Professional Documents
Culture Documents
22 March, 2021
Developer Report
Scan information
Start time 21-03-2021 20:35:47
Finish time The scan was aborted
Scan time 10 hours, 18 minutes
Profile Default
Server information
Responsive True
Server banner Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
Server OS Windows
Server technologies PHP
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A
malicious user can exploit these vulnerabilities and compromise the backend database
and/or deface your website.
Alerts distribution
Knowledge base
phpMyAdmin web application
phpMyAdmin web application was detected in directory /phpmyadmin.
Alerts summary
Severity High
Type Configuration
Reported by module Scripting (Version_Check.script)
Description
This alert was generated using only banner information. It may be a false positive.
By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache
mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and
are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability.
Recommendation
Upgrade Apache to the latest version.
References
Apache homepage
CVE-2010-0425
Apache 2.2.14 mod_isapi Dangling Pointer
Affected items
Web Server
Details
Current version is : Apache/2.2.11
Severity High
Type Validation
Reported by module Scripting (XSS.script)
Description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in
the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will
execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the
browser.
Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in
order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the
user. It is also possible to modify the content of the page presented to the user.
Recommendation
Your script should filter metacharacters from user input.
References
XSS Annihilation
OWASP PHP Top 5
How To: Prevent Cross-Site Scripting in ASP.NET
XSS Filter Evasion Cheat Sheet
The Cross Site Scripting Faq
VIDEO: How Cross-Site Scripting (XSS) Works
Acunetix Cross Site Scripting Attack
Cross site scripting
OWASP Cross Site Scripting
Affected items
/phpmyadmin/setup/config.php
Details
URL encoded POST input DefaultLang was set to af-utf-8'"()&%<acx><ScRiPt >Ysh5(9289)</ScRiPt>
Request headers
POST /phpmyadmin/setup/config.php HTTP/1.1
Content-Length: 156
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
submit_download=Download&DefaultLang=af-utf-8'%22()%26%25<acx><ScRiPt%20>Ysh5(9289)</ScR
iPt>&eol=unix&ServerDefault=1&token=1b8e7cbeec1da2295b3f432d5edc35c4
/uploads/manager.php
Details
URI was set to javascript:ZEum(9886);
The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter.
Request headers
GET /uploads/manager.php/javascript%26colon;ZEum%26lpar;9886%26rpar;; HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/uploads/manager.php
Details
URI was set to "onmouseover='ZEum(9394)'bad="
The input is reflected inside a tag parameter between double quotes.
Request headers
GET /uploads/manager.php/%22onmouseover%3d'ZEum(9394)'bad%3d%22 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/uploads/manager.php
/uploads/manager.php
Details
URI was set to javascript:ZEum(9689);
The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter.
Request headers
GET /uploads/manager.php/javascript%26colon;ZEum%26lpar;9689%26rpar;; HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/uploads/manager.php
Details
URI was set to javascript:ZEum(9793);
The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter.
Request headers
GET /uploads/manager.php/javascript%26colon;ZEum%26lpar;9793%26rpar;; HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Medium
Type Configuration
Reported by module Scripting (Version_Check.script)
Description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache
HTTPD server:
http://seclists.org/fulldisclosure/2011/Aug/175
An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and
with a modest number of requests can cause very significant memory and CPU usage on the server.
This alert was generated using only banner information. It may be a false positive.
Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).
Impact
Remote Denial of Service
Recommendation
Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project
Web site.
References
Apache HTTPD Security ADVISORY
Apache HTTP Server 2.2.20 Released
Apache httpd Remote Denial of Service (memory exhaustion)
CVE-2011-3192
CVE-2011-3192
Affected items
Web Server
Details
Current version is : 2.2.11
Severity Medium
Type Validation
Reported by module Scripting (Apache_httpOnly_Cookie_Disclosure.script)
Description
Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad
Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors
involving a (1) long or (2) malformed header in conjunction with crafted web script.
Recommendation
Upgrade Apache 2.x to the latest version. Apache 2.2.22 is the first version that fixed this issue.
References
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
CVE-2012-0053
Fixed in Apache httpd 2.2.22
Affected items
Web Server
Details
Pattern found: <pre>
Cookie: acunetixCookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Request headers
GET / HTTP/1.1
(line truncated)
...AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ...
Severity Medium
Type Validation
Reported by module Scripting (Generic_Oracle_Padding.script)
Description
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Review the source code for this script.
