Laporan Scanning Kerentanan Web Portal Akademik Universitas Negeri Padang

Acunetix Website Audit
15 October, 2016
Developer Report
Portal Akademik
Universitas Negeri Padang
Oleh
Khairil Alvin Gaffar
1414370114
Generated by Acunetix WVS Reporter (v9.0 Build 20131107)
Scan of https://portal.unp.ac.id:443/
Scan details
Scan information
Start time
Finish time
Scan time
Profile
Server information
Responsive
Server banner
Server OS
Server technologies
15/10/2016 9:49:57
15/10/2016 9:59:21
9 minutes, 24 seconds
Default
True
Apache
Unknown
Threatlevel
Acunetix Threat Level 3
Satu atau lebih jenis Tinggi beratnya kerentanan telah ditemukan oleh pemindai. Seorang
user berbahaya dapat mengeksploitasi kerentanan ini dan membahayakan database
backend dan / atau melakukan deface pada website Anda.
Alertsdistribution
Total alerts found
27
High
Medium
Low
Informational
Knowledge base
SSL server running [443]
A TLS1 server is running on TCP port 443.
SSL server information:

- Version: SSL2,SSL3,TLS1- Ciphers suported:
- TLS1_CK_RSA_WITH_RC4_128_SHA(OpenSSL ciphername: RC4-SHA, Protocol version: TLSv1, Key Exchange:
RSA, Autentication: RSA, Symmetric encryption method: RC4(128), Message authentication code: SHA1) - High strength
- TLS1_CK_RSA_WITH_3DES_EDE_CBC_SHA(OpenSSL ciphername: DES-CBC3-SHA, Protocol version: TLSv1, Key
Exchange: RSA, Autentication: RSA, Symmetric encryption method: 3DES(168), Message authentication code: SHA1) High strength
- TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA(OpenSSL ciphername: EDH-RSA-DES-CBC3-SHA, Protocol
version: TLSv1, Key Exchange: DH, Autentication: RSA, Symmetric encryption method: 3DES(168), Message
authentication code: SHA1) - High strength
- TLS1_CK_RSA_WITH_AES_128_CBC_SHA(OpenSSL ciphername: AES128-SHA, Protocol version: TLSv1, Key
Exchange: RSA, Autentication: RSA, Symmetric encryption method: AES(128), Message authentication code: SHA1) High strength
- TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA(OpenSSL ciphername: DHE-RSA-AES128-SHA, Protocol version:
TLSv1, Key Exchange: DH, Autentication: RSA, Symmetric encryption method: AES(128), Message authentication code:
SHA1) - High strength
- TLS1_CK_RSA_WITH_AES_256_CBC_SHA(OpenSSL ciphername: AES256-SHA, Protocol version: TLSv1, Key
Exchange: RSA, Autentication: RSA, Symmetric encryption method: AES(256), Message authentication code: SHA1) -
High strength
- TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA(OpenSSL ciphername: DHE-RSA-AES256-SHA, Protocol version:
TLSv1, Key Exchange: DH, Autentication: RSA, Symmetric encryption method: AES(256), Message authentication code:
SHA1) - High strength
- TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: RSA, Autentication: RSA, Symmetric encryption method: Camellia(128), Message authentication code: SHA1)
- High strength
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: DH, Autentication: RSA, Symmetric encryption method: Camellia(128), Message authentication code: SHA1) High strength
- TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: RSA, Autentication: RSA, Symmetric encryption method: Camellia(256), Message authentication code: SHA1)
- High strength
- TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: DH, Autentication: RSA, Symmetric encryption method: Camellia(256), Message authentication code: SHA1) High strength
- TLS1_CK_RSA_WITH_SEED_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key Exchange: RSA,
Autentication: RSA, Symmetric encryption method: SEED(128), Message authentication code: SHA1) - High strength
- TLS1_CK_DHE_RSA_WITH_SEED_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key Exchange:
DH, Autentication: RSA, Symmetric encryption method: SEED(128), Message authentication code: SHA1) - High strength
- TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key Exchange:
ECDH, Autentication: RSA, Symmetric encryption method: RC4(128), Message authentication code: SHA1) - High
strength
- TLS1_CK_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: ECDH, Autentication: RSA, Symmetric encryption method: 3DES(168), Message authentication code: SHA1) High strength
- TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: ECDH, Autentication: RSA, Symmetric encryption method: AES(128), Message authentication code: SHA1) High strength
- TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA(OpenSSL ciphername: n/a, Protocol version: TLSv1, Key
Exchange: ECDH, Autentication: RSA, Symmetric encryption method: AES(256), Message authentication code: SHA1) High strength
- Certificate 1:
Issuer:
Country Name: BE
Organization Name: GlobalSign nv-sa
Common Name: GlobalSign Organization Validation CA - SHA256 - G2
Recipient:
Country Name: ID
State Or Province Name: West Sumatra
Locality Name: Padang
Organization Name: Universitas Negeri Padang
Common Name: portal.unp.ac.id
Certificate version: 2
Serial number:
4290e43bac9b58526f0499c5
Finger print:
3161eff7ada832c296868093ebd38797
Algorithm ID:
1.2.840.113549.1.1.11
Valability start: Wed Sep 21 16:06:13 UTC+0700 2016
Valability end:
Fri Sep 22 16:06:13 UTC+0700 2017
Expire in:
342 days
- Certificate 2:
Issuer:
Country Name: BE
Organizational Unit Name: Root CA
Common Name: GlobalSign Root CA
Recipient:
Country Name: BE

