headers


H T T P S e c urity H e a de r H e a de r Role S ta tus

X-Frame-Options Protects against Clickjacking attacks Not set

X-XSS-Protection Mitigates Cross-Site Scripting (XSS) attacks Not set

Strict-Transport-Security Protects against man-in-the-middle attacks Not set

X-Content-Type-Options Prevents possible phishing or XSS attacks Not set

 Details

Ris k de s c ription:
Because the X-Frame-Options header is not sent by the server, an attacker could embed this website into an iframe of a third party website. By
manipulating the display attributes of the iframe, the attacker could trick the user into performing mouse clicks in the application, thus
performing activities without user's consent (ex: delete user, subscribe to newsletter, etc). This is called a Clickjacking attack and it is described
in detail here:
https://www.owasp.org/index.php/Clickjacking

The X-XSS-Protection HTTP header instructs the browser to stop loading web pages when they detect reflected Cross-Site Scripting (XSS)
attacks. Lack of this header exposes application users to XSS attacks in case the web application contains such vulnerability.

The HTTP Strict-Transport-Security header instructs the browser not to load the website via plain HTTP connection but always use HTTPS. Lack of
this header exposes the application users to the risk of data theft or unauthorized modification in case the attacker implements a man-in-the-
middle attack and intercepts the communication between the user and the server.

The HTTP X-Content-Type-Options header is addressed to Internet Explorer browser and prevents it from reinterpreting the content of a web
page (MIME-sniffing) and thus overriding the value of the Content-Type header). Lack of this header could lead to attacks such as Cross-Site
Scripting or phishing.

Re c omme nda tion:


We recommend you to add the X-Frame-Options HTTP response header to every page that you want to be protected against Clickjacking
attacks.
More information about this issue:
https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

We recommend setting the X-XSS-Protection header to "X-XSS-Protection: 1; mode=block".


More information about this issue:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

We recommend setting the Strict-Transport-Security header.


More information about this issue:
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet

We recommend setting the X-Content-Type-Options header to "X-Content-Type-Options: nosniff".


More information about this issue:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

 No security issue found regarding HTTP cookies

 Robots.txt file not found

3/5
 No security issue found regarding client access policies

 Directory listing not found (quick scan)

 No password input found (auto-complete test)

 No password input found (clear-text submission test)

4/5
Scan coverage information

List of tests performed (10/ 10)


 Fingerprinting the server software and technology...
 Checking for vulnerabilities of server-side software...
 Analyzing the security of HTTP cookies...
 Analyzing HTTP security headers...
 Checking for secure communication...
 Checking robots.txt file...
 Checking client access policies...
 Checking for directory listing (quick scan)...
 Checking for password auto-complete (quick scan)...
 Checking for clear-text submission of passwords (quick scan)...

Scan parameters
Website URL: https://mitra.atrbpn.go.id/
Scan type: Light
Authentication: False

5/5

You might also like