References
PHP Runtime Configuration
Affected items
/checklogin.php
Details
URL encoded GET input mypassword was set to YmtlWG1Cb1V5SGdNY0twVg==
Error message found: <b>Warning</b>: mysql_connect() [<a
href='function.mysql-connect'>function.mysql-connect</a>]: Host 'localhost' is not allowed to connect to this MySQL
server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on line <b>15</b><br />
Request headers
GET
/checklogin.php?Submit=Login&mypassword=YmtlWG1Cb1V5SGdNY0twVg%3d%3d&myusername=alnmeakw
HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/checklogin.php
Details
URL encoded GET input myusername was set to YjFrQ2lQM3k=
Error message found: <b>Warning</b>: mysql_connect() [<a
href='function.mysql-connect'>function.mysql-connect</a>]: Host 'localhost' is not allowed to connect to this MySQL
server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on line <b>15</b><br />
Request headers
GET /checklogin.php?Submit=Login&mypassword=g00dPa%24%24w0rD&myusername=YjFrQ2lQM3k%3d
HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/index.php
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET
/phpmyadmin/index.php?collation_connection=acu9366%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uc
a9366&convcharset=utf-8&lang=en-utf-8&phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ff
d&target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
/phpmyadmin/index.php
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
(line truncated) ...hpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=bWRaUzRXS2lOTld3czdVb1BvVndYTEZVRlFvdVFJcFdQRmpyTmNQc0c=;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Acunetix Website Audit 21
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/index.php
Details
Cookie input fm_current_root was set to OTlqQzc2WHBBdWhBQVpvTDdsMnl2SVVx
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
(line truncated) ...okie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
Acunetix Website Audit 22
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=OTlqQzc2WHBBdWhBQVpvTDdsMnl2SVVx; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/index.php
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET
/phpmyadmin/index.php?collation_connection=utf8_general_ci&convcharset=utf-8&lang=acu869
9%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca8699&phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f
811c0ffd&target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
/phpmyadmin/index.php
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
(line truncated) ...: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=a1NyT1hUNVdHWjRiUE5tYWlDUGdsdGJEMXRXOXhBMFE=;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Acunetix Website Audit 26
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/index.php
Details
URL encoded GET input phpMyAdmin was set to
TzBsYVk5ZFFyOEhzQ2Q2bWt5UjVQZDlxa21WeHRlTjkyNnVJZlNYZw==
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET
/phpmyadmin/index.php?collation_connection=utf8_general_ci&convcharset=utf-8&lang=en-ut
Acunetix Website Audit 27
f-8&phpMyAdmin=TzBsYVk5ZFFyOEhzQ2Q2bWt5UjVQZDlxa21WeHRlTjkyNnVJZlNYZw%3d%3d&target=index
.php&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/index.php
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
(line truncated) ...f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8;
pma_collation_connection=acu9972%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca9972;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
/phpmyadmin/index.php
Details
Cookie input pma_theme was set to cDZYVmNhd2w=
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
/phpmyadmin/index.php
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET
/phpmyadmin/index.php?target=index.php&token=S0ZrczRFZzNZUG9EakY3Q0ZRdWdPdkFhUVJ6ZGo0Q2k
%3d HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
Acunetix Website Audit 32
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/phpmyadmin.css.php
Details
URL encoded GET input js_frame was set to right
Error message found: <b>Warning</b>: Constants may only evaluate to scalar values in
<b>C:\xampp\phpMyAdmin\phpmyadmin.css.php</b> on line <b>12</b><br />
Request headers
GET
/phpmyadmin/phpmyadmin.css.php?collation_connection=utf8_general_ci&convcharset=utf-8&js
_frame[]=right&lang=en-utf-8&nocache=3704777855&token=1b8e7cbeec1da2295b3f432d5edc35c4
HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/phpmyadmin.css.php
Details
URL encoded GET input js_frame was set to right
Error message found: <b>Warning</b>: Constants may only evaluate to scalar values in
<b>C:\xampp\phpMyAdmin\phpmyadmin.css.php</b> on line <b>12</b><br />
Request headers
GET
/phpmyadmin/phpmyadmin.css.php?js_frame[]=right&nocache=3704777855&token=1b8e7cbeec1da22
95b3f432d5edc35c4 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/setup/
Details
URL encoded GET input formset was set to OEtvUDV4QkQ=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Acunetix Website Audit 33
Request headers
POST /phpmyadmin/setup/?formset=OEtvUDV4QkQ%3d&page=form HTTP/1.1
Content-Length: 761
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...pDump=on&IconvExtraParams=//TRANSLIT&IgnoreMultiSubmitErrors=on&LoginCookieDeleteAll=
on&LoginCookieRecall=on&LoginCookieStore=0&LoginCookieValidity=1800&MaxCharactersInDispl
ayedSQL=1000&MaxDbList=100&MaxTableList=250&MemoryLimit=0&OBGzip=auto&PersistentConnecti
ons=on&QueryHistoryDB=on&QueryHistoryMax=25&RecodingEngine=auto&SaveDir=1&ShowSQL=on&Ski
pLockedTables=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4&TrustedProxie
s=1&UploadDir=1&UseDbSearch=on&VerboseMultiSubmit=on&ZipDump=on
/phpmyadmin/setup/
Details
URL encoded POST input IconvExtraParams was set to ekNTY09VNVRaMw==
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
POST /phpmyadmin/setup/?formset=features&page=form HTTP/1.1
Content-Length: 771
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...convExtraParams=ekNTY09VNVRaMw%3d%3d&IgnoreMultiSubmitErrors=on&LoginCookieDeleteAll=
on&LoginCookieRecall=on&LoginCookieStore=0&LoginCookieValidity=1800&MaxCharactersInDispl
