Scribd
Upload
406 views65 pages

Acunetix Website Security Audit Report

The scan summary identifies 46 alerts across various severity levels from a scan of http://ns1.war2.ru:80/, including 4 high severity issues relating to SQL injection vulnerabilities and denial of service attacks. The report provides details on each alert such as the affected files/servers, potential impacts, and recommendations for remediation.

Uploaded by

Anonymous JyKPfbZBQ
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
406 views65 pages

Acunetix Website Security Audit Report

The scan summary identifies 46 alerts across various severity levels from a scan of http://ns1.war2.ru:80/, including 4 high severity issues relating to SQL injection vulnerabilities and denial of service attacks. The report provides details on each alert such as the affected files/servers, potential impacts, and recommendations for remediation.

Uploaded by

Anonymous JyKPfbZBQ
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Acunetix Website Audit

20 June, 2016

Developer Report

Generated by Acunetix WVS Reporter (v9.0 Build 20130904)

Scan of [Link]
Scan details
Scan information
Start time
Finish time
Scan time
Profile

6/20/2016 [Link] PM
The scan was aborted
42 minutes, 46 seconds
Default

Server information
Responsive
Server banner
Server OS
Server technologies

True
Apache/2.2.25 (FreeBSD) PHP/5.2.17 with Suhosin-Patch mod_ssl/2.2.25 OpenSSL/1.0.1e DAV/2
Unix
PHP

Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A
malicious user can exploit these vulnerabilities and compromise the backend database
and/or deface your website.

Alerts distribution
Total alerts found

46

High

Medium

Low

17

Informational

16

Alerts summary
Blind SQL Injection
Affects
/modules/news/
/modules/news/[Link]

Variation
s1
1

PHP Hash Collision denial of service vulnerability


Affects
Web Server

Variation
s1

Slow HTTP Denial of Service Attack


Affects
Web Server

Variation
s1

Application error message


Affects
/modules/news/[Link]

Acunetix Website Audit

Variation
s6

Backup files
Affects
/serverdat.php_

Variation
s1

User credentials are sent in clear text


Affects
/[Link]

Variation
s2

Login page password-guessing attack


Affects
/webmail/src/[Link]

Variation
s1

Possible sensitive directories


Affects
/cache/system
/class/database
/class/fckeditor
/include
/manager
/modules/news/admin
/modules/news/include
/modules/news/sql
/temp

Variation
s1
1
1
1
1
1
1
1
1

Possible sensitive files


Affects
/[Link]
/manual/[Link]

Variation
s1
1

Session Cookie without HttpOnly flag set


Affects
/

Variation
s1

Session Cookie without Secure flag set


Affects
/

Variation
s3

TRACE method is enabled


Affects
Web Server

Variation
s1

Broken links
Variation
Affects
/%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Use%20of%20undefined%20constant%20XOOPS_U s1
RL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/include/fu
[Link]%3C/b%3E%20on%20line%20%3Cb%3E69%3C/b%3E%3Cbr%20/%3EXOOPS_URL/include/sty
[Link]
/[Link]
/[Link]-once
/[Link]

Acunetix Website Audit

1
1
1
3

Email address found


Affects
/modules/news
/modules/news/[Link]

Variation
s1
1

GHDB: Default phpinfo page


Affects
/temp/[Link]

Variation
s1

GHDB: Mp3 file


Affects
/files
/files/other/ksa2005
/image/other

Variation
s1
1
1

GHDB: phpinfo()
Affects
/temp/[Link]

Variation
s1

GHDB: SquirrelMail login page


Affects
/webmail/src/[Link]

Variation
s1

Password type input with auto-complete enabled


Affects
/modules/news
/[Link]
/webmail/src/[Link]

