Detailed Scan Report: Acunetix Website Audit 2 November, 2010

Acunetix Website Audit
2 November, 2010
Detailed Scan Report
Generated by Acunetix WVS Reporter (v6.0 Build 20081124)

Scan of http://elangbiru.co.id:80/
Scan details
Scan information
Starttime 11/2/2010 10:17:25 AM
Finish time 11/2/2010 5:39:44 PM
Scan time 7 hours, 22 minutes
Profile default
Server information
Responsive True
Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1
Server banner
mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8
Server OS Unix
Server technologies PHP,Perl,mod_ssl,mod_perl,OpenSSL,FrontPage
Threat level
Acunetix Threat Level 2

One or more medium-severity type vulnerabilities have been by the scanner.
You should investigate each of these vulnerabilities to ensure they will not
escalate to more severe problems.
Alerts distribution
Total alerts found 20

High 0
Medium 2
Low 1
Informational 17
Knowledge base
List of open TCP ports
There are 3 open TCP ports on the remote host.
Port 21 - [ftp] is open.

Port banner:
---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
-You are user number 1 of 50 allowed.
-Local time is now 11:18. Server port: 21.
-This is a private system - No anonymous login
-IPv6 connections are also welcome on this s ...
Port 22 - [ssh] is open.

Port banner:
SSH-2.0-OpenSSH_4.3
Port 80 - [http] is open.
Whois lookup
Acunetix Website Audit 2
Whois result for IP address 180.235.148.97:
% This is the RIPE Database query service.

% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
List of client scripts

These files contain Javascript code referenced from the website.
 /index.php
 /templates/yoo_studio/lib/js/mootools.js
 /templates/yoo_studio/lib/js/addons/base.js
 /templates/yoo_studio/lib/js/addons/accordionmenu.js
 /templates/yoo_studio/lib/js/addons/fancymenu.js
 /templates/yoo_studio/lib/js/addons/dropdownmenu.js
 /templates/yoo_studio/lib/js/template.js
 /plugins/system/mediaobject/js/mediaobject-150.js
 /modules/mod_yoo_scroller/mod_yoo_scroller.js
 /modules/mod_yoo_search/mod_yoo_search.js
 /media/system/js/caption.js
 /components/com_livechat/js/livechat_v3.js
List of files with inputs

These files have at least one input (GET or POST).
 /index.php - 31 inputs
 /plugins/system/jceutilities/css/jceutilities.css - 1 inputs
 /plugins/system/jceutilities/themes/standard/css/style.css - 1 inputs
 /plugins/system/jceutilities/themes/standard/css/style_ie6.css - 1 inputs
 /plugins/system/jceutilities/js/jceutilities.js - 1 inputs
 /plugins/system/yoo_effects/yoo_effects.js.php - 5 inputs
 /modules/mod_jlivechat/dynamic.php - 2 inputs
List of external hosts

These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts
allowed.(Settings->Scanners settings->Scanner->List of hosts allowed).
 www.yootheme.com
 www.getfirefox.com
 www.apple.com
 www.opera.com
 www.microsoft.com
 mail.elangbiru.co.id
 warp.yootheme.com
 www.elangbiru.co.id
 zoo.yootheme.com
 tools.yootheme.com
 jigsaw.w3.org
 teamlog.yootheme.com
 tutorials.yootheme.com
 www.mootools.net
Alerts summary

Apache Mod_SSL Log Function Format String Vulnerability
Affects Variations
mod_ssl 1
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability

Affects Variations
mod_ssl 1
User credentials are sent in clear text

Affects Variations
/index.php 1
Files listed in robots.txt but not linked

Affects Variations
/administrator 1
/cache 1
/components 1
/images 1
/includes 1
/installation 1
/language 1
/libraries 1
/media 1
/modules 1
/plugins 1
/templates 1
/tmp 1
/xmlrpc 1
GHDB: robots.txt file

Affects Variations
/robots.txt 1
GHDB: robots.txt with Disallow tag

Affects Variations
/robots.txt 1
Password type input with autocomplete enabled

Affects Variations
/index.php 1

Alert details
Apache Mod_SSL Log Function Format String Vulnerability
Severity Medium
Type Validation
Reported by module Version check
Description
This alert was generated using only banner information. It may be a false positive.
A format string vulnerability has been found in mod_ssl versions older than 2.8.19. Successful exploitation of this issue will
most likely allow an attacker to execute arbitrary code on the affected computer.
Affected mod_ssl versions (up to 2.8.18).
Impact
Denial of service and/or possible arbitrary code execution.
Recommendation
Upgrade mod_ssl to the latest version.
Affected items
mod_ssl
Details
Current version is mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4
FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 PHP/5.3.3
Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability
Severity Medium
Type Validation
Reported by module Version check
Description
This alert was generated using only banner information. It may be a false positive.
A stack-based buffer overflow has been reported in the Apache mod_ssl module. This issue would most likely result in a
denial of service if triggered, but could theoretically allow for execution of arbitrary code. The issue is not believed to be
exploitable to execute arbitrary code on x86 architectures, though this may not be the case with other architectures.
Affected mod_ssl versions (up to 2.8.17).
Impact
Denial of service and/or possible arbitrary code execution.
Recommendation
Upgrade mod_ssl to the latest version.
Affected items