Common Name: GlobalSign Organization Validation CA - SHA256 - G2
Certificate version: 2
Serial number:
040000000001444ef04247
Finger print:
5371ab1a08eb4dfa48b70e60367eec09
Algorithm ID:
1.2.840.113549.1.1.11
Valability start: Thu Feb 20 17:00:00 UTC+0700 2014
Valability end:
Tue Feb 20 17:00:00 UTC+0700 2024
Expire in:
2684 days
Listoffileextensions
File extensions can provide information on what technologies are being used on this website.
List of file extensions detected:
- html => 14 file(s)
- css => 8 file(s)
- bak => 9 file(s)
- php => 3 file(s)
- txt => 1 file(s)
- js => 3 file(s)
Top10responsetimes
The files listed below had the slowest response times measured during the crawling process. The average response time
for this site was 67,18 ms. These files could be targetted in denial of service attacks.
1. /system/application, response time 625 ms
GET /system/application/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: https://portal.unp.ac.id/system/application/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts Cookie:
ci_session=BGQFaVVmAj4HLgcmVTxRYVRgVT1XIAAnVzRddlcmBzhSbQluVQ4AagJnViIAPAF0UDgPblY3CTICJFdhUz
5VMVM2WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWI
gA8AXRQOA9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXe
wdiUjYJLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRR
HVQ%2FVX1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFF
YFAzYEMQV6VXICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1Vi
UyFaawJ2Aj0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Host: portal.unp.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (K2. /system/application/css, response time
625 ms
GET /system/application/css/ HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/system/application/css/
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts Cookie:
ci_session=BGQFaVVmAj4HLgcmVTxRYVRgVT1XIAAnVzRddlcmBzhSbQluVQ4AagJnViIAPAF0UDgPblY3CTICJFdhUz
5VMVM2WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWI
gA8AXRQOA9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBX
ewdiUjYJLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSR
RHVQ%2FVX1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSF
FYFAzYEMQV6VXICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1
ViUyFaawJ2Aj0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/5
Listoffileswithinputs
These files have at least one input (GET or POST).
- / - 3 inputs
- /login - 1 inputs
- /login/cekuser - 2 inputs
- /login/gagal - 1 inputs
- /login/gagal/20161015095001000000.html - 1 inputs
- /login/gagal/20161015095003000000.html - 1 inputs
- /home/about - 1 inputs
- /home/contact - 1 inputs
- /index.php - 1 inputs
Listofexternalhosts
These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts
allowed.(Settings->Scanners settings->Scanner->List of hosts allowed).
- validator.w3.org
- jigsaw.w3.org
Listofemailaddresses
List of all email addresses found on this host.
- puskom@unp.ac.id
Alerts summary
Configuration file source code disclosure
Affects
/system/application/config/config.php.bak
/system/application/config/database.php.bak
Variation
1
1
Backup files
Affects
Variation
1
1
Directory listing
Affects
/js
/system/application/css
Variation
1
1
HTML form without CSRF protection

Affects
/
/login/gagal/20161015095001000000.html
Variation
2
1
Clickjacking: X-Frame-Options header missing

Affects
Web Server
Variation
1
Documentation file
Affects
/license.txt
Variation
1
Possible sensitive directories

Affects
/system
/system/application/config
/system/application/errors
/system/database
/system/logs
Variation
1
1
1
1
1
Session Cookie without HttpOnly flag set

Affects
/
Variation
1
Session Cookie without Secure flag set

Affects
/
Variation
1
Broken links
/login/gagal (560c78bee1afe173b1a570843109f0b4)
Variation
1
1
1
1
1
1
/login/gagal/20161015095001000000.html (560c78bee1afe173b1a570843109f0b4)
1
1
Affects
/ (560c78bee1afe173b1a570843109f0b4)
/home/about (560c78bee1afe173b1a570843109f0b4)
/home/contact (560c78bee1afe173b1a570843109f0b4)
/index.php (560c78bee1afe173b1a570843109f0b4)
/login (560c78bee1afe173b1a570843109f0b4)
Email address found

Affects
/home/contact
Variation
1
Alertdetails
Configuration file source code disclosure
High
Severity
Type
Validation
Reported by module Scripting (Config_File_Disclosure.script)
Description
Sebuah backup / file konfigurasi sementara ditemukan di direktori ini. Hal ini telah dipastikan bahwa file ini berisi source
code PHP.
Beberapa teks editor populer seperti Vim dan Emacs secara otomatis membuat salinan cadangan dari file yang Anda
edit, lalu memberi mereka nama-nama seperti "wp-config.php ~" dan "# wp-config.php #". Jika teks editor yang crash atau
koneksi SSH menurun selama editing, maka file backup sementara mungkin tidak dibersihkan dengan benar. Juga,
kadang-kadang pengembang membuat jenis file untuk cadangan pekerjaan mereka atau oleh administrator ketika
membuat backup dari web server. Kebanyakan server, termasuk Apache, akan melayani plaintext dari .php ~ dan # file
.php tanpa melewati mereka melalui preprocessor PHP pertama, karena mereka tidak memiliki ekstensi file .php.
Impact
File konfigurasi akan mengungkapkan informasi sensitif yang akan membantu pengguna berbahaya untuk membuat
serangan lebih maju.
Recommendation
Hapus file ini dari web server. Sebagai langkah tambahan, disarankan untuk menerapkan kebijakan keamanan dalam
organisasi Anda untuk melarang penciptaan file-file sementara / backup di direktori yang dapat diakses dari web.
References
1%ofCMS-PoweredSitesExposeTheirDatabasePasswords
TestingforOld,BackupandUnreferencedFiles(OWASP-CM-006)
Affected items
Details
Configuration file variant found: config.php.bak
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/*
|-------------------------------------------------------------------------| Base Site URL
|-------------------------------------------------------------------------|
| URL to your CodeIgniter root. Typically this will be your base URL,
| WITH a trailing slash:
|
| http://example.com/
|
*/
$config['base_url'] = "http://portal.jayanusa.ac.id/index.php";
/*
|-------------------------------------------------------------------------| Index File
|-------------------------------------------------------------------------|
| Typically this will be your index.php file, unless you've renamed it to
| something else. If you are using mod_rewrite to remove the page set this
| variable so that it is blank.
|
*/
$config['index_page'] = "";
/*
|-------------------------------------------------------------------------| URI PROTOCOL
|-------------------------------------------------------------------------|
| This item determines which server global should be used to retrieve the
| URI string. The default setting of "AUTO" works for most servers.
| If your links do not seem to work, try one of the other delicious flavors:
|
| 'AUTO' Default - auto detects
| 'PATH_INFO' Uses the PATH_INFO
| 'QUERY_STRING' Uses the QUERY_STRING
| 'REQUEST_URI' Uses the REQUEST_URI
| 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
|
*/
$config['uri_protocol'] = "AUTO";
/*
|-------------------------------------------------------------------------| URL suffix
|-------------------------------------------------------------------------|
| This option allows you to add a suffix to all URLs generated by CodeIgniter.
| For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/urls.html
*/
$config['url_suffix'] = "";
/*
|-------------------------------------------------------------------------| Default Language
|-------------------------------------------------------------------------|
| This determines which set of language files should be used. Make sure
| there is an available translation if you intend to use something other
| than english.
|
*/
$config['language'] = "english";
/*
|-------------------------------------------------------------------------| Default Character Set
|-------------------------------------------------------------------------|
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
*/
$config['charset'] = "UTF-8";
/*
|-------------------------------------------------------------------------| Enable/Disable System Hooks
|-------------------------------------------------------------------------|
| If you would like to use the "hooks" feature you must enable it by
| setting this variable to TRUE (boolean). See the user guide for details.
|
*/
$config['enable_hooks'] = FALSE;
/*
|-------------------------------------------------------------------------| Class Extension Prefix
|-------------------------------------------------------------------------|
| This item allows you to set the filename/classname prefix when extending
| native libraries. For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/core_classes.html
| http://codeigniter.com/user_guide/general/creating_libraries.html
|
*/
$config['subclass_prefix'] = 'MY_';
/*
|-------------------------------------------------------------------------| Allowed URL Characters
|-------------------------------------------------------------------------|
| This lets you specify with a regular expression which characters are permitted
| within your URLs. When someone tries to submit a URL with disallowed
| characters they will get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_|
| Leave blank to allow all characters -- but only if you are insane.
|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
/*
|-------------------------------------------------------------------------| Enable Query Strings
|-------------------------------------------------------------------------|
| By default CodeIgniter uses search-engine friendly segment based URLs:
| example.com/who/what/where/
|
| You can optionally enable standard query string based URLs:
| example.com?who=me&what=something&where=here
|
| Options are: TRUE or FALSE (boolean)
|
| The other items let you set the query string "words" that will
| invoke your controllers and its functions:
| example.com/index.php?c=controller&m=function
|
| Please note that some of the helpers won't work as expected when
| this feature is enabled, since CodeIgniter is designed primarily to
| use segment based URLs.
|
*/
$config['enable_query_strings'] = FALSE;
$config['controller_trigger'] = 'c';
$config['function_trigger'] = 'm';
$config['directory_trigger'] = 'd'; // experimental not currently in use
/*
|-------------------------------------------------------------------------| Error Logging Threshold
|-------------------------------------------------------------------------|
| If you have enabled error logging, you can set an error threshold to
| determine what gets logged. Threshold options are:
| You can enable error logging by setting a threshold over zero. The
| threshold determines what gets logged. Threshold options are:
|
| 0 = Disables logging, Error logging TURNED OFF
| 1 = Error Messages (including PHP errors)
| 2 = Debug Messages
| 3 = Informational Messages
| 4 = All Messages
|
| For a live site you'll usually only enable Errors (1) to be logged otherwise
| your log files will fill up very fast.
|
*/
$config['log_threshold'] = 0;
/*
|-------------------------------------------------------------------------| Error Logging Directory Path
|-------------------------------------------------------------------------|
| Leave this BLANK unless you would like to set something other than the default
| system/logs/ folder. Use a full server path with trailing slash.
|
*/
$config['log_path'] = '';
/*
|-------------------------------------------------------------------------| Date Format for Logs
|-------------------------------------------------------------------------|
| Each item that is logged has an associated date. You can use PHP date
| codes to set your own date formatting
|
*/
$config['log_date_format'] = 'Y-m-d H:i:s';
/*
|-------------------------------------------------------------------------| Cache Directory Path
|-------------------------------------------------------------------------|
| system/cache/ folder. Use a full server path with trailing slash.
|
*/
$config['cache_path'] = '';
/*
|-------------------------------------------------------------------------| Encryption Key
|-------------------------------------------------------------------------|
| If you use the Encryption class or the Sessions class with encryption
| enabled you MUST set an encryption key. See the user guide for info.
|
*/
$config['encryption_key'] = "";
/*
|-------------------------------------------------------------------------| Session Variables
|-------------------------------------------------------------------------|
| 'session_cookie_name' = the name you want for the cookie
10
| 'encrypt_sess_cookie' = TRUE/FALSE (boolean). Whether to encrypt the cookie

