Professional Documents
Culture Documents
15 October, 2016
Developer Report
Portal Akademik
Universitas Negeri Padang
Oleh
Khairil Alvin Gaffar
1414370114
Scan of https://portal.unp.ac.id:443/
Scan details
Scan information
Start time
Finish time
Scan time
Profile
Server information
Responsive
Server banner
Server OS
Server technologies
15/10/2016 9:49:57
15/10/2016 9:59:21
9 minutes, 24 seconds
Default
True
Apache
Unknown
Threatlevel
Acunetix Threat Level 3
Satu atau lebih jenis Tinggi beratnya kerentanan telah ditemukan oleh pemindai. Seorang
user berbahaya dapat mengeksploitasi kerentanan ini dan membahayakan database
backend dan / atau melakukan deface pada website Anda.
Alertsdistribution
Total alerts found
27
High
Medium
Low
Informational
Knowledge base
SSL server running [443]
A TLS1 server is running on TCP port 443.
High strength
- TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA(OpenSSL ciphername: DHE-RSA-AES256-SHA, Protocol version:
TLSv1, Key Exchange: DH, Autentication: RSA, Symmetric encryption method: AES(256), Message authentication code:
SHA1) - High strength
- TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: RSA, Autentication: RSA, Symmetric encryption method: Camellia(128), Message authentication code: SHA1)
- High strength
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: DH, Autentication: RSA, Symmetric encryption method: Camellia(128), Message authentication code: SHA1) High strength
- TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: RSA, Autentication: RSA, Symmetric encryption method: Camellia(256), Message authentication code: SHA1)
- High strength
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: DH, Autentication: RSA, Symmetric encryption method: Camellia(256), Message authentication code: SHA1) High strength
- TLS1_CK_RSA_WITH_SEED_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key Exchange: RSA,
Autentication: RSA, Symmetric encryption method: SEED(128), Message authentication code: SHA1) - High strength
- TLS1_CK_DHE_RSA_WITH_SEED_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key Exchange:
DH, Autentication: RSA, Symmetric encryption method: SEED(128), Message authentication code: SHA1) - High strength
- TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key Exchange:
ECDH, Autentication: RSA, Symmetric encryption method: RC4(128), Message authentication code: SHA1) - High
strength
- TLS1_CK_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: ECDH, Autentication: RSA, Symmetric encryption method: 3DES(168), Message authentication code: SHA1) High strength
- TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: ECDH, Autentication: RSA, Symmetric encryption method: AES(128), Message authentication code: SHA1) High strength
- TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: ECDH, Autentication: RSA, Symmetric encryption method: AES(256), Message authentication code: SHA1) High strength
- Certificate 1:
Issuer:
Country Name: BE
Organization Name: GlobalSign nv-sa
Common Name: GlobalSign Organization Validation CA - SHA256 - G2
Recipient:
Country Name: ID
State Or Province Name: West Sumatra
Locality Name: Padang
Organization Name: Universitas Negeri Padang
Common Name: portal.unp.ac.id
Certificate version: 2
Serial number:
4290e43bac9b58526f0499c5
Finger print:
3161eff7ada832c296868093ebd38797
Algorithm ID:
1.2.840.113549.1.1.11
Valability start: Wed Sep 21 16:06:13 UTC+0700 2016
Valability end:
Fri Sep 22 16:06:13 UTC+0700 2017
Expire in:
342 days
- Certificate 2:
Issuer:
Country Name: BE
Organization Name: GlobalSign nv-sa
Organizational Unit Name: Root CA
Common Name: GlobalSign Root CA
Recipient:
Country Name: BE
Listoffileextensions
File extensions can provide information on what technologies are being used on this website.
List of file extensions detected:
- html => 14 file(s)
- css => 8 file(s)
- bak => 9 file(s)
- php => 3 file(s)
- txt => 1 file(s)
- js => 3 file(s)
Top10responsetimes
The files listed below had the slowest response times measured during the crawling process. The average response time
for this site was 67,18 ms. These files could be targetted in denial of service attacks.
1. /system/application, response time 625 ms
GET /system/application/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/system/application/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts Cookie:
ci_session=BGQFaVVmAj4HLgcmVTxRYVRgVT1XIAAnVzRddlcmBzhSbQluVQ4AagJnViIAPAF0UDgPblY3CTICJFdhUz
5VMVM2WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWI
gA8AXRQOA9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXe
wdiUjYJLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRR
HVQ%2FVX1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFF
YFAzYEMQV6VXICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1Vi
UyFaawJ2Aj0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (K2. /system/application/css, response time
625 ms
GET /system/application/css/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/system/application/css/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts Cookie:
ci_session=BGQFaVVmAj4HLgcmVTxRYVRgVT1XIAAnVzRddlcmBzhSbQluVQ4AagJnViIAPAF0UDgPblY3CTICJFdhUz
5VMVM2WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWI
gA8AXRQOA9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBX
ewdiUjYJLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSR
RHVQ%2FVX1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSF
FYFAzYEMQV6VXICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1
ViUyFaawJ2Aj0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/5
Listoffileswithinputs
These files have at least one input (GET or POST).
- / - 3 inputs
- /login - 1 inputs
- /login/cekuser - 2 inputs
- /login/gagal - 1 inputs
- /login/gagal/20161015095001000000.html - 1 inputs
- /login/gagal/20161015095003000000.html - 1 inputs
- /home/about - 1 inputs
- /home/contact - 1 inputs
- /index.php - 1 inputs
Listofexternalhosts
These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts
allowed.(Settings->Scanners settings->Scanner->List of hosts allowed).
- validator.w3.org
- jigsaw.w3.org
Listofemailaddresses
List of all email addresses found on this host.
