Computer Generations

Acunetix Website Audit
7 June, 2016
Developer Report
Generated by Acunetix WVS Reporter (v10.0 Build 20150707)
Scan of http://192.168.1.3:80/
Scan details
Scan information
Start time
Finish time
Scan time
Profile
Server information
Responsive
Server banner
Server OS
Server technologies
6/6/2016 5:59:47 PM
6/7/2016 9:07:29 AM
15 hours, 7 minutes
Default
True
Microsoft-IIS/8.5
Windows
ASP.NET
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A
malicious user can exploit these vulnerabilities and compromise the backend database
and/or deface your website.
Alerts distribution
Total alerts found
High
Medium
227
1
188
Low
14
Informational
24
Knowledge base
List of file extensions
File extensions can provide information on what technologies are being used on this website.
List of file extensions detected:
- css => 14 file(s)

- js => 34 file(s)
Top 10 response times
The files listed below had the slowest response times measured during the crawling process. The average response time
for this site was 54.78 ms. These files could be targetted in denial of service attacks.
1. /projectmanagement/projectestimationnames, response time 5710 ms
GET /projectmanagement/projectestimationnames HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.1.3/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie:
__RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uELYgh-lz-h
QWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81;
awwce-MyCookieName-2016-erp=cpz7wQaqqFuFXgInUE2X0DQiZBwaY6QB9TuAr-UWqZdWCUHraYBu4Uu9LFJxPI1
a8sSncnf-nFAQh4rayeiLfgzce_JNEz2i4TXUgMzATS4VwrIgwvOf9XCA7_fXtx5_dyJZnZzTJohB3yQgC8DH06iPp4EslLRB
hafLR2ebw-LeDnclJf1bD6YT3ismDzL-LCseAy_mn4UY0HBLIsxdLzSF2dif29kjjcQ3YZeINwI7uipnG33haBYCLqERlRziSn
QuqzbWXv1ZbyPEur44SY-PE81LHkxqGcKHsLv9nXBdkIFDZHSDgv-9FDjFxgUEvkquR5nlSbOnpVzfBW680WoLh4Pqm
8IAJ-ZGgsyuMYzgOGVfTmRZcBooJgR-YLlGASFlMcQgXNDtyyHqx63rqN1s4wFFHhvDTdlqkV_Xx11vXZc7-P29p67LMk
S0isrn_WyfqYDe_U3WdVLnDT-BfCGdFX5ziKm2oEktka2yk84pc-VEmb9ES75mFs8E8klXooRbuSAOnOR9SsafGdDsbtx
aQfGugiqtmo8ooC67X8QzLy-q4HV4sYMNUbFd75kad-d9Vs6Q8zr62. /hr/disciplinaymeasuretypes, response time 5101
ms
GET /hr/disciplinaymeasuretypes HTTP/1.1
Pragma: no-cache
Cookie:
awwce-MyCookieName-2016-erp=go5N6LdR1vsxhYrxHG0MnanXqJKFtJhSVnJ3dQMciA_jxh8Mu_PGYR5WG9uiTUL7R
Ksl98t5vTAewBEbaCcGY4QwA36KmHHVcI1V77L_4JfINqGnQyBQazIhPggaLGMqtkuEBDoBqZKNJOdn9XYVW5g5Oi3
AMTN0H51sL4OGouOH4oVMmwoF2w2lWJJKyjr-1_IxvGOv7Xta38lvuRGAaME9LGqdf5t2gcvnHqeGemtzEJqIg42QRGf
LT8pJMkqUXAxwawoE4eVGHXz-8M7gQwZinbHKhlTER07TH2HcPRRVj-PDYdc8nuP2Agx-Sw18asrmTZ4U8To7AY4U
GyCPgfVHGa1isSYb0JJLy1atzZuGXglQm9ZYHVMVhD1ZNL9ccKkZaO8j_65hTpO80S1K3StXnCSK48E_VO4D7PaLhxk
WkYdNi8AoeL75urlONyOWJD6yvHLgk_PMXsQbzf_Do9xgZd0kes3Qic5lCLMzCnKyZW925duHP88NLinZhq92TFLvfua
WlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOimg6xnAvenl2Y_VRyTHDIUXCj-2eSxH5AETY7P_rcvZGH1TvE8UISHYb75
Myuir1JzwsC0FNA9nM7T3. /fleetmanagement/fleetequipmentregistrations, response time 3868 ms
GET /fleetmanagement/fleetequipmentregistrations HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
awwce-MyCookieName-2016-erp=cpz7wQaqqFuFXgInUE2X0DQiZBwaY6QB9TuAr-UWqZdWCUHraYBu4Uu9LFJxPI1a
8sSncnf-nFAQh4rayeiLfgzce_JNEz2i4TXUgMzATS4VwrIgwvOf9XCA7_fXtx5_dyJZnZzTJohB3yQgC8DH06iPp4EslLRBh
afLR2ebw-LeDnclJf1bD6YT3ismDzL-LCseAy_mn4UY0HBLIsxdLzSF2dif29kjjcQ3YZeINwI7uipnG33haBYCLqERlRziSnQ
uqzbWXv1ZbyPEur44SY-PE81LHkxqGcKHsLv9nXBdkIFDZHSDgv-9FDjFxgUEvkquR5nlSbOnpVzfBW680WoLh4Pqm8I
AJ-ZGgsyuMYzgOGVfTmRZcBooJgR-YLlGASFlMcQgXNDtyyHqx63rqN1s4wFFHhvDTdlqkV_Xx11vXZc7-P29p67LMkS
0isrn_WyfqYDe_U3WdVLnDT-BfCGdFX5ziKm2oEktka2yk84pc-VEmb9ES75mFs8E8klXooRbuSAOnOR9SsafGdDsbtxa
QfGugiqtmo8ooC67X8QzLy-q4HV4sYMNUbFd75kad-d9Vs6Q84. /hr/disciplinaymeasuretypes/edit/8, response time 3760
ms
GET /hr/disciplinaymeasuretypes/edit/8 HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/hr/disciplinaymeasureranks/details/2
Cookie:
WlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOimg6x5. /hr/disciplinaymeasuretypes/details/8, response time 3635 ms
GET /hr/disciplinaymeasuretypes/details/8 HTTP/1.1
Pragma: no-cache
Cookie:
WlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOim6. /hr/disciplinaymeasuretypes/details/12, response time 3182 ms
Pragma: no-cache
Cookie:
WlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOi7. /hr/disciplinaymeasuretypes/details/10, response time 3182 ms
Pragma: no-cache
Cookie:
WlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOi8. /payroll/payrollreports/monthlyincometaxreport, response time 1295 ms
GET /payroll/payrollreports/monthlyincometaxreport HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
awwce-MyCookieName-2016-erp=cpz7wQaqqFuFXgInUE2X0DQiZBwaY6QB9TuAr-UWqZdWCUHraYBu4Uu9LFJxPI1a
8sSncnf-nFAQh4rayeiLfgzce_JNEz2i4TXUgMzATS4VwrIgwvOf9XCA7_fXtx5_dyJZnZzTJoh
List of client scripts
These files contain Javascript code referenced from the website.
- /content/ace/js/jquery.2.1.1.min.js
- /content/ace/js/ace-extra.min.js
- /content/ace/js/bootstrap.min.js
- /content/ace/js/jquery-ui.custom.min.js
- /content/ace/js/jquery.ui.touch-punch.min.js
- /content/ace/js/jquery.easypiechart.min.js
- /content/ace/js/jquery.sparkline.min.js
- /content/ace/js/jquery.flot.min.js
- /content/ace/js/jquery.flot.pie.min.js
- /content/ace/js/jquery.flot.resize.min.js
- /content/ace/js/ace-elements.min.js
- /content/ace/js/ace.min.js
- /content/jqury-ui/jquery-ui.js
- /content/jstree/jstree.min.js
- /scripts/etp/jquery.plugin.js
- /scripts/etp/jquery.calendars.js
- /scripts/etp/jquery.calendars.plus.js
- /scripts/etp/jquery.calendars.picker.js
- /scripts/etp/jquery.calendars.ethiopian.js
- /scripts/etp/jquery.calendars.ethiopian-am.js
- /scripts/kendo/2016.1.112/jquery.min.js
- /scripts/kendo/2016.1.112/jszip.min.js
- /scripts/kendo/2016.1.112/kendo.all.min.js
- /scripts/kendo/2016.1.112/kendo.aspnetmvc.min.js
- /scripts/kendo.modernizr.custom.js
- /scripts/jquery.unobtrusive-ajax.js
- /scripts/jquery.validate.min.js
- /scripts/jquery.validate.unobtrusive.js
- /scripts/js.cookie.js
- /scripts/matrixscript.js
- /scripts/matrixscript1.js
- /scripts/matrixcommon.js
- /scripts/selector.js
- /scripts/jquery-1.10.2.min.js
List of files with inputs
These files have at least one input (GET or POST).
- / - 11 inputs
- /account - 3 inputs
- /account/login - 3 inputs
- /account/logoff - 1 inputs
- /account/delete/zelalem - 1 inputs
- /account/delete/enanu - 1 inputs
- /account/delete/endalamaw - 1 inputs
- /account/edit/zelalem - 1 inputs
- /account/edit/enanu - 1 inputs
- /account/edit/endalamaw - 1 inputs
- /account/usergroups/zelalem - 1 inputs
- /account/usergroups/endalamaw - 1 inputs
- /account/usergroups/enanu - 1 inputs
- /account/register - 1 inputs
- /home/setculture - 1 inputs
- /hr/upload - 1 inputs
- /hr/empbscappraisalperiods/edit/5 - 1 inputs
- /hr/empbscappraisalperiods/delete/2 - 1 inputs
- /hr/empbscappraisalperiods/create - 1 inputs
- /hr/disciplinaymeasureranks/edit/3 - 1 inputs
- /hr/disciplinaymeasureranks/edit/2 - 1 inputs
- /hr/disciplinaymeasureranks/delete/3 - 1 inputs
- /hr/disciplinaymeasureranks/delete/2 - 1 inputs
- /hr/certificatesandletters - 1 inputs
- /hr/disciplinaymeasuretypes/edit/9 - 1 inputs
- /hr/disciplinaymeasuretypes/delete/9 - 1 inputs
- /inventory/reportinventory/issueitem - 1 inputs
- /inventory/reportinventory/transferitem - 1 inputs
- /inventory/reportinventory/stockbalance - 1 inputs
- /inventory/reportinventory/goodsreceive - 1 inputs
- /inventory/reportinventory/adjustmentitem - 1 inputs
- /inventory/reportinventory/storereturnitem - 1 inputs
- /inventory/reportinventory/purchasereturnitem - 1 inputs
- /inventory/reportinventory/storerequisitionitem - 1 inputs
- /inventory/reportinventory/issueitemexcel - 1 inputs
- /inventory/reportinventory/issueitemprint - 1 inputs
- /inventory/reportinventory/transferitemprint - 1 inputs
- /inventory/reportinventory/transferitemexcel - 1 inputs
- /inventory/reportinventory/stockbalanceprint - 1 inputs
- /inventory/reportinventory/stockbalanceexcel - 1 inputs
- /inventory/reportinventory/goodsreceiveprint - 1 inputs
- /inventory/reportinventory/goodsreceiveexcel - 1 inputs
- /inventory/reportinventory/storereturnitemexcel - 1 inputs
- /inventory/reportinventory/storereturnitemprint - 1 inputs
- /inventory/reportinventory/adjustmentitemprint - 1 inputs
- /inventory/reportinventory/adjustmentitemexcel - 1 inputs
- /inventory/reportinventory/purchasereturnitemprint - 1 inputs
- /inventory/reportinventory/purchasereturnitemexcel - 1 inputs
- /inventory/reportinventory/storerequisitionitemprint - 1 inputs
- /inventory/reportinventory/storerequisitionitemexcel - 1 inputs
- /finance/bankaccounts/edit/14 - 1 inputs
- /finance/bankaccounts/delete/6 - 1 inputs
- /finance/budgetallocationandusage - 1 inputs
- /finance/budgetallocationandusage/budgetallocationandusageexcel - 1 inputs
- /finance/budgetallocationandusage/budgetallocationandusageprint - 1 inputs
- /finance/budgetagainstpreviousyear - 1 inputs
- /finance/budgetagainstpreviou
List of external hosts

These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts
allowed. (Configuration-> Scan Settings ->Scanning Options-> List of hosts allowed).
- fonts.gstatic.com
List of email addresses
List of all email addresses found on this host.
- info@awwwce.com
Alerts summary
Microsoft IIS tilde directory enumeration
Classification
Base Score: 5.0
CVSS
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CWE-20
CWE
Affected items
/
Variation
s1
Application error message

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/account/edit/endalamaw
/account/edit/zelalem
/account/login
/account/usergroups/endalamaw
/finance/bankaccounts/edit/10
/hr/disciplinaymeasureranks/edit/2
/hr/disciplinaymeasuretypes/edit/10
/hr/empbscappraisalperiods/edit/1
Variation
s2
1
1
1
2
3
3
2
3
3
4
3
3
4
4
3
1
1
1
1
1
1
1
2
1
1
1
1
Error message on page

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/finance/json/description
/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
/hr/disciplinaymeasuretypes
/procurement/reportprocurement
/procurement/reportprocurement/getlotdetails
/upload
Variation
s1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
HTML form without CSRF protection

Classification
Base Score: 2.6
CVSS
- Access Complexity: High
- Confidentiality Impact: None
- Integrity Impact: Partial
CWE-352
CWE
Affected items
/
/account
/finance/accountstransactions
/finance/budgetagainstpreviousyear
/finance/budgetallocationandusage
/finance/json/fromaccountcode
/finance/reportfinance/accountanalysis
/finance/reportfinance/accountanalysisbysegment
/finance/reportfinance/aragingbyinvoice
/finance/reportfinance/cashflow
/finance/reportfinance/chartofaccount
/finance/reportfinance/customerlist
/finance/reportfinance/incomestatement
/finance/reportfinance/incomestatementbyproject
/finance/reportfinance/supplierlist
/finance/reportfinance/trialbalance
/hr/certificatesandletters
/hr/upload
/inventory/reportinventory/issueitem
/inventory/reportinventory/stockbalance
/payroll/payrollreports/bonusincometaxreport
/payroll/payrollreports/monthlypensionreport
/payroll/payrollreports/reportbycontributiontypelist
Variation
s1
2
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
10
Internal server error

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/
/account/delete/enanu
/account/delete/endalamaw
/account/delete/zelalem
/account/edit/enanu
/account/login
/account/logoff
/account/register
/account/usergroups/enanu
/finance/budgetallocationandusage/
/finance/budgetallocationandusage/budgetallocationandusageexcel
/finance/budgetallocationandusage/budgetallocationandusageprint
/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
/home/setculture
/hr/disciplinaymeasuretypes/delete/10
/hr/empbscappraisalperiods/create
Variation
s3
1
1
1
5
5
5
1
1
17
1
1
1
1
5
5
5
1
1
1
1
1
1
8
8
8
2
11
User credentials are sent in clear text

Classification
Base Score: 5.0
CVSS
CWE-310
CWE
Affected items
/account/login
/account/login (943495a8bf6f8beb8b22c44cf845bd3f)
/account/register
Variation
s1
1
1
ASP.NET version disclosure

Classification
Base Score: 0.0
CVSS
CWE-200
CWE
Affected items
/
Variation
s1
Cookie without HttpOnly flag set

Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/
Variation
s3
Cookie without Secure flag set

Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/
Variation
s5
12
File upload
Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/hr/upload
Variation
s1
Login page password-guessing attack

Classification
Base Score: 5.0
CVSS
CWE-307
CWE
Affected items
/account/login
Variation
s1
OPTIONS method is enabled

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
Web Server
Variation
s1
Slow response time

Classification
Base Score: 5.0
CVSS
- Availability Impact: Partial
CWE-400
CWE
Affected items
/projectmanagement/projectestimationnames
Variation
s1
1
13
Broken links
Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/content/kendo/2016.1.112/%23clip
/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
Variation
s1
1
Email address found

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/account
Variation
s1
1
1
Microsoft IIS version disclosure

Classification
Base Score: 0.0
CVSS
CWE-200
CWE
Affected items
/
Variation
s1
14
Password type input with auto-complete enabled

Classification
Base Score: 0.0
CVSS
CWE-200
CWE
Affected items
/account/login
/account/login (1f2dc0e26bedda9d5aebd00f748cb9d1)
/account/login (8f687fa47b22a02f27a3174aed84ccc0)
/account/login (d4c7aaa78ab87dfcc2f6d60cf3c9605e)
/account/login (f679e9569fc981ca88e5e9c01ef99b87)
/account/register
Variation
s1
1
1
1
1
2
Possible CSRF (Cross-site request forgery)

Affected items
/finance/json/bankaccounts (6e57e52fb25f1aa27d063b6c42189ce6)
/finance/json/description (c002f292f84915c9792f54c0abc710d4)
/finance/json/fromaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
/finance/json/toaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
(11e076bff3d87afafd26c723d1fdc6a3)
(65ba3a10b77a6c16224ffc9314b599f2)
(b585c40490c5c63ee711d1bbe6e3a118)
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read (11e076bff3d87afafd26c723d1fdc6a3)
Variation
s1
1
1
1
1
1
1
1
1
Possible internal IP address disclosure

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/home/setculture
Variation
s1
15
Possible username or password disclosure

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
Variation
s1
16
Alert details
Microsoft IIS tilde directory enumeration
Severity
High
Type
Configuration
Reported by module Scripting (IIS_Tilde_Dir_Enumeration.script)
Description
It is possible to detect short names of files and directories which have an 8.3 file naming scheme equivalent in Windows
by using some vectors in several versions of Microsoft IIS. For instance, it is possible to detect all short-names of ".aspx"
files as they have 4 letters in their extensions. This can be a major issue especially for the .Net websites which are
vulnerable to direct URL access as an attacker can find important files and folders that they are not normally visible.
Impact
Possible sensitive information disclosure.
Recommendation
Consult the "Prevention Technique(s)" section from Soroush Dalili's paper on this subject. A link to this paper is listed in
the Web references section below.
References
Windows Short (8.3) Filenames - A Security Nightmare?
Microsoft IIS Shortname Scanner PoC
IIS Short File Name Disclosure is back! Is your server vulnerable?
Affected items
/
Details
No details are available.
Request headers
OPTIONS //*~1*/a.aspx?aspxerrorpath=/ HTTP/1.1
(line truncated)
...p1B6fl3w1HuKBWpmtDDauU0_weIIyOCvMwqpQLC_8QjvuJVTUCXh5aG1-ajaVaMA7-gNWy5cJzSbJopRnbTTQ
3GZqyhzGZBza-oQDQawNvYSU-jLVbpS68bJwg5LzoOD0jQmyHeeF1-sJGpi1biByeNwOsiAyVspyZK6WbEahtbm8
_EComER7Ju_YO5clRIBbWTBOJhtbFpK9wyRrRbi3kDUCuqyw33D0Fszlp0lt31LfRng3L7YdnyxZglTpU7ljoT52
H6DiS9bjtWnzcDq2uIc-fZjl5IN557E2pNyBh4Nnk-WDBbnn_lJY99-cWBJpJBj_QRY8zjVdK9YoQKRDJhn2whwX
NHNP-A8k42Mjn; _culture=en-us; currentNavLi=link246;
ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed%
22%3A-1%7D
Host: 192.168.1.3
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 404 Not Found
Content-Type: text/html
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Date: Tue, 07 Jun 2016 06:03:46 GMT
Content-Length: 1245
17
Application error message

Severity
Medium
Type
Validation
Reported by module Scripting (Generic_Oracle_Padding.script)
Description
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Review the source code for this script.
References
PHP Runtime Configuration
Affected items
Details
URL encoded POST input FirstName was set to S0FyZnY3SmVZ
Error message found: Internal Server Error
Request headers
POST /account/edit/endalamaw HTTP/1.1
Content-Length: 260
Content-Type: application/x-www-form-urlencoded
(line truncated)
...cnBcB0mBDXweyHq8QSx91oMDsyM-jFrIkS6l04jSNkCMTXHF-gnxV5NvJgpGeh2Xg9ZNzWcMxoh0o8wu9kqGK
pnZa9WGi8KPYlt7KlLzoSSRwp3jkQLWEIzoqEJar8jDgRaHSDtxtO6XGU_2aXFNEsvbEZMBBROmHuYrJBbwCDn-S
xc51B05xsHkshOnLMtusF-eKvP39OskgurwoWfmT2WWYhKf6ig0odnIxCxz46b6Asp4HpXiOpUhadws6_L0v-ia7
GWIkYcFCioSrrDXhOz5Xd8RiF0RkzASVeZOzgyUwn7E2qMwirbXu8h9qVMnsVosck80Q0wkN10UE6uqVAsUPSQRb
GrDZTQG2en1Gw; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=S0FyZnY3SmVZ&LastName=worku&UserName=Endalamaw&__Requ
estVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaL
eSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
Response headers
HTTP/1.1 500 Internal Server Error
Cache-Control: private, s-maxage=0
Content-Type: text/html; charset=utf-8
X-AspNetMvc-Version: 5.2
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
Date: Mon, 06 Jun 2016 21:16:23 GMT
18
Details
URL encoded POST input UserName was set to SXNCTGFobUE3
Request headers
Content-Length: 260
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=worku&UserName=SXNCTGFobUE3&__Requ
estVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaL
eSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
Response headers
Date: Mon, 06 Jun 2016 21:16:25 GMT
Details
URL encoded POST input LastName was set to cWhxWmZCaW1R
Request headers
POST /account/edit/zelalem HTTP/1.1
Content-Length: 259
(line truncated)
...5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnAVBpgUWs07VAAg57U2A-ePmNuZAEnIgAEnw
ZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayzrGCTNEXe9QDzjZDnJ4usa-RYZfscchlzB7
F39AJ4dOnwb8beVrES8-eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BBomYolVYqqy8qjhOEwEtRpsgtft6k8q_Udo
MLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1oko_ADvYHSMyfwI85Bg75Mo78OboIVY3P0mSc0k9xVMgCXfc1B-9ZjkCJa
QxH5kjh0ASBHu; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=info%40awwwce.com&FirstName=Zelalem&LastName=cWhxWmZCaW1R&UserName=zelalem&__Reque
stVerificationToken=4YYOqtabI3kC3wWcZ6AqiXvvT2lQewWko82j20pEbXIXQWP7r_k69SusTjwYWLKRVQW9
7dtHOFx_OhjyUcAOUik-6IcFeRxOwEd2OrtJvF08gkRrTffEidVNnACwkCRSSyEs_eL-cyPSgRmTx2LEUA2
Response headers
19