| 'session_expiration' = the number of SECONDS you want the session to last.
| by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
| 'time_to_update' = how many seconds between CI refreshing Session Information
|
*/
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
/*
|-------------------------------------------------------------------------| Cookie Related Variables
|-------------------------------------------------------------------------|
| 'cookie_prefix' = Set a prefix if you need to avoid collisions
| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
| 'cookie_path' = Typically will be a forward slash
|
*/
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
/*
|-------------------------------------------------------------------------| Global XSS Filtering
|-------------------------------------------------------------------------|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = true;
/*
|-------------------------------------------------------------------------| Output Compression
|-------------------------------------------------------------------------|
| Enables Gzip output compression for faster page loads. When enabled,
| the output class will test whether your server supports Gzip.
| Even if it does, however, not all browsers support compression
| so enable only if you are reasonably sure your visitors can handle it.
|
| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
| means you are prematurely outputting something to your browser. It could
| even be a line of whitespace at the end of one of your scripts. For
| compression to work, nothing can be sent before the output buffer is called
| by the output class. Do not "echo" any values with compression enabled.
|
*/
$config['compress_output'] = FALSE;
/*
|-------------------------------------------------------------------------| Master Time Reference
|-------------------------------------------------------------------------|
| Options are "local" or "gmt". This pref tells the system whether to use
| your server's local time as the master "now" reference, or convert it to
| GMT. See the "date helper" page of the user guide for information
11
| regarding date handling.

|
*/
$config['time_reference'] = 'local';
/*
|-------------------------------------------------------------------------| Rewrite PHP Short Tags
|-------------------------------------------------------------------------|
| If your PHP installation does not have short tag support enabled CI
| can rewrite the tags on-the-fly, enabling you to utilize that syntax
| in your view files. Options are TRUE or FALSE (boolean)
|
*/
$config['rewrite_short_tags'] = FALSE;
/*
|-------------------------------------------------------------------------| Reverse Proxy IPs
|-------------------------------------------------------------------------|
| If your server is behind a reverse proxy, you must whitelist the proxy IP
| addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR
| header in order to properly identify the visitor's IP address.
| Comma-delimited, e.g. '10.0.1.200,10.0.1.201'
|
*/
$config['proxy_ips'] = '';
/* End of file config.php */
/* Location: ./system/application/config/config.php */
Request headers
GET /system/application/config/config.php.bak HTTP/1.1
(line truncated)
...AFNAJhBGEAPwY0AmdVNlViB2UIOQNjAmRSMFM0AzICaQdjB2VQZgpgDWpWZlZgUmlVZwUzAzZQJFdrUidSOlA
zBWYDOAEnADsBJFNYB2BbZwVjAiYEMQB6BnECI1VvVXAHOgg%2FA2UCalIjU2MDNQJlB3wHYlBgCmcNIVYzVjJSd
VVgBTUDMVAkV2tSJ1I6UDMFZgM4AScAJwEnU2IHc1tcBWYCMwQxAGcGdgIjVW9VcAc6CDsDYQJqUiNTHwNoAioHO
wc%2FUDoKMw0gVjVWKFJrVXEFLgNVUG9XPlIwUm9QdQUlAyIBSwAGAXRTMQcvWzIFPAJ0BAMARgZVAjdVYFUqByA
ITwMhAiBSbVM3A1ACNQcwBxhQPwomDSBWNVY1UnlVagV1AzhQN1djUm5SIlBuBTcDcQFxAA0BNVNkB3VbagVxAj0
EIABwBiACOlUnVTkHMQg%2BA2sCclIwU2YDMAJmB2cHY1BmCmMNOlY5ViRSYFUs
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
12
Details
Configuration file variant found: database.php.bak
/*
| ------------------------------------------------------------------| DATABASE CONNECTIVITY SETTINGS
| ------------------------------------------------------------------| This file will contain the settings needed to access your database.
|
| For complete instructions please consult the "Database Connection"
| page of the User Guide.
|
| ------------------------------------------------------------------| EXPLANATION OF VARIABLES
| ------------------------------------------------------------------|
| ['hostname'] The hostname of your database server.
| ['username'] The username used to connect to the database
| ['password'] The password used to connect to the database
| ['database'] The name of the database you want to connect to
| ['dbdriver'] The database type. ie: mysql. Currently supported:
mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
| ['dbprefix'] You can add an optional prefix, which will be added
| to the table name when using the Active Record class
| ['pconnect'] TRUE/FALSE - Whether to use a persistent connection
| ['db_debug'] TRUE/FALSE - Whether database errors should be displayed.
| ['cache_on'] TRUE/FALSE - Enables/disables query caching
| ['cachedir'] The path to the folder where cache files should be stored
| ['char_set'] The character set used in communicating with the database
| ['dbcollat'] The character collation used in communicating with the database
|
| The $active_group variable lets you choose which connection group to
| make active. By default there is only one group (the "default" group).
|
| The $active_record variables lets you determine whether or not to load
| the active record class
*/
$active_group = "default";
$active_record = TRUE;
//************** AKTIFKAN BARIS DIBAWAH INI UNTUK KONEKSI KE ORACLE
//$tns = "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT =
1523)))(CONNECT_DATA=(SID=jn)))";
//$db['default']['hostname'] = "tns";
$db['default']['hostname'] = "10.1.1.18";
$db['default']['username'] = "amin";
$db['default']['password'] = "bismillah";
$db['default']['database'] = "trainingsia";
$db['default']['dbdriver'] = "mysql";
$db['default']['dbprefix'] = "";
$db['default']['pconnect'] = FALSE;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = "";
$db['default']['char_set'] = "utf8";
$db['default']['dbcollat'] = "utf8_general_ci";
/* End of file database.php */