- puskom@unp.ac.id
Alerts summary
Configuration file source code disclosure
Affects
/system/application/config/config.php.bak
/system/application/config/database.php.bak
Variation
1
1
Backup files
Affects
/system/application/config/config.php.bak
/system/application/config/database.php.bak
Variation
1
1
Directory listing
Affects
/js
/system/application/css
Variation
1
1
Variation
2
1
Variation
1
Documentation file
Affects
/license.txt
Variation
1
Variation
1
1
1
1
1
Variation
1
Variation
1
Broken links
/login/gagal (560c78bee1afe173b1a570843109f0b4)
Variation
1
1
1
1
1
1
/login/gagal/20161015095001000000.html (560c78bee1afe173b1a570843109f0b4)
/login/gagal/20161015095003000000.html (560c78bee1afe173b1a570843109f0b4)
1
1
Affects
/ (560c78bee1afe173b1a570843109f0b4)
/home/about (560c78bee1afe173b1a570843109f0b4)
/home/contact (560c78bee1afe173b1a570843109f0b4)
/index.php (560c78bee1afe173b1a570843109f0b4)
/login (560c78bee1afe173b1a570843109f0b4)
Variation
1
Alertdetails
Configuration file source code disclosure
High
Severity
Type
Validation
Reported by module Scripting (Config_File_Disclosure.script)
Description
Sebuah backup / file konfigurasi sementara ditemukan di direktori ini. Hal ini telah dipastikan bahwa file ini berisi source
code PHP.
Beberapa teks editor populer seperti Vim dan Emacs secara otomatis membuat salinan cadangan dari file yang Anda
edit, lalu memberi mereka nama-nama seperti "wp-config.php ~" dan "# wp-config.php #". Jika teks editor yang crash atau
koneksi SSH menurun selama editing, maka file backup sementara mungkin tidak dibersihkan dengan benar. Juga,
kadang-kadang pengembang membuat jenis file untuk cadangan pekerjaan mereka atau oleh administrator ketika
membuat backup dari web server. Kebanyakan server, termasuk Apache, akan melayani plaintext dari .php ~ dan # file
.php tanpa melewati mereka melalui preprocessor PHP pertama, karena mereka tidak memiliki ekstensi file .php.
Impact
File konfigurasi akan mengungkapkan informasi sensitif yang akan membantu pengguna berbahaya untuk membuat
serangan lebih maju.
Recommendation
Hapus file ini dari web server. Sebagai langkah tambahan, disarankan untuk menerapkan kebijakan keamanan dalam
organisasi Anda untuk melarang penciptaan file-file sementara / backup di direktori yang dapat diakses dari web.
References
1%ofCMS-PoweredSitesExposeTheirDatabasePasswords
TestingforOld,BackupandUnreferencedFiles(OWASP-CM-006)
Affected items
/system/application/config/config.php.bak
Details
Configuration file variant found: config.php.bak
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
|-------------------------------------------------------------------------| Base Site URL
|-------------------------------------------------------------------------|
| URL to your CodeIgniter root. Typically this will be your base URL,
| WITH a trailing slash:
|
| http://example.com/
|
*/
$config['base_url'] = "http://portal.jayanusa.ac.id/index.php";
/*
|-------------------------------------------------------------------------| Index File
|-------------------------------------------------------------------------|
| Typically this will be your index.php file, unless you've renamed it to
| something else. If you are using mod_rewrite to remove the page set this
| variable so that it is blank.
|
*/
$config['index_page'] = "";
Acunetix Website Audit
/*
|-------------------------------------------------------------------------| URI PROTOCOL
|-------------------------------------------------------------------------|
| This item determines which server global should be used to retrieve the
| URI string. The default setting of "AUTO" works for most servers.
| If your links do not seem to work, try one of the other delicious flavors:
|
| 'AUTO' Default - auto detects
| 'PATH_INFO' Uses the PATH_INFO
| 'QUERY_STRING' Uses the QUERY_STRING
| 'REQUEST_URI' Uses the REQUEST_URI
| 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
|
*/
$config['uri_protocol'] = "AUTO";
/*
|-------------------------------------------------------------------------| URL suffix
|-------------------------------------------------------------------------|
| This option allows you to add a suffix to all URLs generated by CodeIgniter.
| For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/urls.html
*/
$config['url_suffix'] = "";
/*
|-------------------------------------------------------------------------| Default Language
|-------------------------------------------------------------------------|
| This determines which set of language files should be used. Make sure
| there is an available translation if you intend to use something other
| than english.
|
*/
$config['language'] = "english";
/*
|-------------------------------------------------------------------------| Default Character Set
|-------------------------------------------------------------------------|
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
*/
$config['charset'] = "UTF-8";
/*
|-------------------------------------------------------------------------| Enable/Disable System Hooks
|-------------------------------------------------------------------------|
| If you would like to use the "hooks" feature you must enable it by
| setting this variable to TRUE (boolean). See the user guide for details.
|
*/
$config['enable_hooks'] = FALSE;
/*
|-------------------------------------------------------------------------| Class Extension Prefix
|-------------------------------------------------------------------------|
| This item allows you to set the filename/classname prefix when extending
| native libraries. For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/core_classes.html
| http://codeigniter.com/user_guide/general/creating_libraries.html
|
*/
$config['subclass_prefix'] = 'MY_';
/*
|-------------------------------------------------------------------------| Allowed URL Characters
|-------------------------------------------------------------------------|
| This lets you specify with a regular expression which characters are permitted
| within your URLs. When someone tries to submit a URL with disallowed
| characters they will get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_|
| Leave blank to allow all characters -- but only if you are insane.
|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
/*
|-------------------------------------------------------------------------| Enable Query Strings
|-------------------------------------------------------------------------|
| By default CodeIgniter uses search-engine friendly segment based URLs:
| example.com/who/what/where/
|
| You can optionally enable standard query string based URLs:
| example.com?who=me&what=something&where=here
|
| Options are: TRUE or FALSE (boolean)
|
| The other items let you set the query string "words" that will
| invoke your controllers and its functions:
| example.com/index.php?c=controller&m=function
|
| Please note that some of the helpers won't work as expected when
| this feature is enabled, since CodeIgniter is designed primarily to
| use segment based URLs.