Date: Mon, 06 Jun 2016 15:07:27 GMT
/account/login
Details
URL encoded POST input Password was set to S0NYNWRvajhK
Request headers
POST /account/login?ReturnUrl=/ HTTP/1.1
Content-Length: 173
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=S0NYNWRvajhK&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvS
Kp1id3_Fif9J_0ntZlXEP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
Response headers
Cache-Control: private
Date: Mon, 06 Jun 2016 15:05:29 GMT
/account/usergroups/endalamaw
Details
POST (multipart) input UserName was set to RmN2c1RsckFS
Request headers
POST /account/usergroups/endalamaw HTTP/1.1
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_DWREWXOHXT
(line truncated)
...FvmPG24a-w-brBQvVb4hF5AV-MfDPO1NZ3anCIwlVZEXBONCN7eUcONo4M8M3JKcHu2zwHlwukIbuZKsHMO1W
4sXv9k3KHu8rJOPzEsvi35ECZ7RFKFBZg16PhKjeYGbARPzfvDLkOZIgSMxYvIl3QVVqVnmPbjvjFdUUWw3aNxmi
M8CXHwvc_fe1LEXLjYcr7kJR-w81P7gvXCpJBulFDNyvyt8tDdQnJAcdDf4sd8Kkn6S8LXF7v1AHMhjSHmGUJyOG
fn3_oTSyKNSbM_UDOqIsAnj54auNBphOn0QyW8jBdnag7ruZxSAfrMtCD6-xxZeQUc8J_zFnCwfdeWJorQZYRsDQ
A8_4Tc9_R8G38; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_DWREWXOHXT
Content-Disposition: form-data; name="Groups[0].GroupId"
1
20
Content-Disposition: form-data; name="Groups[0].Selected"
true
4
true
5
true
6
true
7
true
8
true
9
true
10
true
11
21
true
Content-Disposition: form-data; name="UserName"
RmN2c1RsckFS
Content-Disposition: form-data; name="__RequestVerificationToken"
5kcpYlqIXEhLtMQ3CUHxvFcy_lH2nYm14H5e-TfjTBWt92R-3-RTuUtXIhQ8RjuCBwVJ56fmdWVKzmr50VbA8Vtw
QPBgCaWefS24PKZL5ANOW3BmbgLmGpHm8iANuuR-7jymWN_ildjlN9jsa1PjTg2
-------AcunetixBoundary_DWREWXOHXT-Response headers
Date: Mon, 06 Jun 2016 23:12:41 GMT
Details
URL encoded POST input AccountName was set to
RGVPR1d0cnB6bVVMSzNVaGlEbUJuY2ZGVTljNklWRVZPTDdDQk5Y
Request headers
POST /finance/bankaccounts/edit/10 HTTP/1.1
Content-Length: 507
(line truncated)
...B3PK0n0jy6yP-3kgxKpRlkXJfIhVqvf_wSm8o-r39cF_lC_YaQ1mf9C9tcNkjoN4zp3OrY7QkPqMlYvJav9pZ
uCJ8cTRgA8X78VUEt2D8wxWEALrMZFgJy-PvCZipcD5vL3utff6Yl_gW5KBkvKXP_EK7tRRW3xl_yny11QOpLrty
uYTuUqDanVzm9VpvEebzTCf0puobKYSn-O3g0l3wp8Xli1Jws4BmUx4Ih3_G6kZak0nXnTDrUCExFGG94NxJrYHa
mXQCIi_EUzjPb3p69TItm9bC3Evv8eRi_W2f8KRp0rbneGGB7s_Hx9VI8e1MUrSosoie6Vrxbo-tFumxx3Gzyw-s
SAFULWFIPaKGC; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...Code=11140-1-00-CB0025&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-H
ead%20Office-No%20cost%20value-CBE%20Shimbiti%20branch%20Act.No.1000138176499&AccountNam
e=RGVPR1d0cnB6bVVMSzNVaGlEbUJuY2ZGVTljNklWRVZPTDdDQk5Y&AccountNumber=1000138176499&Accou
ntUse=4111111111111111&BankAccountID=10&BankAdress=Bahirdar&BankBranch=Shimbet&BankName=
CBE&Status=true&__RequestVerificationToken=RYv8AQpeT6Z3MBcwqqsvQ7sRSWl_FFKJOa5WdP-z0eLrW
cGK6NreLTLMq8y4JB_M3unm9P4nLqdDMSOrDia0VE9iMvhjk8qC5inMaFI4cbI1
Response headers
Date: Tue, 07 Jun 2016 01:33:24 GMT
22
Details
URL encoded POST input BankAdress was set to SzZWQlQ2UUE=
Request headers
Content-Length: 500
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AccountCode=11140-1-00-CB0025&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Ba
nk-Head%20Office-No%20cost%20value-CBE%20Shimbiti%20branch%20Act.No.1000138176499&Accoun
tName=CBE%20shimbet%20Branch%20Working%20Fund&AccountNumber=1000138176499&AccountUse=411
1111111111111&BankAccountID=10&BankAdress=SzZWQlQ2UUE%3d&BankBranch=Shimbet&BankName=CBE
&Status=true&__RequestVerificationToken=RYv8AQpeT6Z3MBcwqqsvQ7sRSWl_FFKJOa5WdP-z0eLrWcGK
6NreLTLMq8y4JB_M3unm9P4nLqdDMSOrDia0VE9iMvhjk8qC5inMaFI4cbI1
Response headers
Date: Tue, 07 Jun 2016 01:33:40 GMT
Details
NEc3UzNNZnJYcm9uR05mNUVYWmJ4OHNsYkt3M2VaZ2JxWkVEM1BhNWxnMjRnRDlWYXNBckdOTlJVNG9GeElE
bTFpOA==
Request headers
Content-Length: 608
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
23
Accept: */*
(line truncated)
...20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of%20Ethiopia%20WE/AM/CON/OF
FICE%20West%20amhara&AccountName=NEc3UzNNZnJYcm9uR05mNUVYWmJ4OHNsYkt3M2VaZ2JxWkVEM1BhNWx
nMjRnRDlWYXNBckdOTlJVNG9GeElEbTFpOA%3d%3d&AccountNumber=1000067107237&AccountUse=4111111
111111111&BankAccountID=11&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=
CBE&Status=true&__RequestVerificationToken=shFKwe07pO3NvIMWhIH0yRZVUMTVR-g86pVO1C_Xdhktc
yHf4lNChuFH11MGJIAy0StwTL4ufn-QYKEgbnFEj3Dt0jzp2IQ6MtS5xSX9wSU1
Response headers
Date: Tue, 07 Jun 2016 01:48:05 GMT
Details
URL encoded POST input BankAdress was set to R0FkcU5ZUW0=
Request headers
Content-Length: 585
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...0Bank-Head%20Office-No%20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of%20
Ethiopia%20WE/AM/CON/OFFICE%20West%20amhara&AccountName=Comercial%20bank%20of%20Ethiopia
%20WE/AM/CON/OFFICE%20West%20amhara&AccountNumber=1000067107237&AccountUse=4111111111111
111&BankAccountID=11&BankAdress=R0FkcU5ZUW0%3d&BankBranch=Bahirdar%20%20Branch&BankName=
Response headers
Date: Tue, 07 Jun 2016 01:48:21 GMT
24
Details
URL encoded POST input BankBranch was set to WTRPOEFYemg2aW1ibkhTaUI1R3g=
Request headers
Content-Length: 589
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...k-Head%20Office-No%20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of%20Ethi
opia%20WE/AM/CON/OFFICE%20West%20amhara&AccountName=Comercial%20bank%20of%20Ethiopia%20W
E/AM/CON/OFFICE%20West%20amhara&AccountNumber=1000067107237&AccountUse=4111111111111111&
BankAccountID=11&BankAdress=Bahirdar&BankBranch=WTRPOEFYemg2aW1ibkhTaUI1R3g%3d&BankName=
Response headers
Date: Tue, 07 Jun 2016 01:48:37 GMT
Details
dldaS09GSmZyYjdKUFJReG1LZngzbDEwa0NuU08zR0VacEFBWW9LY0lEMQ==
Request headers
Content-Length: 524
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
25
(line truncated)
...B0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%2
0cost%20value-Cash%20at%20Bank%20-%20CBE%20Equipment&AccountName=dldaS09GSmZyYjdKUFJReG1
LZngzbDEwa0NuU08zR0VacEFBWW9LY0lEMQ%3d%3d&AccountNumber=1000067107644&AccountUse=4111111
CBE&Status=true&__RequestVerificationToken=I0IHEL2KWPoXoSs1XL1pMokqHePWMJxGZRXJWNeBp2Ds8
BY1kc42SCFOYQ0EqTGHMMKzyr9_8-iLFr1p0cAG21JSQLyprh7sQ3slgRAoSDc1
Response headers
Date: Tue, 07 Jun 2016 01:43:38 GMT
Details
URL encoded POST input BankAdress was set to dkNJeHZHYU0=
Request headers
Content-Length: 509
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...de=11140-1-00-CB0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Hea
d%20Office-No%20cost%20value-Cash%20at%20Bank%20-%20CBE%20Equipment&AccountName=Equipmen
t%20Administrative%20Working%20Fund&AccountNumber=1000067107644&AccountUse=4111111111111
111&BankAccountID=12&BankAdress=dkNJeHZHYU0%3d&BankBranch=Bahirdar%20%20Branch&BankName=
Response headers
Date: Tue, 07 Jun 2016 01:43:57 GMT
Details
URL encoded POST input BankBranch was set to RnVRbE00ZGxxb3lRTHF2S1JGZjM=
26
Request headers
Content-Length: 513
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...1140-1-00-CB0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20
Office-No%20cost%20value-Cash%20at%20Bank%20-%20CBE%20Equipment&AccountName=Equipment%20
Administrative%20Working%20Fund&AccountNumber=1000067107644&AccountUse=4111111111111111&
BankAccountID=12&BankAdress=Bahirdar&BankBranch=RnVRbE00ZGxxb3lRTHF2S1JGZjM%3d&BankName=
Response headers
Date: Tue, 07 Jun 2016 01:44:07 GMT
Details
URL encoded POST input BankAdress was set to SFRxMUZCNllZ
Request headers
Content-Length: 499
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20PUB%20751%20Comb.&AccountName=CBE%20North%20
East%20branch%20(combolcha)%20Working%20Fund&AccountNumber=1000022322714&AccountUse=4111
111111111111&BankAccountID=13&BankAdress=SFRxMUZCNllZ&BankBranch=combolcha&BankName=CBE&
Status=true&__RequestVerificationToken=w9vTpqvzc4JHCA0h60XZh8eDcfPBt8PM8fR9kGuX7HWdy8Xw
27
U7oSkEl7s0foDNIa1n0-Bb9MdX2ypAriXWQNOhFWJNW57Din2adeovnlZoY1
Response headers
Date: Tue, 07 Jun 2016 01:38:59 GMT
Details
URL encoded POST input BankBranch was set to a3paOUNoOFBX
Request headers
Content-Length: 499
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20PUB%20751%20Comb.&AccountName=CBE%20North%20
East%20branch%20(combolcha)%20Working%20Fund&AccountNumber=1000022322714&AccountUse=4111
111111111111&BankAccountID=13&BankAdress=combolcha&BankBranch=a3paOUNoOFBX&BankName=CBE&
Status=true&__RequestVerificationToken=w9vTpqvzc4JHCA0h60XZh8eDcfPBt8PM8fR9kGuX7HWdy8XwU
7oSkEl7s0foDNIa1n0-Bb9MdX2ypAriXWQNOhFWJNW57Din2adeovnlZoY1
Response headers
Date: Tue, 07 Jun 2016 01:39:10 GMT
Details
URL encoded POST input __RequestVerificationToken was set to
MlpBc3RPSzltc3JycDdZOUpIS0NEMVh1TjZuMFRoVXZwVUs1MHF3SFNRcFJzeFlDME13WXJFWXBsSWt1bFI5eDhY
SFg0MWZscHZvWnV2Wms2YzN1SXg4ZllienZta0NYMlZqSEc3U2V6RTNr
Request headers
Content-Length: 491
(line truncated)
28
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20JAWIE&AccountName=Tana%20Belese%20Jawi%20Branch%20
Working%20Fund&AccountNumber=72s001000011&AccountUse=4111111111111111&BankAccountID=14&B
ankAdress=Jawi&BankBranch=Jawi&BankName=CBE&Status=true&__RequestVerificationToken=MlpBc
3RPSzltc3JycDdZOUpIS0NEMVh1TjZuMFRoVXZwVUs1MHF3SFNRcFJzeFlDME13WXJFWXBsSWt1bFI5eDhYSFg0M
WZscHZvWnV2Wms2YzN1SXg4ZllienZta0NYMlZqSEc3U2V6RTNr
Response headers
Date: Mon, 06 Jun 2016 21:08:17 GMT
Details
UlhSZ2ZUdlNnbXJnZ25pdXhvWVNrMHRuQWZXWEQwT2NSNVRGbXcxa2hoWFRjVg==
Request headers
Content-Length: 477
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20JAWIE&AccountName=UlhSZ2ZUdlNnbXJnZ25pdXhvWVNrMHRu
QWZXWEQwT2NSNVRGbXcxa2hoWFRjVg%3d%3d&AccountNumber=72s001000011&AccountUse=4111111111111
111&BankAccountID=14&BankAdress=Jawi&BankBranch=Jawi&BankName=CBE&Status=true&__RequestV
erificationToken=AhpO61V4FqntCkH0fVjelEAf0wdJVIZVEBksqVy0TWSadMWzCgWf67jvI2U0TH64MBKWMtJ
nJuMDWSyX6OkbXIAIUWib2bkbCl4Sdf0C3Ak1
Response headers
29
Date: Mon, 06 Jun 2016 21:07:51 GMT
Details
URL encoded POST input AccountNumber was set to dWFoTkEyRm1XSEpD
Request headers
Content-Length: 459
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20JAWIE&AccountName=Tana%20Belese%20Jawi%20Branch%20
Working%20Fund&AccountNumber=dWFoTkEyRm1XSEpD&AccountUse=4111111111111111&BankAccountID=
14&BankAdress=Jawi&BankBranch=Jawi&BankName=CBE&Status=true&__RequestVerificationToken=A
hpO61V4FqntCkH0fVjelEAf0wdJVIZVEBksqVy0TWSadMWzCgWf67jvI2U0TH64MBKWMtJnJuMDWSyX6OkbXIAIU
Wib2bkbCl4Sdf0C3Ak1
Response headers
Date: Mon, 06 Jun 2016 21:08:03 GMT
Details
URL encoded POST input BankAdress was set to VVZCU3V3dHdi
Request headers
Content-Length: 527
(line truncated)
...twr3VSr3Ljq2b7xef3Mot0Zd_s0KpKrUcg4MTSm2Qeaxj0HOsBOdwvu9e2EdaetEibPl2vGiMm4rLQ0r3LLFP
jhxnLrk9F6o29vqTaklFxUr_QImSozn0JtA1cj_01VOI7wm25r3KY3eI1_vVROouvLh2qopX5wy3BLjRbQy-hJ6L
v7pJ1l3uB96ddkaDjV1qe0Gnw_n4eSbVqMnDe-e2y-1OBE4Z2ZqGSZswicF3iSRKaDWZDMqgGCEiIepva_Hkgrws
VyUlak-mQoCGfY_mhG2d7hNRsabXDuirpBnWE4mL6S_OEdbEg46u6Eg_B33IDSz1VysDiEhDHgDeE7TJ-ZwCSXG7
neGpgotdyWsJD; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
30
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...19&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20co
st%20value-%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20
Branch%20(Combolcha)%20Working%20Fund&AccountNumber=2062111070072012&AccountUse=41111111
11111111&BankAccountID=15&BankAdress=VVZCU3V3dHdi&BankBranch=combolcha&BankName=Abay%20b
ank&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnm
-HkvS3QE31RA-ca6y4kncPRZTUKDs0GzhW62UI2BsOiKzWqI9ZMZ3gVQpkOqAk1
Response headers
Date: Tue, 07 Jun 2016 00:58:20 GMT
Details
URL encoded POST input BankBranch was set to TjVGS1dyZFJ3
Request headers
Content-Length: 527
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...19&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20co
st%20value-%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20
Branch%20(Combolcha)%20Working%20Fund&AccountNumber=2062111070072012&AccountUse=41111111
11111111&BankAccountID=15&BankAdress=combolcha&BankBranch=TjVGS1dyZFJ3&BankName=Abay%20b
ank&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnm
Response headers
Date: Tue, 07 Jun 2016 00:58:33 GMT
31
Details
URL encoded POST input BankName was set to T0h6T3JCNU9hajE=
Request headers
Content-Length: 531
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...ccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%2
0value-%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20Bran
ch%20(Combolcha)%20Working%20Fund&AccountNumber=2062111070072012&AccountUse=411111111111
1111&BankAccountID=15&BankAdress=combolcha&BankBranch=combolcha&BankName=T0h6T3JCNU9hajE
%3d&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnm
Response headers
Date: Tue, 07 Jun 2016 00:58:44 GMT
Details
Q3A0a3dvN25mdFlNRjhsUFA3NW5zc084TXZGbzdWMHBKQ2Y2QUxHWHA5MEJRTGQzWWNnUEpUS2tsMFZwOG
ozRUlsOE9TYVhJbA==
Request headers
Content-Length: 570
(line truncated)
...M459u83vSh3ll15h8px9ed6YnSsSQTUVEvaFeAMSKPHzgicAs0N3_3cEuQ5VoyGfnfI63BHPtmvtA_GnS4zEj
Vb23G9kkkQTYbWUlbyHY9dNV542vXzCwapDDvOVzMy0v2U02NoFxkE2cFqslIHLppw7VJ8vMPL_b5YjjWti3c2lf
Na8KndAuqz2ApC4zSfNWLsvhEru_3a7bdVHv0ENvb29o9v56H8bbWZ3qVBd4Ti8Y2Z81Mgjm_aQO5MZmKZavTg7r
Q9QZvSi_7DWOOPDlO6WjKaGcgjg-1DOgvkxEOw9ev8Vupshw8yF9srEqWqKjwFK3KsxEaOQ8_viGeejIwAvqFnzb
uh_awwEJERBep; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
32

Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...esc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY%20BANK%20WE/AM/CON/OFFIC
E&AccountName=Q3A0a3dvN25mdFlNRjhsUFA3NW5zc084TXZGbzdWMHBKQ2Y2QUxHWHA5MEJRTGQzWWNnUEpUS2
tsMFZwOGozRUlsOE9TYVhJbA%3d%3d&AccountNumber=2012111007394028&AccountUse=411111111111111
1&BankAccountID=16&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20b
ank&Status=true&__RequestVerificationToken=tVdFhHTflp5UdfE6DfPc9eQ5dfLMclXqPGj05AsfFvk1Y
oV_sGxbRx6xIxXWfpXmpGZ03lB4qnk2vMKHDHmLWqFw21VW13nzM7tJOiOd-0g1
Response headers
Date: Mon, 06 Jun 2016 18:17:24 GMT
Details
URL encoded POST input BankAdress was set to QjMzUlZoYWU=
Request headers
Content-Length: 545
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY
%20BANK%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%2
0Branch%20Working%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&Bank
AccountID=16&BankAdress=QjMzUlZoYWU%3d&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20b
Response headers
Date: Mon, 06 Jun 2016 18:17:33 GMT
33
Details
URL encoded POST input BankBranch was set to dnZ6MFRIbmNkMHMwM1VFdVZTY1c=
Request headers
Content-Length: 549
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY%20B
ANK%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%20Bra
nch%20Working%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&BankAcco
untID=16&BankAdress=Bahirdar&BankBranch=dnZ6MFRIbmNkMHMwM1VFdVZTY1c%3d&BankName=Abay%20b
Response headers
Date: Mon, 06 Jun 2016 18:17:45 GMT
Details
URL encoded POST input BankName was set to QUNiRGhSTzhUWHY=
Request headers
Content-Length: 546
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
34
(line truncated)
...111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY%
20BANK%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%20
Branch%20Working%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&BankA
ccountID=16&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=QUNiRGhSTzhUWHY
%3d&Status=true&__RequestVerificationToken=tVdFhHTflp5UdfE6DfPc9eQ5dfLMclXqPGj05AsfFvk1Y
Response headers
Date: Mon, 06 Jun 2016 18:17:53 GMT
Details
cTE2RDlqV1MzcEJkNXRtMzZCbmdBeWxkcmRLYUVOdklaSGw1WkVpdGR1eEZWdWRITmJ0WTlKM1lReWZyY1M=
Request headers
Content-Length: 573
(line truncated)
...VFTKFOM1N73Fig93JYCIMG1iVT5XfCxGp5lK_R1O9MDTAAcUuJO3xNoqMmoOu-PLIWysxuylQ6DajueMLRp5a
uYn2MyO67cPl04nIMqwhf0fzDVmZfHgxFbVXJpHvMqwL0qLW_1C8A8_lYMoVpfQepSwQlo-PskO-5euWiLGZgHXJ
GSsHWWUumFLU2ahA1WObgRS4_C1t6ee-v2C2ruwIfzSVjTdK1s8zWBIkwFq_PTyOmPH7sijAYYq-R8DUYse8Y11e
tDJ3WIozbe4ZfbbYjNkZuHusTCjFNfuGtjDIqEjYum8Gae2fbF_zFVCvEQFZQCt-Zbn5Nol-9k2zHsITQGPo-nmX
JdFaCs-2ju0Z2; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20Adeyi%20abeba
%20branch%20Act.No.1000135939858&AccountName=cTE2RDlqV1MzcEJkNXRtMzZCbmdBeWxkcmRLYUVOdkl
aSGw1WkVpdGR1eEZWdWRITmJ0WTlKM1lReWZyY1M%3d&AccountNumber=1000135939858&AccountUse=41111
11111111111&BankAccountID=17&BankAdress=Addis%20Ababa&BankBranch=Adeyi%20Ababa&BankName=
CBE&Status=true&__RequestVerificationToken=fo3vA2qramHnQudSeC2VvD-1z-Gc5OeY7IQYy8gQBaWnS
YGRyKIYDO6GtvasiW6ci2TFNLM_kuQNUZn5YUxGXTW9awLycEC8d8rYnD3b0IA1
Response headers
Date: Tue, 07 Jun 2016 00:30:10 GMT
35
Details
URL encoded POST input BankAdress was set to OGZiN1NSSmNlTVJ5eA==
Request headers
Content-Length: 560
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...1&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20
Adeyi%20abeba%20branch%20Act.No.1000135939858&AccountName=CBE%20Addis%20ababa%20Adeyi%20
abeba%20branch%20Working%20Funds&AccountNumber=1000135939858&AccountUse=4111111111111111
&BankAccountID=17&BankAdress=OGZiN1NSSmNlTVJ5eA%3d%3d&BankBranch=Adeyi%20Ababa&BankName=
Response headers
Date: Tue, 07 Jun 2016 00:30:22 GMT
Details
URL encoded POST input BankBranch was set to Vm9CbG9TeHlLbzRycA==
Request headers
Content-Length: 560
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
36
...1&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20
Adeyi%20abeba%20branch%20Act.No.1000135939858&AccountName=CBE%20Addis%20ababa%20Adeyi%20
abeba%20branch%20Working%20Funds&AccountNumber=1000135939858&AccountUse=4111111111111111
&BankAccountID=17&BankAdress=Addis%20Ababa&BankBranch=Vm9CbG9TeHlLbzRycA%3d%3d&BankName=
Response headers
Date: Tue, 07 Jun 2016 00:30:30 GMT
Details
dWVvV2R6TzlXRm9RbWUzZUZBRzl3aVBibW5TTGR0QldXbnQyb2VmYmVWbDYwUUpjMmFrQ1cxR1l5Y0NPQ3hXZ2
hrVExBMDlCbVRodA==
Request headers
Content-Length: 588
(line truncated)
...-3qXSD0Q_VHN-nxXMePCuntZqQl2b64Y5BlVpGRTYkIJJPfgmJ7v-Y-aQvG8NMZHxJghToB5YokDwLy0-elBY
tY9XJ8Wny6hqzyw2Lc9462pZurtU1sK9mhzbsLwn1ONBbuIglmq-syXvDrhisQuczj5NR1zY6UbHDShTfQNVEWEV
T6wgtDS3SxsdX0LnjH9EP17BFyEHocfJFQ9FfoFJfCvYfr1MIK7qyOP8TkXwWLoLyjIFenifgqUEM-IZ0YkQp83I
V66-iLaklavyzeO0fOYkPFe17RyYhfpagOlhBFWKuD2QQxHw925garPcvrJbh4OCLNBnb6qIKxSFgcRT09bdhvyr
eTl7JNhTyysYX; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...nk-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%20Expenditure%20Act.No.1000
092795218&AccountName=dWVvV2R6TzlXRm9RbWUzZUZBRzl3aVBibW5TTGR0QldXbnQyb2VmYmVWbDYwUUpjMm
FrQ1cxR1l5Y0NPQ3hXZ2hrVExBMDlCbVRodA%3d%3d&AccountNumber=1000092795218&AccountUse=411111
CBE&Status=true&__RequestVerificationToken=l_KdTDXdUdnfPR_ekuVMn8b32M2k_dqUlF6soSpJ9slqd
pgrmO7gbn5ixJYn93xI78MJGALVy_ulniw2I6BE1_5l7S4zpLjdtwZlgC6iHEw1
Response headers
Date: Tue, 07 Jun 2016 01:27:49 GMT
37
Details
URL encoded POST input BankAdress was set to Z08wdWFmdEU=
Request headers
Content-Length: 562
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%2
0Expenditure%20Act.No.1000092795218&AccountName=Working%20%20Fund%20bank%20account%20%5b
%20Yewechi%20Hisab%20Mankesakesha%5d&AccountNumber=1000092795218&AccountUse=411111111111
1111&BankAccountID=6&BankAdress=Z08wdWFmdEU%3d&BankBranch=Bahirdar%20%20Branch&BankName=
Response headers
Date: Tue, 07 Jun 2016 01:28:06 GMT
Details
URL encoded POST input BankBranch was set to cHV3SFd2bjlMaGZCN2xMM2dYYjE=
Request headers
Content-Length: 566
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
38
...untDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%20Exp
enditure%20Act.No.1000092795218&AccountName=Working%20%20Fund%20bank%20account%20%5b%20Y
ewechi%20Hisab%20Mankesakesha%5d&AccountNumber=1000092795218&AccountUse=4111111111111111
&BankAccountID=6&BankAdress=Bahirdar&BankBranch=cHV3SFd2bjlMaGZCN2xMM2dYYjE%3d&BankName=
Response headers
Date: Tue, 07 Jun 2016 01:28:14 GMT
Details
URL encoded POST input AccountName was set to YVJsN25lV1hscXMzWTBtZWFXczRUV2g2dGFBZg==
Request headers
Content-Length: 534
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...untControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20va
lue-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=YVJsN25lV1hsc
XMzWTBtZWFXczRUV2g2dGFBZg%3d%3d&AccountNumber=2012111000109021&AccountUse=41111111111111
11&BankAccountID=7&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20B
ank&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrK
HSMoKiMj70n3WF7izYNa_RZrI6B7jA7zcoDuVq252NFcav-fmGDaBCk8AjQUIY1
Response headers
Date: Tue, 07 Jun 2016 01:10:04 GMT
Details
URL encoded POST input BankAdress was set to eHhub2FaaFc=
Request headers
39

Content-Length: 524
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...B0009&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%2
0cost%20value-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=Aba
y%20Bank%20working%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&Ban
kAccountID=7&BankAdress=eHhub2FaaFc%3d&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20B
ank&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrK
Response headers
Date: Tue, 07 Jun 2016 01:10:19 GMT
Details
URL encoded POST input BankBranch was set to aXZ1V2hkZDR5a1Vqb051dHFsOEQ=
Request headers
Content-Length: 528
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...9&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cos
t%20value-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=Abay%20
Bank%20working%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&BankAcc
ountID=7&BankAdress=Bahirdar&BankBranch=aXZ1V2hkZDR5a1Vqb051dHFsOEQ%3d&BankName=Abay%20B
ank&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIr
40
KHSMoKiMj70n3WF7izYNa_RZrI6B7jA7zcoDuVq252NFcav-fmGDaBCk8AjQUIY1
Response headers
Date: Tue, 07 Jun 2016 01:10:26 GMT
Details
URL encoded POST input BankName was set to cnU3UWhyWU9BU0Q=
Request headers
Content-Length: 525
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...0009&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20
cost%20value-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=Abay
%20Bank%20working%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&Bank
AccountID=7&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=cnU3UWhyWU9BU0Q
%3d&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrK
Response headers
Date: Tue, 07 Jun 2016 01:10:50 GMT
Details
UEdTNG1UTWpocFlWR2tIUmttUGtFYnU0eXNPSW40MnJkRkZBOW10ZHJRM1dPdllHaWU=
Request headers
Content-Length: 556
(line truncated)
41
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...11111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%20bank%20A
/A%20Main%20br.Act.No.1022111000109012&AccountName=UEdTNG1UTWpocFlWR2tIUmttUGtFYnU0eXNPS
W40MnJkRkZBOW10ZHJRM1dPdllHaWU%3d&AccountNumber=1022111000109012&AccountUse=411111111111
1111&BankAccountID=8&BankAdress=Addis%20Ababa&BankBranch=Addis%20Ababa&BankName=Abay%20b
ank&Status=true&__RequestVerificationToken=l3JU9kWYJKu6EpPVCjdrdzrny4_c4LxD8nrKOLEVpWj_3
ptYouSlmtBJczM9lWn2_9sPfTFtp51xIRDBmgV9TR01p_RwjnOrX7Dtls-shFA1
Response headers
Date: Tue, 07 Jun 2016 01:22:10 GMT
Details
URL encoded POST input BankAdress was set to UkRDOUc1clZLSFlXOA==
Request headers
Content-Length: 547
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...11111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%2
0bank%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20Offi
ce%20%20working%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&BankAc
countID=8&BankAdress=UkRDOUc1clZLSFlXOA%3d%3d&BankBranch=Addis%20Ababa&BankName=Abay%20b
Response headers
42

Date: Tue, 07 Jun 2016 01:22:22 GMT
Details
URL encoded POST input BankBranch was set to eUZKSHlTcFhRS1c4NQ==
Request headers
Content-Length: 547
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...11111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%2
0bank%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20Offi
ce%20%20working%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&BankAc
countID=8&BankAdress=Addis%20Ababa&BankBranch=eUZKSHlTcFhRS1c4NQ%3d%3d&BankName=Abay%20b
Response headers
Date: Tue, 07 Jun 2016 01:22:45 GMT
Details
URL encoded POST input BankName was set to ckVGbU1CUHE5QVU=
Request headers
Content-Length: 543
(line truncated)
43
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...l=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Ab
ay%20bank%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20
Office%20%20working%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&Ba
nkAccountID=8&BankAdress=Addis%20Ababa&BankBranch=Addis%20Ababa&BankName=ckVGbU1CUHE5QVU
%3d&Status=true&__RequestVerificationToken=l3JU9kWYJKu6EpPVCjdrdzrny4_c4LxD8nrKOLEVpWj_3
Response headers
Date: Tue, 07 Jun 2016 01:23:02 GMT
Details
URL encoded POST input AccountName was set to emNaTHVxSHR3U05Ed3IyTlRXSDBtM2RSMk8wM2dz
Request headers
Content-Length: 500
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub%202977&AccountName=e
mNaTHVxSHR3U05Ed3IyTlRXSDBtM2RSMk8wM2dz&AccountNumber=1000012876177&AccountUse=411111111
1111111&BankAccountID=9&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=CBE
&Status=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21OEnWTKhaUj_
e9rESH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
Response headers
44
Date: Tue, 07 Jun 2016 01:15:46 GMT