Variation
s1
2
1

Acunetix Website Audit

Alert details
Blind SQL Injection
Severity
High
Type
Validation
Reported by module Scripting (Blind_Sql_Injection.script)
Description
This script is possibly vulnerable to SQL Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input.
An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't
properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is
relatively easy to protect against, there is a large number of web applications vulnerable.
Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your
database and/or expose sensitive information.
Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access
for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use sub
selects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell
commands on the underlying operating system.
Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server
functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Recommendation
Your script should filter metacharacters from user input.
Check detailed information for more information about fixing this vulnerability.
References
VIDEO: SQL Injection tutorial
OWASP PHP Top 5
SQL Injection Walkthrough
OWASP Injection Flaws
Acunetix SQL Injection Attack
How to check for SQL injection vulnerabilities
Affected items
/modules/news/
Details
HTTP Header input Client-IP was set to
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"*/
Tests performed:
- if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"*/ =>
13.39 s
- if(now()=sysdate(),sleep(9),0)/*'XOR(if(now()=sysdate(),sleep(9),0))OR'"XOR(if(now()=sysdate(),sleep(9),0))OR"*/ ...
(line truncated)
Request headers
GET /modules/news/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Client-IP:
if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sys
date(),sleep(0),0))OR"*/
Acunetix Website Audit
5

X-Requested-With: XMLHttpRequest
Referer: [Link]
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*
/modules/news/[Link]
Details
HTTP Header input X-Forwarded-For was set to
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/
Tests performed:
- (select(0)from(select(sleep(9)))v)/*'+(select(0)from(select(sleep(9)))v)+'"+(select(0)from(select(sleep(9)))v)+"*/ =>
20.015 s
- (select(0)from(select(sleep(3)))v)/*'+(select(0)from(select(sleep(3)))v)+'"+(select(0)from(select(slee ... (line truncated)
Request headers
GET /modules/news/[Link] HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
X-Forwarded-For:
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)fr
om(select(sleep(0)))v)+"*/
X-Requested-With: XMLHttpRequest
Referer: [Link]
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*

Acunetix Website Audit

PHP Hash Collision denial of service vulnerability


Severity
High
Type
Configuration
Reported by module Scripting (PHP_Hash_Collision_Denial_Of_Service.script)
Description
This alert was generated using only banner information. It may be a false positive.
Hash tables are a commonly used data structure in most programming languages. Web application servers or platforms
commonly parse attacker-controlled POST form data into hash tables automatically, so that they can be accessed by
application developers. If the language does not provide a randomized hash function or the application server does not
recognize attacks using multi-collisions, an attacker can degenerate the hash table by sending lots of colliding keys. The
algorithmic complexity of inserting n elements into the table then goes to O(n**2), making it possible to exhaust hours of
CPU time using a single HTTP request.
Affected PHP versions (up to 5.3.8).
Impact
Denial of service
Recommendation
Upgrade PHP to version 5.3.9 or higher.
References
Denial of Service through hash table multi-collisions
PHP 5.3.9 Changelog
#2011-003 multiple implementations denial-of-service via hash algorithm collision
Affected items
Web Server
Details
Current version is : 5.2.17

Acunetix Website Audit

Slow HTTP Denial of Service Attack


Severity
High
Type
Configuration
Reported by module Slow_HTTP_DOS
Description
Your web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be
completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is
very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources
busy, this creates a denial of service.
Impact
A single machine can take down another machine's web server with minimal bandwidth and side effects on unrelated
services and ports.
Recommendation
Consult Web references for information about protecting your web server against this type of attack.
References
Slowloris HTTP DoS
Slowloris DOS Mitigation Guide
Protect Apache Against Slowloris Attack
Affected items
Web Server
Details
Time difference between connections: 10328 ms

Acunetix Website Audit

Application error message


Severity
Medium
Type
Validation
Reported by module Scripting (MongoDB_Injection.script)
Description
This page contains an error/warning message that may disclose sensitive [Link] message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Review the source code for this script.
References
PHP Runtime Configuration
Affected items
/modules/news/[Link]
Details
URL encoded GET input start was set to 1
Error message found: <b>Warning</b>: preg_match() expects parameter 2 to be string, array given in
<b>/home/war2/data/www/[Link]/include/[Link]</b> on line <b>78</b><br />
Request headers
GET /modules/news/[Link]?start[$acunetix]=1&storynum=5&storytopic=0 HTTP/1.1
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/modules/news/[Link]
Details
URL encoded GET input start was set to 10
Error message found: <b>Warning</b>: preg_match() expects parameter 2 to be string, array given in
<b>/home/war2/data/www/[Link]/include/[Link]</b> on line <b>78</b><br />
Request headers
GET /modules/news/[Link]?start[]=10&storynum=5&storytopic=0 HTTP/1.1
Referer: [Link]
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/modules/news/[Link]
Details
URL encoded GET input storynum was set to 1
Error message found: <b>Warning</b>: preg_match() expects parameter 2 to be string, array given in
<b>/home/war2/data/www/[Link]/include/[Link]</b> on line <b>78</b><br />
Request headers
GET /modules/news/[Link]?start=105&storynum[$acunetix]=1&storytopic=0 HTTP/1.1
Host: [Link]
Connection: Keep-alive
Acunetix Website Audit

Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/modules/news/[Link]
Details
URL encoded GET input storynum was set to 5
Error message found: <b>Warning</b>: preg_match() expects parameter 2 to be string, array given in
<b>/home/war2/data/www/[Link]/include/[Link]</b> on line <b>78</b><br />
Request headers
GET /modules/news/[Link]?start=105&storynum[]=5&storytopic=0 HTTP/1.1
Referer: [Link]
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/modules/news/[Link]
Details
URL encoded GET input storytopic was set to 1
Error message found: <b>Warning</b>: preg_match() expects parameter 2 to be string, array given in
<b>/home/war2/data/www/[Link]/include/[Link]</b> on line <b>78</b><br />
Request headers
GET /modules/news/[Link]?start=105&storynum=5&storytopic[$acunetix]=1 HTTP/1.1
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/modules/news/[Link]
Details
URL encoded GET input storytopic was set to 0
Error message found: <b>Warning</b>: preg_match() expects parameter 2 to be string, array given in
<b>/home/war2/data/www/[Link]/include/[Link]</b> on line <b>78</b><br />
Request headers
GET /modules/news/[Link]?start=105&storynum=5&storytopic[]=0 HTTP/1.1
Referer: [Link]
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

10

Backup files
Severity
Medium
Type
Validation
Reported by module Scripting (Backup_File.script)
Description
A possible backup file was found on your web-server. These files are usually created by developers to backup their work.
Impact
Backup files can contain script sources, configuration files or other sensitive information that may help an malicious user
to prepare more advanced attacks.
Recommendation
Remove the file(s) if they are not required on your website. As an additional step, it is recommended to implement a
security policy within your organization to disallow creation of backup files in directories accessible from the web.
References
Testing for Old, Backup and Unreferenced Files (OWASP-CM-006)
Security Tips for Server Configuration
Protecting Confidential Documents at Your Site
Affected items

Acunetix Website Audit

11

/serverdat.php_
Details
This file was found using the pattern ${fileName}${fileExt}_.
Original filename: [Link]
Source code pattern found:
<?php
function Lecho($arrmsg)
{
global $lang;
if(isset($arrmsg[$lang]))echo $arrmsg[$lang];
elseif(isset($arrmsg["en"]))echo $arrmsg["en"];
}
$url_date = '[Link]
if(isset($_GET["server"]))
{
switch($_GET["server"])
{
case "reportb":$url_date = '[Link]
}
}
$lang="en";
if(isset($_GET["lang"]))
{
switch($_GET["lang"])
{
case "ru":
$lang="ru"; break;
default:
$lang="en";
}
}
if($lang=="ru")header("Content-type: text/html; charset=windows-1251");
if(!@$fd = file($url_date))
{
Lecho(array("en"=>'Server unavailable<br />',"ru"=>'
Request headers
GET /serverdat.php_ HTTP/1.1
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

12

User credentials are sent in clear text


Severity
Medium
Type
Informational
Reported by module Crawler
Description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an
encrypted channel (HTTPS) to avoid being intercepted by malicious users.
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
Recommendation
Because user credentials are considered sensitive information, should always be transferred to the server over an
encrypted connection (HTTPS).
Affected items
/[Link]
Details
Form name: userinfo
Form action: [Link]
Form method: POST
Form inputs:
- uname [Text]
- email [Text]
- user_viewemail [Checkbox]
- timezone_offset [Select]
- user_avatar [Select]
- pass [Password]
- vpass [Password]
- zonetext [TextArea]
- user_mailok [Radio]
- verify_text [Text]
- verify_crc [Hidden]
- op [Hidden]
- submit [ ... (line truncated)
Request headers
GET /[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