|
*/
$config['enable_query_strings'] = FALSE;
$config['controller_trigger'] = 'c';
$config['function_trigger'] = 'm';
$config['directory_trigger'] = 'd'; // experimental not currently in use
/*
|-------------------------------------------------------------------------| Error Logging Threshold
|-------------------------------------------------------------------------|
| If you have enabled error logging, you can set an error threshold to
| determine what gets logged. Threshold options are:
| You can enable error logging by setting a threshold over zero. The
| threshold determines what gets logged. Threshold options are:
|
| 0 = Disables logging, Error logging TURNED OFF
| 1 = Error Messages (including PHP errors)
| 2 = Debug Messages
| 3 = Informational Messages
| 4 = All Messages
|
| For a live site you'll usually only enable Errors (1) to be logged otherwise
| your log files will fill up very fast.
|
*/
$config['log_threshold'] = 0;
/*
|-------------------------------------------------------------------------| Error Logging Directory Path
|-------------------------------------------------------------------------|
| Leave this BLANK unless you would like to set something other than the default
| system/logs/ folder. Use a full server path with trailing slash.
|
*/
$config['log_path'] = '';
/*
|-------------------------------------------------------------------------| Date Format for Logs
|-------------------------------------------------------------------------|
| Each item that is logged has an associated date. You can use PHP date
| codes to set your own date formatting
|
*/
$config['log_date_format'] = 'Y-m-d H:i:s';
/*
|-------------------------------------------------------------------------| Cache Directory Path
|-------------------------------------------------------------------------|
| Leave this BLANK unless you would like to set something other than the default
| system/cache/ folder. Use a full server path with trailing slash.
|
*/
$config['cache_path'] = '';
/*
|-------------------------------------------------------------------------| Encryption Key
|-------------------------------------------------------------------------|
| If you use the Encryption class or the Sessions class with encryption
| enabled you MUST set an encryption key. See the user guide for info.
|
*/
$config['encryption_key'] = "";
/*
|-------------------------------------------------------------------------| Session Variables
|-------------------------------------------------------------------------|
| 'session_cookie_name' = the name you want for the cookie
10
11
12
/system/application/config/database.php.bak
Details
Configuration file variant found: database.php.bak
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
| ------------------------------------------------------------------| DATABASE CONNECTIVITY SETTINGS
| ------------------------------------------------------------------| This file will contain the settings needed to access your database.
|
| For complete instructions please consult the "Database Connection"
| page of the User Guide.
|
| ------------------------------------------------------------------| EXPLANATION OF VARIABLES
| ------------------------------------------------------------------|
| ['hostname'] The hostname of your database server.
| ['username'] The username used to connect to the database
| ['password'] The password used to connect to the database
| ['database'] The name of the database you want to connect to
| ['dbdriver'] The database type. ie: mysql. Currently supported:
mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
| ['dbprefix'] You can add an optional prefix, which will be added
| to the table name when using the Active Record class
| ['pconnect'] TRUE/FALSE - Whether to use a persistent connection
| ['db_debug'] TRUE/FALSE - Whether database errors should be displayed.
| ['cache_on'] TRUE/FALSE - Enables/disables query caching
| ['cachedir'] The path to the folder where cache files should be stored
| ['char_set'] The character set used in communicating with the database
| ['dbcollat'] The character collation used in communicating with the database
|
| The $active_group variable lets you choose which connection group to
| make active. By default there is only one group (the "default" group).
|
| The $active_record variables lets you determine whether or not to load
| the active record class
*/
$active_group = "default";
$active_record = TRUE;
//************** AKTIFKAN BARIS DIBAWAH INI UNTUK KONEKSI KE ORACLE
//$tns = "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT =
1523)))(CONNECT_DATA=(SID=jn)))";
//$db['default']['hostname'] = "tns";
$db['default']['hostname'] = "10.1.1.18";
$db['default']['username'] = "amin";
$db['default']['password'] = "bismillah";
$db['default']['database'] = "trainingsia";
$db['default']['dbdriver'] = "mysql";
$db['default']['dbprefix'] = "";
$db['default']['pconnect'] = FALSE;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = "";
$db['default']['char_set'] = "utf8";
$db['default']['dbcollat'] = "utf8_general_ci";
Request headers
GET /system/application/config/database.php.bak HTTP/1.1
(line truncated)
Acunetix Website Audit
13
...AFNAJhBGEAPwY0AmdVNlViB2UIOQNjAmRSMFM0AzICaQdjB2VQZgpgDWpWZlZgUmlVZwUzAzZQJFdrUidSOlA
zBWYDOAEnADsBJFNYB2BbZwVjAiYEMQB6BnECI1VvVXAHOgg%2FA2UCalIjU2MDNQJlB3wHYlBgCmcNIVYzVjJSd
VVgBTUDMVAkV2tSJ1I6UDMFZgM4AScAJwEnU2IHc1tcBWYCMwQxAGcGdgIjVW9VcAc6CDsDYQJqUiNTHwNoAioHO
wc%2FUDoKMw0gVjVWKFJrVXEFLgNVUG9XPlIwUm9QdQUlAyIBSwAGAXRTMQcvWzIFPAJ0BAMARgZVAjdVYFUqByA
ITwMhAiBSbVM3A1ACNQcwBxhQPwomDSBWNVY1UnlVagV1AzhQN1djUm5SIlBuBTcDcQFxAA0BNVNkB3VbagVxAj0
EIABwBiACOlUnVTkHMQg%2BA2sCclIwU2YDMAJmB2cHY1BmCmMNOlY5ViRSYFUs
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
14
Backup files
Medium
Severity
Type
Validation
Reported by module Scripting (Backup_File.script)
Description
Sebuah file backup yang mungkin ditemukan di web-server Anda. File-file ini biasanya dibuat oleh pengembang untuk
membackup pekerjaan mereka.
Impact
Backup file dapat berisi sumber naskah, file konfigurasi atau informasi sensitif lainnya yang dapat membantu pengguna
jahat untuk membuat serangan yang lebih berbahaya.