Details
URL encoded POST input BankAdress was set to MzZKcm1DUHM=
Request headers
Content-Length: 496
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub%202977&AccountName=R
evenue%20and%20Working%20fund&AccountNumber=1000012876177&AccountUse=4111111111111111&Ba
nkAccountID=9&BankAdress=MzZKcm1DUHM%3d&BankBranch=Bahirdar%20%20Branch&BankName=CBE&Sta
tus=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21OEnWTKhaUj_e9rE
SH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
Response headers
Date: Tue, 07 Jun 2016 01:16:14 GMT
Details
URL encoded POST input BankBranch was set to ZVZ2Qzg4Rk01N3JGRUNWc1dLWkE=
Request headers
Content-Length: 500
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
45
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub%202977&AccountName=R
evenue%20and%20Working%20fund&AccountNumber=1000012876177&AccountUse=4111111111111111&Ba
nkAccountID=9&BankAdress=Bahirdar&BankBranch=ZVZ2Qzg4Rk01N3JGRUNWc1dLWkE%3d&BankName=CBE
&Status=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21OEnWTKhaUj_
e9rESH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
Response headers
Date: Tue, 07 Jun 2016 01:16:28 GMT
Details
URL encoded POST input DisciplinayMeasureRank was set to NmhPT1ZpWWtySnNaSUJQbWRCaEZtdkM1dFdM
Request headers
POST /hr/disciplinaymeasureranks/edit/2 HTTP/1.1
Content-Length: 274
(line truncated)
...ZUE5WbAMAfPp8ge9nZRHawRIWHDYsTYEhKV8rsaTRJyA25JcixKeag7oHcs0mJ1oj3_ZeWOXUE32mZZZDGfLR
dJ2ctP97FPEVUTeD3Zx_2orZJ-7PcgQSE1JBN8edH_uAHqn1lJ81RXKtUuvKSt0lE6Z7G34rN98-43W1ed9LGkXi
R3nhXtqS9orr2ncCFm54SFvx22n4VaPnsVtDPV7EULu0OUNk5_6MEvV7ZahWWyHvyhi3QNWTA3vB-vhqDqpWGxSi
unVAlFthYfWqT1WRfQC7ZnKEgX0oZ-AwZAfKhLc8Hu40zlV6CheuCc11yM2wR174alIX_L-HqnQCvb8ciKNwuGbv
N7tGpFctOODIG; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:11:51%20PM&DisciplinayMeasureRank=NmhPT1ZpWWtySn
NaSUJQbWRCaEZtdkM1dFdM&DisciplinayMeasureRanksID=2&__RequestVerificationToken=0ZDr5Y-yDR
zQmQWez_pEon7EeRC1N08k1VEqWfK47jxRtCSzo5r7DTImVoOAkk3dlLSJ7fYeEIipwC3d5lRAcYTcyeZGocLaWO
Hx6LfHn7g1
Response headers
Date: Mon, 06 Jun 2016 20:59:29 GMT
Details
URL encoded POST input DisciplinayMeasureRank was set to SFdUVEo5Y3ZpTkJEd1hiQzBYQnQ5c3BoZG1W
Request headers
POST /hr/disciplinaymeasureranks/edit/3 HTTP/1.1
46
Content-Length: 274
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:12:12%20PM&DisciplinayMeasureRank=SFdUVEo5Y3ZpTk
JEd1hiQzBYQnQ5c3BoZG1W&DisciplinayMeasureRanksID=3&__RequestVerificationToken=iPJOsoRPU9
nyzoGjozqIcvxU5NU6l3EV8bkU8RpkyBR6ZfvTQv9KZhoIuR4AIcHY_qn83XKt6b-xWfnSI07quqgL_5lxLeyhuz
qnGoMgvx81
Response headers
Date: Mon, 06 Jun 2016 18:09:45 GMT
Details
URL encoded POST input Measure was set to
UFNTMkFoRmJhc0RGaHljSmhjV241S2RJbzlxWFhKeFF3Z0xGZkFkbGFWbTI2dXJReVVpOHJiM3lDVXZSaGRITjYwSl
Q5MnNkMGx0eU10Y3BFTUwzcm91bFY1Z3J6VVZINWZKc0lEVDBnRE9pWmRSZ001Wlh1TUI5M3V0MExxVm56ZTls
V0FVWXZrVVYwdXpjREhLaVZEVVhiQ2Rq
Request headers
POST /hr/disciplinaymeasuretypes/edit/10 HTTP/1.1
Content-Length: 552
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...isciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=10&ExpireYear=3.00&Measure=UFNTM
kFoRmJhc0RGaHljSmhjV241S2RJbzlxWFhKeFF3Z0xGZkFkbGFWbTI2dXJReVVpOHJiM3lDVXZSaGRITjYwSlQ5M
nNkMGx0eU10Y3BFTUwzcm91bFY1Z3J6VVZINWZKc0lEVDBnRE9pWmRSZ001Wlh1TUI5M3V0MExxVm56ZTlsV0FVW
XZrVVYwdXpjREhLaVZEVVhiQ2Rq&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=
C5Q-RFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEj
VMFy5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
47
Response headers
Date: Tue, 07 Jun 2016 01:06:57 GMT
Details
SEtjb3VjbVhVN2RyZkw5dmVFekxiV3cwY1BGcW5FMnN2NnlUWXpoTmloaTRaTmpVYjNpQ0F2N1ZmTTAyU0w4MlFE
ODNpQUV0MDdWT2dWSWRGSEZJN0hVM3RkVzZCa3FQd0lmQTJCN1h5RWNlVkFVZ1RJMzBpcWNET2E3SXBtUD
llM1dS
Request headers
Content-Length: 520
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...tedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=
11&ExpireYear=0.00&Measure=SEtjb3VjbVhVN2RyZkw5dmVFekxiV3cwY1BGcW5FMnN2NnlUWXpoTmloaTRaT
mpVYjNpQ0F2N1ZmTTAyU0w4MlFEODNpQUV0MDdWT2dWSWRGSEZJN0hVM3RkVzZCa3FQd0lmQTJCN1h5RWNlVkFVZ
1RJMzBpcWNET2E3SXBtUDllM1dS&PercentageEffectOnPromotion=9.00&__RequestVerificationToken=
XPo4JqV7wpdXHlY2E0-0t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSe
nw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Response headers
Date: Mon, 06 Jun 2016 21:22:49 GMT
Details
ZlZ6MGpUTGw1ZVg4OWxTN25ZNTE2Z0xUNkNmSFlzb1B0d2h5UXo1dGk2YmZvYU1QWml4QkZRMTE2bkJPeXpQN
2Fod2FOTUM4N3Vyb01QQ3ZvQjR6c0VxNDhzOGpUMUZzOWViRHU4Z0wxYTVZdFlxbFJQMElqWlFMOENrVUd3VFB
VSlRoYzlBYUJnV2xFNkdrdFBIUm5Ddm05Y2ZsTFhPNzNpRktNWnc4SnFrSDAzYU42bUZBSURFVTk1eGVSUVQ3b1Z
WdEh3dlVFbWp2Yjk1clhpQmtrMm9vQmMy
48
Request headers
Content-Length: 637
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...GpUTGw1ZVg4OWxTN25ZNTE2Z0xUNkNmSFlzb1B0d2h5UXo1dGk2YmZvYU1QWml4QkZRMTE2bkJPeXpQN2Fod2
FOTUM4N3Vyb01QQ3ZvQjR6c0VxNDhzOGpUMUZzOWViRHU4Z0wxYTVZdFlxbFJQMElqWlFMOENrVUd3VFBVSlRoYz
lBYUJnV2xFNkdrdFBIUm5Ddm05Y2ZsTFhPNzNpRktNWnc4SnFrSDAzYU42bUZBSURFVTk1eGVSUVQ3b1ZWdEh3dl
VFbWp2Yjk1clhpQmtrMm9vQmMy&PercentageEffectOnPromotion=10.00&__RequestVerificationToken=
VGp-WRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkYNetKhWQwI8sRBdZ-HY
IdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Response headers
Date: Tue, 07 Jun 2016 00:53:38 GMT
Details
cU9rM2xIMHNycnA5VDlrNG9YU05zTWcxaVhIcTd5QUlpVGlyNUtzVlF4OHNtRXZidzZOdllERXVxMVZaSHdDaXNXelo3
WHFKVWk0eUg3MGZBcVduVkc0amQya0xQZ3Q4b0YyeVhrNmNhM01ZUk5kdVJxS0xIZWhFcGhQWlhsdU1RZGZTR3
J0
Request headers
Content-Length: 523
(line truncated)
...lg_W4JZUZLzFcZ16WR4m2WqXMTcN_bT4OKJRROQLdc4IhjGMku4kEZkTCyWmgfq7UnaM3s0TNT2n1WyIGz9rW
LUel-3jOAJo4kifE9gh3sYw97zF0LcxBgK3eOVWqys5NnaR0495W2zh3lSrDMS16cGJxR3VIbiOqXOqyq-tJTf9h
iRt7gpfomAvLLP0u_WoyVDyrpPIS0hEIwLs1_tGq9qYcTLtokWrLUSGW0jjvsPBLdWtdUlZ2eVXoSV81FBLJdPXq
n1WEivbQKSlT4Q-36uvnJn2fJJ3Dx8uPcdI0GeefZD8oCrKtU1yhNmfBmL0aeqEosUMW6fLQo4lZ9KCiYACy3oVg
yPEkzbLNgBmcc; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...On=3/15/2016%204:14:46%20PM&DisciplinayMeasureRanksID=2&DisciplinayMeasureTypesID=8&
49
ExpireYear=1.00&Measure=cU9rM2xIMHNycnA5VDlrNG9YU05zTWcxaVhIcTd5QUlpVGlyNUtzVlF4OHNtRXZi
dzZOdllERXVxMVZaSHdDaXNXelo3WHFKVWk0eUg3MGZBcVduVkc0amQya0xQZ3Q4b0YyeVhrNmNhM01ZUk5kdVJx
S0xIZWhFcGhQWlhsdU1RZGZTR3J0&PercentageEffectOnPromotion=4.00&__RequestVerificationToken
=NLi1kWgdukA_IocakBMzSqmpMsAqECg1vYmVrTCWzM5TqbPCJG4_ZTZGKNDuZ_OzVgA6_5slWMY3WPqnbLpPqTh
7dHXMtgSLi34RUT6NsZtQqABdKQJTKv2p6HjGzSKAfhJMOW7dO9sq6-3DB8UX5A2
Response headers
Date: Mon, 06 Jun 2016 19:25:02 GMT
Details
YXJNRGkwMFJqdEtHRDR3OFJSSVpxUW5oN0ltS3hEVTRTNEt2ZXh5cndzQWpFNnlVeUJKSFpjbzdvZnk5Q2dvcU9B
NUpGS2xtdWdUNkVIeFFHTzFqZGxGa0VwT01EUmZtVzJybEdLRXJmcGNUYnQ1RGU2SGJONXpQTEJwOGpWMjdz
SWZvQWZtYWc0RmJ1Q2NYTzJta3RHVnBkTExGZ3V4VVVMTjU4WVFOc1FPcndWc1RrbDE4d1pxYnpFTUJDaVp0S
ExmTzFqbFhkQk5IaDZKVHNZTnV6amNGbTJjMWR5NWpCRDJoUlV3SG91cVZMS05PdlMxSUUy
Request headers
Content-Length: 671
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...VTRTNEt2ZXh5cndzQWpFNnlVeUJKSFpjbzdvZnk5Q2dvcU9BNUpGS2xtdWdUNkVIeFFHTzFqZGxGa0VwT01EU
mZtVzJybEdLRXJmcGNUYnQ1RGU2SGJONXpQTEJwOGpWMjdzSWZvQWZtYWc0RmJ1Q2NYTzJta3RHVnBkTExGZ3V4V
VVMTjU4WVFOc1FPcndWc1RrbDE4d1pxYnpFTUJDaVp0SExmTzFqbFhkQk5IaDZKVHNZTnV6amNGbTJjMWR5NWpCR
DJoUlV3SG91cVZMS05PdlMxSUUy&PercentageEffectOnPromotion=6.00&__RequestVerificationToken=
IMvtHO2YPqfFxw_3DKuLdurXdBD0oKY-i2kBdSdSnvuOdwIGteyjj9uaGiRjdy80OEicUxQcj202sQDtawmnzKMQ
Jxci5622aprMl5ldBnTpTyBJAbjQ49h17TP-XwEKpnJU-IPJeWV5ql0j7mpQNw2
Response headers
Date: Mon, 06 Jun 2016 15:10:25 GMT
50
Details
ZmFYM0FNYnFJTzIwckw2bnB4VXdOb0s1S0RBZ0I4MVlCR0Q0OGRldGxEZU13ZGdFM3RVS01ZSEIxdExxRzY2Um5
QRDNTWmQ0Z09iOEw1akR6WTNYUzBTT2VYcXVlTkVUZTk5UkhNUzNLZU12
Request headers
POST /hr/empbscappraisalperiods/edit/1 HTTP/1.1
Content-Length: 357
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=2007%20DECEMBER&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayFrom=17
&DayTo=17&EmpBSCAppraisalPeriodID=1&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&Ye
arTo=1967&__RequestVerificationToken=ZmFYM0FNYnFJTzIwckw2bnB4VXdOb0s1S0RBZ0I4MVlCR0Q0OGR
ldGxEZU13ZGdFM3RVS01ZSEIxdExxRzY2Um5QRDNTWmQ0Z09iOEw1akR6WTNYUzBTT2VYcXVlTkVUZTk5UkhNUzN
LZU12
Response headers
Date: Tue, 07 Jun 2016 01:03:45 GMT
Details
URL encoded POST input AppraisalPeriod was set to dndSTGY4S3RDRklHSmd3
Request headers
Content-Length: 326
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=dndSTGY4S3RDRklHSmd3&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayF
51
rom=17&DayTo=17&EmpBSCAppraisalPeriodID=1&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1
967&YearTo=1967&__RequestVerificationToken=b87XbMphJ3m7DXJsiRQmBmiv2FQxeaGgKGg7C0L4DdeAN
ozG4rtxvZEE8AlzRgCM6Hmagnz8VQQg5si47UduMo2WPddpilly5wWapbYPaEw1
Response headers
Date: Tue, 07 Jun 2016 01:03:30 GMT
Details
URL encoded POST input AppraisalPeriod was set to b2ZYN2JCaGhqSWg=
Request headers
Content-Length: 324
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=b2ZYN2JCaGhqSWg%3d&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayFrom
=17&DayTo=17&EmpBSCAppraisalPeriodID=2&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967
&YearTo=1967&__RequestVerificationToken=GVVD3vTAEs8jB1QBmC0SubdqaPGi-tl8yMEa-QzV1Xv8Ww1t
t_Bu9HHRl_5GBY-jRSd9fdZPa4Tc_reU5huBniTS-WppUjPo7oafUzKQGE81
Response headers
Date: Mon, 06 Jun 2016 19:22:36 GMT
Details
URL encoded POST input AppraisalPeriod was set to
TUdqd0dJSU5zWmt2UU1ZWjJTTk9FcXlmZWVLNGdQUmpoSzQ4eTREZlZMNmtVM3k4eTg1bTE0WFBOeG9VUkhUU
Ucwd0dWbGFxb29aWjVZMjhQTmRrakpTbmNuMjJVT2piT1BrYjJk
Request headers
Content-Length: 448
(line truncated)
52
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=TUdqd0dJSU5zWmt2UU1ZWjJTTk9FcXlmZWVLNGdQUmpoSzQ4eTREZlZMNmtVM3k4eTg1bTE0
WFBOeG9VUkhUUUcwd0dWbGFxb29aWjVZMjhQTmRrakpTbmNuMjJVT2piT1BrYjJk&CreatedBy=sirgut&Create
dOn=5/23/2016%205:15:56%20PM&DayFrom=17&DayTo=17&EmpBSCAppraisalPeriodID=4&IsClosed=true
&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationToken=Mm8DX2wjJNy_
ShNSgKK21jGIPg7I0je8bUFSeanoJ6KFetFZUZVzFk-9XKaw-DNAA_sfesm95OVekUiAJTY1bB-wC7mgJSVntU37
a5EpN_M1
Response headers
Date: Tue, 07 Jun 2016 00:50:51 GMT
Details
d1Bla0I4bVdpbW1QaWphUmhqR1pQdzBVRUlCRWNQdTJsOERzdEkybENjQ3BLdU9PZldpdEd1TVFjTE9zQjVrQTQ3
MUYzb1VWUG1XdG9zSjBKNmZxTXg2dzZHZkJpbEFRSHRiclhXRmFZZlZtMEVObnljU2Z1T1gxWm1PTTZFQUNDYm
ZsTWRNZGZtY0NNWDRWSmxnZjl0eVJo
Request headers
Content-Length: 516
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...d1Bla0I4bVdpbW1QaWphUmhqR1pQdzBVRUlCRWNQdTJsOERzdEkybENjQ3BLdU9PZldpdEd1TVFjTE9zQjVrQ
TQ3MUYzb1VWUG1XdG9zSjBKNmZxTXg2dzZHZkJpbEFRSHRiclhXRmFZZlZtMEVObnljU2Z1T1gxWm1PTTZFQUNDY
mZsTWRNZGZtY0NNWDRWSmxnZjl0eVJo&CreatedBy=sirgut&CreatedOn=5/23/2016%205:17:18%20PM&DayF
967&YearTo=1967&__RequestVerificationToken=9ElV1skTkWCgQ0wZ8D1HDRq2A7BKSqHDEIhPijLArB4R1
NLJBWmoSqfpcuSgZIkOF1c9p-WfO4csplMWb0ZzYAI-FGI4dJdECQRcWhtUWbU1
53
Response headers
Date: Mon, 06 Jun 2016 21:20:35 GMT
Details
dDJmdDJtd3g3ekRZRkVNemxMbzBLeW5LbGttbk5YNjkwYnhud05HT0lZbWVkS240ck9DS3FjZmEwaE5wd1BJQjVxRm
xiMThNemt1QmNYSlBjMmVKeDluMnd2N1Y0dWR6RlN3OWNCdG5pWk9jVFpLV01Sb1B2TzRiOGJvQlJwdG9hWU0zV
VZWOWF1V2lta1V1VzhFc3RHN2xr
Request headers
Content-Length: 515
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...=dDJmdDJtd3g3ekRZRkVNemxMbzBLeW5LbGttbk5YNjkwYnhud05HT0lZbWVkS240ck9DS3FjZmEwaE5wd1BJ
QjVxRmxiMThNemt1QmNYSlBjMmVKeDluMnd2N1Y0dWR6RlN3OWNCdG5pWk9jVFpLV01Sb1B2TzRiOGJvQlJwdG9h
WU0zVVZWOWF1V2lta1V1VzhFc3RHN2xr&CreatedBy=remrm&CreatedOn=5/26/2016%202:54:20%20PM&DayF
967&YearTo=1967&__RequestVerificationToken=6LemxGfUXSUerV-dhZNeqai8WUsMHpW9HXXY5t9XS8Tiz
sHq_sA7DEsZ92r_yzcJwEeAo6yTNFvyTvXgtAq7Rlm7XCXWqd2hd-MA982_-NU1
Response headers
Date: Mon, 06 Jun 2016 15:08:48 GMT
54
Error message on page

Severity
Medium
Type
Validation
Reported by module Scripting (Text_Search_File.script)
Description
Impact
Recommendation
References
Affected items
Details
Pattern found: Internal Server Error
Request headers
GET /finance/json/description HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/bankaccounts/edit/16
Acunetix-Aspect-Password: *****
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 15:04:02 GMT
/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
55
Details
Request headers
GET /fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory
Cookie:
__RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uE
LYgh-lz-hQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:52 GMT
Details
Request headers
GET
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:53 GMT
/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
56
Details
Request headers
GET /fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:52 GMT
/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Details
Request headers
GET /fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:51 GMT
/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
57
Details
Request headers
GET /fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:51 GMT
Details
Request headers
GET /fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:50 GMT
/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
Details
58
Request headers
GET /fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:51 GMT
/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Details
Request headers
GET /fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:52 GMT
/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Details
Request headers
GET /fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
59
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:52 GMT
Details
Request headers
GET /fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:50 GMT
Details
Request headers
Pragma: no-cache
60
(line truncated)
...UISHYb75Myuir1JzwsC0FNA9nM7TBOL8DKPCwlySYeLOgcxJ-uYkTktkPKFhAh4lOppFWGZpMQ5S9OE-KF8x5
zdY-A9dOkPP4NmkX071rFmHJATnasgOGDugGN5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnA
VBpgUWs07VAAg57U2A-ePmNuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayz
rGCTNEXe9QDzjZDnJ4usa-RYZfscchlzB7F39AJ4dOnwb8beVrES8-eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BB
omYolVYqqy8qjhOEwEtRpsgtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1oko_ADvYHSMyfwI85Bg75Mo7
8OboIVY3P0mSc0k9xVMgCXfc1B-9ZjkCJaQxH5kjh0ASBHu; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 15:00:05 GMT
/procurement/reportprocurement
Details
Request headers
GET /procurement/reportprocurement HTTP/1.1
Pragma: no-cache
(line truncated)
...a9ypgKQo4IresNGJH8_NRq5DiOP6Y2m0iecgt7NNnDylKHT5lRR2DVFqh0m54hGM42pc9D6jtqf6weLnqyI1F
MOC8-ah4KDIlxepuRhlSRKtGCkCyEY9yCpwdjJHsMAc4OyDw_KHB1Oafa_HTDW_reknckNNMEJDM1jv25SeOaqIG
lDrfsB-9APFBAe_oaYr6X9gCgenPqWwsWFCpqbczhPQvN_4Q62s33235rE9Z1dS_FEd_cTjmyCiVfqxLbhsknhbN
m-5sMfEWq7ch-z_sh2zHcKGWBAkmZvpV-oOlc_RJu3vxFauBfPDIe6ZDCdRsr1XeCJYJOVcoXFDkqprTihRJVUjY
Zz4U6J48ONLzDUMM-FCRr1qO39a8QQQG6FupR97RmNacgEkCW6Ez5c8kA3lDBOcfIF57aEgfbToZQTlEuoQCBtZg
FD3uri91RhvgQGcpjmXnPnAX48B7YLISvvBhQT8K7gzbUXh; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:45 GMT
/procurement/reportprocurement/getlotdetails
61
Details
Request headers
GET /procurement/reportprocurement/getlotdetails HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 15:00:10 GMT
/upload
Details
Request headers
GET /upload HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
...p1B6fl3w1HuKBWpmtDDauU0_weIIyOCvMwqpQLC_8QjvuJVTUCXh5aG1-ajaVaMA7-gNWy5cJzSbJopRnbTTQ
3GZqyhzGZBza-oQDQawNvYSU-jLVbpS68bJwg5LzoOD0jQmyHeeF1-sJGpi1biByeNwOsiAyVspyZK6WbEahtbm8
_EComER7Ju_YO5clRIBbWTBOJhtbFpK9wyRrRbi3kDUCuqyw33D0Fszlp0lt31LfRng3L7YdnyxZglTpU7ljoT52
H6DiS9bjtWnzcDq2uIc-fZjl5IN557E2pNyBh4Nnk-WDBbnn_lJY99-cWBJpJBj_QRY8zjVdK9YoQKRDJhn2whwX
NHNP-A8k42Mjn; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
62
Date: Tue, 07 Jun 2016 06:05:49 GMT
63
HTML form without CSRF protection

Severity
Medium
Type
Informational
Reported by module Crawler
Description
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a
type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website
trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
Impact
An attacker may force the users of a web application to execute actions of the attacker''s choosing. A successful CSRF
exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator
account, this can compromise the entire web application.
Recommendation
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
Affected items
/
Details
Form name: <empty>
Form action: http://192.168.1.3/home/setculture
Form method: POST
Form inputs:
- culture [Radio]
Request headers
GET / HTTP/1.1
Referer: http://192.168.1.3/Account/Login?ReturnUrl=/
(line truncated)
...oDOFcOoz3AqF1-FalpZl_SWT3FLPPFZnoSbp18e1eYm1KELqI461aOEgqSW6dGrMxiPzyXvsJTCYRPmcK8UVa
DLK9eY6ahO3BxsGKaSFM8xhBx5rkacvc_Q9QTBR7w9Zk-VKXHuUesCpxmp4JUxJiru9csM3VTSLnOfpqvFzuKapU
4p6wFA2rhu3vCxLOfbXRG7TpAA4HfRsl1lY5N6FYVtiGxufwAdQzR1Na9waQPHyCJ0vB-K1ztjbD8Mr5hMCQZYGs
VCO6m0Kj7gJlcpi7PcRTIimTgtPY10gCXI-4mVvnG6G77BMrygTpTY6k1QsbDLfJxNrHa3VLCK1zIIkqKB09is5Q
myIBBDRS9lLKZ9cs-w5Rz1cXsW4YCd4FhDbqy2wThl2u70vvPsCm_CCMrip0WHswFbpNS437EcivGC8ST1qhMZhY
qvgpbyzQFOVR2O74ktxWQ0ij_U4Hpb0znFvV8aKDQgDv3FKMNCv6WROL-age7fl
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Host: 192.168.1.3
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:57:39 GMT
64
/account
Details
Form name: <empty>
Form action: http://192.168.1.3/account
Form method: POST
Form inputs:
- SearchString [Text]
Request headers
GET /account HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:22 GMT
/account
Details
Form name: <empty>
Form action: http://192.168.1.3/account
Form method: POST
Form inputs:
- SearchString [Text]
Request headers
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
VCO6m0Kj7gJlcpi7PcRTIimTgtPY10gCXI-4mVvnG6G77BMrygTpTY6k1QsbDLfJxNrHa3VLCK1zIIkqKB09is5
65
QmyIBBDRS9lLKZ9cs-w5Rz1cXsW4YCd4FhDbqy2wThl2u70vvPsCm_CCMrip0WHswFbpNS437EcivGC8ST1qhMZh
YqvgpbyzQFOVR2O74ktxWQ0ij_U4Hpb0znFvV8aKDQgDv3FKMNCv6WROL-age7fl
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:22 GMT
/finance/accountstransactions
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/accountstransactions
Form method: POST
Form inputs:
- CategoryNames [Select]
- Period [Select]
- Source [Text]
- JournalReferences [Text]
- EffectiveDates [Text]
Request headers
GET /finance/accountstransactions HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:27 GMT
/finance/budgetagainstpreviousyear
66
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/budgetagainstpreviousyear
Form method: POST
Form inputs:
- period [Select]
Request headers
GET /finance/budgetagainstpreviousyear HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:26 GMT
/finance/budgetallocationandusage
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/budgetallocationandusage
Form method: POST
Form inputs:
- BudgetYear [Select]
- BudgetMonth [Select]
Request headers
GET /finance/budgetallocationandusage HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
67
Date: Mon, 06 Jun 2016 14:59:25 GMT
/finance/json/fromaccountcode
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/json/fromaccountcode
Form method: POST
Form inputs:
- Accounts [Select]
- Location [Select]
- CostCenter [Select]
- SubAccount [Select]
Request headers
GET /finance/json/fromaccountcode HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:04:02 GMT
/finance/reportfinance/accountanalysis
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/accountanalysis
Form method: POST
Form inputs:
- Category [Select]
- dt1 [Text]
- dt2 [Text]
68
Request headers
GET /finance/reportfinance/accountanalysis HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:27 GMT
/finance/reportfinance/accountanalysisbysegment
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
Form method: POST
Form inputs:
- acctFrom [Text]
- acctTo [Text]
- dt1 [Text]
- dt2 [Text]
Request headers
GET /finance/reportfinance/accountanalysisbysegment HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
69
Date: Mon, 06 Jun 2016 14:59:41 GMT
/finance/reportfinance/aragingbyinvoice
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/aragingbyinvoice
Form method: POST
Form inputs:
- agetype [Select]
Request headers
GET /finance/reportfinance/aragingbyinvoice HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:29 GMT
/finance/reportfinance/cashflow
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/cashflow
Form method: POST
Form inputs:
- branchCode [Select]
- dt2 [Text]
Request headers
GET /finance/reportfinance/cashflow HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
70
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:25 GMT
/finance/reportfinance/chartofaccount
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/chartofaccount
Form method: POST
Form inputs:
- Account [Select]
- AccountType [Select]
Request headers
GET /finance/reportfinance/chartofaccount HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:27 GMT
/finance/reportfinance/customerlist
71
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/customerlist
Form method: POST
Form inputs:
- custype [Select]
Request headers
GET /finance/reportfinance/customerlist HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:28 GMT
/finance/reportfinance/incomestatement
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/incomestatement
Form method: POST
Form inputs:
- branchCode [Select]
- dt1 [Text]
- dt2 [Text]
Request headers
GET /finance/reportfinance/incomestatement HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
72
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:28 GMT
/finance/reportfinance/incomestatementbyproject
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/incomestatementbyproject
Form method: POST
Form inputs:
- costcenterCode [Select]
- dt1 [Text]
- dt2 [Text]
Request headers
GET /finance/reportfinance/incomestatementbyproject HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:41 GMT
/finance/reportfinance/supplierlist
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/supplierlist
Form method: POST
Form inputs:
- supplierType [Select]
- businessType [Select]
Request headers
73
GET /finance/reportfinance/supplierlist HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:28 GMT
/finance/reportfinance/trialbalance
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/trialbalance
Form method: POST
Form inputs:
- Branch [Select]
- dt1 [Text]
Request headers
GET /finance/reportfinance/trialbalance HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:27 GMT
74
/hr/certificatesandletters
Details
Form name: <empty>
Form action: http://192.168.1.3/hr/certificatesandletters
Form method: POST
Form inputs:
- choice [Select]
- EmpID [Text]
- EmpFullName [Text]
Request headers
GET /hr/certificatesandletters HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:41 GMT
/hr/upload
Details
Form name: <empty>
Form action: http://192.168.1.3/hr/upload
Form method: POST
Form inputs:
- File [File]
Request headers
GET /hr/upload HTTP/1.1
Pragma: no-cache
(line truncated)
m-5sMfEWq7ch-z_sh2zHcKGWBAkmZvpV-oOlc_RJu3vxFauBfPDIe6ZDCdRsr1XeCJYJOVcoXFDkqprTihRJVUj
75
YZz4U6J48ONLzDUMM-FCRr1qO39a8QQQG6FupR97RmNacgEkCW6Ez5c8kA3lDBOcfIF57aEgfbToZQTlEuoQCBtZ
gFD3uri91RhvgQGcpjmXnPnAX48B7YLISvvBhQT8K7gzbUXh; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:41 GMT
/inventory/reportinventory/issueitem
Details
Form name: <empty>
Form action: http://192.168.1.3/inventory/reportinventory/issueitem
Form method: POST
Form inputs:
- dt1 [Text]
- dt2 [Text]
Request headers
GET /inventory/reportinventory/issueitem HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:25 GMT
/inventory/reportinventory/stockbalance
76
Details
Form name: <empty>
Form action: http://192.168.1.3/inventory/reportinventory/stockbalance
Form method: POST
Form inputs:
- category [Select]
Request headers
GET /inventory/reportinventory/stockbalance HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:28 GMT
/payroll/payrollreports/bonusincometaxreport
Details
Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/bonusincometaxreport
Form method: POST
Form inputs:
- fyear [Select]
Request headers
GET /payroll/payrollreports/bonusincometaxreport HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
77
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:36 GMT
/payroll/payrollreports/monthlypensionreport
Details
Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/monthlypensionreport
Form method: POST
Form inputs:
- period [Select]
Request headers
GET /payroll/payrollreports/monthlypensionreport HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:36 GMT
/payroll/payrollreports/reportbycontributiontypelist
78
Details
Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelist
Form method: POST
Form inputs:
- period [Select]
- type [Select]
- source [Select]
Request headers
GET /payroll/payrollreports/reportbycontributiontypelist HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:41 GMT
79
Internal server error