13

/[Link]
Details
Form name: userinfo
Form action: [Link]
Form method: POST
Form inputs:
- uname [Text]
- email [Text]
- user_viewemail [Checkbox]
- timezone_offset [Select]
- user_avatar [Select]
- pass [Password]
- vpass [Password]
- zonetext [TextArea]
- user_mailok [Radio]
- verify_text [Text]
- verify_crc [Hidden]
- op [Hidden]
- submit [ ... (line truncated)
Request headers
GET /[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

14

Login page password-guessing attack


Severity
Low
Type
Validation
Reported by module Scripting (Html_Authentication_Audit.script)
Description
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack
is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and
symbols until you discover the one correct combination that works.
This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended
to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web
references for more information about fixing this problem.
Impact
An attacker may attempt to discover a weak password by systematically trying every possible combination of letters,
numbers, and symbols until it discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
References
Blocking Brute Force Attacks
Affected items
/webmail/src/[Link]
Details
The scanner tested 10 invalid credentials and no account lockout was detected.
Request headers
POST /webmail/src/[Link] HTTP/1.1
Content-Length: 83
Content-Type: application/x-www-form-urlencoded
Referer: [Link]
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
js_autodetect_results=1&just_logged_in=1&login_username=BpyhY7Jt&secretkey=1n73Y7Kd

Acunetix Website Audit

15

Possible sensitive directories


Severity
Low
Type
Validation
Reported by module Scripting (Possible_Sensitive_Directories.script)
Description
A possible sensitive directory has been found. This directory is not directly linked from the [Link] check looks for
common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each
one of these directories could help an attacker to learn more about his target.
Impact
This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.
Recommendation
Restrict access to this directory or remove it from the website.
References
Web Server Security and Database Server Security
Affected items
/cache/system
Details
No details are available.
Request headers
GET /cache/system HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/class/database
Details
No details are available.
Request headers
GET /class/database HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/class/fckeditor
Details
No details are available.
Request headers
GET /class/fckeditor HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Acunetix Website Audit

16

/include
Details
No details are available.
Request headers
GET /include HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/manager
Details
No details are available.
Request headers
GET /manager HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/modules/news/admin
Details
No details are available.
Request headers
GET /modules/news/admin HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/modules/news/include
Details
No details are available.
Request headers
GET /modules/news/include HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/modules/news/sql
Details
No details are available.
Request headers
GET /modules/news/sql HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Acunetix Website Audit

17

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)


Chrome/28.0.1500.63 Safari/537.36
/temp
Details
No details are available.
Request headers
GET /temp HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36

Acunetix Website Audit

18

Possible sensitive files


Severity
Low
Type
Validation
Reported by module Scripting (Possible_Sensitive_Files.script)
Description
A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common
sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Each
one of these files could help an attacker to learn more about his target.
Impact
This file may expose sensitive information that could help a malicious user to prepare more advanced attacks.
Recommendation
Restrict access to this file or remove it from the website.
References
Web Server Security and Database Server Security
Affected items
/[Link]
Details
No details are available.
Request headers
GET /[Link] HTTP/1.1
Accept: acunetix/wvs
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/manual/[Link]
Details
No details are available.
Request headers
GET /manual/[Link] HTTP/1.1
Accept: acunetix/wvs
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36

Acunetix Website Audit

19

Session Cookie without HttpOnly flag set


Severity
Low
Type
Informational
Reported by module Crawler
Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser
that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection
for session cookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
/
Details
Cookie name: "PPA_ID"
Cookie domain: "[Link]"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

20

Session Cookie without Secure flag set


Severity
Low
Type
Informational
Reported by module Crawler
Description
This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the
cookie can only be accessed over secure SSL channels. This is an important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the Secure flag for this cookie.
Affected items
/
Details
Cookie name: "SQMSESSID"
Cookie domain: "[Link]"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/
Details
Cookie name: "squirrelmail_language"
Cookie domain: "[Link]"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

21

/
Details
Cookie name: "PPA_ID"
Cookie domain: "[Link]"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

22

TRACE method is enabled


Severity
Low
Type
Validation
Reported by module Scripting (Track_Trace_Server_Methods.script)
Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web
browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
Impact
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and
authentication data.
Recommendation
Disable TRACE Method on the web server.
References
W3C - RFC 2616
US-CERT VU#867593
Cross-site tracing (XST)
Affected items
Web Server
Details
No details are available.
Request headers
TRACE /0XX1x4a3AM HTTP/1.1
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