Recommendation
Hapus berkas-berkas jika memang tidak diperlukan di website Anda. Sebagai langkah tambahan, disarankan untuk
menerapkan kebijakan keamanan dalam organisasi Anda untuk melarang penciptaan file backup di direktori, yang dapat
diakses dari web.
References
TestingforOld,BackupandUnreferencedFiles(OWASP-CM-006)
SecurityTipsforServerConfiguration
ProtectingConfidentialDocumentsatYourSite
Affected items
15
/system/application/config/config.php.bak
Details
This file was found using the pattern ${fileName}${fileExt}.bak.
Original filename: config.php
Source code pattern found:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
|-------------------------------------------------------------------------| Base Site URL
|-------------------------------------------------------------------------|
| URL to your CodeIgniter root. Typically this will be your base URL,
| WITH a trailing slash:
|
| http://example.com/
|
*/
$config['base_url'] = "http://portal.jayanusa.ac.id/index.php";
/*
|-------------------------------------------------------------------------| Index File
|-------------------------------------------------------------------------|
| Typically this will be your index.php file, unless you've renamed it to
| something else. If you are using mod_rewrite to remove the page set this
| variable so that it is blank.
|
*/
$config['index_page'] = "";
/*
|-------------------------------------------------------------------------| URI PROTOCOL
|-------------------------------------------------------------------------|
| This item determines which server global should be used to retrieve the
| URI string. The default setting of "AUTO" works for most servers.
| If your links do not seem to work, try one of the other delicious flavors:
|
| 'AUTO' Default - auto detects
| 'PATH_INFO' Uses the PATH_INFO
| 'QUERY_STRING' Uses the QUERY_STRING
| 'REQUEST_URI' Uses the REQUEST_URI
| 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
|
*/
$config['uri_protocol'] = "AUTO";
/*
|-------------------------------------------------------------------------| URL suffix
|-------------------------------------------------------------------------|
| This option allows you to add a suffix to all URLs generated by CodeIgniter.
| For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/urls.html
*/
$config['url_suffix'] = "";
/*
|--------------------------------------------------------------------------
16
| Default Language
|-------------------------------------------------------------------------|
| This determines which set of language files should be used. Make sure
| there is an available translation if you intend to use something other
| than english.
|
*/
$config['language'] = "english";
/*
|-------------------------------------------------------------------------| Default Character Set
|-------------------------------------------------------------------------|
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
*/
$config['charset'] = "UTF-8";
/*
|-------------------------------------------------------------------------| Enable/Disable System Hooks
|-------------------------------------------------------------------------|
| If you would like to use the "hooks" feature you must enable it by
| setting this variable to TRUE (boolean). See the user guide for details.
|
*/
$config['enable_hooks'] = FALSE;
/*
|-------------------------------------------------------------------------| Class Extension Prefix
|-------------------------------------------------------------------------|
| This item allows you to set the filename/classname prefix when extending
| native libraries. For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/core_classes.html
| http://codeigniter.com/user_guide/general/creating_libraries.html
|
*/
$config['subclass_prefix'] = 'MY_';
/*
|-------------------------------------------------------------------------| Allowed URL Characters
|-------------------------------------------------------------------------|
| This lets you specify with a regular expression which characters are permitted
| within your URLs. When someone tries to submit a URL with disallowed
| characters they will get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_|
| Leave blank to allow all characters -- but only if you are insane.
|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
17
/*
|-------------------------------------------------------------------------| Enable Query Strings
|-------------------------------------------------------------------------|
| By default CodeIgniter uses search-engine friendly segment based URLs:
| example.com/who/what/where/
|
| You can optionally enable standard query string based URLs:
| example.com?who=me&what=something&where=here
|
| Options are: TRUE or FALSE (boolean)
|
| The other items let you set the query string "words" that will
| invoke your controllers and its functions:
| example.com/index.php?c=controller&m=function
|
| Please note that some of the helpers won't work as expected when
| this feature is enabled, since CodeIgniter is designed primarily to
| use segment based URLs.
|
*/
$config['enable_query_strings'] = FALSE;
$config['controller_trigger'] = 'c';
$config['function_trigger'] = 'm';
$config['directory_trigger'] = 'd'; // experimental not currently in use
/*
|-------------------------------------------------------------------------| Error Logging Threshold
|-------------------------------------------------------------------------|
| If you have enabled error logging, you can set an error threshold to
| determine what gets logged. Threshold options are:
| You can enable error logging by setting a threshold over zero. The
| threshold determines what gets logged. Threshold options are:
|
| 0 = Disables logging, Error logging TURNED OFF
| 1 = Error Messages (including PHP errors)
| 2 = Debug Messages
| 3 = Informational Messages
| 4 = All Messages
|
| For a live site you'll usually only enable Errors (1) to be logged otherwise
| your log files will fill up very fast.
|
*/
$config['log_threshold'] = 0;
/*
|-------------------------------------------------------------------------| Error Logging Directory Path
|-------------------------------------------------------------------------|
| Leave this BLANK unless you would like to set something other than the default
| system/logs/ folder. Use a full server path with trailing slash.
|
*/
$config['log_path'] = '';
/*
|-------------------------------------------------------------------------| Date Format for Logs
|-------------------------------------------------------------------------|
| Each item that is logged has an associated date. You can use PHP date
18
19
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = true;
/*
|-------------------------------------------------------------------------| Output Compression
|-------------------------------------------------------------------------|
| Enables Gzip output compression for faster page loads. When enabled,
| the output class will test whether your server supports Gzip.
| Even if it does, however, not all browsers support compression
| so enable only if you are reasonably sure your visitors can handle it.
|
| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
| means you are prematurely outputting something to your browser. It could
| even be a line of whitespace at the end of one of your scripts. For
| compression to work, nothing can be sent before the output buffer is called
| by the output class. Do not "echo" any values with compression enabled.
|
*/
$config['compress_output'] = FALSE;
/*
|-------------------------------------------------------------------------| Master Time Reference
|-------------------------------------------------------------------------|
| Options are "local" or "gmt". This pref tells the system whether to use
| your server's local time as the master "now" reference, or convert it to
| GMT. See the "date helper" page of the user guide for information
| regarding date handling.