ayedSQL=1000&MaxDbList=100&MaxTableList=250&MemoryLimit=0&OBGzip=auto&PersistentConnecti
ons=on&QueryHistoryDB=on&QueryHistoryMax=25&RecodingEngine=auto&SaveDir=1&ShowSQL=on&Ski
pLockedTables=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4&TrustedProxie
s=1&UploadDir=1&UseDbSearch=on&VerboseMultiSubmit=on&ZipDump=on
/phpmyadmin/setup/
lang=acu6755%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca6755&token=1b8e7cbeec1da2295b3f432d5e
dc35c4
/phpmyadmin/setup/
Details
URL encoded POST input token was set to TXpNRVR6SlBXd0Nid2R1RzdhOVhORkYxZ1FOZ09RRVo=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
POST /phpmyadmin/setup/?formset=export&page=form HTTP/1.1
Content-Length: 391
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
submit_save=Save&check_page_refresh=&Export-asfile=on&Export-charset=iso-8859-1&Export-c
ompression=none&Export-file_template_database=__DB__&Export-file_template_server=__SERVE
R__&Export-file_template_table=__TABLE__&Export-format=codegen&Export-onserver=on&Export
-onserver_overwrite=on&Export-remember_file_template=on&submit_reset=Reset&token=TXpNRVR
6SlBXd0Nid2R1RzdhOVhORkYxZ1FOZ09RRVo%3d
/phpmyadmin/setup/
(line truncated)
...ubmitErrors=on&LoginCookieDeleteAll=on&LoginCookieRecall=on&LoginCookieStore=0&LoginC
ookieValidity=1800&MaxCharactersInDisplayedSQL=1000&MaxDbList=100&MaxTableList=250&Memor
yLimit=0&OBGzip=auto&PersistentConnections=on&QueryHistoryDB=on&QueryHistoryMax=25&Recod
ingEngine=auto&SaveDir=1&ShowSQL=on&SkipLockedTables=on&submit_reset=Reset&token=1b8e7cb
eec1da2295b3f432d5edc35c4&TrustedProxies=acu9398%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca9
398&UploadDir=1&UseDbSearch=on&VerboseMultiSubmit=on&ZipDump=on
/phpmyadmin/setup/
Details
URL encoded GET input version_check was set to
acu1615%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca1615
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\core.lib.php</b> on line
<b>588</b><br />
Request headers
POST
/phpmyadmin/setup/?token=1b8e7cbeec1da2295b3f432d5edc35c4&version_check=acu1615%EF%BC%9C
s1%EF%B9%A5s2%CA%BAs3%CA%B9uca1615 HTTP/1.1
Content-Length: 52
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
lang=af-utf-8&token=1b8e7cbeec1da2295b3f432d5edc35c4
submit_download=Download&DefaultLang=acu7527%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7527&
eol=unix&ServerDefault=1&token=1b8e7cbeec1da2295b3f432d5edc35c4
/phpmyadmin/setup/config.php
Details
URL encoded POST input token was set to eTRiUEdsdFpMZldvdWw2WW9wcXFCbmxvRXl2ZG1BSkE=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\config.php</b> on line
<b>96</b><br />
Request headers
POST /phpmyadmin/setup/config.php HTTP/1.1
Content-Length: 121
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
submit_display=Display&DefaultLang=af-utf-8&eol=unix&ServerDefault=1&token=eTRiUEdsdFpMZ
ldvdWw2WW9wcXFCbmxvRXl2ZG1BSkE%3d
/phpmyadmin/setup/index.php
/phpmyadmin/setup/index.php
Details
URL encoded GET input mode was set to acu7047%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7047
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
GET
/phpmyadmin/setup/index.php?submit=New%20server&check_page_refresh=&mode=acu7047%EF%BC%9
Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7047&page=servers&token=1b8e7cbeec1da2295b3f432d5edc35c4
HTTP/1.1
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-AllowDeny-order was set to OElJVWtaeko3Z09a
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1043
Acunetix Website Audit 38
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...host=localhost&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4
/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-controlpass was set to WVNxSkxEUTV5Q0hFYlNUcA==
Error message found: Fatal error
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1051
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...host=localhost&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4
/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-controluser was set to dUVtS1VSOHc=
Error message found: Fatal error
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
(line truncated)
...host=localhost&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4
/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-CountTables was set to
Error message found: Fatal error
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1012
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...host=localhost&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4
/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-host was set to NEd1eUJKSElD
Error message found: Fatal error
Request headers
POST
(line truncated)
...t=NEd1eUJKSElD&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4
/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-password was set to MElHSHRjdVdQaU9WNUpycQ==
Error message found: Fatal error
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1051
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...st&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Servers-0-passwo
rd=MElHSHRjdVdQaU9WNUpycQ%3d%3d&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4
/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-ShowDatabasesCommand was set to RkNYUmpKMGNrR1VpZTVnag==
Error message found: Fatal error
Request headers
(line truncated)
...st&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Servers-0-passwo
rd=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=1&Servers-0-
relation=1&Servers-0-ShowDatabasesCommand=RkNYUmpKMGNrR1VpZTVnag%3d%3d&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4
/phpmyadmin/setup/index.php
Details
URL encoded GET input submit was set to Qlc1dVdOZ1ZPeHl5
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
GET
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=Qlc1dVdOZ1Z
PeHl5&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/setup/index.php
Details
URL encoded GET input token was set to enZIbHNwME51SmZsbHNDZVVacmkycGNiUjZ0UGlHMjc=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
GET
/phpmyadmin/setup/index.php?submit=New%20server&check_page_refresh=&mode=add&page=server
s&token=enZIbHNwME51SmZsbHNDZVVacmkycGNiUjZ0UGlHMjc%3d HTTP/1.1