23

Broken links
Severity
Informational
Type
Informational
Reported by module Crawler
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.
This page was linked from the website but it is inaccessible.
Impact
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
/%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Use%20of%20undefined%20constant%20XOOPS_URL%20%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/include/[Link]%
3C/b%3E%20on%20line%20%3Cb%3E69%3C/b%3E%3Cbr%20/%3EXOOPS_URL/include/[Link]
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET
/%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Use%20of%20undefined%20constant%20XOOPS_URL%20%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/include/functions
.php%3C/b%3E%20on%20line%20%3Cb%3E69%3C/b%3E%3Cbr%20/%3EXOOPS_URL/include/[Link]
HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/[Link]
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Acunetix Website Audit

24

Accept: */*
/[Link]-once
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /[Link]-once HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/[Link]
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

25

Email address found


Severity
Informational
Type
Informational
Reported by module Scripting (Text_Search_Dir.script)
Description
One or more email addresses have been found on this page. The majority of spam comes from email addresses
harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour
the internet looking for email addresses on any website they come across. Spambot programs look for strings like
myname@[Link] and then record any addresses found.
Impact
Email addresses posted on Web sites may attract spam.
Recommendation
Check references for details on how to solve this problem.
References
Email Address Disclosed on Website Can be Used for Spam
Affected items
/modules/news
Details
Pattern found: ksa@[Link]
Request headers
GET /modules/news/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/modules/news/[Link]
Details
Pattern found: ksa@[Link]
Request headers
GET /modules/news/[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Acunetix Website Audit

26

Accept: */*

Acunetix Website Audit

27

GHDB: Default phpinfo page


Severity
Informational
Type
Informational
Reported by module GHDB
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Files containing passwords
This will look throught default phpinfo pages for ones that have a default mysql password.
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Not available. Check description.
References
The Google Hacking Database (GHDB) community
Acunetix Google hacking
Affected items
/temp/[Link]
Details
We found intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine"
Request headers
GET /temp/[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

28

GHDB: Mp3 file


Severity
Informational
Type
Informational
Reported by module GHDB
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Sensitive Directories
Yes! I probably have should have told you guys earlier, but this is how ive been getting 100% of my mp3s. It fricken
rocks, use it and abuse it. Downfalls to it... a)sometimes you shouldnt include mp3 in the query and getting what you
want takes several different methods of searching b)a lot of the time google gives you results and they are not there
thanks to good old friend 404 c)finding stuff takes a lot of practice. Goods... a)ive found whole albums b)ive mass
downloaded directories of hundreds of songs that i have intrest in c)its exciting seeing the results, like fining treasure.
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Not available. Check description.
References
Acunetix Google hacking
The Google Hacking Database (GHDB) community
Affected items
/files
Details
We found intitle:"index of" -inurl:htm -inurl:html mp3
Request headers
GET /files/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/files/other/ksa2005
Details
We found intitle:"index of" -inurl:htm -inurl:html mp3
Request headers
GET /files/other/ksa2005/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: PPA_ID=2oe42d1pb80rre6l17qnrdml07
Host: [Link]
Acunetix Website Audit

29

Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/image/other
Details
We found intitle:"index of" -inurl:htm -inurl:html mp3
Request headers
GET /image/other/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

30

GHDB: phpinfo()
Severity
Informational
Type
Informational
Reported by module GHDB
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Files containing juicy info
this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! I
mean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apache
env vars, *sigh* the list goes on and on! Thanks "joe!" =)
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Not available. Check description.
References
The Google Hacking Database (GHDB) community
Acunetix Google hacking
Affected items
/temp/[Link]
Details
We found intitle:phpinfo "PHP Version"
Request headers
GET /temp/[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

31

GHDB: SquirrelMail login page


Severity
Informational
Type
Informational
Reported by module GHDB
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.
Category : Pages containing login portals
SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP
and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility
across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the
functionality you would want from an email client, including strong MIME support, address books, and folder
manipulation.
The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Impact
Not available. Check description.
Recommendation
Not available. Check description.
References
The Google Hacking Database (GHDB) community
Acunetix Google hacking
Affected items
/webmail/src/[Link]
Details
We found inurl:[Link] "SquirrelMail version"
Request headers
GET /webmail/src/[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