|
*/
$config['time_reference'] = 'local';
/*
|-------------------------------------------------------------------------| Rewrite PHP Short Tags
|-------------------------------------------------------------------------|
| If your PHP installation does not have short tag support enabled CI
| can rewrite the tags on-the-fly, enabling you to utilize that syntax
| in your view files. Options are TRUE or FALSE (boolean)
|
*/
$config['rewrite_short_tags'] = FALSE;
/*
|-------------------------------------------------------------------------| Reverse Proxy IPs
|-------------------------------------------------------------------------|
| If your server is behind a reverse proxy, you must whitelist the proxy IP
| addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR
| header in order to properly identify the visitor's IP address.
| Comma-delimited, e.g. '10.0.1.200,10.0.1.201'
|
*/
$config['proxy_ips'] = '';
/* End of file config.php */
20
/* Location: ./system/application/config/config.php */
Request headers
GET /system/application/config/config.php.bak HTTP/1.1
Range: bytes=0-99999
(line truncated)
...AFNAJhBGEAPwY0AmdVNlViB2UIOQNjAmRSMFM0AzICaQdjB2VQZgpgDWpWZlZgUmlVZwUzAzZQJFdrUidSOlA
zBWYDOAEnADsBJFNYB2BbZwVjAiYEMQB6BnECI1VvVXAHOgg%2FA2UCalIjU2MDNQJlB3wHYlBgCmcNIVYzVjJSd
VVgBTUDMVAkV2tSJ1I6UDMFZgM4AScAJwEnU2IHc1tcBWYCMwQxAGcGdgIjVW9VcAc6CDsDYQJqUiNTHwNoAioHO
wc%2FUDoKMw0gVjVWKFJrVXEFLgNVUG9XPlIwUm9QdQUlAyIBSwAGAXRTMQcvWzIFPAJ0BAMARgZVAjdVYFUqByA
ITwMhAiBSbVM3A1ACNQcwBxhQPwomDSBWNVY1UnlVagV1AzhQN1djUm5SIlBuBTcDcQFxAA0BNVNkB3VbagVxAj0
EIABwBiACOlUnVTkHMQg%2BA2sCclIwU2YDMAJmB2cHY1BmCmMNOlY5ViRSYFUs
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
21
/system/application/config/database.php.bak
Details
This file was found using the pattern ${fileName}${fileExt}.bak.
Original filename: database.php
Source code pattern found:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
| ------------------------------------------------------------------| DATABASE CONNECTIVITY SETTINGS
| ------------------------------------------------------------------| This file will contain the settings needed to access your database.
|
| For complete instructions please consult the "Database Connection"
| page of the User Guide.
|
| ------------------------------------------------------------------| EXPLANATION OF VARIABLES
| ------------------------------------------------------------------|
| ['hostname'] The hostname of your database server.
| ['username'] The username used to connect to the database
| ['password'] The password used to connect to the database
| ['database'] The name of the database you want to connect to
| ['dbdriver'] The database type. ie: mysql. Currently supported:
mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
| ['dbprefix'] You can add an optional prefix, which will be added
| to the table name when using the Active Record class
| ['pconnect'] TRUE/FALSE - Whether to use a persistent connection
| ['db_debug'] TRUE/FALSE - Whether database errors should be displayed.
| ['cache_on'] TRUE/FALSE - Enables/disables query caching
| ['cachedir'] The path to the folder where cache files should be stored
| ['char_set'] The character set used in communicating with the database
| ['dbcollat'] The character collation used in communicating with the database
|
| The $active_group variable lets you choose which connection group to
| make active. By default there is only one group (the "default" group).
|
| The $active_record variables lets you determine whether or not to load
| the active record class
*/
$active_group = "default";
$active_record = TRUE;
//************** AKTIFKAN BARIS DIBAWAH INI UNTUK KONEKSI KE ORACLE
//$tns = "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT =
1523)))(CONNECT_DATA=(SID=jn)))";
//$db['default']['hostname'] = "tns";
$db['default']['hostname'] = "10.1.1.18";
$db['default']['username'] = "amin";
$db['default']['password'] = "bismillah";
$db['default']['database'] = "trainingsia";
$db['default']['dbdriver'] = "mysql";
$db['default']['dbprefix'] = "";
$db['default']['pconnect'] = FALSE;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = "";
$db['default']['char_set'] = "utf8";
$db['default']['dbcollat'] = "utf8_general_ci";
Request headers
Acunetix Website Audit
22
23
Directory listing
Medium
Severity
Type
Information
Reported by module Scripting (Directory_Listing.script)
Description
Web server dikonfigurasi untuk menampilkan daftar file yang terdapat di direktori ini. Hal ini tidak dianjurkan karena
direktori dapat berisi file-file yang tidak biasanya dapat ditampilkan lewat tautan di situs web.
Impact
Seorang pengguna dapat melihat daftar semua file dari direktori ini dan mungkin dapat menampilkan informasi sensitif.
Recommendation
Anda harus memastikan direktori tidak berisi informasi sensitif atau Anda mungkin ingin membatasi daftar direktori
dari konfigurasi web server.