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
/phpmyadmin/setup/validate.php
Details
URL encoded POST input id was set to
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 87
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
id=&token=1b8e7cbeec1da2295b3f432d5edc35c4&values=%7b%22Servers-0-hide_db%22:%22e%22%7d
/phpmyadmin/setup/validate.php
Details
JSON input Servers-0-hide_db was set to
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 107
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
id=Servers%2F1%2Fhide_db&token=1b8e7cbeec1da2295b3f432d5edc35c4&values=%7b%22Servers-0-h
ide_db%22:%22%22%7d
/phpmyadmin/setup/validate.php
Details
JSON input Servers-0-host was set to b3Z2N1lXZFVS
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 1427
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...%22%22%2c%22Servers-0-history%22:%22%22%2c%22Servers-0-host%22:%22b3Z2N1lXZFVS%22%2c%
22Servers-0-LogoutURL%22:%22%22%2c%22Servers-0-nopassword%22:false%2c%22Servers-0-only_d
b%22:%22%22%2c%22Servers-0-password%22:%22%22%2c%22Servers-0-pdf_pages%22:%22%22%2c%22Se
rvers-0-pmadb%22:%22%22%2c%22Servers-0-port%22:%22%22%2c%22Servers-0-relation%22:%22%22%
2c%22Servers-0-ShowDatabasesCommand%22:%22SHOW%20DATABASES%22%2c%22Servers-0-SignonSessi
on%22:%22%22%2c%22Servers-0-SignonURL%22:%22%22%2c%22Server ...
/phpmyadmin/setup/validate.php
Details
JSON input Servers-0-pmadb was set to YmdxYnpsdXBRSw==
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 1444
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...%22%22%2c%22Servers-0-history%22:%22%22%2c%22Servers-0-host%22:%22localhost%22%2c%22
/phpmyadmin/setup/validate.php
Details
URL encoded POST input token was set to eVBndExpeTE5TVdiVnZTazkyQlNJdDVycGtOWjEwcks=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 1438
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...-0-hide_db%22:%22%22%2c%22Servers-0-history%22:%22%22%2c%22Servers-0-host%22:%22local
host%22%2c%22Servers-0-LogoutURL%22:%22%22%2c%22Servers-0-nopassword%22:false%2c%22Serve
rs-0-only_db%22:%22%22%2c%22Servers-0-password%22:%22%22%2c%22Servers-0-pdf_pages%22:%22
%22%2c%22Servers-0-pmadb%22:%22%22%2c%22Servers-0-port%22:%22%22%2c%22Servers-0-relation
%22:%22%22%2c%22Servers-0-ShowDatabasesCommand%22:%22SHOW%20DATABASES%22%2c%22Servers-0-
SignonSession%22:%22%22%2c%22Servers-0-SignonURL%22:%22%22% ...
/phpmyadmin/setup/validate.php
Details
URL encoded POST input values was set to
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 71
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Medium
Type Information
Reported by module Scripting (Directory_Listing.script)
Description
The web server is configured to display the list of files contained in this directory. This is not recommended because the
directory may contain files that are not normally exposed through links on the web site.
Impact
A user can view a list of all files from this directory possibly exposing sensitive information.
Recommendation
You should make sure the directory does not contain sensitive information or you may want to restrict directory listings
from the web server configuration.
References
Directory Listing and Information Disclosure
Affected items
/includes
Details
Pattern found: Last modified</a>
Request headers
GET /includes/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/uploads
Details
Pattern found: Last modified</a>
Request headers
GET /uploads/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Medium
Type Validation
Reported by module Scripting (Text_Search_File.script)
Description
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Review the source code for this script.
References
PHP Runtime Configuration
Affected items
/checklogin.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /checklogin.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/login.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/config.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\config.php</b> on line
<b>12</b><br />
Request headers
GET /config.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Acunetix Website Audit 48
/includes/config_db.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /includes/config_db.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a
href="index.php?target=index.php&lang=en-utf-8&convcharset=utf-8&collation_connection=utf8_general_
ci&token=1b8e7cbeec1da2295b3f432d5edc35c4&phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd
" title="Open new phpMyAdmin window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png"
alt="Open new phpMyAdmin window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
/phpmyadmin/index.php
Details
Pattern found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}
if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/
Acunetix-Aspect: enabled
Acunetix Website Audit 51
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/uploads/logfile.php
Details
Pattern found: <b>Warning</b>: passthru() [<a href='function.passthru'>function.passthru</a>]: Cannot execute a blank
command in <b>C:\xampp\htdocs\EMS1\uploads\logfile.php</b> on line <b>1</b><br />
Request headers
GET /uploads/logfile.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/user_form.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /user_form.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/user_form2.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /user_form2.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Acunetix Website Audit 52
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/vendor.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /vendor.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Medium
Type Informational
Reported by module Crawler
Description
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a
type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website
trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
Impact
An attacker may force the users of a web application to execute actions of the attacker''s choosing. A successful CSRF
exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator
account, this can compromise the entire web application.