32

Password type input with auto-complete enabled


Severity
Informational
Type
Informational
Reported by module Crawler
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password
should be saved. Thereafter when the form is displayed, the name and password are filled in automatically or are
completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser
cache.
Impact
Possible sensitive information disclosure
Recommendation
The password auto-complete should be disabled in sensitive applications.
To disable auto-complete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">

Affected items
/modules/news
Details
Password type input named pass from unnamed form with action [Link] has autocomplete
enabled.
Request headers
GET /modules/news/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/[Link]
Details
Password type input named pass from form named userinfo with action [Link] has autocomplete enabled.
Request headers
GET /[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
Acunetix Website Audit

33

/[Link]
Details
Password type input named vpass from form named userinfo with action [Link] has autocomplete enabled.
Request headers
GET /[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/webmail/src/[Link]
Details
Password type input named secretkey from form named login_form with action [Link] has autocomplete enabled.
Request headers
GET /webmail/src/[Link] HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: [Link]
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: [Link]
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*

Acunetix Website Audit

34

Scanned items (coverage report)


Scanned 430 URLs. Found 18 vulnerable.
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
3 input(s) found for this URL
Inputs
Input scheme 1
Input name
start
storynum
storytopic

Input type
URL encoded GET
URL encoded GET
URL encoded GET

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
Acunetix Website Audit

35

URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

36

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name
lang
server

Input type
URL encoded GET
URL encoded GET

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
Acunetix Website Audit

37

URL: [Link]
Vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name

Input type
URL encoded GET

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
13 input(s) found for this URL
Inputs
Input scheme 1
Input name
email
op
pass
submit
timezone_offset
uname
user_avatar
user_mailok
user_viewemail
verify_crc
verify_text
vpass
Acunetix Website Audit

Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
38

zonetext

URL encoded POST

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

39

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

40

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

41

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

42

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

43

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

44

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

45

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

46

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

47

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

48

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

49

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

50

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

51

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

52

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

53

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

54

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

55

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

56

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

57

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

58

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

59

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

60

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
4 input(s) found for this URL
Inputs
Input scheme 1
Input name
js_autodetect_results
just_logged_in
login_username
secretkey

Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

61

URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
Acunetix Website Audit

62

URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/includ
e
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/includ
e/[Link]%3C
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/includ
e/[Link]%3C/b%3E%20on%20line%20%3Cb%3E69%3C
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/includ
e/[Link]%3C/b%3E%20on%20line%20%3Cb%3E69%3C/b%3E%3Cbr%20
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/includ
e/[Link]%3C/b%3E%20on%20line%20%3Cb%3E69%3C/b%3E%3Cbr%20/%3EXOOPS_URL
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/includ
e/[Link]%3C/b%3E%20on%20line%20%3Cb%3E69%3C/b%3E%3Cbr%20/%3EXOOPS_URL/include
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
XOOPS_URL%20-%20assumed%20'XOOPS_URL'%20in%20%3Cb%3E/home/war2/data/www/[Link]/includ
e/[Link]%3C/b%3E%20on%20line%20%3Cb%3E69%3C/b%3E%3Cbr%20/%3EXOOPS_URL/include/style.c
ss
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: [Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>
No vulnerabilities has been identified for this URL
No input(s) found for this URL
Acunetix Website Audit

63

URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www/[Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www/[Link]/include
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www/[Link]/include/[Link]<
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www/[Link]/include/[Link]</b>%20o
n%20line%20<b>69<
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www/[Link]/include/[Link]</b>%20o
n%20line%20<b>69</b><br%20
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www/[Link]/include/[Link]</b>%20o
n%20line%20<b>69</b><br%20/>XOOPS_URL
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

64

URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www/[Link]/include/[Link]</b>%20o
n%20line%20<b>69</b><br%20/>XOOPS_URL/include
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL:
[Link]
20assumed%20'XOOPS_URL'%20in%20<b>/home/war2/data/www/[Link]/include/[Link]</b>%20o
n%20line%20<b>69</b><br%20/>XOOPS_URL/include/[Link]
No vulnerabilities has been identified for this URL
No input(s) found for this URL

Acunetix Website Audit

65

You might also like