References
DirectoryListingandInformationDisclosure
Affected items
/js
Details
Pattern found: Last modified</a>
Request headers
GET /js/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/js/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...AFNAJhBGEAPwY0AmdVNlViB2UIOQNjAmRSMFM0AzICaQdjB2VQZgpgDWpWZlZgUmlVZwUzAzZQJFdrUidSOlA
zBWYDOAEnADsBJFNYB2BbZwVjAiYEMQB6BnECI1VvVXAHOgg%2FA2UCalIjU2MDNQJlB3wHYlBgCmcNIVYzVjJSd
VVgBTUDMVAkV2tSJ1I6UDMFZgM4AScAJwEnU2IHc1tcBWYCMwQxAGcGdgIjVW9VcAc6CDsDYQJqUiNTHwNoAioHO
wc%2FUDoKMw0gVjVWKFJrVXEFLgNVUG9XPlIwUm9QdQUlAyIBSwAGAXRTMQcvWzIFPAJ0BAMARgZVAjdVYFUqByA
ITwMhAiBSbVM3A1ACNQcwBxhQPwomDSBWNVY1UnlVagV1AzhQN1djUm5SIlBuBTcDcQFxAA0BNVNkB3VbagVxAj0
EIABwBiACOlUnVTkHMQg%2BA2sCclIwU2YDMAJmB2cHY1BmCmMNOlY5ViRSYFUs
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/system/application/css
Details
Pattern found: Last modified</a>
Request headers
GET /system/application/css/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/system/application/css/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
Acunetix Website Audit
24
...WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWIgA8AXRQO
A9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXewdiUjY
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2FV
X1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6V
XICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2A
j0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
25
Request headers
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...Y0CzACNQExUTYJMAIxUmlXb1E3UTVSMFQ0AjEANlZiAjYNawBmU2UHZQ9nAWAHZlYyBWlSbgJiAzACdldrUSR
WPlQ3VTYGPQchUmlVcFZdBmELNwJkASVRZAlzAnVSc1dtUXRRbFJlVDICagBxVmYCNA1qAHtTNgc3D2IBLQdiVjI
FIlJnAjIDMQJ2V2tRJFY%2BVDdVNgY9ByFSdVVzVmcGcgsMAmEBMFFkCW4CclJzV21RdFFsUmFUNgJqAHFWGgJpD
SUAPFNrB20PNgEsB2RWKAU8UnYCKQNVAj1XPlEzVmtUcVV1BicHTVJUVSBWNAYuC2ICOwF3UVYJTwJRUmdXYlEuU
XZSFVR2AiAAP1YyAlENOgA3U0wHaA8jASwHZFY1BS5SbQJyAzgCZVdjUW1WJlRqVWcGdAd3Ul9VYVZhBnQLOgJ2A
T5RdQl5AiRSalclUT1RZ1JkVDwCcgBiVmMCMQ1pAGFTPgc4D2ABOgdoViQFN1Ir
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
26
/
Details
Form name: frmlogin
Form action: https://portal.unp.ac.id/login/cekuser
Form method: POST
Form inputs:
- userid [Hidden]
- password [Hidden]
- jnploginid [Text]
- jnploginpass [Password]
- commit [Submit]
Request headers
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...Y0CzACNQExUTYJMAIxUmlXb1E3UTVSMFQ0AjEANlZiAjYNawBmU2UHZQ9nAWAHZlYyBWlSbgJiAzACdldrUSR
WPlQ3VTYGPQchUmlVcFZdBmELNwJkASVRZAlzAnVSc1dtUXRRbFJlVDICagBxVmYCNA1qAHtTNgc3D2IBLQdiVjI
FIlJnAjIDMQJ2V2tRJFY%2BVDdVNgY9ByFSdVVzVmcGcgsMAmEBMFFkCW4CclJzV21RdFFsUmFUNgJqAHFWGgJpD
SUAPFNrB20PNgEsB2RWKAU8UnYCKQNVAj1XPlEzVmtUcVV1BicHTVJUVSBWNAYuC2ICOwF3UVYJTwJRUmdXYlEuU
XZSFVR2AiAAP1YyAlENOgA3U0wHaA8jASwHZFY1BS5SbQJyAzgCZVdjUW1WJlRqVWcGdAd3Ul9VYVZhBnQLOgJ2A
T5RdQl5AiRSalclUT1RZ1JkVDwCcgBiVmMCMQ1pAGFTPgc4D2ABOgdoViQFN1Ir
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/login/gagal/20161015095001000000.html
Details
Form name: frmlogin
Form action: https://portal.unp.ac.id/login/cekuser
Form method: POST
Form inputs:
- jnploginid [Text]
- jnploginpass [Password]
- commit [Submit]
Request headers
GET /login/gagal/20161015095001000000.html HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/login/cekuser
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWIgA8AXRQO
A9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXewdiUjY
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2FV
X1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6V
XICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2A
j0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Acunetix Website Audit
27
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
28
29
Documentation file
Low
Severity
Type
Configuration
Reported by module Scripting (Readme_Files.script)
Description
Sebuah file dokumentasi (misalnya readme.txt, CHANGELOG.txt, ...) ditemukan pada direktori ini. Informasi yang
terkandung dalam file-file ini bisa membantu penyerang untuk mengidentifikasi aplikasi web yang Anda gunakan dan
melihat versi aplikasi yang digunakan. Dianjurkan untuk menghapus file-file tersebut dari sistem.
Impact
File-file ini dapat mengungkapkan informasi sensitif. Informasi ini dapat digunakan untuk memulai serangan yang lebih
berbahaya.
Recommendation
Hapus atau membatasi akses semua file dokumentasi yang dapat diakses dari internet.
Affected items
/license.txt
Details
File contents (first 250 characters):Copyright (c) 2008 - 2009, EllisLab, Inc.
All rights reserved.
This license is a legal agreement between you and EllisLab Inc. for the use
of CodeIgniter Software (the "Software"). By obtaining the Software you
agree to comply with the terms and co ...
Request headers
GET /license.txt HTTP/1.1
(line truncated)
...9TZVQ0VmBSYgU5VWMONlc4VmVUZgZgAWUFN1RjVGBRNlFgBjZUMFozDW0HNVc0AjpXZQM3BTVQJAM%2FVSAHb
wNgCGsJMldxAToBJAcMCm0OMlM1VHBWY1IoBXJVdA40V3JWa1RjBmABaQV0VGRUYlE2USoGY1RkWjcNIQdiVzMCJ
VdiAzMFN1AkAz9VIAdvA2AIawkyV3EBJgEnBzYKfg4JUzBUZVZjUjUFdVV0DjRXclZrVGcGZAFpBXRUGFQ%2FUXl
RbQY%2BVD5aYw0gB2RXKQI7V3MDKAVTUG8DalU3BzoDJggoCShXHQEHAXQHZQoiDmdTalQiVlFSFAVWVWAOO1coV
nFUEwYkASMFOlQwVAdRZlFmBhlUO1p2DSAHZFc0AilXaANzBT5QNwM3VWkHdwM9CDoJe1cnAQwBNQcwCngOP1MnV
GtWclIiBSNVbQ58VztWYFRiBm4BcQVnVGFUZ1E1UTAGa1RrWjoNPwdlVyUCMFcu
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
30
31
32
/system/application/errors
Details
No details are available.