Severity
Medium
Type
Validation
Reported by module Scripting (Error_Message.script)
Description
Impact
Recommendation
References
Affected items
/
Details
Path Fragment input / was set to
Request headers
GET /account/delete/ HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 18:24:15 GMT
/
Details
Request headers
GET //accountstransactions/details/1098 HTTP/1.1
80
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 19:13:51 GMT
/
Details
Request headers
GET //appaybleinvoices HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 15:06:14 GMT
/account/delete/enanu
Details
Request headers
81
POST /account/delete/enanu HTTP/1.1

Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
__RequestVerificationToken=
Response headers
Date: Tue, 07 Jun 2016 01:53:42 GMT
/account/delete/endalamaw
Details
Request headers
POST /account/delete/endalamaw HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
82
Date: Tue, 07 Jun 2016 01:54:04 GMT

Details
Request headers
POST /account/delete/zelalem HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Tue, 07 Jun 2016 01:52:51 GMT
/account/edit/enanu
Details
Request headers
POST /account/edit/enanu HTTP/1.1
Content-Length: 99
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=Mesfin&UserName=Enanu&__RequestVerifi
83
cationToken=
Response headers
Date: Mon, 06 Jun 2016 19:18:16 GMT
/account/edit/enanu
Details
URL encoded POST input Email was set to
Request headers
Content-Length: 232
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=&FirstName=Enanu&LastName=Mesfin&UserName=Enanu&__RequestVerificationToken=FAG9Cdc
aBEOXNRYXPdl2FZp4blYlAllK7ownc_P3zecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih
3XxaZbI_-5s3vrxCwftq3P83diyQ13hEM-xw6k3oWyJJmHMO9S71ZLQ2
Response headers
Date: Mon, 06 Jun 2016 19:17:45 GMT
/account/edit/enanu
Details
URL encoded POST input FirstName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 287
Referer: http://192.168.1.3:80/
(line truncated)
iRt7gpfomAvLLP0u_WoyVDyrpPIS0hEIwLs1_tGq9qYcTLtokWrLUSGW0jjvsPBLdWtdUlZ2eVXoSV81FBLJdPX
84
qn1WEivbQKSlT4Q-36uvnJn2fJJ3Dx8uPcdI0GeefZD8oCrKtU1yhNmfBmL0aeqEosUMW6fLQo4lZ9KCiYACy3oV
gyPEkzbLNgBmcc; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&LastName=M
esfin&UserName=Enanu&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7ownc_P3
zecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEM
-xw6k3oWyJJmHMO9S71ZLQ2
Response headers
Date: Mon, 06 Jun 2016 19:17:53 GMT
/account/edit/enanu
Details
URL encoded POST input LastName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 286
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
&UserName=Enanu&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7ownc_P3z
ecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEMxw6k3oWyJJmHMO9S71ZLQ2
Response headers
Date: Mon, 06 Jun 2016 19:18:04 GMT
85
/account/edit/enanu
Details
URL encoded POST input UserName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 287
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=Mesfin&UserName=12345'"\'\");|]*%00{%0
d%0a<%00>%bf%27'&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7ownc_P3
zecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEM
-xw6k3oWyJJmHMO9S71ZLQ2
Response headers
Date: Mon, 06 Jun 2016 19:18:13 GMT
Details
Request headers
Content-Length: 106
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
86
Email=sample%40email.tst&FirstName=endalamaw&LastName=worku&UserName=Endalamaw&__Request
VerificationToken=
Response headers
Date: Mon, 06 Jun 2016 21:16:21 GMT
Details
URL encoded POST input Email was set to
Request headers
Content-Length: 239
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=&FirstName=endalamaw&LastName=worku&UserName=Endalamaw&__RequestVerificationToken=
As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo
3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
Response headers
Date: Mon, 06 Jun 2016 21:15:57 GMT
Details
URL encoded POST input FirstName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 290
Referer: http://192.168.1.3:80/
(line truncated)
...cnBcB0mBDXweyHq8QSx91oMDsyM-jFrIkS6l04jSNkCMTXHF-gnxV5NvJgpGeh2Xg9ZNzWcMxoh0o8wu9kqG
87
KpnZa9WGi8KPYlt7KlLzoSSRwp3jkQLWEIzoqEJar8jDgRaHSDtxtO6XGU_2aXFNEsvbEZMBBROmHuYrJBbwCDnSxc51B05xsHkshOnLMtusF-eKvP39OskgurwoWfmT2WWYhKf6ig0odnIxCxz46b6Asp4HpXiOpUhadws6_L0v-ia
7GWIkYcFCioSrrDXhOz5Xd8RiF0RkzASVeZOzgyUwn7E2qMwirbXu8h9qVMnsVosck80Q0wkN10UE6uqVAsUPSQR
bGrDZTQG2en1Gw; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&LastName=w
orku&UserName=Endalamaw&__RequestVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQj
E0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1Yrv
aAJhHKy6QszJBYvo4FvZgwYiA2
Response headers
Date: Mon, 06 Jun 2016 21:16:05 GMT
Details
URL encoded POST input LastName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 294
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&UserName=Endalamaw&__RequestVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6i
WmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
Response headers
88
Date: Mon, 06 Jun 2016 21:16:11 GMT
Details
URL encoded POST input UserName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 290
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=worku&UserName=12345'"\'\");|]*%00
{%0d%0a<%00>%bf%27'&__RequestVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQj
E0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1Yrv
aAJhHKy6QszJBYvo4FvZgwYiA2
Response headers
Date: Mon, 06 Jun 2016 21:16:18 GMT
/account/login
Details
Request headers
Content-Length: 62
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=Password1&UserName=tester&__RequestVerificationToken=
Response headers
89
Date: Mon, 06 Jun 2016 15:05:28 GMT
/account/login
Details
Request headers
POST /account/login HTTP/1.1
Content-Length: 71
Referer: http://192.168.1.3:80/
(line truncated)
...RBDQdv0mbjXmSgSSpkVwfWC9RwYR43hNjfGxzdPMhg5Ysdz_0gcFwBTS4GteKd_mx9DRXdaeO-kyuU6r5KHt8
O1ibCO-0M9rVBFbODB2jFCfH5qld0c-LDHch_EwkoX3PaKlxf9DoMtgG4ASOH-cnX-wdEX7nYFUdKFxyxW6G2K9s
RhQigZKEp2H4SbVciAYk6QM0EFN8chZYn4ECOJhPgXeujeahL0-kh6nHNcWJLoRTz9EKWBtM3pSx08zoQcWNAqIS
xqJ0m86Rm-xid-uO3ujIXQCLmErb0r83yGVGDOogOrQO0Dqo-tCD6sTbTOKjn_lloKMZSAiSS_ufHdeX9DAi-Td9
DyrasfuQyVXnh; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=g00dPa%24%24w0rD&UserName=sxdgcsyd&__RequestVerificationToken=
Response headers
Date: Mon, 06 Jun 2016 16:23:36 GMT
/account/login
Details
URL encoded POST input Password was set to
Request headers
Content-Length: 161
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1id3_Fif9J
_0ntZlXEP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
Response headers
90

Date: Mon, 06 Jun 2016 15:05:27 GMT
/account/login
Details
URL encoded GET input ReturnUrl was set to
Request headers
POST /account/login?ReturnUrl= HTTP/1.1
Content-Length: 170
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=Password1&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1
id3_Fif9J_0ntZlXEP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
Response headers
Date: Mon, 06 Jun 2016 15:05:26 GMT
/account/login
Details
URL encoded POST input UserName was set to
Request headers
Content-Length: 164
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=Password1&UserName=&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1id3_Fi
f9J_0ntZlXEP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
Response headers
Date: Mon, 06 Jun 2016 15:05:28 GMT
91
/account/logoff
Details
Request headers
POST /account/logoff HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
...iDg8hb0NHslbwF2_YVhNn_1YHMf0CY7uXyqdZ_cX7AZsnXrvE6o7XHzqHQE2Z5I9OAPUTzd1I_Qp7uytzBpt7
5Ez0-QBI6jfUohCNvCCWY0zeu0A1VcGzIpnn3U0Haa_iHN_asl2UI0rDzRpggMT3mfMeHrDDz2b9hZzJ7HxYaEwS
Xmn5ZDZ_MC81uY6YoiB43uCpphufDDpbyW8rIrUrblDlGuZVO7k8qdZC7_XdMOVAH4c8nUIHYDGrTiRE-Qwek6mu
gQbM8KLMPHmBnjRvWXOC_uEBNqFLt0yLJANbO50pnBKmVtGELqIfF32huLwFxnjzqwanybjWY6zeJnkOe830Qb9r
OU3WVqb0cbopO; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 16:33:49 GMT
/account/register
Details
Request headers
POST /account/register HTTP/1.1
Content-Length: 166
Referer: http://192.168.1.3:80/
(line truncated)
...RBDQdv0mbjXmSgSSpkVwfWC9RwYR43hNjfGxzdPMhg5Ysdz_0gcFwBTS4GteKd_mx9DRXdaeO-kyuU6r5KHt8
O1ibCO-0M9rVBFbODB2jFCfH5qld0c-LDHch_EwkoX3PaKlxf9DoMtgG4ASOH-cnX-wdEX7nYFUdKFxyxW6G2K9s
RhQigZKEp2H4SbVciAYk6QM0EFN8chZYn4ECOJhPgXeujeahL0-kh6nHNcWJLoRTz9EKWBtM3pSx08zoQcWNAqIS
xqJ0m86Rm-xid-uO3ujIXQCLmErb0r83yGVGDOogOrQO0Dqo-tCD6sTbTOKjn_lloKMZSAiSS_ufHdeX9DAi-Td9
DyrasfuQyVXnh; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ConfirmPassword=g00dPa%24%24w0rD&Email=sample%40email.tst&FirstName=btwpdekw&LastName=bt
wpdekw&Password=g00dPa%24%24w0rD&UserName=btwpdekw&__RequestVerificationToken=
Response headers
92

Date: Mon, 06 Jun 2016 16:19:47 GMT
Details
POST (multipart) input __RequestVerificationToken was set to
Request headers
POST /account/usergroups/enanu HTTP/1.1
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_RAUJOURFRB
Referer: http://192.168.1.3:80/
(line truncated)
...0WBH55ZC00EeRfbzXiwBivu6ArdjVOFwr8lDdiP2tMC1jplF-9TI8zQ3h-6GF0uN2yUenoMjxVQIqxvBhx-El
6SilcMGC072lS2hnYOG-UKvHvw3GbzjsPvrABu-Q40naiplhYVlDOelf1OLkZQTcvjXQ1NlkXBhMYbtmrXY_iumC
_7T8GFIoY7PJ59WgjM-LeQ3rMz5Q61-FcOMIfjF9XrU-_sD0sOgsZCHwmWOMMzASxIhy9TDTcbIZU-C1muzXIBqX
wF2g1elPPTFmU52vjD83PT41gWMJauef1e7KjdtlWrCM29OxOOPyAn2XRcNl8b56U1wQqCL3u91rNumArzqW7hTf
IOF6WB5-4bnKw; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_RAUJOURFRB
1
false
4
5
false
6
true
93
7
true
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_RAUJOURFRB-Response headers
Date: Mon, 06 Jun 2016 20:08:42 GMT
Details
POST (multipart) input Groups[0].GroupId was set to 1
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_VEJPINKYXH
94
Referer: http://192.168.1.3:80/
(line truncated)
...Lu9oqJmnPHBFavIacie1xFtX1g8MmPCIAcinTl3koAYBSCb_bjlhVlSyWg4rcDXzJzEPICJoukYjWngZ6ykWu
z6c4giemFeWbArlAQEsfswhgQX7oxuMGQjO_MgNdraqhXI9zRxyx34RWdTOJ-oKtUUWHw--BfbJPe_QWW2hQfXtw
PO84jcxsib7bt2_4Jrd5zVmi8vnz1YPo3OUBcM3Bgzq8Gj5w2WhT9Qb2Pde7T1S8kxo_9kFjsPPnmWeZv9Ce3CBh
H6_wArZshAnUsx4tNxkx16f10fmmQfs78kqGwx2Rt3J08oh2GwK6ep23iy0TLCa4jFTnp_ElkTG8Yx9VS1T01UfB
P2pBBs8Vvd_m_; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_VEJPINKYXH
Content-Disposition: form-data; name="Groups[0].GroupId[]"
1
false
4
5
false
6
true
7
true
8
true
9
95
true
10
true
11
true
Enanu
id4F7HKEp-2NoCOhw57NBlpZvNECOZtalrV62dIubpxQ0QMVYmeiX6EMxWyNt0yCsbwdxWaUR1huDrpuOu6CGNC0
aauRQWG4ksGXIuIGS4ZIezE8zze5i4rCulTLJ7xkD1pvhHfanh2M4bbr0At7QQ2
-------AcunetixBoundary_VEJPINKYXH-Response headers
Date: Mon, 06 Jun 2016 19:42:48 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_FGDQVSWTNK
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_FGDQVSWTNK
96
1
false
4
5
false
6
true
7
true
8
true
9
true
10
true
11
true
97
Enanu
-------AcunetixBoundary_FGDQVSWTNK-Response headers
Date: Mon, 06 Jun 2016 19:46:58 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_CGJAHGVTBE
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_CGJAHGVTBE
1
false
4
5
false
98
6
true
7
true
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_CGJAHGVTBE-Response headers
Date: Mon, 06 Jun 2016 19:51:10 GMT
99
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_ISPFJXUXSR
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_ISPFJXUXSR
1
false
4
5
false
6
true
7
true
8
100
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_ISPFJXUXSR-Response headers
Date: Mon, 06 Jun 2016 19:55:27 GMT
Details
POST (multipart) input Groups[3].Selected was set to
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_IWDXKLYMHS
Referer: http://192.168.1.3:80/
(line truncated)
ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed
101
%22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_IWDXKLYMHS
1
false
4
5
false
6
7
true
8
true
9
true
10
true
102
11
true
Enanu
-------AcunetixBoundary_IWDXKLYMHS-Response headers
Date: Mon, 06 Jun 2016 19:56:22 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_DNVDDGLXSV
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_DNVDDGLXSV
1
false
4
103
5
false
6
true
7
true
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_DNVDDGLXSV-Response headers
104
Date: Mon, 06 Jun 2016 19:57:31 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_RJHNRTUOGK
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_RJHNRTUOGK
1
false
4
5
false
6
true
7
105
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_RJHNRTUOGK-Response headers
Date: Mon, 06 Jun 2016 19:58:31 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MVVBBEOTBY
Referer: http://192.168.1.3:80/
(line truncated)
H6_wArZshAnUsx4tNxkx16f10fmmQfs78kqGwx2Rt3J08oh2GwK6ep23iy0TLCa4jFTnp_ElkTG8Yx9VS1T01Uf
106
BP2pBBs8Vvd_m_; _culture=en-us; currentNavLi=link246;

22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_MVVBBEOTBY
1
false
4
5
false
6
true
7
true
8
true
9
true
10
107

true
11
true
Enanu
-------AcunetixBoundary_MVVBBEOTBY-Response headers
Date: Mon, 06 Jun 2016 19:59:30 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_EKYISYPALU
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_EKYISYPALU
1
false
108

4
5
false
6
true
7
true
8
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_EKYISYPALU-Response headers
109

Date: Mon, 06 Jun 2016 20:00:28 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_OHUOPLUDVW
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_OHUOPLUDVW
1
false
4
5
false
6
true
110
7
true
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_OHUOPLUDVW-Response headers
Date: Mon, 06 Jun 2016 20:01:31 GMT
Details
Request headers
111
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_SYTJYGTPBW

Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_SYTJYGTPBW
1
false
4
5
false
6
true
7
true
8
true
9
112
10
true
11
true
Enanu
-------AcunetixBoundary_SYTJYGTPBW-Response headers
Date: Mon, 06 Jun 2016 20:02:29 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_WXCBGWKKYI
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_WXCBGWKKYI
1
113
false
4
5
false
6
true
7
true
8
true
9
true
10
true
11
true
Enanu
114

-------AcunetixBoundary_WXCBGWKKYI-Response headers
Date: Mon, 06 Jun 2016 20:03:55 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MMEWNHJWYL
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_MMEWNHJWYL
1
false
4
5
false
6
115

true
7
true
8
true
9
true
10
11
true
Enanu
-------AcunetixBoundary_MMEWNHJWYL-Response headers
Date: Mon, 06 Jun 2016 20:04:53 GMT
Details
Request headers
116

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_QAWAULLAVY
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_QAWAULLAVY
1
false
4
5
false
6
true
7
true
8
true
9
117
true
10
true
11
true
Enanu
-------AcunetixBoundary_QAWAULLAVY-Response headers
Date: Mon, 06 Jun 2016 20:05:52 GMT
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MPVYSDWOXV
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
118
-------AcunetixBoundary_MPVYSDWOXV
1
false
4
5
false
6
true
7
true
8
true
9
true
10
true
11
119
Enanu
-------AcunetixBoundary_MPVYSDWOXV-Response headers
Date: Mon, 06 Jun 2016 20:06:43 GMT
Details
POST (multipart) input UserName was set to
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_KSYNUQKWLN
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_KSYNUQKWLN
1
false
4
5
false
120
6
true
7
true
8
true
9
true
10
true
11
true
-------AcunetixBoundary_KSYNUQKWLN-Response headers
Date: Mon, 06 Jun 2016 20:07:43 GMT
121
/finance/budgetallocationandusage/
Details
URL encoded POST input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
POST /finance/budgetallocationandusage HTTP/1.1
Content-Length: 68
Referer: http://192.168.1.3:80/
(line truncated)
...cgfpHKf3mTxPvQhVMoeEbYIPwitXutryiR7TgIECWncOX4Iwt9O3Ukf0nS6192tTze32YzdrONn9GSUt3bbDR
ZL2YOTYQ8Tj4g3M6BNCDJZmW0jXdQtC_Qud1aoaas4CUdk4q6Blr_Y6ZxVRc8envb357QP7TJsj7IfwY37oGyqCm
Fq-_mA9jZVWSDm0yF94ycq_lr5P1g5AlS5xiuq401t7uwW9E-bx8lfw8dYfSpm3sijtoc-C1B-vYvELp-lgB_kSx
l6pzcnS28DP0GI4SEUNUbGUzbzCI5jtP8qKoe3abuGR9FpXsJL0JviyH34dbcU4yDd0rp5SSl6CSSo8DWk5QRBes
d5YZ0X4xXf7gZ; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
BudgetMonth=NA&BudgetYear=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
Response headers
Date: Mon, 06 Jun 2016 18:33:35 GMT
/finance/budgetallocationandusage/budgetallocationandusageexcel
Details
URL encoded GET input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
GET
/finance/budgetallocationandusage/budgetallocationandusageexcel?BudgetMonth=NA&BudgetYea
r=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27' HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
122
Date: Mon, 06 Jun 2016 19:04:00 GMT
/finance/budgetallocationandusage/budgetallocationandusageprint
Details
URL encoded GET input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
GET
/finance/budgetallocationandusage/budgetallocationandusageprint?BudgetMonth=NA&BudgetYea
r=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27' HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 21:14:36 GMT
Details
URL encoded POST input id was set to
Request headers
POST /finance/json/description HTTP/1.1
Content-Length: 3
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
123
Accept: */*
id=
Response headers
Date: Mon, 06 Jun 2016 19:03:10 GMT
Details
URL encoded POST input filter was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
POST
HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&group=&page=1&pageSize=10&sort=
Response headers
Date: Tue, 07 Jun 2016 00:38:28 GMT
Details
URL encoded POST input group was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
POST
HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
124
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=&group=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&page=1&pageSize=10&sort=
Response headers
Date: Tue, 07 Jun 2016 00:38:32 GMT
Details
URL encoded POST input page was set to
Request headers
POST
HTTP/1.1
Content-Length: 38
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=&group=&page=&pageSize=10&sort=
Response headers
Date: Tue, 07 Jun 2016 00:38:35 GMT
125
Details
URL encoded POST input pageSize was set to
Request headers
POST
HTTP/1.1
Content-Length: 37
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=&group=&page=1&pageSize=&sort=
Response headers
Date: Tue, 07 Jun 2016 00:38:39 GMT
Details
URL encoded POST input sort was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
POST
HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
126
Accept: */*
filter=&group=&page=1&pageSize=10&sort=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
Response headers
Date: Tue, 07 Jun 2016 00:38:44 GMT
Details
Request headers
POST /fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 21:13:08 GMT
Details
Request headers
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
xc51B05xsHkshOnLMtusF-eKvP39OskgurwoWfmT2WWYhKf6ig0odnIxCxz46b6Asp4HpXiOpUhadws6_L0v-ia
127
7GWIkYcFCioSrrDXhOz5Xd8RiF0RkzASVeZOzgyUwn7E2qMwirbXu8h9qVMnsVosck80Q0wkN10UE6uqVAsUPSQR
bGrDZTQG2en1Gw; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 21:13:11 GMT
Details
Request headers
Content-Length: 38
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 21:13:13 GMT
Details
128
Request headers
Content-Length: 37
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 21:13:16 GMT
Details
Request headers
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
129
Date: Mon, 06 Jun 2016 21:13:19 GMT
Details
Request headers
POST /fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 18:53:01 GMT
Details
Request headers
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
130
Response headers
Date: Mon, 06 Jun 2016 18:53:04 GMT
Details
Request headers
Content-Length: 38
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 18:53:07 GMT
Details
Request headers
Content-Length: 37
Referer: http://192.168.1.3:80/
(line truncated)
l6pzcnS28DP0GI4SEUNUbGUzbzCI5jtP8qKoe3abuGR9FpXsJL0JviyH34dbcU4yDd0rp5SSl6CSSo8DWk5QRBe
131
sd5YZ0X4xXf7gZ; _culture=en-us; currentNavLi=link246;