/* Location: ./system/application/config/database.php */
Request headers
GET /system/application/config/database.php.bak HTTP/1.1
(line truncated)
13
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
14
Backup files
Medium
Severity
Type
Validation
Reported by module Scripting (Backup_File.script)
Description
Sebuah file backup yang mungkin ditemukan di web-server Anda. File-file ini biasanya dibuat oleh pengembang untuk
membackup pekerjaan mereka.
Impact
Backup file dapat berisi sumber naskah, file konfigurasi atau informasi sensitif lainnya yang dapat membantu pengguna
jahat untuk membuat serangan yang lebih berbahaya.
Recommendation
Hapus berkas-berkas jika memang tidak diperlukan di website Anda. Sebagai langkah tambahan, disarankan untuk
menerapkan kebijakan keamanan dalam organisasi Anda untuk melarang penciptaan file backup di direktori, yang dapat
diakses dari web.
References
TestingforOld,BackupandUnreferencedFiles(OWASP-CM-006)
SecurityTipsforServerConfiguration
ProtectingConfidentialDocumentsatYourSite
Affected items
15
Details
This file was found using the pattern ${fileName}${fileExt}.bak.
Original filename: config.php
Source code pattern found:
/*
|-------------------------------------------------------------------------| Base Site URL
|-------------------------------------------------------------------------|
| URL to your CodeIgniter root. Typically this will be your base URL,
| WITH a trailing slash:
|
| http://example.com/
|
*/
$config['base_url'] = "http://portal.jayanusa.ac.id/index.php";
/*
|-------------------------------------------------------------------------| Index File
|-------------------------------------------------------------------------|
| Typically this will be your index.php file, unless you've renamed it to
| something else. If you are using mod_rewrite to remove the page set this
| variable so that it is blank.
|
*/
$config['index_page'] = "";
/*
|-------------------------------------------------------------------------| URI PROTOCOL
|-------------------------------------------------------------------------|
| This item determines which server global should be used to retrieve the
| URI string. The default setting of "AUTO" works for most servers.
| If your links do not seem to work, try one of the other delicious flavors:
|
| 'AUTO' Default - auto detects
| 'PATH_INFO' Uses the PATH_INFO
| 'QUERY_STRING' Uses the QUERY_STRING
| 'REQUEST_URI' Uses the REQUEST_URI
| 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
|
*/
$config['uri_protocol'] = "AUTO";
/*
|-------------------------------------------------------------------------| URL suffix
|-------------------------------------------------------------------------|
| This option allows you to add a suffix to all URLs generated by CodeIgniter.
| For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/urls.html
*/
$config['url_suffix'] = "";
/*
|--------------------------------------------------------------------------
16
| Default Language
|-------------------------------------------------------------------------|
| This determines which set of language files should be used. Make sure
| there is an available translation if you intend to use something other
| than english.
|
*/
$config['language'] = "english";
/*
|-------------------------------------------------------------------------| Default Character Set
|-------------------------------------------------------------------------|
| This determines which character set is used by default in various methods
| that require a character set to be provided.
|
*/
$config['charset'] = "UTF-8";
/*
|-------------------------------------------------------------------------| Enable/Disable System Hooks
|-------------------------------------------------------------------------|
| If you would like to use the "hooks" feature you must enable it by
| setting this variable to TRUE (boolean). See the user guide for details.
|
*/
$config['enable_hooks'] = FALSE;
/*
|-------------------------------------------------------------------------| Class Extension Prefix
|-------------------------------------------------------------------------|
| This item allows you to set the filename/classname prefix when extending
| native libraries. For more information please see the user guide:
|
| http://codeigniter.com/user_guide/general/core_classes.html
| http://codeigniter.com/user_guide/general/creating_libraries.html
|
*/
$config['subclass_prefix'] = 'MY_';
/*
|-------------------------------------------------------------------------| Allowed URL Characters
|-------------------------------------------------------------------------|
| This lets you specify with a regular expression which characters are permitted
| within your URLs. When someone tries to submit a URL with disallowed
| characters they will get a warning message.
|
| As a security measure you are STRONGLY encouraged to restrict URLs to
| as few characters as possible. By default only these are allowed: a-z 0-9~%.:_|
| Leave blank to allow all characters -- but only if you are insane.
|
| DO NOT CHANGE THIS UNLESS YOU FULLY UNDERSTAND THE REPERCUSSIONS!!
|
*/
$config['permitted_uri_chars'] = 'a-z 0-9~%.:_\-';
17
/*
|-------------------------------------------------------------------------| Enable Query Strings
|-------------------------------------------------------------------------|
| By default CodeIgniter uses search-engine friendly segment based URLs:
| example.com/who/what/where/
|
| You can optionally enable standard query string based URLs:
| example.com?who=me&what=something&where=here
|
| Options are: TRUE or FALSE (boolean)
|
| The other items let you set the query string "words" that will
| invoke your controllers and its functions:
| example.com/index.php?c=controller&m=function
|
| Please note that some of the helpers won't work as expected when
| this feature is enabled, since CodeIgniter is designed primarily to
| use segment based URLs.
|
*/
$config['enable_query_strings'] = FALSE;
$config['controller_trigger'] = 'c';
$config['function_trigger'] = 'm';
$config['directory_trigger'] = 'd'; // experimental not currently in use
/*
|-------------------------------------------------------------------------| Error Logging Threshold
|-------------------------------------------------------------------------|
| If you have enabled error logging, you can set an error threshold to
| determine what gets logged. Threshold options are:
| You can enable error logging by setting a threshold over zero. The
| threshold determines what gets logged. Threshold options are:
|
| 0 = Disables logging, Error logging TURNED OFF
| 1 = Error Messages (including PHP errors)
| 2 = Debug Messages
| 3 = Informational Messages
| 4 = All Messages
|
| For a live site you'll usually only enable Errors (1) to be logged otherwise
| your log files will fill up very fast.
|
*/
$config['log_threshold'] = 0;
/*
|-------------------------------------------------------------------------| Error Logging Directory Path
|-------------------------------------------------------------------------|
| system/logs/ folder. Use a full server path with trailing slash.
|
*/
$config['log_path'] = '';
/*
|-------------------------------------------------------------------------| Date Format for Logs
|-------------------------------------------------------------------------|
| Each item that is logged has an associated date. You can use PHP date
18
| codes to set your own date formatting