Request headers
GET /system/application/errors HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
(line truncated)
...9TZVQ0VmBSYgU5VWMONlc4VmVUZgZgAWUFN1RjVGBRNlFgBjZUMFozDW0HNVc0AjpXZQM3BTVQJAM%2FVSAHb
wNgCGsJMldxAToBJAcMCm0OMlM1VHBWY1IoBXJVdA40V3JWa1RjBmABaQV0VGRUYlE2USoGY1RkWjcNIQdiVzMCJ
VdiAzMFN1AkAz9VIAdvA2AIawkyV3EBJgEnBzYKfg4JUzBUZVZjUjUFdVV0DjRXclZrVGcGZAFpBXRUGFQ%2FUXl
RbQY%2BVD5aYw0gB2RXKQI7V3MDKAVTUG8DalU3BzoDJggoCShXHQEHAXQHZQoiDmdTalQiVlFSFAVWVWAOO1coV
nFUEwYkASMFOlQwVAdRZlFmBhlUO1p2DSAHZFc0AilXaANzBT5QNwM3VWkHdwM9CDoJe1cnAQwBNQcwCngOP1MnV
GtWclIiBSNVbQ58VztWYFRiBm4BcQVnVGFUZ1E1UTAGa1RrWjoNPwdlVyUCMFcu
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/system/database
Details
No details are available.
Request headers
GET /system/database HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
(line truncated)
...9TZVQ0VmBSYgU5VWMONlc4VmVUZgZgAWUFN1RjVGBRNlFgBjZUMFozDW0HNVc0AjpXZQM3BTVQJAM%2FVSAHb
wNgCGsJMldxAToBJAcMCm0OMlM1VHBWY1IoBXJVdA40V3JWa1RjBmABaQV0VGRUYlE2USoGY1RkWjcNIQdiVzMCJ
VdiAzMFN1AkAz9VIAdvA2AIawkyV3EBJgEnBzYKfg4JUzBUZVZjUjUFdVV0DjRXclZrVGcGZAFpBXRUGFQ%2FUXl
RbQY%2BVD5aYw0gB2RXKQI7V3MDKAVTUG8DalU3BzoDJggoCShXHQEHAXQHZQoiDmdTalQiVlFSFAVWVWAOO1coV
nFUEwYkASMFOlQwVAdRZlFmBhlUO1p2DSAHZFc0AilXaANzBT5QNwM3VWkHdwM9CDoJe1cnAQwBNQcwCngOP1MnV
GtWclIiBSNVbQ58VztWYFRiBm4BcQVnVGFUZ1E1UTAGa1RrWjoNPwdlVyUCMFcu
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
/system/logs
Details
No details are available.
Request headers
GET /system/logs HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
(line truncated)
...9TZVQ0VmBSYgU5VWMONlc4VmVUZgZgAWUFN1RjVGBRNlFgBjZUMFozDW0HNVc0AjpXZQM3BTVQJAM%2FVSAHb
wNgCGsJMldxAToBJAcMCm0OMlM1VHBWY1IoBXJVdA40V3JWa1RjBmABaQV0VGRUYlE2USoGY1RkWjcNIQdiVzMCJ
VdiAzMFN1AkAz9VIAdvA2AIawkyV3EBJgEnBzYKfg4JUzBUZVZjUjUFdVV0DjRXclZrVGcGZAFpBXRUGFQ%2FUXl
RbQY%2BVD5aYw0gB2RXKQI7V3MDKAVTUG8DalU3BzoDJggoCShXHQEHAXQHZQoiDmdTalQiVlFSFAVWVWAOO1coV
nFUEwYkASMFOlQwVAdRZlFmBhlUO1p2DSAHZFc0AilXaANzBT5QNwM3VWkHdwM9CDoJe1cnAQwBNQcwCngOP1MnV
GtWclIiBSNVbQ58VztWYFRiBm4BcQVnVGFUZ1E1UTAGa1RrWjoNPwdlVyUCMFcu
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
32
33
34
Broken links
Informational
Severity
Type
Informational
Reported by module Crawler
Description
Sebuah link yang rusak mengacu pada setiap link yang akan membawa Anda ke sebuah dokumen, gambar atau web
page, yang benar-benar mengakibatkan error. Halaman ini terhubung dari situs web tetapi tidak dapat diakses.
Impact
Permasalahan pada navigasi situs.
Recommendation
Hapus link yang menuju ke file ini atau membuatnya untuk dapat diakses.