Recommendation
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
Affected items
/login.php
Details
Form name: form1
Form action: http://192.168.203.128/checklogin.php
Form method: GET
Form inputs:
- myusername [Text]
- mypassword [Password]
- Submit [Submit]
Request headers
GET /login.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Medium
Type Configuration
Reported by module Scripting (Version_Check.script)
Description
This alert was generated using only banner information. It may be a false positive.
Affected PHP versions: 5.3 up to version 5.3.5 and 5.2 up to version 5.2.17
Impact
Denial of service attack
Recommendation
Upgrade PHP to the latest version.
References
PHP Hangs On Numeric Value 2.2250738585072011e-308
PHP Homepage
CVE-2010-4645
Affected items
Web Server
Details
Current version is : PHP/5.2.9
Severity Medium
Type Configuration
Reported by module Crawler
Description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an
encrypted channel (HTTPS) to avoid being intercepted by malicious users.
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
Recommendation
Because user credentials are considered sensitive information, should always be transferred to the server over an
encrypted connection (HTTPS).
Affected items
/login.php
Details
Form name: form1
Form action: http://192.168.203.128/checklogin.php
Form method: GET
Form inputs:
- myusername [Text]
- mypassword [Password]
- Submit [Submit]
Request headers
GET /login.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Low
Type Configuration
Reported by module Scripting (Clickjacking_X_Frame_Options.script)
Description
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web
user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing
confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking
attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be
allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their
content is not embedded into other sites.
Impact
The impact depends on the affected web application.
Recommendation
Configure your web server to include an X-Frame-Options header. Consult Web references for more information about
the possible values for this header.
References
Frame Buster Buster
Clickjacking Protection for Java EE
Defending with Content Security Policy frame-ancestors directive
OWASP Clickjacking
Clickjacking
The X-Frame-Options response header
Affected items
Web Server
Details
No details are available.
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Low
Type Informational
Reported by module Crawler
Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser
that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection
for session cookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
/
Details
Cookie name: "pma_theme"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/
Details
Cookie name: "pma_fontsize"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/
Details
Cookie name: "expanded_dir_list"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/
Details
Cookie name: "order_dir_list_by"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/
Details
Cookie name: "fm_current_root"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/
Details
Cookie name: "loggedon"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Low
Type Configuration
Reported by module Scripting (Readme_Files.script)
Description
A documentation file (e.g. readme.txt, changelog.txt, ...) was found in this directory. The information contained in these
files could help an attacker identify the web application you are using and sometimes the version of the application. It's
recommended to remove these files from production systems.
Impact
These files may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Remove or restrict access to all documentation file acessible from internet.
Affected items
/phpmyadmin/CHANGELOG
Details
File contents (first 250 characters):----------------------
phpMyAdmin - ChangeLog
----------------------
3.1.3.1 (2009-03-24)
- [securi ...
Request headers
GET /phpmyadmin/CHANGELOG HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/INSTALL
Details
File contents (first 250 characters):$Id: INSTALL 9537 2006-10-12 16:27:13Z nijel $
phpMyAdmin - Installation
-------------------------
...
Request headers
GET /phpmyadmin/INSTALL HTTP/1.1
Acunetix Website Audit 60
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/readme
Details
File contents (first 250 characters):$Id: README 12312 2009-03-24 20:32:19Z lem9 $
phpMyAdmin - Readme
===================
Version 3.1.3.1
---------------
http://www.phpmyadmin.net/
/phpmyadmin/README
Details
File contents (first 250 characters):$Id: README 12312 2009-03-24 20:32:19Z lem9 $
phpMyAdmin - Readme
===================
Version 3.1.3.1
---------------
http://www.phpmyadmin.net/
Severity Low
Type Validation
Reported by module Scripting (Html_Authentication_Audit.script)
Description
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack
is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and
symbols until you discover the one correct combination that works.
This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended
to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web
references for more information about fixing this problem.
Impact
An attacker may attempt to discover a weak password by systematically trying every possible combination of letters,
numbers, and symbols until it discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
References
Blocking Brute Force Attacks
Affected items
/checklogin.php
Details
The scanner tested 10 invalid credentials and no account lockout was detected.
Request headers
GET /checklogin.php?Submit=Login&mypassword=Jdd0BRSK&myusername=MZINGxQg HTTP/1.1
Referer: http://192.168.203.128:80/
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Low
Type Configuration
Reported by module Scripting (Relative_Path_Overwrite.script)
Description
Manual confirmation is required for this alert.
Gareth Heyes introduced a technique to take advantage of CSS imports with relative URLs by overwriting their target file.
This technique can be used by an attacker to trick browsers into importing HTML pages as CSS stylesheets. If the
attacker can control a part of the imported HTML pages he can abuse this issue to inject arbitrary CSS rules.
Impact
On older versions of Internet Explorer it's possible to execute arbitrary JavaScript code using Internet Explorer's
expression() function. An attacker can also extract the page source and potentially steal CSRF tokens using CSS
selectors.
Recommendation
If possible, it's recommended to use absolute links for CSS imports. The problem can be partially mitigated by preventing
framing. To prevent framing configure your web server to include an X-Frame-Options: deny header on all pages.