|
*/
$config['log_date_format'] = 'Y-m-d H:i:s';
/*
|-------------------------------------------------------------------------| Cache Directory Path
|-------------------------------------------------------------------------|
| system/cache/ folder. Use a full server path with trailing slash.
|
*/
$config['cache_path'] = '';
/*
|-------------------------------------------------------------------------| Encryption Key
|-------------------------------------------------------------------------|
| If you use the Encryption class or the Sessions class with encryption
| enabled you MUST set an encryption key. See the user guide for info.
|
*/
$config['encryption_key'] = "";
/*
|-------------------------------------------------------------------------| Session Variables
|-------------------------------------------------------------------------|
| 'session_cookie_name' = the name you want for the cookie
| 'encrypt_sess_cookie' = TRUE/FALSE (boolean). Whether to encrypt the cookie
| 'session_expiration' = the number of SECONDS you want the session to last.
| by default sessions last 7200 seconds (two hours). Set to zero for no expiration.
| 'time_to_update' = how many seconds between CI refreshing Session Information
|
*/
$config['sess_cookie_name'] = 'ci_session';
$config['sess_expiration'] = 7200;
$config['sess_encrypt_cookie'] = FALSE;
$config['sess_use_database'] = FALSE;
$config['sess_table_name'] = 'ci_sessions';
$config['sess_match_ip'] = FALSE;
$config['sess_match_useragent'] = TRUE;
$config['sess_time_to_update'] = 300;
/*
|-------------------------------------------------------------------------| Cookie Related Variables
|-------------------------------------------------------------------------|
| 'cookie_prefix' = Set a prefix if you need to avoid collisions
| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
| 'cookie_path' = Typically will be a forward slash
|
*/
$config['cookie_prefix'] = "";
$config['cookie_domain'] = "";
$config['cookie_path'] = "/";
/*
|-------------------------------------------------------------------------| Global XSS Filtering
|-------------------------------------------------------------------------|
19
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = true;
/*
|-------------------------------------------------------------------------| Output Compression
|-------------------------------------------------------------------------|
| Enables Gzip output compression for faster page loads. When enabled,
| the output class will test whether your server supports Gzip.
| Even if it does, however, not all browsers support compression
| so enable only if you are reasonably sure your visitors can handle it.
|
| VERY IMPORTANT: If you are getting a blank page when compression is enabled it
| means you are prematurely outputting something to your browser. It could
| even be a line of whitespace at the end of one of your scripts. For
| compression to work, nothing can be sent before the output buffer is called
| by the output class. Do not "echo" any values with compression enabled.
|
*/
$config['compress_output'] = FALSE;
/*
|-------------------------------------------------------------------------| Master Time Reference
|-------------------------------------------------------------------------|
| Options are "local" or "gmt". This pref tells the system whether to use
| your server's local time as the master "now" reference, or convert it to
| GMT. See the "date helper" page of the user guide for information
| regarding date handling.
|
*/
$config['time_reference'] = 'local';
/*
|-------------------------------------------------------------------------| Rewrite PHP Short Tags
|-------------------------------------------------------------------------|
| If your PHP installation does not have short tag support enabled CI
| can rewrite the tags on-the-fly, enabling you to utilize that syntax
| in your view files. Options are TRUE or FALSE (boolean)
|
*/
$config['rewrite_short_tags'] = FALSE;
/*
|-------------------------------------------------------------------------| Reverse Proxy IPs
|-------------------------------------------------------------------------|
| If your server is behind a reverse proxy, you must whitelist the proxy IP
| addresses from which CodeIgniter should trust the HTTP_X_FORWARDED_FOR
| header in order to properly identify the visitor's IP address.
| Comma-delimited, e.g. '10.0.1.200,10.0.1.201'
|
*/
$config['proxy_ips'] = '';
/* End of file config.php */
20
/* Location: ./system/application/config/config.php */
Request headers
GET /system/application/config/config.php.bak HTTP/1.1
Range: bytes=0-99999
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
21
Details
This file was found using the pattern ${fileName}${fileExt}.bak.
Original filename: database.php
Source code pattern found:
/*
| ------------------------------------------------------------------| DATABASE CONNECTIVITY SETTINGS
| ------------------------------------------------------------------| This file will contain the settings needed to access your database.
|
| For complete instructions please consult the "Database Connection"
| page of the User Guide.
|
| ------------------------------------------------------------------| EXPLANATION OF VARIABLES
| ------------------------------------------------------------------|
| ['hostname'] The hostname of your database server.
| ['username'] The username used to connect to the database
| ['password'] The password used to connect to the database
| ['database'] The name of the database you want to connect to
| ['dbdriver'] The database type. ie: mysql. Currently supported:
mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
| ['dbprefix'] You can add an optional prefix, which will be added
| to the table name when using the Active Record class
| ['pconnect'] TRUE/FALSE - Whether to use a persistent connection
| ['db_debug'] TRUE/FALSE - Whether database errors should be displayed.
| ['cache_on'] TRUE/FALSE - Enables/disables query caching
| ['cachedir'] The path to the folder where cache files should be stored
| ['char_set'] The character set used in communicating with the database
| ['dbcollat'] The character collation used in communicating with the database
|
| The $active_group variable lets you choose which connection group to
| make active. By default there is only one group (the "default" group).
|
| The $active_record variables lets you determine whether or not to load
| the active record class
*/
$active_group = "default";
$active_record = TRUE;
//************** AKTIFKAN BARIS DIBAWAH INI UNTUK KONEKSI KE ORACLE
//$tns = "(DESCRIPTION=(ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = localhost)(PORT =
1523)))(CONNECT_DATA=(SID=jn)))";
//$db['default']['hostname'] = "tns";
$db['default']['hostname'] = "10.1.1.18";
$db['default']['username'] = "amin";
$db['default']['password'] = "bismillah";
$db['default']['database'] = "trainingsia";
$db['default']['dbdriver'] = "mysql";
$db['default']['dbprefix'] = "";
$db['default']['pconnect'] = FALSE;
$db['default']['db_debug'] = TRUE;
$db['default']['cache_on'] = FALSE;
$db['default']['cachedir'] = "";
$db['default']['char_set'] = "utf8";
$db['default']['dbcollat'] = "utf8_general_ci";
/* End of file database.php */