Affected items
/ (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /?search= HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...Y0CzACNQExUTYJMAIxUmlXb1E3UTVSMFQ0AjEANlZiAjYNawBmU2UHZQ9nAWAHZlYyBWlSbgJiAzACdldrUSR
WPlQ3VTYGPQchUmlVcFZdBmELNwJkASVRZAlzAnVSc1dtUXRRbFJlVDICagBxVmYCNA1qAHtTNgc3D2IBLQdiVjI
FIlJnAjIDMQJ2V2tRJFY%2BVDdVNgY9ByFSdVVzVmcGcgsMAmEBMFFkCW4CclJzV21RdFFsUmFUNgJqAHFWGgJpD
SUAPFNrB20PNgEsB2RWKAU8UnYCKQNVAj1XPlEzVmtUcVV1BicHTVJUVSBWNAYuC2ICOwF3UVYJTwJRUmdXYlEuU
XZSFVR2AiAAP1YyAlENOgA3U0wHaA8jASwHZFY1BS5SbQJyAzgCZVdjUW1WJlRqVWcGdAd3Ul9VYVZhBnQLOgJ2A
T5RdQl5AiRSalclUT1RZ1JkVDwCcgBiVmMCMQ1pAGFTPgc4D2ABOgdoViQFN1Ir
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/home/about (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /home/about?search= HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/home/about
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWIgA8AXRQO
A9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXewdiUjY
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2F
Acunetix Website Audit
35
VX1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6
VXICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2
Aj0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/home/contact (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /home/contact?search= HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/home/contact
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWIgA8AXRQO
A9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXewdiUjY
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2FV
X1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6V
XICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2A
j0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/index.php (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /index.php?search= HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...AFNAJhBGEAPwY0AmdVNlViB2UIOQNjAmRSMFM0AzICaQdjB2VQZgpgDWpWZlZgUmlVZwUzAzZQJFdrUidSOlA
zBWYDOAEnADsBJFNYB2BbZwVjAiYEMQB6BnECI1VvVXAHOgg%2FA2UCalIjU2MDNQJlB3wHYlBgCmcNIVYzVjJSd
VVgBTUDMVAkV2tSJ1I6UDMFZgM4AScAJwEnU2IHc1tcBWYCMwQxAGcGdgIjVW9VcAc6CDsDYQJqUiNTHwNoAioHO
wc%2FUDoKMw0gVjVWKFJrVXEFLgNVUG9XPlIwUm9QdQUlAyIBSwAGAXRTMQcvWzIFPAJ0BAMARgZVAjdVYFUqByA
ITwMhAiBSbVM3A1ACNQcwBxhQPwomDSBWNVY1UnlVagV1AzhQN1djUm5SIlBuBTcDcQFxAA0BNVNkB3VbagVxAj0
EIABwBiACOlUnVTkHMQg%2BA2sCclIwU2YDMAJmB2cHY1BmCmMNOlY5ViRSYFUs
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
36
/login (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /login?search= HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/login
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWIgA8AXRQO
A9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXewdiUjY
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2FV
X1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6V
XICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2A
j0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/login/gagal (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /login/gagal?search= HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/login/gagal
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWIgA8AXRQO
A9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXewdiUjY
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2FV
X1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6V
XICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2A
j0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/login/gagal/20161015095001000000.html (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /login/gagal/20161015095001000000.html?search= HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/login/gagal/20161015095001000000.html
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Acunetix Website Audit
37
(line truncated)
...WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWIgA8AXRQO
A9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXewdiUjY
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2FV
X1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6V
XICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2A
j0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/login/gagal/20161015095003000000.html (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /login/gagal/20161015095003000000.html?search= HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/login/gagal/20161015095003000000.html
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
...9TZVQ0VmBSYgU5VWMONlc4VmVUZgZgAWUFN1RjVGBRNlFgBjZUMFozDW0HNVc0AjpXZQM3BTVQJAM%2FVSAHb
wNgCGsJMldxAToBJAcMCm0OMlM1VHBWY1IoBXJVdA40V3JWa1RjBmABaQV0VGRUYlE2USoGY1RkWjcNIQdiVzMCJ
VdiAzMFN1AkAz9VIAdvA2AIawkyV3EBJgEnBzYKfg4JUzBUZVZjUjUFdVV0DjRXclZrVGcGZAFpBXRUGFQ%2FUXl
RbQY%2BVD5aYw0gB2RXKQI7V3MDKAVTUG8DalU3BzoDJggoCShXHQEHAXQHZQoiDmdTalQiVlFSFAVWVWAOO1coV
nFUEwYkASMFOlQwVAdRZlFmBhlUO1p2DSAHZFc0AilXaANzBT5QNwM3VWkHdwM9CDoJe1cnAQwBNQcwCngOP1MnV
GtWclIiBSNVbQ58VztWYFRiBm4BcQVnVGFUZ1E1UTAGa1RrWjoNPwdlVyUCMFcu
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
38
39
Input type
URL encoded GET
Input scheme 2
Input name
/
/
Input type
Path Fragment
Path Fragment
Input scheme 3
Input name
/
/
/
Input type
Path Fragment (suffix .html)
Path Fragment (suffix .html)
Path Fragment (suffix .html)
URL: https://portal.unp.ac.id/login
No vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/login/cekuser
No vulnerabilities has been identified for this URL
8 input(s) found for this URL
Inputs
Input scheme 1
Input name
commit
jnploginid
jnploginpass
password
userid
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 2
Input name
commit
jnploginid
jnploginpass
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: https://portal.unp.ac.id/login/gagal
No vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
40
URL: https://portal.unp.ac.id/login/gagal/20161015095001000000.html
Vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/login/gagal/20161015095003000000.html
No vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/home
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/home/about
No vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/home/contact
Vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/image/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/image/login/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/image/login/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/image/icon/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/image/icon/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
41
URL: https://portal.unp.ac.id/image/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/stylesheet.css
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/login.css
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/cetak.css
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/utama.css
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/style.css
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/cetakx.css
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/default.css
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/css/defaultlogin.css
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/errors/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/errors/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/config/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
42
URL: https://portal.unp.ac.id/system/application/config/config.php
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/config/database.php
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/config/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/application/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/logs/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/logs/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/database/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/database/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/plugins/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/plugins/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/cache/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/cache/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/fonts/
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/fonts/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/system/index.html
No vulnerabilities has been identified for this URL
No input(s) found for this URL
43
URL: https://portal.unp.ac.id/icons
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/localhost
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/localhost/siaj
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/localhost/siaj/image
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/localhost/siaj/image/login
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id:443/license.txt
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/index.php
No vulnerabilities has been identified for this URL
1 input(s) found for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/js/
Vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/js/jquery.js
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/js/jquery.dataTables.js
No vulnerabilities has been identified for this URL
No input(s) found for this URL
URL: https://portal.unp.ac.id/js/jquery.dataTables.min.js
No vulnerabilities has been identified for this URL
No input(s) found for this URL
44