22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 18:53:10 GMT
Details
Request headers
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 18:53:12 GMT
/home/setculture
Details
HTTP Header input Referer was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
132
GET /home/setculture HTTP/1.1

Referer: 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
Chrome/41.0.2228.0 Safari/537.21
(line truncated)
...ko0xiMvFeQzjacUn1O6g3Xl1mWhg22l627J3nelrcROLeijhjRk9PemXcPG9lF_JhbKm3yUh-pEzJIbVTHFYv
kg1UYZaLCTd7WXlMQzJ8fiMn1NlbnSlZX9lVep3Z48RuiKGmSOyLMktaslgXisrr9S_iEEdno62dfAmWrL3Ilv7v
UGTtj_IeU9hNY4ey0a19GHtsnoGNjs6PJzOazyNsK7Bhk_DhOfSTcl8ne2fe71J3e4GIbdKiQMjTVkUE81n3mMRw
38qiucTteXpqG7rnns9IhthXvVyHZSHYK68awHdzG6UV34kBQ0vuSzQ0uke41s1OoHmKT1g_kTnoN8lWrMyyN8aK
v8NKTtpeDsGUs; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Accept: */*
Response headers
Set-Cookie: _culture=en-US; path=/
Date: Tue, 07 Jun 2016 02:05:57 GMT
Details
Request headers
POST /hr/disciplinaymeasuretypes/delete/10 HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Tue, 07 Jun 2016 01:53:16 GMT
133
Details
Request headers
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Tue, 07 Jun 2016 01:53:23 GMT
Details
Request headers
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
134
Date: Tue, 07 Jun 2016 01:53:28 GMT
Details
Request headers
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Tue, 07 Jun 2016 01:52:56 GMT
Details
Request headers
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
135
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Tue, 07 Jun 2016 01:53:02 GMT
Details
Request headers
Content-Length: 349
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=3&Disciplin
ayMeasureTypesID=10&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8
a%95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1
%89%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=
Response headers
Date: Tue, 07 Jun 2016 01:06:52 GMT
Details
URL encoded POST input CreatedBy was set to
Request headers
136
Content-Length: 495
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=3&DisciplinayMea
sureTypesID=10&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%
e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%89%8
5%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5Q-RFDC
ogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5ilh
omiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Response headers
Date: Tue, 07 Jun 2016 01:06:38 GMT
Details
URL encoded POST input CreatedOn was set to
Request headers
Content-Length: 476
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=10&Expi
reYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b%8
8%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%89%85%e1%8c%a3%e1%89%b5
&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5Q-RFDCogqsKM2pGpKGcirHZFz
X2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5ilhomiM3cNoyuOkhIIHK72
Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
137
Response headers
Date: Tue, 07 Jun 2016 01:06:40 GMT
Details
URL encoded POST input DisciplinayMeasureRanksID was set to
Request headers
Content-Length: 499
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=&Disciplina
yMeasureTypesID=10&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a
%95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%
89%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5QRFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy
5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Response headers
Date: Tue, 07 Jun 2016 01:06:42 GMT
Details
URL encoded POST input DisciplinayMeasureTypesID was set to
Request headers
Content-Length: 498
Referer: http://192.168.1.3:80/
138
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%
95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%8
9%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5Q-R
FDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5
ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Response headers
Date: Tue, 07 Jun 2016 01:06:44 GMT
Details
URL encoded POST input ExpireYear was set to
Request headers
Content-Length: 496
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=10&ExpireYear=&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95
%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%89%
85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5Q-RFD
CogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5il
homiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Response headers
139

Date: Tue, 07 Jun 2016 01:06:47 GMT
Details
Request headers
Content-Length: 344
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=10&ExpireYear=3.00&Measure=&PercentageEffectOnPromotion=8.00&__RequestV
erificationToken=C5Q-RFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcD
L22_Ptqg89W5lJHEjVMFy5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Response headers
Date: Tue, 07 Jun 2016 01:06:49 GMT
Details
URL encoded POST input PercentageEffectOnPromotion was set to
Request headers
Content-Length: 496
Referer: http://192.168.1.3:80/
(line truncated)
tY9XJ8Wny6hqzyw2Lc9462pZurtU1sK9mhzbsLwn1ONBbuIglmq-syXvDrhisQuczj5NR1zY6UbHDShTfQNVEWE
140
VT6wgtDS3SxsdX0LnjH9EP17BFyEHocfJFQ9FfoFJfCvYfr1MIK7qyOP8TkXwWLoLyjIFenifgqUEM-IZ0YkQp83
IV66-iLaklavyzeO0fOYkPFe17RyYhfpagOlhBFWKuD2QQxHw925garPcvrJbh4OCLNBnb6qIKxSFgcRT09bdhvy
reTl7JNhTyysYX; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=10&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8
a%95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1
%89%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=&__RequestVerificationToken=C5Q-RFD
CogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5il
homiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Response headers
Date: Tue, 07 Jun 2016 01:06:50 GMT
Details
Request headers
Content-Length: 325
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=11&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%8
8%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5
&PercentageEffectOnPromotion=9.00&__RequestVerificationToken=
Response headers
141
Date: Mon, 06 Jun 2016 21:22:45 GMT
Details
Request headers
Content-Length: 471
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=&CreatedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=3&DisciplinayMea
sureTypesID=11&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%
e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&Perc
entageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUjq
Ty3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1
EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Response headers
Date: Mon, 06 Jun 2016 21:22:23 GMT
Details
Request headers
Content-Length: 452
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
142
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=11&Expi
reYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e
1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromo
tion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUjqTy3nnYpv_ougyK9yhvj
hAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIR
R-sRuRL8kJg2
Response headers
Date: Mon, 06 Jun 2016 21:22:27 GMT
Details
Request headers
Content-Length: 475
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=&Disciplina
yMeasureTypesID=11&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88
%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&
PercentageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6
DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7
VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Response headers
Date: Mon, 06 Jun 2016 21:22:30 GMT
143
Details
Request headers
Content-Length: 474
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%
9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&P
ercentageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6D
UjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7V
oX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Response headers
Date: Mon, 06 Jun 2016 21:22:33 GMT
Details
Request headers
Content-Length: 472
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
144

Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=11&ExpireYear=&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b
%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&Per
centageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUj
qTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX
1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Response headers
Date: Mon, 06 Jun 2016 21:22:36 GMT
Details
Request headers
Content-Length: 344
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=11&ExpireYear=0.00&Measure=&PercentageEffectOnPromotion=9.00&__RequestV
erificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39s
wzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Response headers
Date: Mon, 06 Jun 2016 21:22:39 GMT
145
Details
Request headers
Content-Length: 472
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=11&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%8
8%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5
&PercentageEffectOnPromotion=&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUj
qTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX
1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Response headers
Date: Mon, 06 Jun 2016 21:22:43 GMT
Details
Request headers
Content-Length: 413
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
146
ayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%83%e1%88%8d%20%e1%88%9b%e1%8
8%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%e1%8a%93%20%e1%88%9d%e1%8a%95%e1%88%9d
%20%e1%88%aa%e1%8a%a8%e1%88%ad%e1%8b%b5%20%e1%8b%a8%e1%88%8c%e1%88%88%e1%89%a0%e1%89%b5&
PercentageEffectOnPromotion=10.00&__RequestVerificationToken=
Response headers
Date: Tue, 07 Jun 2016 00:53:42 GMT
Details
Request headers
Content-Length: 559
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...asureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%8
3%e1%88%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%e1%8a%93%20
%e1%88%9d%e1%8a%95%e1%88%9d%20%e1%88%aa%e1%8a%a8%e1%88%ad%e1%8b%b5%20%e1%8b%a8%e1%88%8c%
e1%88%88%e1%89%a0%e1%89%b5&PercentageEffectOnPromotion=10.00&__RequestVerificationToken=
Response headers
Date: Tue, 07 Jun 2016 00:53:18 GMT
Details
147
Request headers
Content-Length: 540
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...asureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%8
Response headers
Date: Tue, 07 Jun 2016 00:53:21 GMT
Details
Request headers
Content-Length: 563
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...easureRanksID=&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%
148
0%e1%88%9d%e1%8a%95%e1%88%9d%20%e1%88%aa%e1%8a%a8%e1%88%ad%e1%8b%b5%20%e1%8b%a8%e1%88%8c
%e1%88%88%e1%89%a0%e1%89%b5&PercentageEffectOnPromotion=10.00&__RequestVerificationToken
=VGp-WRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkYNetKhWQwI8sRBdZ-H
YIdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Response headers
Date: Tue, 07 Jun 2016 00:53:24 GMT
Details
Request headers
Content-Length: 562
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...MeasureRanksID=3&DisciplinayMeasureTypesID=&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%8
Response headers
Date: Tue, 07 Jun 2016 00:53:28 GMT
149
Details
Request headers
Content-Length: 560
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...ayMeasureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=&Measure=%e1%8b%a8%e1%89%8
Response headers
Date: Tue, 07 Jun 2016 00:53:32 GMT
Details
Request headers
Content-Length: 345
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
150
Accept: */*
ayMeasureTypesID=12&ExpireYear=0.00&Measure=&PercentageEffectOnPromotion=10.00&__Request
VerificationToken=VGp-WRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkY
NetKhWQwI8sRBdZ-HYIdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Response headers
Date: Tue, 07 Jun 2016 00:53:36 GMT
Details
Request headers
Content-Length: 559
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...nayMeasureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1
%89%83%e1%88%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%e1%8a%
93%20%e1%88%9d%e1%8a%95%e1%88%9d%20%e1%88%aa%e1%8a%a8%e1%88%ad%e1%8b%b5%20%e1%8b%a8%e1%8
8%8c%e1%88%88%e1%89%a0%e1%89%b5&PercentageEffectOnPromotion=&__RequestVerificationToken=
Response headers
Date: Tue, 07 Jun 2016 00:53:39 GMT
151
Details
Request headers
POST /hr/empbscappraisalperiods/create HTTP/1.1
Content-Length: 127
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=1&DayFrom=17&DayTo=17&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&
YearTo=1967&__RequestVerificationToken=
Response headers
Date: Mon, 06 Jun 2016 15:06:06 GMT
Details
URL encoded POST input IsClosed was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
POST /hr/empbscappraisalperiods/create HTTP/1.1
Content-Length: 316
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=1&DayFrom=17&DayTo=17&IsClosed=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationToken=kabWQ9lnQEM
1-_J4j_rodreT-oOM-rDJchFohTbUPN_eibwR9F8WL4wUjwMqBnsDxgzH-GoCpFBFKE-GNwhuzameuBn8D0eB7DZ
ovslPDx2sap9R4QlA63qkXK-alGvSkyownig3N--MmqP9Vgp7kg2
152
Response headers
Date: Mon, 06 Jun 2016 15:05:01 GMT
153
User credentials are sent in clear text

Severity
Medium
Type
Configuration
Description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an
encrypted channel (HTTPS) to avoid being intercepted by malicious users.
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
Recommendation
Because user credentials are considered sensitive information, should always be transferred to the server over an
encrypted connection (HTTPS).
Affected items
/account/login
Details
Form name: <empty>
Form action: http://192.168.1.3/account/login
Form method: POST
Form inputs:
- __RequestVerificationToken [Hidden]
- UserName [Text]
- Password [Password]
Request headers
GET /account/login HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
154
/account/login (943495a8bf6f8beb8b22c44cf845bd3f)
Details
Form name: <empty>
Form action: http://192.168.1.3/account/login
Form method: POST
Form inputs:
- UserName [Text]
Request headers
Pragma: no-cache
Referer: http://192.168.1.3/account/login
Content-Length: 222
(line truncated)
...xnsdSs-WJm2vPKGIEmtDE-XKwOk-XSFJ6DEW7R4pXv9V2r3EIVZ3a06CubQeDQlBX7aznpeHIoMPjDcyQ1vJx
IR7On9Rqe1JKB4AgCTtqV-SnoA7rw7m0I2YOzR9Q3AQ0bjb_EkD5sVyU3DJoFfFYq5D5p17_XV2k5QyskPeo28J3
TxOFsvi2qKkKUjtz8oUqiSQ4JlMY8a2Ug80Fb9YUsdGQGORe42CwrMcRc068gs-XxlgDyxj1Gm-2s33eQPQFw12d
olvrBc6yDvykD_uF6sOtGPXCLiFNrjwTp5dTP8mJcWchnJMenky-fIiTvP_Hm_uDO6r33O6F73-mdKSJxCmOQLgp
YyNiZmTKgbDKXRnKTaMUOLYKzs0DAbk7NYarkSqqYc2plWuSJ7MJOnMI2IFiNNUsnLpGW03V8hv7XZn0eociDXiO
luNjnMHKM-JryeCxYTaqrb8Sg8wDvkmMpkAfMJvuhuSwCL8; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=g00dPa%24%24w0rD&UserName=glpscbtu&__RequestVerificationToken=p-Ya6dj2VyJop_m5E
xsk2R3Ct821rXO6ASuxLaEOUjpM5gT_fIl_HaWhg9uZ5bW-QMQx9ae7oZvshfI_q25E-Qwm9FCmr4VYF3L34UBZb
UxQndssCSydRmQ7cPytqX1_vGWfaK0vsHo4sjtmZlPu1w2
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:45 GMT
/account/register
155
Details
Form name: <empty>
Form action: http://192.168.1.3/account/register
Form method: POST
Form inputs:
- UserName [Text]
- ConfirmPassword [Password]
- LastName [Text]
- FirstName [Text]
- Email [Text]
Request headers
GET /account/register HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/account
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:04:02 GMT
156
ASP.NET version disclosure

Severity
Low
Type
Configuration
Reported by module Scripting (ASP_NET_Error_Message.script)
Description
The HTTP responses returned by this web application include anheader named X-AspNet-Version. The value of this
header is used by Visual Studio to determine which version of ASP.NET is in use. It is not necessary for production sites
and should be disabled.
Impact
The HTTP header may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Apply the following changes to the web.config file to prevent ASP.NET version disclosure:
<System.Web>
<httpRuntime enableVersionHeader="false" />
</System.Web>
References
HttpRuntimeSection.EnableVersionHeader Property
Affected items
/
Details
Version information found: 4.0.30319
Request headers
GET /|~.aspx HTTP/1.1
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:26 GMT
157
Cookie without HttpOnly flag set

Severity
Low
Type
Informational
Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser
that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection
for session cookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
/
Details
Cookie name: "currentNavLi"
Cookie domain: "192.168.1.3"
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
/
Details
Cookie name: "_culture"
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
158
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
/
Details
Cookie name: "ace_settings"
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
159
Cookie without Secure flag set

Severity
Low
Type
Informational
Description
This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the
cookie can only be accessed over secure SSL channels. This is an important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the Secure flag for this cookie.
Affected items
/
Details
Cookie name: "__RequestVerificationToken"
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
/
Details
Cookie name: "_culture"
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
...oDOFcOoz3AqF1-FalpZl_SWT3FLPPFZnoSbp18e1eYm1KELqI461aOEgqSW6dGrMxiPzyXvsJTCYRPmcK8UV
160
aDLK9eY6ahO3BxsGKaSFM8xhBx5rkacvc_Q9QTBR7w9Zk-VKXHuUesCpxmp4JUxJiru9csM3VTSLnOfpqvFzuKap
U4p6wFA2rhu3vCxLOfbXRG7TpAA4HfRsl1lY5N6FYVtiGxufwAdQzR1Na9waQPHyCJ0vB-K1ztjbD8Mr5hMCQZYG
sVCO6m0Kj7gJlcpi7PcRTIimTgtPY10gCXI-4mVvnG6G77BMrygTpTY6k1QsbDLfJxNrHa3VLCK1zIIkqKB09is5
QmyIBBDRS9lLKZ9cs-w5Rz1cXsW4YCd4FhDbqy2wThl2u70vvPsCm_CCMrip0WHswFbpNS437EcivGC8ST1qhMZh
YqvgpbyzQFOVR2O74ktxWQ0ij_U4Hpb0znFvV8aKDQgDv3FKMNCv6WROL-age7fl
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
/
Details
Cookie name: "ace_settings"
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
/
Details
Cookie name: "currentNavLi"
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
161
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
/
Details
Cookie name: "awwce-MyCookieName-2016-erp"
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
162
File upload
Severity
Low
Type
Informational
Description
This page allows visitors to upload files to the server. Various web applications allow users to upload files (such as
pictures, images, sounds, ...). Uploaded files may pose a significant risk if not handled correctly. A remote attacker could
send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.
Impact
If the uploaded files are not safely checked an attacker may upload malicious files.
Recommendation
Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist
approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like
.htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so
the files within it are not executable. If possible, rename the files that are uploaded.
Affected items
/hr/upload
Details
Form name: <empty>
Form action: http://192.168.1.3/hr/upload
Form method: POST
Form inputs:
- File [File]
Request headers
GET /hr/upload HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:41 GMT
163
164
Login page password-guessing attack

Severity
Low
Type
Validation
Reported by module Scripting (Html_Authentication_Audit.script)
Description
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack
is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and
symbols until you discover the one correct combination that works.
This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended
to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web
references for more information about fixing this problem.
Impact
An attacker may attempt to discover a weak password by systematically trying every possible combination of letters,
numbers, and symbols until it discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
References
Blocking Brute Force Attacks
Affected items
/account/login
Details
The scanner tested 10 invalid credentials and no account lockout was detected.
Request headers
Content-Length: 214
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=4PBptj6n&UserName=lwir1kAu&__RequestVerificationToken=_uDCtrunIm4qmJUlyN2TRxSyz
o-QQxlXf5sXQAyMB2-eXDGfp16Nf_78l91wFgoGrZYn74Qbtyv7bL8oCsPGV4Ooi1fJmVyukcPReECkScFY3B8QgqLyo-iz7aR0cpBrYCJ8gTzo1B_pGQQIzt8hg2
Response headers
Date: Mon, 06 Jun 2016 16:23:44 GMT
165
OPTIONS method is enabled

Severity
Low
Type
Validation
Reported by module Scripting (Options_Server_Method.script)
Description
HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are
supported by the web server, it represents a request for information about the communication options available on the
request/response chain identified by the Request-URI.
Impact
The OPTIONS method may expose sensitive information that may help an malicious user to prepare more advanced
attacks.
Recommendation
It's recommended to disable OPTIONS Method on the web server.
References
Testing for HTTP Methods and XST (OWASP-CM-008)
Affected items
Web Server
Details
Methods allowed: OPTIONS, TRACE, GET, HEAD, POST
Request headers
OPTIONS / HTTP/1.1
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD, POST
Public: OPTIONS, TRACE, GET, HEAD, POST
Date: Mon, 06 Jun 2016 14:59:57 GMT
Content-Length: 0
166
Slow response time