References
Relative Path Overwrite
Affected items
/phpmyadmin/index.php
Details
A CSS import from a relative path was found on this page: <link rel="stylesheet" type="text/css"
href="phpmyadmin.css.php?token=1b8e7cbeec1da2295b3f432d5edc35c4&js_frame=right&nocache=3704777
855" />The same relative CSS import is present even when a random string was placed after the filename. Also, the
response is frameable.
Request headers
GET /phpmyadmin/index.php/T1tsb/ HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Low
Type Validation
Reported by module Scripting (Possible_Sensitive_Directories.script)
Description
A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for
common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each
one of these directories could help an attacker to learn more about his target.
Impact
This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.
Recommendation
Restrict access to this directory or remove it from the website.
References
Web Server Security and Database Server Security
Affected items
/phpmyadmin
Details
No details are available.
Request headers
GET /phpmyadmin HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
/phpmyadmin/setup
Details
No details are available.
Request headers
GET /phpmyadmin/setup HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
/uploads
Details
No details are available.
Request headers
GET /uploads HTTP/1.1
Acunetix Website Audit 65
Accept: acunetix/wvs
Range: bytes=0-99999
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Severity Low
Type Validation
Reported by module Scripting (Track_Trace_Server_Methods.script)
Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web
browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
Impact
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and
authentication data.
Recommendation
Disable TRACE Method on the web server.
References
US-CERT VU#867593
Cross-site tracing (XST)
W3C - RFC 2616
Affected items
Web Server
Details
No details are available.
Request headers
TRACE /F8xPklJmSu HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Informational
Type Informational
Reported by module Crawler
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.
This page was linked from the website but it is inaccessible.
Impact
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
/function.mysql-connect
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/user_form2.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/includes/function.mysql-connect
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /includes/function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/config_db.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/setup/function.date-default-timezone-get
/phpmyadmin/setup/function.file-put-contents
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.file-put-contents HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/config.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/setup/function.mysql-connect
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Acunetix Website Audit 69
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/setup/function.require
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.require HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/config.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/phpmyadmin/setup/function.require-once
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.require-once HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/config.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
/uploads/function.passthru
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /uploads/function.passthru HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/logfile.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Informational
Type Informational
Reported by module Crawler
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password
should be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are
completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser
cache.
Impact
Possible sensitive information disclosure.
Recommendation
The password auto-complete should be disabled in sensitive applications.
To disable auto-complete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
/login.php
Details
Password type input named mypassword from form named form1 with action checklogin.php has autocomplete enabled.
Request headers
GET /login.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Severity Informational
Type Informational
Reported by module Scripting (Invalid_Page_Text_Search.script)
Description
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP
addressing scheme of the internal network. This information can be used to conduct further attacks.
Recommendation
Prevent this information from being displayed to the user.
Affected items
/
Details
Tested on URI: /3mN0uubw5I.jsp
/function.mysql-connect
Details
Pattern found: 192.168.203.128
Request headers
GET /function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/user_form2.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/icons
Details
Pattern found: 192.168.203.128
Request headers
GET /icons HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix Website Audit 73
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/icons/
Details
Tested on URI: /icons/eV3N3rnWvb.jsp
/includes
Details
Pattern found: 192.168.203.128
Request headers
GET /includes/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/includes/function.mysql-connect
Details
Pattern found: 192.168.203.128
Request headers
GET /includes/function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/config_db.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Acunetix Website Audit 74
Accept: */*
/phpmyadmin/
Details
Tested on URI: /phpmyadmin/CnDJtqlfnV.jsp
/phpmyadmin/themes/
Details
Tested on URI: /phpmyadmin/themes/4kQf9uPDvA.jsp
/phpmyadmin/themes/original/
Details
Tested on URI: /phpmyadmin/themes/original/a5yabRMSTJ.jsp