/* Location: ./system/application/config/database.php */
Request headers
22
GET /system/application/config/database.php.bak HTTP/1.1

(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
23
Directory listing
Medium
Severity
Type
Information
Reported by module Scripting (Directory_Listing.script)
Description
Web server dikonfigurasi untuk menampilkan daftar file yang terdapat di direktori ini. Hal ini tidak dianjurkan karena
direktori dapat berisi file-file yang tidak biasanya dapat ditampilkan lewat tautan di situs web.
Impact
Seorang pengguna dapat melihat daftar semua file dari direktori ini dan mungkin dapat menampilkan informasi sensitif.
Recommendation
Anda harus memastikan direktori tidak berisi informasi sensitif atau Anda mungkin ingin membatasi daftar direktori
dari konfigurasi web server.
References
DirectoryListingandInformationDisclosure
Affected items
/js
Details
Pattern found: Last modified</a>
Request headers
GET /js/ HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/js/
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/system/application/css
Details
Pattern found: Last modified</a>
Request headers
GET /system/application/css/ HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/system/application/css/
(line truncated)
24
...WjACYgJmDT9SPlYwA2MEMgUwVWACZQdiB2VVMFE1VGlVMVc2AGFXY11kV2EHaVI1CWZVaQBgAmBWIgA8AXRQO
A9sVjUJMgIkV2xTdlVeUzRaZgJkAiYNOFIoViEDIgQ%2BBSBVaAI1B2EHb1UkUWFUYlUyVywAZVdnXTBXewdiUjY
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2FV
X1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6V
XICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2A
j0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
25
HTML form without CSRF protection

Medium
Severity
Type
Informational
Reported by module Crawler
Description
Peringatan palsu ini mungkin positif, perlunya dilakukan konfirmasi manual.
Acunetix WVS menemukan bentuk HTML tanpa perlindungan XSRF jelas telah diterapkan. Konsultasikan lebih lanjut
untuk informasi tentang bentuk HTML yang telah terdeteksi.
Impact
Seorang penyerang dapat memaksa pengguna dari aplikasi web untuk mengeksekusi tindakan. Sebuah CSRF bisa
mengeksploitasi data para pengguna end-user dan operasi dalam kasus user biasa. Jika pengguna end-user yang
ditargetkan adalah account administrator, ini bisa membahayakan seluruh aplikasi web.
Recommendation
Periksa apakah form ini membutuhkan perlindungan CSRF dan terapkan penanggulangan CSRF jika perlu.
Affected items
/
Details
Form name: <empty>
Form action: https://portal.unp.ac.id/
Form method: GET
Form inputs:
- search [Text]
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
...Y0CzACNQExUTYJMAIxUmlXb1E3UTVSMFQ0AjEANlZiAjYNawBmU2UHZQ9nAWAHZlYyBWlSbgJiAzACdldrUSR
WPlQ3VTYGPQchUmlVcFZdBmELNwJkASVRZAlzAnVSc1dtUXRRbFJlVDICagBxVmYCNA1qAHtTNgc3D2IBLQdiVjI
FIlJnAjIDMQJ2V2tRJFY%2BVDdVNgY9ByFSdVVzVmcGcgsMAmEBMFFkCW4CclJzV21RdFFsUmFUNgJqAHFWGgJpD
SUAPFNrB20PNgEsB2RWKAU8UnYCKQNVAj1XPlEzVmtUcVV1BicHTVJUVSBWNAYuC2ICOwF3UVYJTwJRUmdXYlEuU
XZSFVR2AiAAP1YyAlENOgA3U0wHaA8jASwHZFY1BS5SbQJyAzgCZVdjUW1WJlRqVWcGdAd3Ul9VYVZhBnQLOgJ2A
T5RdQl5AiRSalclUT1RZ1JkVDwCcgBiVmMCMQ1pAGFTPgc4D2ABOgdoViQFN1Ir
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
26
/
Details
Form name: frmlogin
Form action: https://portal.unp.ac.id/login/cekuser
Form method: POST
Form inputs:
- userid [Hidden]
- password [Hidden]
- jnploginid [Text]
- jnploginpass [Password]
- commit [Submit]
Request headers
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/login/gagal/20161015095001000000.html
Details
Form name: frmlogin
Form action: https://portal.unp.ac.id/login/cekuser
Form method: POST
Form inputs:
- jnploginid [Text]
- jnploginpass [Password]
- commit [Submit]
Request headers
GET /login/gagal/20161015095001000000.html HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/login/cekuser
(line truncated)
27
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
28
Clickjacking: X-Frame-Options header missing