Severity
Low
Type
Informational
Description
This page had a slow response time. This type of files can be targeted in denial of service attacks. An attacker can
request this page repeatedly from multiple computers until the server becomes overloaded.
Impact
Possible denial of service.
Recommendation
Investigate if it's possible to reduce the response time for this page.
Affected items
Details
The response time for this page was 5101 ms while the average response time for this site is 54.78 ms
Request headers
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 15:00:05 GMT
/projectmanagement/projectestimationnames
Details
The response time for this page was 5710 ms while the average response time for this site is 54.78 ms
Request headers
GET /projectmanagement/projectestimationnames HTTP/1.1
Pragma: no-cache
167
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:36 GMT
168
Broken links
Severity
Informational
Type
Informational
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.
This page was linked from the website but it is inaccessible.
Impact
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
/content/kendo/2016.1.112/%23clip
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /content/kendo/2016.1.112/%23clip HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/content/kendo/2016.1.112/kendo.mobile.all.min.css
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Content-Type: text/html
Date: Mon, 06 Jun 2016 14:59:52 GMT
/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0 HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/accountstransactions/details/1684
(line truncated)
...UISHYb75Myuir1JzwsC0FNA9nM7TBOL8DKPCwlySYeLOgcxJ-uYkTktkPKFhAh4lOppFWGZpMQ5S9OE-KF8x
169
5zdY-A9dOkPP4NmkX071rFmHJATnasgOGDugGN5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhn
AVBpgUWs07VAAg57U2A-ePmNuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ay
zrGCTNEXe9QDzjZDnJ4usa-RYZfscchlzB7F39AJ4dOnwb8beVrES8-eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3B
BomYolVYqqy8qjhOEwEtRpsgtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1oko_ADvYHSMyfwI85Bg75Mo
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 15:00:08 GMT
170
Email address found

Severity
Informational
Type
Informational
Reported by module Scripting (Text_Search_Dir.script)
Description
One or more email addresses have been found on this page. The majority of spam comes from email addresses
harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour
the internet looking for email addresses on any website they come across. Spambot programs look for strings like
myname@mydomain.com and then record any addresses found.
Impact
Email addresses posted on Web sites may attract spam.
Recommendation
Check references for details on how to solve this problem.
References
Email Address Disclosed on Website Can be Used for Spam
Affected items
/account
Details
Pattern found: info@awwwce.com
Request headers
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:22 GMT
Details
171
Request headers
GET /account/delete/zelalem HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:57 GMT
Details
Request headers
GET /account/edit/zelalem HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
172
Date: Mon, 06 Jun 2016 14:59:57 GMT
173
Microsoft IIS version disclosure

Severity
Informational
Type
Configuration
Reported by module Scripting (ASP_NET_Error_Message.script)
Description
The HTTP responses returned by this web application include a header named Server. The value of this header includes
the version of Microsoft IIS server.
Impact
The HTTP header may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Microsoft IIS should be configured to remove unwanted HTTP response headers from the response. Consult web
references for more information.
References
Remove Unwanted HTTP Response Headers
Affected items
/
Details
Version information found: Microsoft-IIS/8.5
Request headers
GET /|~.aspx HTTP/1.1
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
Date: Mon, 06 Jun 2016 14:59:26 GMT
174
Password type input with auto-complete enabled

Severity
Informational
Type
Informational
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password
should be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are
completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser
cache.
Impact
Recommendation
The password auto-complete should be disabled in sensitive applications.
To disable auto-complete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
/account/login
Details
Password type input named Password from unnamed form with action /Account/Login has autocomplete enabled.
Request headers
GET /account/login HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:21 GMT
/account/login (1f2dc0e26bedda9d5aebd00f748cb9d1)
Details
Password type input named Password from unnamed form with action /Account/Login?ReturnUrl=%2Froles has
autocomplete enabled.
175
Request headers
GET /account/login?ReturnUrl=/roles HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/roles
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 14:59:45 GMT
/account/login (8f687fa47b22a02f27a3174aed84ccc0)
Details
Password type input named Password from unnamed form with action /Account/Login?ReturnUrl=%2Fhr%2Fallowances
has autocomplete enabled.
Request headers
GET /account/login?ReturnUrl=/hr/allowances HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/hr/allowances
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
176
Date: Mon, 06 Jun 2016 14:59:45 GMT
/account/login (d4c7aaa78ab87dfcc2f6d60cf3c9605e)
Details
Password type input named Password from unnamed form with action /Account/Login?ReturnUrl=%2F has
autocomplete enabled.
Request headers
GET /Account/Login?ReturnUrl=/ HTTP/1.1
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Set-Cookie:
LYgh-lz-hQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; path=/; HttpOnly
Date: Mon, 06 Jun 2016 14:57:39 GMT
/account/login (f679e9569fc981ca88e5e9c01ef99b87)
Details
Password type input named Password from unnamed form with action /Account/Login?ReturnUrl=%2Fhr%2Fcosigns
has autocomplete enabled.
Request headers
GET /account/login?ReturnUrl=/hr/cosigns HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/hr/cosigns
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
177
Date: Mon, 06 Jun 2016 14:59:45 GMT
/account/register
Details
Password type input named Password from unnamed form with action /Account/Register has autocomplete enabled.
Request headers
Pragma: no-cache
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:04:02 GMT
/account/register
Details
Password type input named ConfirmPassword from unnamed form with action /Account/Register has autocomplete
enabled.
Request headers
Pragma: no-cache
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
178
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:04:02 GMT
179
Possible CSRF (Cross-site request forgery)

Severity
Informational
Type
Validation
Reported by module CSRF
Description
Manual confirmation is required for this alert.
This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of
attack that affects web based applications with a predictable structure for invocation. An attacker tricks the user into
performing an action of the attackers choosing by directing the victim's actions on the target application with a link or
other content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed)
to have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt
to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
Impact
Depends on implementation.
Recommendation
Insert custom random tokens into every form and URL that will not be automatically submitted by the browser. Check
References for detailed information on protecting against this vulnerability.
References
The Cross-Site Request Forgery (CSRF/XSRF) FAQ
Cross-site request forgery
Cross Site Reference Forgery
Cross-Site Request Forgeries
Top 10 2007-Cross Site Request Forgery
Affected items
/finance/json/bankaccounts (6e57e52fb25f1aa27d063b6c42189ce6)
Details
Request headers
POST /finance/json/bankaccounts HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/json/bankaccounts
Content-Length: 71
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
180
Accept: */*
Accounts=1001160141&CostCenter=1&Location=1&SubAccount=4111111111111111
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:04:04 GMT
/finance/json/description (c002f292f84915c9792f54c0abc710d4)
Details
Request headers
POST /finance/json/description HTTP/1.1
Accept: */*
Referer: http://192.168.1.3/finance/bankaccounts/edit/16
Origin: http://192.168.1.3
X-Requested-With: XMLHttpRequest
Chrome/41.0.2228.0 Safari/537.21
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 20
(line truncated)
22%3A-1%7D
Accept-Language: en-US,*
Host: 192.168.1.3
Pragma: no-cache
id=11140-1-00-CB0022
Response headers
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Date: Mon, 06 Jun 2016 15:03:12 GMT
Content-Length: 90
/finance/json/fromaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Details
Request headers
POST /finance/json/fromaccountcode HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/json/fromaccountcode
Content-Length: 71
181
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:04:04 GMT
/finance/json/toaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Details
Request headers
POST /finance/json/toaccountcode HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/json/toaccountcode
Content-Length: 71
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
182
Date: Mon, 06 Jun 2016 15:04:04 GMT
Details
Request headers
POST
HTTP/1.1
Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 39
(line truncated)
...A9nM7TBOL8DKPCwlySYeLOgcxJ-uYkTktkPKFhAh4lOppFWGZpMQ5S9OE-KF8x5zdY-A9dOkPP4NmkX071rFm
HJATnasgOGDugGN5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnAVBpgUWs07VAAg57U2A-ePm
NuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayzrGCTNEXe9QDzjZDnJ4usaRYZfscchlzB7F39AJ4dOnwb8beVrES8-eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BBomYolVYqqy8qjhOEwEtRps
gtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1oko_ADvYHSMyfwI85Bg75Mo78OboIVY3P0mSc0k9xVMgCX
fc1B-9ZjkCJaQxH5kjh0ASBHu; _culture=en-us; currentNavLi=link300
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:01:13 GMT
Content-Length: 59
(65ba3a10b77a6c16224ffc9314b599f2)
Details
Request headers
POST
HTTP/1.1
Accept: */*
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 66
(line truncated)
183
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=Manufacturer~isnotempty~'e'
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:03:36 GMT
Content-Length: 59
(b585c40490c5c63ee711d1bbe6e3a118)
Details
Request headers
POST
HTTP/1.1
Accept: */*
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 57
(line truncated)
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=Description~eq~'e'
Response headers
HTTP/1.1 200 OK
184
Date: Mon, 06 Jun 2016 15:02:42 GMT

Content-Length: 59
Details
Request headers
Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 39
(line truncated)
Host: 192.168.1.3
Pragma: no-cache
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:01:08 GMT
Content-Length: 409
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read (11e076bff3d87afafd26c723d1fdc6a3)
Details
Request headers
Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 39
(line truncated)
185
Host: 192.168.1.3
Pragma: no-cache
Response headers
HTTP/1.1 200 OK
Date: Mon, 06 Jun 2016 15:00:55 GMT
Content-Length: 59
186
Possible internal IP address disclosure

Severity
Informational
Type
Informational
Description
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP
addressing scheme of the internal network. This information can be used to conduct further attacks.
Impact
Recommendation
Prevent this information from being displayed to the user.
Affected items
/home/setculture
Details
Pattern found: 192.168.1.3
Request headers
GET /home/setculture HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 302 Found
Location: http://192.168.1.3/
Set-Cookie: _culture=en-US; expires=Sun, 04-Sep-2016 14:59:22 GMT; path=/
Date: Mon, 06 Jun 2016 14:59:22 GMT
Content-Length: 136
187
Possible username or password disclosure

Severity
Informational
Type
Informational
Description
A username and/or password was found in this file. This information could be sensitive.
Impact
Recommendation
Remove this file from your website or change its permissions to remove access.
Affected items
/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
Details
Pattern found: pass:before
Request headers
GET /content/ace/font-awesome/4.2.0/css/font-awesome.min.css HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/account/login
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Response headers
HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Sat, 21 Nov 2015 17:14:40 GMT
Accept-Ranges: bytes
ETag: "acde881b8024d11:0"
Date: Mon, 06 Jun 2016 14:59:22 GMT
188
Scanned items (coverage report)

Scanned 792 URLs. Found 87 vulnerable.
URL: http://192.168.1.3/
Vulnerabilities have been identified for this URL
56 input(s) found for this URL
Inputs
Input scheme 1
Input name
/
/
Input type
Path Fragment
Path Fragment
Input scheme 2
Input name
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Input scheme 3
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 4
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 5
Input name
/
Input type
Path Fragment
Input scheme 6
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 7
Input name
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
189
/
/
Path Fragment
Path Fragment
Input scheme 8
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 9
Input name
/
/
/
/
Input scheme 10
Input name
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 11
Input name
Host
Input type
HTTP Header
URL: http://192.168.1.3/account
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
page
SearchString
Input type
URL encoded GET
URL encoded POST
190
URL: http://192.168.1.3/account/login
Inputs
Input scheme 1
Input name
ReturnUrl
Input type
URL encoded GET
Input scheme 2
Input name
ReturnUrl
__RequestVerificationToken
Password
UserName
Input type
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 3
Input name
Password
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/logoff
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/manage
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.1.3/account/delete
URL: http://192.168.1.3/account/delete/bizuneh
URL: http://192.168.1.3/account/delete/abeje
URL: http://192.168.1.3/account/delete/admin
URL: http://192.168.1.3/account/delete/abiyu
URL: http://192.168.1.3/account/delete/meaza
191
URL: http://192.168.1.3/account/delete/animaw
URL: http://192.168.1.3/account/delete/abrham
URL: http://192.168.1.3/account/delete/abeyus
URL: http://192.168.1.3/account/delete/alemnew
URL: http://192.168.1.3/account/delete/birhanu
URL: http://192.168.1.3/account/delete/zelalem
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/delete/enanu
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/delete/endalamaw
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/edit
URL: http://192.168.1.3/account/edit/admin
URL: http://192.168.1.3/account/edit/meaza
URL: http://192.168.1.3/account/edit/abeje
192
URL: http://192.168.1.3/account/edit/abiyu
URL: http://192.168.1.3/account/edit/animaw
URL: http://192.168.1.3/account/edit/abeyus
URL: http://192.168.1.3/account/edit/abrham
URL: http://192.168.1.3/account/edit/bizuneh
URL: http://192.168.1.3/account/edit/birhanu
URL: http://192.168.1.3/account/edit/alemnew
URL: http://192.168.1.3/account/edit/zelalem
Inputs
Input scheme 1
Input name
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/edit/enanu
Inputs
Input scheme 1
Input name
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/edit/endalamaw
Inputs
Input scheme 1
Input name
Input type
193
Email
FirstName
LastName
UserName
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/usergroups
URL: http://192.168.1.3/account/usergroups/bizuneh
URL: http://192.168.1.3/account/usergroups/abeje
URL: http://192.168.1.3/account/usergroups/abiyu
URL: http://192.168.1.3/account/usergroups/meaza
URL: http://192.168.1.3/account/usergroups/admin
URL: http://192.168.1.3/account/usergroups/abrham
URL: http://192.168.1.3/account/usergroups/animaw
URL: http://192.168.1.3/account/usergroups/birhanu
URL: http://192.168.1.3/account/usergroups/abeyus
URL: http://192.168.1.3/account/usergroups/alemnew
URL: http://192.168.1.3/account/usergroups/zelalem
Inputs
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
194
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/usergroups/endalamaw
Inputs
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/usergroups/enanu
Inputs
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
195
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/userpermissions
URL: http://192.168.1.3/account/userpermissions/bizuneh
URL: http://192.168.1.3/account/userpermissions/meaza
URL: http://192.168.1.3/account/userpermissions/animaw
URL: http://192.168.1.3/account/userpermissions/birhanu
URL: http://192.168.1.3/account/userpermissions/abeje
URL: http://192.168.1.3/account/userpermissions/admin
URL: http://192.168.1.3/account/userpermissions/abeyus
URL: http://192.168.1.3/account/userpermissions/abrham
URL: http://192.168.1.3/account/userpermissions/abiyu
URL: http://192.168.1.3/account/userpermissions/alemnew
196
URL: http://192.168.1.3/account/userpermissions/zelalem
URL: http://192.168.1.3/account/userpermissions/endalamaw
URL: http://192.168.1.3/account/userpermissions/enanu
URL: http://192.168.1.3/account/register
Inputs
Input scheme 1
Input name
ConfirmPassword
Email
FirstName
LastName
Password
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/content/
URL: http://192.168.1.3/content/images/
URL: http://192.168.1.3/content/ace/
URL: http://192.168.1.3/content/ace/css/
URL: http://192.168.1.3/content/ace/css/ace.min.css
URL: http://192.168.1.3/content/ace/css/ace-rtl.min.css
URL: http://192.168.1.3/content/ace/css/bootstrap.min.css
URL: http://192.168.1.3/content/ace/css/images/
197
URL: http://192.168.1.3/content/ace/fonts/
URL: http://192.168.1.3/content/ace/fonts/fonts.googleapis.com.css
URL: http://192.168.1.3/content/ace/font-awesome/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/css/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/fonts/
URL: http://192.168.1.3/content/ace/js/
URL: http://192.168.1.3/content/ace/js/jquery.2.1.1.min.js
URL: http://192.168.1.3/content/ace/js/ace-extra.min.js
URL: http://192.168.1.3/content/ace/js/bootstrap.min.js
URL: http://192.168.1.3/content/ace/js/jquery-ui.custom.min.js
URL: http://192.168.1.3/content/ace/js/jquery.ui.touch-punch.min.js
URL: http://192.168.1.3/content/ace/js/jquery.easypiechart.min.js
URL: http://192.168.1.3/content/ace/js/jquery.sparkline.min.js
198
URL: http://192.168.1.3/content/ace/js/jquery.flot.min.js
URL: http://192.168.1.3/content/ace/js/jquery.flot.pie.min.js
URL: http://192.168.1.3/content/ace/js/jquery.flot.resize.min.js
URL: http://192.168.1.3/content/ace/js/ace-elements.min.js
URL: http://192.168.1.3/content/ace/js/ace.min.js
URL: http://192.168.1.3/content/exceedstyle.css
URL: http://192.168.1.3/content/jqury-ui/
URL: http://192.168.1.3/content/jqury-ui/jquery-ui.css
URL: http://192.168.1.3/content/jqury-ui/jquery-ui.js
URL: http://192.168.1.3/content/jqury-ui/images
URL: http://192.168.1.3/content/jstree/
URL: http://192.168.1.3/content/jstree/themes/
URL: http://192.168.1.3/content/jstree/themes/default/
URL: http://192.168.1.3/content/jstree/themes/default/style.min.css
URL: http://192.168.1.3/content/jstree/jstree.min.js
199
URL: http://192.168.1.3/content/kendo/
URL: http://192.168.1.3/content/kendo/2016.1.112/
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.dataviz.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.bootstrap.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.mobile.all.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.common-bootstrap.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.dataviz.bootstrap.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/bootstrap/
URL: http://192.168.1.3/content/kendo/2016.1.112/%23clip
URL: http://192.168.1.3/content/kendo/2016.1.112/images/
URL: http://192.168.1.3/content/kendo/2016.1.112/textures/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/dejavu/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/glyphs/
URL: http://192.168.1.3/home
200
URL: http://192.168.1.3/home/setculture
Inputs
Input scheme 1
Input name
culture
Input type
URL encoded POST
URL: http://192.168.1.3/home/index
URL: http://192.168.1.3/hr
URL: http://192.168.1.3/hr/cosigns
URL: http://192.168.1.3/hr/allowances
URL: http://192.168.1.3/hr/ranks
URL: http://192.168.1.3/hr/steps
URL: http://192.168.1.3/hr/discipline
URL: http://192.168.1.3/hr/leavetypes
URL: http://192.168.1.3/hr/attendance
URL: http://192.168.1.3/hr/orgcharts
URL: http://192.168.1.3/hr/assignment
URL: http://192.168.1.3/hr/orglocations
URL: http://192.168.1.3/hr/teamjobtitles
201
URL: http://192.168.1.3/hr/sexes
URL: http://192.168.1.3/hr/regions
URL: http://192.168.1.3/hr/nations
URL: http://192.168.1.3/hr/religions
URL: http://192.168.1.3/hr/fiscalyears
URL: http://192.168.1.3/hr/persontitles
URL: http://192.168.1.3/hr/nationalities
URL: http://192.168.1.3/hr/mothertongues
URL: http://192.168.1.3/hr/maritalstatus
URL: http://192.168.1.3/hr/trainingcourses
URL: http://192.168.1.3/hr/empleaveperiods
URL: http://192.168.1.3/hr/incomingletters
URL: http://192.168.1.3/hr/healthincidents
URL: http://192.168.1.3/hr/orginformations
URL: http://192.168.1.3/hr/empbscbehaviors
202
URL: http://192.168.1.3/hr/publicdocuments
URL: http://192.168.1.3/hr/salarystructures
URL: http://192.168.1.3/hr/employmentstatus
URL: http://192.168.1.3/hr/recruitmentplans
URL: http://192.168.1.3/hr/educationalfields
URL: http://192.168.1.3/hr/trainingproviders
URL: http://192.168.1.3/hr/educationallevels
URL: http://192.168.1.3/hr/outgoingletters
URL: http://192.168.1.3/hr/upload
Inputs
Input scheme 1
Input name
File
Input type
POST (multipart)
URL: http://192.168.1.3/hr/upload/download
URL: http://192.168.1.3/hr/employeeprofiles
URL: http://192.168.1.3/hr/sectionjobtitles
URL: http://192.168.1.3/hr/divisionjobtitles
URL: http://192.168.1.3/hr/terminationletters
203
URL: http://192.168.1.3/hr/orgglobaljobtitles
URL: http://192.168.1.3/hr/terminationreasons
URL: http://192.168.1.3/hr/retirementlauncher
URL: http://192.168.1.3/hr/reports
URL: http://192.168.1.3/hr/reports/detailreports
URL: http://192.168.1.3/hr/reports/summaryreports
URL: http://192.168.1.3/hr/supportingdocuments
URL: http://192.168.1.3/hr/transportallowances
URL: http://192.168.1.3/hr/departmentjobtitles
URL: http://192.168.1.3/hr/trainingapplications
URL: http://192.168.1.3/hr/empbscappraisalperiods
URL: http://192.168.1.3/hr/empbscappraisalperiods/edit
URL: http://192.168.1.3/hr/empbscappraisalperiods/edit/5
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
204
EmpBSCAppraisalPeriodID
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
Input type
URL encoded POST
URL encoded POST
URL encoded POST
205
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/empbscappraisalperiods/delete
URL: http://192.168.1.3/hr/empbscappraisalperiods/delete/2
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
206
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/empbscappraisalperiods/details
URL: http://192.168.1.3/hr/empbscappraisalperiods/details/4
URL: http://192.168.1.3/hr/empbscappraisalperiods/create
Inputs
Input scheme 1
Input name
AppraisalPeriod
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
207
URL: http://192.168.1.3/hr/retirementnotification
URL: http://192.168.1.3/hr/empleavetakenslauncher
URL: http://192.168.1.3/hr/trainingneedassesments
URL: http://192.168.1.3/hr/empbscperformanceplans
URL: http://192.168.1.3/hr/trainingreportbycourse
URL: http://192.168.1.3/hr/addallowancetoemployees
URL: http://192.168.1.3/hr/earlyretirementlauncher
URL: http://192.168.1.3/hr/disciplinaymeasureranks
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit/3
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
DisciplinayMeasureRank
DisciplinayMeasureRanksID
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit/2
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
DisciplinayMeasureRank
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
208
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete/3
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete/2
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details/3
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details/2
URL: http://192.168.1.3/hr/trainingcoursetrackings
URL: http://192.168.1.3/hr/emppayrollnodaysworkeds
URL: http://192.168.1.3/hr/employeerequisitionforms
URL: http://192.168.1.3/hr/trainingreportbyemployee
URL: http://192.168.1.3/hr/outsourcecompanyprofiles
URL: http://192.168.1.3/hr/terminationotherslauncher
URL: http://192.168.1.3/hr/empannualleaveusagereport
209
URL: http://192.168.1.3/hr/outsourcecompanyworkeddays
URL: http://192.168.1.3/hr/applicantprobationslauncher
URL: http://192.168.1.3/hr/empbscperformanceevaluations
URL: http://192.168.1.3/hr/contractemployeerequisitions
URL: http://192.168.1.3/hr/disciplineemployeerecognition
URL: http://192.168.1.3/hr/empannualleavepaidincashes
URL: http://192.168.1.3/hr/annualleaveentitlementupdate
URL: http://192.168.1.3/hr/empdisciplinayrecognitiontypes
URL: http://192.168.1.3/hr/empannualleaveusagesingereport
URL: http://192.168.1.3/hr/empannualleavetransferonebyones
URL: http://192.168.1.3/hr/empterminationclearancelauncher
URL: http://192.168.1.3/hr/outsourcecompanyworkeddaysreport
URL: http://192.168.1.3/hr/recruitmentresultreportbyvacancy
URL: http://192.168.1.3/hr/certificatesandletters
Inputs
Input scheme 1
Input name
choice
EmpFullName
EmpID
Input type
URL encoded POST
URL encoded POST
URL encoded POST
210
URL: http://192.168.1.3/hr/certificatesandletters/experience
URL: http://192.168.1.3/hr/certificatesandletters/certificate
URL: http://192.168.1.3/hr/promotionandtransferapplicantlists
URL: http://192.168.1.3/hr/empannualleaveentitlementviewmodels
URL: http://192.168.1.3/hr/disciplinaymeasuretypes
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/edit
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/edit/9
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
DisciplinayMeasureTypesID
ExpireYear
Measure
PercentageEffectOnPromotion
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
211
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/delete
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/delete/9
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
212
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/details
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/details/8
213
URL: http://192.168.1.3/roles
URL: http://192.168.1.3/groups
URL: http://192.168.1.3/inventory
URL: http://192.168.1.3/inventory/uoms
URL: http://192.168.1.3/inventory/items
URL: http://192.168.1.3/inventory/stores
URL: http://192.168.1.3/inventory/issues
URL: http://192.168.1.3/inventory/goodreceives
URL: http://192.168.1.3/inventory/storereturns
URL: http://192.168.1.3/inventory/itemcategories
URL: http://192.168.1.3/inventory/itemtransfers
URL: http://192.168.1.3/inventory/purchasereturns
URL: http://192.168.1.3/inventory/stockadjustments
URL: http://192.168.1.3/inventory/storerequisitions
URL: http://192.168.1.3/inventory/purchaserequisitions
214
URL: http://192.168.1.3/inventory/storeitemassignments
URL: http://192.168.1.3/inventory/departmentcostcenters
URL: http://192.168.1.3/inventory/reportinventory
URL: http://192.168.1.3/inventory/reportinventory/issueitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/transferitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/stockbalance
Inputs
Input scheme 1
Input name
category
Input type
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/goodsreceive
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
215
URL: http://192.168.1.3/inventory/reportinventory/storereturnitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/issueitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/issueitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/transferitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
216
URL: http://192.168.1.3/inventory/reportinventory/transferitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/stockbalanceprint
Inputs
Input scheme 1
Input name
category
Input type
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/stockbalanceexcel
Inputs
Input scheme 1
Input name
category
Input type
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/goodsreceiveprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/goodsreceiveexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storereturnitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storereturnitemprint
217
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitemexcel
Inputs
218
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/storekeeperassignments
URL: http://192.168.1.3/globaluseraccesslogs
URL: http://192.168.1.3/orgbranchusermappings
URL: http://192.168.1.3/finance
URL: http://192.168.1.3/finance/glledgerposting
URL: http://192.168.1.3/finance/glrecordjournals
URL: http://192.168.1.3/finance/arinvoices
URL: http://192.168.1.3/finance/bankaccounts
URL: http://192.168.1.3/finance/bankaccounts/edit
URL: http://192.168.1.3/finance/bankaccounts/edit/14
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
219
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
220
BankBranch
BankName
Status
URL encoded POST

URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
221
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
Input type
URL encoded POST
URL encoded POST
URL encoded POST
222
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/bankaccounts/delete
URL: http://192.168.1.3/finance/bankaccounts/delete/6
223
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
224
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/finance/bankaccounts/details
URL: http://192.168.1.3/finance/bankaccounts/details/7
225
URL: http://192.168.1.3/finance/budgetusages
URL: http://192.168.1.3/finance/apsetupitems
URL: http://192.168.1.3/finance/budgetdefines
URL: http://192.168.1.3/finance/budgetmonthlies
URL: http://192.168.1.3/finance/arcustomertypes
URL: http://192.168.1.3/finance/arremitaddresses
226
URL: http://192.168.1.3/finance/appaybleinvoices
URL: http://192.168.1.3/finance/approcurementsuppliers
URL: http://192.168.1.3/finance/budgetallocationandusage
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/budgetallocationandusage/budgetallocationandusageexcel
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/budgetallocationandusage/budgetallocationandusageprint
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reconciliationschedules
URL: http://192.168.1.3/finance/reconcilationbankaccounts
URL: http://192.168.1.3/finance/budgetagainstpreviousyear
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/finance/budgetagainstpreviousyear/budgetyearlyprint
Inputs
227
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/budgetagainstpreviousyear/budgetyearlyexcel
Inputs
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reconcilationbookaccounts
URL: http://192.168.1.3/finance/arsetupreceiptbalanceaccounts
URL: http://192.168.1.3/finance/arsetupproductserviceaccounts
URL: http://192.168.1.3/finance/arcustomerprofiles
URL: http://192.168.1.3/finance/gljournalcategoriers
URL: http://192.168.1.3/finance/accountstransactions
Inputs
Input scheme 1
Input name
CategoryNames
EffectiveDates
JournalReferences
Period
Source
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
page
CategoryNames
EffectiveDates
JournalReferences
Period
Source
Input type
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
228
URL: http://192.168.1.3/finance/accountstransactions/details
URL: http://192.168.1.3/finance/accountstransactions/details/1684
229
230
231
232
233
234
235
URL: http://192.168.1.3/finance/accountstransactions/details/53105-1-00-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11350-1-00-ta0003
URL: http://192.168.1.3/finance/accountstransactions/details/18000-1-00-ba0003
URL: http://192.168.1.3/finance/accountstransactions/details/11110-1-00-ch0055
URL: http://192.168.1.3/finance/accountstransactions/details/11110%20-1-00-ch0055
236
URL: http://192.168.1.3/finance/accountstransactions/details/69050%20-1-00-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11110%20%c2%a0-1-00-ch0055
URL: http://192.168.1.3/finance/accountstransactions/details/11130-1-00-rf0020
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0021
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0001
URL: http://192.168.1.3/finance/accountstransactions/details/21370-1-00-tl0002
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
URL: http://192.168.1.3/finance/accountstransactions/details/63120-1-fs-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11120-1-00-pc0006
237
URL: http://192.168.1.3/finance/accountstransactions/details/12100-1-00-in0004
URL: http://192.168.1.3/finance/accountstransactions/details/30030-1-00-3060gn
URL: http://192.168.1.3/finance/accountstransactions/details/11110-1-00-ch0045
URL: http://192.168.1.3/finance/accountstransactions/details/11320-1-00-y00125
URL: http://192.168.1.3/finance/accountstransactions/details/11499-1-00-pi0000
URL: http://192.168.1.3/finance/accountstransactions/details/11350-1-00-ta0001
URL: http://192.168.1.3/finance/accountstransactions/details/11330-1-00-s00984
URL: http://192.168.1.3/finance/arstandardcollections
URL: http://192.168.1.3/finance/glchartofaccountaccounts
238
URL: http://192.168.1.3/finance/glchartofaccountlocations
URL: http://192.168.1.3/finance/armiscelaneouscollections
URL: http://192.168.1.3/finance/glchartofaccountsubaccounts
URL: http://192.168.1.3/finance/glchartofaccountcostcenters
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly/budgetmonthlyexcel
Inputs
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly/budgetmonthlyprint
Inputs
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/gltaxrates
URL: http://192.168.1.3/finance/paymentterms
URL: http://192.168.1.3/finance/glfiscalyears
URL: http://192.168.1.3/finance/glcountrytypes
URL: http://192.168.1.3/finance/paymentmethods
239
URL: http://192.168.1.3/finance/glvatwithholdings
URL: http://192.168.1.3/finance/finsetupcurrencies
URL: http://192.168.1.3/finance/reportfinance
URL: http://192.168.1.3/finance/reportfinance/cashflow
Inputs
Input scheme 1
Input name
branchCode
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/balancesheet
Inputs
Input scheme 1
Input name
branchCode
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/supplierlist
Inputs
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/customerlist
Inputs
Input scheme 1
Input name
custype
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
custype
page
Input type
URL encoded GET
URL encoded GET
240
Input scheme 4
Input name
page
custype
Input type
URL encoded GET
URL encoded POST
Input scheme 5
Input name
custype
page
custype
Input type
URL encoded GET
URL encoded GET
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/trialbalance
Inputs
Input scheme 1
Input name
Branch
dt1
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/chartofaccount
Inputs
Input scheme 1
Input name
Account
AccountType
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/accountanalysis
Inputs
Input scheme 1
Input name
Category
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/incomestatement
Inputs
Input scheme 1
Input name
branchCode
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoice
Inputs
Input scheme 1
Input name
Input type
241
agetype
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomer
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
Inputs
Input scheme 1
Input name
acctFrom
acctTo
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/incomestatementbyproject
Inputs
Input scheme 1
Input name
costcenterCode
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/chartofaccountexcel
Inputs
Input scheme 1
Input name
AccountType
Input type
URL encoded GET
Input scheme 2
Input name
Account
AccountType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/accountanalysisexcel
URL: http://192.168.1.3/finance/reportfinance/trialbalanceexcel
Inputs
Input scheme 1
Input name
CostCenter
dt1
Input type
URL encoded GET
URL encoded GET
242
URL: http://192.168.1.3/finance/reportfinance/trialbalanceprint
Inputs
Input scheme 1
Input name
CostCenter
dt1
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/incomestatementprint
Inputs
Input scheme 1
Input name
dt2
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/customerlistexcel
Inputs
Input scheme 1
Input name
custype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/customerlistprint
Inputs
Input scheme 1
Input name
custype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/supplierlistexcel
Inputs
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/supplierlistprint
Inputs
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoiceprint
Inputs
243
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoiceexcel
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomerprint
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomerexcel
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/accountanalysisbysegmentexcel
URL: http://192.168.1.3/finance/reportfinance/incomestatementbyprojectprint
Inputs
Input scheme 1
Input name
costcenterCode
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/incomestatementbyprojectexcel
Inputs
Input scheme 1
Input name
costcenterCode
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/finsetupcurrencyexchanges
244
URL: http://192.168.1.3/finance/finsetupcashflowconfigurations
URL: http://192.168.1.3/finance/json
URL: http://192.168.1.3/finance/json/fromaccountcode
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/json/toaccountcode
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/json/description
Inputs
Input scheme 1
Input name
id
Input type
URL encoded POST
URL: http://192.168.1.3/finance/json/bankaccounts
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/userprofile
URL: http://192.168.1.3/userprofile/mybranches
245
URL: http://192.168.1.3/payroll
URL: http://192.168.1.3/payroll/pensions
URL: http://192.168.1.3/payroll/payrollbonus
URL: http://192.168.1.3/payroll/payrollprocess
URL: http://192.168.1.3/payroll/emppayrollloans
URL: http://192.168.1.3/payroll/empcontributions
URL: http://192.168.1.3/payroll/emppayrolladavances
URL: http://192.168.1.3/payroll/emppayrolladditions
URL: http://192.168.1.3/payroll/empfixedcontributions
URL: http://192.168.1.3/payroll/emppayrolllabourunions
URL: http://192.168.1.3/payroll/emppayrollovertimetwoes
URL: http://192.168.1.3/payroll/emppayrollcalculatebonus
URL: http://192.168.1.3/payroll/emppayrollcreditassociations
URL: http://192.168.1.3/payroll/payrollpayslip
URL: http://192.168.1.3/payroll/payrollreports
246
URL: http://192.168.1.3/payroll/payrollreports/overtimehours
URL: http://192.168.1.3/payroll/payrollreports/bonusbanksliplist
URL: http://192.168.1.3/payroll/payrollreports/payrollbanksliplist
URL: http://192.168.1.3/payroll/payrollreports/detailreport
URL: http://192.168.1.3/payroll/payrollreports/summaryreport
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreport
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreport
Inputs
Input scheme 1
Input name
fyear
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylist
Inputs
Input scheme 1
Input name
page
Input type
URL encoded GET
URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreport
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelist
Inputs
247
Input scheme 1
Input name
period
source
type
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreport
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreportprint
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreportexcel
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreportexcel
URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreportexcel
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylistexcel
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylistprint
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreportexcel
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelistprint
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelistexcel
248
URL: http://192.168.1.3/payroll/payrollperiods
URL: http://192.168.1.3/payroll/overtimetypetwoes
URL: http://192.168.1.3/payroll/payrollpaymentbanks
URL: http://192.168.1.3/payroll/payrollemployeeaccounts
URL: http://192.168.1.3/payroll/payrollcontributiontypes
URL: http://192.168.1.3/payroll/payrollemployeebankaccounts
URL: http://192.168.1.3/globalbranchsetups
URL: http://192.168.1.3/fixedasset
URL: http://192.168.1.3/fixedasset/fixedassetgroups
URL: http://192.168.1.3/fixedasset/fixedassetdepreciationsetups
URL: http://192.168.1.3/fixedasset/fixedassetclearingaccountsetups
URL: http://192.168.1.3/fixedasset/usercards
URL: http://192.168.1.3/fixedasset/fixedassetcategories
URL: http://192.168.1.3/fixedasset/fixedassetsubcategories
URL: http://192.168.1.3/fixedasset/fixedassetregistrations
249
URL: http://192.168.1.3/scripts/
URL: http://192.168.1.3/scripts/etp/
URL: http://192.168.1.3/scripts/etp/jquery.calendars.picker.css
URL: http://192.168.1.3/scripts/etp/jquery.plugin.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.plus.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.picker.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.ethiopian.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.ethiopian-am.js
URL: http://192.168.1.3/scripts/kendo/
URL: http://192.168.1.3/scripts/kendo/2016.1.112/
URL: http://192.168.1.3/scripts/kendo/2016.1.112/jquery.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/jszip.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/kendo.all.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/kendo.aspnetmvc.min.js
250
URL: http://192.168.1.3/scripts/kendo.modernizr.custom.js
URL: http://192.168.1.3/scripts/jquery.unobtrusive-ajax.js
URL: http://192.168.1.3/scripts/jquery.validate.min.js
URL: http://192.168.1.3/scripts/jquery.validate.unobtrusive.js
URL: http://192.168.1.3/scripts/js.cookie.js
URL: http://192.168.1.3/scripts/matrixscript.js
URL: http://192.168.1.3/scripts/matrixscript1.js
URL: http://192.168.1.3/scripts/matrixcommon.js
URL: http://192.168.1.3/scripts/selector.js
URL: http://192.168.1.3/scripts/jquery-1.10.2.min.js
URL: http://192.168.1.3/procurement
URL: http://192.168.1.3/procurement/tenders
URL: http://192.168.1.3/procurement/purchaseorders
URL: http://192.168.1.3/procurement/itempriceindexes
URL: http://192.168.1.3/procurement/procurementplans
251
URL: http://192.168.1.3/procurement/purchasefollowups
URL: http://192.168.1.3/procurement/proformapurchases
URL: http://192.168.1.3/procurement/procurementsuppliers
URL: http://192.168.1.3/procurement/procurementlcmanagements
URL: http://192.168.1.3/procurement/procurementbankguarantees
URL: http://192.168.1.3/procurement/procurementcpomanagements
URL: http://192.168.1.3/procurement/reportprocurement
Inputs
Input scheme 1
Input name
page
Input type
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/tenderreport
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
252
URL: http://192.168.1.3/procurement/reportprocurement/tenderdetails
URL: http://192.168.1.3/procurement/reportprocurement/tenderdetails/9
URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitemprint
Inputs
Input scheme 1
Input name
dt1
Input type
URL encoded GET
253
dt2
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/getlotdetails
URL: http://192.168.1.3/procurement/reportprocurement/getlotdetails/8
254
URL: http://192.168.1.3/procurement/procurementcontractmanagements
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
URL: http://192.168.1.3/procurement/procurementcontractmanagements/edit
URL: http://192.168.1.3/procurement/procurementcontractmanagements/edit/4
255
URL: http://192.168.1.3/procurement/procurementcontractmanagements/delete
URL: http://192.168.1.3/procurement/procurementcontractmanagements/delete/7
URL: http://192.168.1.3/procurement/procurementcontractmanagements/details
URL: http://192.168.1.3/procurement/procurementcontractmanagements/details/7
URL: http://192.168.1.3/procurement/procurementsuppliercategories
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
256
URL: http://192.168.1.3/procurement/procurementsuppliercategories/edit
URL: http://192.168.1.3/procurement/procurementsuppliercategories/edit/9
URL: http://192.168.1.3/procurement/procurementsuppliercategories/delete
URL: http://192.168.1.3/procurement/procurementsuppliercategories/delete/7
257
URL: http://192.168.1.3/procurement/procurementsuppliercategories/details
URL: http://192.168.1.3/procurement/procurementsuppliercategories/details/4
URL: http://192.168.1.3/procurement/procurementannualneedassesments
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
258
URL: http://192.168.1.3/procurement/procurementannualneedassesments/edit
URL: http://192.168.1.3/procurement/procurementannualneedassesments/edit/13
URL: http://192.168.1.3/procurement/procurementannualneedassesments/delete
URL: http://192.168.1.3/procurement/procurementannualneedassesments/delete/14
259
URL: http://192.168.1.3/procurement/procurementannualneedassesments/details
URL: http://192.168.1.3/procurement/procurementannualneedassesments/details/13
URL: http://192.168.1.3/globalorginformations
URL: http://192.168.1.3/fleetmanagement
URL: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
260
URL: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype
URL: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
Inputs
261
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter
URL: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition
URL: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetequipmentregistrations
262
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer
URL:
http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard
URL:
http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/projectmanagement
URL: http://192.168.1.3/projectmanagement/projectestimationnames
URL: http://192.168.1.3/fonts/
263
URL: http://192.168.1.3/upload
264

Computer Generations

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Computer Generations

Diunggah oleh

Hak Cipta:

Format Tersedia

Acunetix Website Audit

Generated by Acunetix WVS Reporter (v10.0 Build 20150707)

- css => 14 file(s)

Acunetix Website Audit

List of external hosts

Acunetix Website Audit

Application error message

Acunetix Website Audit

Error message on page

Acunetix Website Audit

HTML form without CSRF protection

Acunetix Website Audit

Internal server error

Acunetix Website Audit

User credentials are sent in clear text

ASP.NET version disclosure

Cookie without HttpOnly flag set

Cookie without Secure flag set

Acunetix Website Audit

Login page password-guessing attack

OPTIONS method is enabled

Slow response time

Acunetix Website Audit

Email address found

Microsoft IIS version disclosure

Acunetix Website Audit

Password type input with auto-complete enabled

Possible CSRF (Cross-site request forgery)

Possible internal IP address disclosure

Acunetix Website Audit

Possible username or password disclosure

Acunetix Website Audit

Acunetix Website Audit

Application error message

Cache-Control: private, s-maxage=0

Acunetix Website Audit

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

POST /finance/bankaccounts/edit/7 HTTP/1.1

Content-Type: text/html; charset=utf-8

Date: Tue, 07 Jun 2016 01:15:46 GMT

Acunetix Website Audit

Acunetix Website Audit

Error message on page

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

HTML form without CSRF protection

Acunetix Website Audit

Acunetix Website Audit

GET /finance/reportfinance/supplierlist HTTP/1.1

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Internal server error

POST /account/delete/enanu HTTP/1.1

Date: Tue, 07 Jun 2016 01:54:04 GMT

Content-Type: text/html; charset=utf-8

HTTP/1.1 500 Internal Server Error

BP2pBBs8Vvd_m_; _culture=en-us; currentNavLi=link246;