mod_ssl
Details
Current version is mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4
FrontPage/5.0.2.2635 mod_perl/2.0.4 Perl/v5.8.8 PHP/5.3.3
User credentials are sent in clear text
Severity Low
Type Informational
Reported by module Crawler
Description
User credentials are not encrypted when they are transmitted.
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
Recommendation
Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an
encrypted connection.
Affected items
/index.php
Details
It seemes that user credentials are sent to /index.php in clear text.
Request
GET /index.php?option=com_content&view=frontpage&Itemid=1 HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: elangbiru.co.id
Cookie: 7df71366168362a461f0845fea3e4de7=e35092dc009b7d21ec362f389d9bd645
Connection: Close
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Pragma: no-cache
Acunetix-aspect-queries: filelist;aspectalerts
Referer: http://elangbiru.co.id/
Acunetix-Product: WVS/5.1 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Response
HTTP/1.0 200 OK
Date: Tue, 02 Nov 2010 03:18:43 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_perl/2.0.4
Perl/v5.8.8
X-Powered-By: PHP/5.3.3
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Tue, 02 Nov 2010 03:18:44 GMT
Content-Type: text/html; charset=utf-8
Files listed in robots.txt but not linked
Severity Informational
Type Informational
Description
This file is listed in robots.txt but it's not linked anywhere in the site.
Impact
Possible sensitive information disclosure.
Recommendation
In robots.txt you should only include files or directories linked on the site.
Affected items
/administrator
Details
No details are available.
Request
Response
/cache
Details
Request
Response
/components
Details
Request
Response
/images
Details
Request
Response
/includes
Details
Request
Response
/installation
Details

Request
Response
/language
Details
Request
Response
/libraries
Details
Request
Response
/media
Details
Request
Response
/modules
Details
Request
Response
/plugins
Details
Request
Response
/templates
Details
Request
Response

/tmp
Details
Request
Response
/xmlrpc
Details
Request
Response
GHDB: robots.txt file
Type Informational
Reported by module GHDB - Google hacking database
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Files containing juicy info
Webmasters wanting to exclude search engine robots from certain parts of their site often choose the use of a robot.txt file
on the root of the server. This file basicly tells the bot which directories are supposed to be off-limits. An attacker can
easily obtain that information by very simply opening that plain text file in his browser. Webmasters should *never* rely on
this for real security issues. Google helps the attacker by allowing a search for the "disallow" keyword.
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Affected items
/robots.txt
Details
We found
(inurl:"robot.txt" | inurl:"robots.txt" ) intext:disallow filetype:txt
Request
GET /robots.txt HTTP/1.0
Accept: */*
Connection: Close
Pragma: no-cache
Response
HTTP/1.0 200 OK
Date: Tue, 02 Nov 2010 03:18:42 GMT
Perl/v5.8.8
Last-Modified: Sat, 28 Mar 2009 06:30:02 GMT
ETag: "2600f22-130-46627faa94e80"
Accept-Ranges: bytes
Content-Length: 304
Content-Type: text/plain
GHDB: robots.txt with Disallow tag
Type Informational
Reported by module GHDB - Google hacking database
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Files containing juicy info
The robots.txt file serves as a set of instructions for web crawlers. The "disallow" tag tells a web crawler where NOT to
look, for whatever reason. Hackers will always go to those places first!
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Recommendation
Affected items
/robots.txt
Details
We found
"robots.txt" "Disallow:" filetype:txt
Request
GET /robots.txt HTTP/1.0
Accept: */*
Connection: Close
Pragma: no-cache

Response
HTTP/1.0 200 OK
Date: Tue, 02 Nov 2010 03:18:42 GMT
Perl/v5.8.8
Last-Modified: Sat, 28 Mar 2009 06:30:02 GMT
ETag: "2600f22-130-46627faa94e80"
Accept-Ranges: bytes
Content-Length: 304
Content-Type: text/plain
Password type input with autocomplete enabled
Type Informational
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should
be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the
name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
Impact
Possible sensitive information disclosure
Recommendation
The password autocomplete should be disabled in sensitive applications.
To disable autocomplete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
/index.php
Details
Password type input named passwd from form named login with action /index.php?
option=com_content&view=frontpage&Itemid=1 has autocomplete enabled.
Request
GET /index.php?option=com_content&view=frontpage&Itemid=1 HTTP/1.0
Accept: */*
Connection: Close
Pragma: no-cache
Referer: http://elangbiru.co.id/
Response
HTTP/1.0 200 OK
Date: Tue, 02 Nov 2010 03:18:43 GMT
Perl/v5.8.8
X-Powered-By: PHP/5.3.3

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Tue, 02 Nov 2010 03:18:44 GMT

Detailed Scan Report: Acunetix Website Audit 2 November, 2010

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Detailed Scan Report: Acunetix Website Audit 2 November, 2010

Uploaded by

Copyright:

Available Formats

Acunetix Website Audit

Detailed Scan Report

Generated by Acunetix WVS Reporter (v6.0 Build 20081124)

Acunetix Threat Level 2

Total alerts found 20

Port 21 - [ftp] is open.

Port 22 - [ssh] is open.

Port 80 - [http] is open.

% This is the RIPE Database query service.

List of client scripts

List of files with inputs

List of external hosts

Acunetix Website Audit 3

Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability

User credentials are sent in clear text

Files listed in robots.txt but not linked

GHDB: robots.txt file

GHDB: robots.txt with Disallow tag

Password type input with autocomplete enabled

Acunetix Website Audit 4

Apache Mod_SSL Log Function Format String Vulnerability

Affected mod_ssl versions (up to 2.8.18).

Apache Mod_SSL SSL_Util_UUEncode_Binary Stack Buffer Overflow Vulnerability

Affected mod_ssl versions (up to 2.8.17).

Acunetix Website Audit 5

User credentials are sent in clear text

Files listed in robots.txt but not linked

Acunetix Website Audit 7

Acunetix Website Audit 8

GHDB: robots.txt file

Category : Files containing juicy info

GHDB: robots.txt with Disallow tag

Category : Files containing juicy info

Acunetix Website Audit 10

Password type input with autocomplete enabled

Acunetix Website Audit 11

Acunetix Website Audit 12

You might also like