/phpmyadmin/themes/original/img/
Details
Tested on URI: /phpmyadmin/themes/original/img/VNCM4rcGwh.jsp
/uploads
Details
Pattern found: 192.168.203.128
Request headers
GET /uploads/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/uploads/function.passthru
Details
Pattern found: 192.168.203.128
Request headers
GET /uploads/function.passthru HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/logfile.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Input scheme 1
Input name Input type
Host HTTP Header
URL: http://192.168.203.128/login.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/about.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/index.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/vendor.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/user_form.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/user_form2.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/checklogin.php
Vulnerabilities have been identified for this URL
3 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
URL encoded GET
mypassword URL encoded GET
myusername URL encoded GET
URL: http://192.168.203.128/function.mysql-connect
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/print.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Input scheme 1
Input name Input type
collation_connection URL encoded GET
convcharset URL encoded GET
lang URL encoded GET
phpMyAdmin URL encoded GET
target URL encoded GET
token URL encoded GET
Input scheme 2
Input name Input type
target URL encoded GET
token URL encoded GET
URL: http://192.168.203.128/phpmyadmin/phpmyadmin.css.php
Vulnerabilities have been identified for this URL
9 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
collation_connection URL encoded GET
convcharset URL encoded GET
js_frame URL encoded GET
lang URL encoded GET
nocache URL encoded GET
token URL encoded GET
Input scheme 2
Input name Input type
js_frame URL encoded GET
nocache URL encoded GET
token URL encoded GET
URL: http://192.168.203.128/phpmyadmin/themes/
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/themes/original/
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/themes/original/img/
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/readme
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/install
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/setup/
Vulnerabilities have been identified for this URL
135 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
lang URL encoded POST
token URL encoded POST
Input scheme 2
Input name Input type
formset URL encoded GET
page URL encoded GET
Input scheme 3
Input name Input type
token URL encoded GET
version_check URL encoded GET
Input scheme 4
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Import-allow_interrupt URL encoded POST
Import-format URL encoded POST
Import-skip_queries URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
Input scheme 5
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
BrowseMarkerEnable URL encoded POST
BrowsePointerEnable URL encoded POST
CharEditing URL encoded POST
CharTextareaCols URL encoded POST
CharTextareaRows URL encoded POST
check_page_refresh URL encoded POST
DefaultTabDatabase URL encoded POST
DefaultTabServer URL encoded POST
DefaultTabTable URL encoded POST
ForeignKeyDropdownOrder URL encoded POST
ForeignKeyMaxLimit URL encoded POST
InsertRows URL encoded POST
LightTabs URL encoded POST
MaxRows URL encoded POST
NavigationBarIconic URL encoded POST
Order URL encoded POST
Input scheme 6
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
DisplayDatabasesList URL encoded POST
DisplayServersList URL encoded POST
LeftDefaultTabTable URL encoded POST
LeftDisplayLogo URL encoded POST
LeftDisplayServers URL encoded POST
LeftFrameDBSeparator URL encoded POST
LeftFrameDBTree URL encoded POST
LeftFrameLight URL encoded POST
LeftFrameTableLevel URL encoded POST
LeftFrameTableSeparator URL encoded POST
LeftLogoLink URL encoded POST
LeftLogoLinkWindow URL encoded POST
LeftPointerEnable URL encoded POST
ShowTooltip URL encoded POST
ShowTooltipAliasDB URL encoded POST
ShowTooltipAliasTB URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
Input scheme 7
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Export-asfile URL encoded POST
Export-charset URL encoded POST
Export-compression URL encoded POST
Export-file_template_database URL encoded POST
Export-file_template_server URL encoded POST
Input scheme 8
Input name Input type
token URL encoded GET
version_check URL encoded GET
lang URL encoded POST
token URL encoded POST
Input scheme 9
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
AllowAnywhereRecoding URL encoded POST
AllowArbitraryServer URL encoded POST
AllowUserDropDatabase URL encoded POST
blowfish_secret URL encoded POST
BZipDump URL encoded POST
check_page_refresh URL encoded POST
CheckConfigurationPermissions URL encoded POST
CompressOnFly URL encoded POST
Confirm URL encoded POST
DefaultCharset URL encoded POST
ExecTimeLimit URL encoded POST
ForceSSL URL encoded POST
GZipDump URL encoded POST
IconvExtraParams URL encoded POST
IgnoreMultiSubmitErrors URL encoded POST
LoginCookieDeleteAll URL encoded POST
LoginCookieRecall URL encoded POST
LoginCookieStore URL encoded POST
LoginCookieValidity URL encoded POST
MaxCharactersInDisplayedSQL URL encoded POST
MaxDbList URL encoded POST
MaxTableList URL encoded POST
MemoryLimit URL encoded POST
OBGzip URL encoded POST
PersistentConnections URL encoded POST
QueryHistoryDB URL encoded POST
QueryHistoryMax URL encoded POST
RecodingEngine URL encoded POST
SaveDir URL encoded POST
ShowSQL URL encoded POST
SkipLockedTables URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
TrustedProxies URL encoded POST
UploadDir URL encoded POST
URL: http://192.168.203.128/phpmyadmin/setup/index.php
Vulnerabilities have been identified for this URL
194 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