Low
Severity
Type
Configuration
Reported by module Scripting (Clickjacking_X_Frame_Options.script)
Description
Clickjacking adalah teknik kejahatan yand dapat menipu pengguna Web untuk mengklik sesuatu yang berbeda dari
apa yang pengguna ingin pilih, sehingga berpotensi mengungkapkan informasi rahasia atau mengambil kendali dari
komputer mereka sambil mengklik halaman web yang tampaknya tidak berbahaya.
Server tidak memiliki header X-Frame-Options yang berarti bahwa website ini bisa beresiko dapat terserang clickjacking.
The X-Frame-Options header respon HTTP dapat digunakan untuk menunjukkan iya atau tidaknya browser harus
mengizinkan membuat halaman dalam bentuk <frame> atau <iframe>. Situs ini dapat menggunakannya, untuk
menghindari serangan clickjacking, dengan memastikan bahwa konten mereka tidak tertanam ke situs lain.
Impact
Dampak tergantung pada aplikasi web yang terkena.
Recommendation
Konfigurasi server web Anda untuk menyertakan header X-Frame-Options. Konsultasikan referensi Web untuk informasi
lebih lanjut tentang nilai yang mungkin untuk header ini.References
Clickjacking
OriginalClickjackingpaper
TheX-Frame-Optionsresponseheader
Affected items
Web Server
Details
No details are available.
Request headers
GET / HTTP/1.1
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
29
Documentation file
Low
Severity
Type
Configuration
Reported by module Scripting (Readme_Files.script)
Description
Sebuah file dokumentasi (misalnya readme.txt, CHANGELOG.txt, ...) ditemukan pada direktori ini. Informasi yang
terkandung dalam file-file ini bisa membantu penyerang untuk mengidentifikasi aplikasi web yang Anda gunakan dan
melihat versi aplikasi yang digunakan. Dianjurkan untuk menghapus file-file tersebut dari sistem.
Impact
File-file ini dapat mengungkapkan informasi sensitif. Informasi ini dapat digunakan untuk memulai serangan yang lebih
berbahaya.
Recommendation
Hapus atau membatasi akses semua file dokumentasi yang dapat diakses dari internet.
Affected items
/license.txt
Details
File contents (first 250 characters):Copyright (c) 2008 - 2009, EllisLab, Inc.
All rights reserved.
This license is a legal agreement between you and EllisLab Inc. for the use
of CodeIgniter Software (the "Software"). By obtaining the Software you
agree to comply with the terms and co ...
Request headers
GET /license.txt HTTP/1.1
(line truncated)
...9TZVQ0VmBSYgU5VWMONlc4VmVUZgZgAWUFN1RjVGBRNlFgBjZUMFozDW0HNVc0AjpXZQM3BTVQJAM%2FVSAHb
wNgCGsJMldxAToBJAcMCm0OMlM1VHBWY1IoBXJVdA40V3JWa1RjBmABaQV0VGRUYlE2USoGY1RkWjcNIQdiVzMCJ
VdiAzMFN1AkAz9VIAdvA2AIawkyV3EBJgEnBzYKfg4JUzBUZVZjUjUFdVV0DjRXclZrVGcGZAFpBXRUGFQ%2FUXl
RbQY%2BVD5aYw0gB2RXKQI7V3MDKAVTUG8DalU3BzoDJggoCShXHQEHAXQHZQoiDmdTalQiVlFSFAVWVWAOO1coV
nFUEwYkASMFOlQwVAdRZlFmBhlUO1p2DSAHZFc0AilXaANzBT5QNwM3VWkHdwM9CDoJe1cnAQwBNQcwCngOP1MnV
GtWclIiBSNVbQ58VztWYFRiBm4BcQVnVGFUZ1E1UTAGa1RrWjoNPwdlVyUCMFcu
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
30
Possible sensitive directories

Low
Severity
Type
Validation
Reported by module Scripting (Possible_Sensitive_Directories.script)
Description
Sebuah direktori sensitif mungkin telah ditemukan. Direktori ini tidak terkait langsung pada website. Pengecekan ini
untuk mencari sumber umum sensitif seperti direktori backup, basis data pembuangan, halaman administrasi, direktori
sementara. Setiap salah satu direktori ini bisa membantu penyerang untuk mempelajari lebih lanjut tentang sasarannya.
Impact
Direktori ini dapat memperlihatkan informasi sensitif yang dapat membantu pengguna berbahaya untuk membuat serangan
lebih maju.
Recommendation
Datasi akses ke direktori ini atau menghapusnya dari situs web.
References
WebServerSecurityandDatabaseServerSecurity
Affected items
/system
Details
Request headers
GET /system HTTP/1.1
Accept: acunetix/wvs
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
/system/application/config
Details
Request headers
31
GET /system/application/config HTTP/1.1

(line truncated)
Chrome/28.0.1500.63 Safari/537.36
32
/system/application/errors
Details
Request headers
GET /system/application/errors HTTP/1.1
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
/system/database
Details
Request headers
GET /system/database HTTP/1.1
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
/system/logs
Details
Request headers
GET /system/logs HTTP/1.1
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
32
Session Cookie without HttpOnly flag set

Low
Severity
Type
Informational
Description
Cookie ini tidak memiliki HttpOnly Flag Set. Ketika cookie diatur dengan HttpOnly Flag Set, itu mengindikasikan bahwa
browser hanya dapat diakses oleh server dan bukan oleh script client-side. Ini adalah perlindungan keamanan penting
bagi session cookies.
Impact
Tidak Ada
Recommendation
Jika memungkinkan, Anda harus mengatur HttpOnly Flag Set cookie ini.
Affected items
/
Details
Cookie name: "ci_session"
Cookie domain: "portal.unp.ac.id"
Request headers
GET / HTTP/1.1
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
33
Session Cookie without Secure flag set

Low
Severity
Type
Informational
Description
Cookie ini tidak memiliki Secure flag set. Ketika cookie diatur dengan Secure Flag Set, itu mengindikasikan bahwa
browser cookie hanya dapat diakses melalui saluran keamanan SSL. Ini merupakan perlindungan keamanan penting
bagi session cookies.
Impact
Tidak ada.
Recommendation
Jika memungkinkan, kamu harus mensetting Secure flag untuk cookie ini.
Affected items
/
Details
Cookie name: "ci_session"
Cookie domain: "portal.unp.ac.id"
Request headers
GET / HTTP/1.1
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
34
Broken links
Informational
Severity
Type
Informational
Description
Sebuah link yang rusak mengacu pada setiap link yang akan membawa Anda ke sebuah dokumen, gambar atau web
page, yang benar-benar mengakibatkan error. Halaman ini terhubung dari situs web tetapi tidak dapat diakses.
Impact
Permasalahan pada navigasi situs.
Recommendation
Hapus link yang menuju ke file ini atau membuatnya untuk dapat diakses.
Affected items
/ (560c78bee1afe173b1a570843109f0b4)
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /?search= HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/home/about (560c78bee1afe173b1a570843109f0b4)
Details
Request headers
GET /home/about?search= HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/home/about
(line truncated)
JLlVgADACMFYiADwBdFA4D2xWNQkyAiRXcFN1VWRTJ1pdAmECMw04UjVWJgMiBD4FIFVoAjEHZQdvVSRRHVQ%2F
35
VX1XawA4Vz1dZFd6B2RSLAkwVXEAKwJUVmkAaQFjUG0PKlZ2CSgCSFdRUyZVN1N7WjMCOwJ0DQpSFFYFAzYEMQV6
VXICRQclByVValE1VAdVYldgAB9XOF1xV3oHZFIxCSJVagBwAjlWMQA0AT1QIA8xVmQJewJyV1pTZ1ViUyFaawJ2
Aj0NKVIiVnADOwR2BWlVYwI0B28Hd1U3UWRUZ1UxVzYAbVdoXT1XZQdjUiAJO1Us
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/home/contact (560c78bee1afe173b1a570843109f0b4)
Details
Request headers
GET /home/contact?search= HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/home/contact
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/index.php (560c78bee1afe173b1a570843109f0b4)
Details
Request headers
GET /index.php?search= HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/index.php
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
36
/login (560c78bee1afe173b1a570843109f0b4)
Details
Request headers
GET /login?search= HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/login
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
/login/gagal (560c78bee1afe173b1a570843109f0b4)
Details
Request headers
GET /login/gagal?search= HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/login/gagal
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
Details
Request headers
GET /login/gagal/20161015095001000000.html?search= HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/login/gagal/20161015095001000000.html
37
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
Details
Request headers
GET /login/gagal/20161015095003000000.html?search= HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/login/gagal/20161015095003000000.html
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
38
Email address found

Informational
Severity
Type
Informational
Reported by module Scripting (Text_Search_File.script)
Description
Satu atau lebih alamat email telah ditemukan di halaman ini. Sebagian besar spam berasal dari alamat email yang
berasal dari internet. Spam-bots (juga dikenal sebagai pengirim email dan extractors email) adalah program yang
menjelajahi internet dan mencari alamat email disetiap situs web yang mereka kunjungi. Program spambot akan mencari
kalimat seperti myname@mydomain.com dan kemudian merekam setiap alamat yang ditemukan.
Impact
Alamat email yang diposting di situs Web dapat menarik spam yang berbahaya.
Recommendation
Periksa referensi untuk rincian tentang bagaimana untuk memecahkan masalah ini..
References
EmailAddressDisclosedonWebsiteCanbeUsedforSpam
Affected items
/home/contact
Details
Pattern found: puskom@unp.ac.id
Request headers
GET /home/contact HTTP/1.1
Pragma: no-cache
Referer: https://portal.unp.ac.id/
(line truncated)
Chrome/28.0.1500.63 Safari/537.36
Accept: */*
39
Scanned items (coverage report)

Scanned 55 URLs. Found 9 vulnerable.
URL: https://portal.unp.ac.id/
Vulnerabilities has been identified for this URL
6 input(s) found for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
Input scheme 2
Input name
/
/
Input type
Path Fragment
Path Fragment
Input scheme 3
Input name
/
/
/
Input type
Path Fragment (suffix .html)
URL: https://portal.unp.ac.id/login
No vulnerabilities has been identified for this URL
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/login/cekuser
Inputs
Input scheme 1
Input name
commit
jnploginid
jnploginpass
password
userid
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 2
Input name
commit
jnploginid
jnploginpass
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: https://portal.unp.ac.id/login/gagal
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
40
URL: https://portal.unp.ac.id/login/gagal/20161015095001000000.html
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/login/gagal/20161015095003000000.html
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/home
No input(s) found for this URL
URL: https://portal.unp.ac.id/home/about
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/home/contact
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/image/
URL: https://portal.unp.ac.id/image/login/
URL: https://portal.unp.ac.id/image/login/index.html
URL: https://portal.unp.ac.id/image/icon/
URL: https://portal.unp.ac.id/image/icon/index.html
41
URL: https://portal.unp.ac.id/image/index.html
URL: https://portal.unp.ac.id/system/
URL: https://portal.unp.ac.id/system/application/
URL: https://portal.unp.ac.id/system/application/css/
URL: https://portal.unp.ac.id/system/application/css/stylesheet.css
URL: https://portal.unp.ac.id/system/application/css/login.css
URL: https://portal.unp.ac.id/system/application/css/cetak.css
URL: https://portal.unp.ac.id/system/application/css/utama.css
URL: https://portal.unp.ac.id/system/application/css/style.css
URL: https://portal.unp.ac.id/system/application/css/cetakx.css
URL: https://portal.unp.ac.id/system/application/css/default.css
URL: https://portal.unp.ac.id/system/application/css/defaultlogin.css
URL: https://portal.unp.ac.id/system/application/errors/
URL: https://portal.unp.ac.id/system/application/errors/index.html
URL: https://portal.unp.ac.id/system/application/config/
42
URL: https://portal.unp.ac.id/system/application/config/config.php
URL: https://portal.unp.ac.id/system/application/config/database.php
URL: https://portal.unp.ac.id/system/application/config/index.html
URL: https://portal.unp.ac.id/system/application/index.html
URL: https://portal.unp.ac.id/system/logs/
URL: https://portal.unp.ac.id/system/logs/index.html
URL: https://portal.unp.ac.id/system/database/
URL: https://portal.unp.ac.id/system/database/index.html
URL: https://portal.unp.ac.id/system/plugins/
URL: https://portal.unp.ac.id/system/plugins/index.html
URL: https://portal.unp.ac.id/system/cache/
URL: https://portal.unp.ac.id/system/cache/index.html
URL: https://portal.unp.ac.id/system/fonts/
URL: https://portal.unp.ac.id/system/fonts/index.html
URL: https://portal.unp.ac.id/system/index.html
43
URL: https://portal.unp.ac.id/icons
URL: https://portal.unp.ac.id/localhost
URL: https://portal.unp.ac.id/localhost/siaj
URL: https://portal.unp.ac.id/localhost/siaj/image
URL: https://portal.unp.ac.id/localhost/siaj/image/login
URL: https://portal.unp.ac.id:443/license.txt
URL: https://portal.unp.ac.id/index.php
Inputs
Input scheme 1
Input name
search
Input type
URL encoded GET
URL: https://portal.unp.ac.id/js/
URL: https://portal.unp.ac.id/js/jquery.js
URL: https://portal.unp.ac.id/js/jquery.dataTables.js
URL: https://portal.unp.ac.id/js/jquery.dataTables.min.js
44

Laporan Scanning Kerentanan Web Portal Akademik Universitas Negeri Padang

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Laporan Scanning Kerentanan Web Portal Akademik Universitas Negeri Padang

Uploaded by

Copyright:

Available Formats

Acunetix Website Audit

Generated by Acunetix WVS Reporter (v9.0 Build 20131107)

SSL server information:

Acunetix Website Audit

Acunetix Website Audit

Organization Name: GlobalSign nv-sa

Acunetix Website Audit

Acunetix Website Audit

HTML form without CSRF protection

Clickjacking: X-Frame-Options header missing

Possible sensitive directories

Session Cookie without HttpOnly flag set

Session Cookie without Secure flag set

Email address found

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

| 'encrypt_sess_cookie' = TRUE/FALSE (boolean). Whether to encrypt the cookie

Acunetix Website Audit

| regarding date handling.

Acunetix Website Audit

/* End of file database.php */

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

| codes to set your own date formatting

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

/* End of file database.php */

GET /system/application/config/database.php.bak HTTP/1.1

Acunetix Website Audit

Acunetix Website Audit

HTML form without CSRF protection

Acunetix Website Audit

Acunetix Website Audit

Clickjacking: X-Frame-Options header missing

Acunetix Website Audit

Acunetix Website Audit

Possible sensitive directories

Acunetix Website Audit

GET /system/application/config HTTP/1.1

Acunetix Website Audit

Acunetix Website Audit

Session Cookie without HttpOnly flag set

Acunetix Website Audit

Session Cookie without Secure flag set

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Email address found

Acunetix Website Audit

Scanned items (coverage report)

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

Acunetix Website Audit

You might also like