URL encoded GET
check_page_refresh URL encoded GET
mode URL encoded GET
page URL encoded GET
token URL encoded GET
Input scheme 2
Input name Input type
check_page_refresh URL encoded GET
mode URL encoded GET
page URL encoded GET
submit URL encoded GET
token URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Servers-0-AllowDeny-order URL encoded POST
Servers-0-AllowDeny-rules URL encoded POST
Servers-0-AllowNoPasswordRoot URL encoded POST
Servers-0-AllowRoot URL encoded POST
Servers-0-auth_swekey_config URL encoded POST
Servers-0-auth_type URL encoded POST
Servers-0-bookmarktable URL encoded POST
Servers-0-column_info URL encoded POST
Servers-0-compress URL encoded POST
Servers-0-connect_type URL encoded POST
Servers-0-controlpass URL encoded POST
Servers-0-controluser URL encoded POST
Servers-0-CountTables URL encoded POST
Servers-0-designer_coords URL encoded POST
Servers-0-DisableIS URL encoded POST
Servers-0-extension URL encoded POST
Servers-0-hide_db URL encoded POST
Servers-0-history URL encoded POST
Servers-0-host URL encoded POST
Servers-0-LogoutURL URL encoded POST
Servers-0-nopassword URL encoded POST
Servers-0-only_db URL encoded POST
Servers-0-password URL encoded POST
Servers-0-pdf_pages URL encoded POST
Servers-0-pmadb URL encoded POST
Servers-0-port URL encoded POST
Servers-0-relation URL encoded POST
Servers-0-ShowDatabasesCommand URL encoded POST
Servers-0-SignonSession URL encoded POST
Servers-0-SignonURL URL encoded POST
Acunetix Website Audit 82
Servers-0-socket URL encoded POST
Servers-0-ssl URL encoded POST
Servers-0-table_coords URL encoded POST
Servers-0-table_info URL encoded POST
Servers-0-user URL encoded POST
Servers-0-verbose URL encoded POST
Servers-0-verbose_check URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
Input scheme 3
Input name Input type
formset URL encoded GET
page URL encoded GET
Input scheme 4
Input name Input type
lang URL encoded POST
token URL encoded POST
Input scheme 5
Input name Input type
token URL encoded GET
version_check URL encoded GET
Input scheme 6
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
DisplayDatabasesList URL encoded POST
DisplayServersList URL encoded POST
LeftDefaultTabTable URL encoded POST
LeftDisplayLogo URL encoded POST
LeftDisplayServers URL encoded POST
LeftFrameDBSeparator URL encoded POST
LeftFrameDBTree URL encoded POST
LeftFrameLight URL encoded POST
LeftFrameTableLevel URL encoded POST
LeftFrameTableSeparator URL encoded POST
LeftLogoLink URL encoded POST
LeftLogoLinkWindow URL encoded POST
LeftPointerEnable URL encoded POST
ShowTooltip URL encoded POST
ShowTooltipAliasDB URL encoded POST
ShowTooltipAliasTB URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
Input scheme 7
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
AllowAnywhereRecoding URL encoded POST
AllowArbitraryServer URL encoded POST
Acunetix Website Audit 83
AllowUserDropDatabase URL encoded POST
blowfish_secret URL encoded POST
BZipDump URL encoded POST
check_page_refresh URL encoded POST
CheckConfigurationPermissions URL encoded POST
CompressOnFly URL encoded POST
Confirm URL encoded POST
DefaultCharset URL encoded POST
ExecTimeLimit URL encoded POST
ForceSSL URL encoded POST
GZipDump URL encoded POST
IconvExtraParams URL encoded POST
IgnoreMultiSubmitErrors URL encoded POST
LoginCookieDeleteAll URL encoded POST
LoginCookieRecall URL encoded POST
LoginCookieStore URL encoded POST
LoginCookieValidity URL encoded POST
MaxCharactersInDisplayedSQL URL encoded POST
MaxDbList URL encoded POST
MaxTableList URL encoded POST
MemoryLimit URL encoded POST
OBGzip URL encoded POST
PersistentConnections URL encoded POST
QueryHistoryDB URL encoded POST
QueryHistoryMax URL encoded POST
RecodingEngine URL encoded POST
SaveDir URL encoded POST
ShowSQL URL encoded POST
SkipLockedTables URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
TrustedProxies URL encoded POST
UploadDir URL encoded POST
UseDbSearch URL encoded POST
VerboseMultiSubmit URL encoded POST
ZipDump URL encoded POST
Input scheme 8
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
BrowseMarkerEnable URL encoded POST
BrowsePointerEnable URL encoded POST
CharEditing URL encoded POST
CharTextareaCols URL encoded POST
CharTextareaRows URL encoded POST
check_page_refresh URL encoded POST
DefaultTabDatabase URL encoded POST
DefaultTabServer URL encoded POST
DefaultTabTable URL encoded POST
ForeignKeyDropdownOrder URL encoded POST
ForeignKeyMaxLimit URL encoded POST
InsertRows URL encoded POST
LightTabs URL encoded POST
Acunetix Website Audit 84
MaxRows URL encoded POST
NavigationBarIconic URL encoded POST
Order URL encoded POST
PropertiesIconic URL encoded POST
ProtectBinary URL encoded POST
QueryWindowDefTab URL encoded POST
ShowAll URL encoded POST
ShowChgPassword URL encoded POST
ShowCreateDb URL encoded POST
ShowFunctionFields URL encoded POST
ShowPhpInfo URL encoded POST
ShowServerInfo URL encoded POST
ShowStats URL encoded POST
SQLQuery-Edit URL encoded POST
SQLQuery-Explain URL encoded POST
SQLQuery-Refresh URL encoded POST
SQLQuery-ShowAsPHP URL encoded POST
SQLQuery-Validate URL encoded POST
submit_reset URL encoded POST
SuggestDBName URL encoded POST
token URL encoded POST
Input scheme 9
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Export-asfile URL encoded POST
Export-charset URL encoded POST
Export-compression URL encoded POST
Export-file_template_database URL encoded POST
Export-file_template_server URL encoded POST
Export-file_template_table URL encoded POST
Export-format URL encoded POST
Export-onserver URL encoded POST
Export-onserver_overwrite URL encoded POST
Export-remember_file_template URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
Input scheme 10
Input name Input type
id URL encoded GET
mode URL encoded GET
page URL encoded GET
Input scheme 11
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Import-allow_interrupt URL encoded POST
Import-format URL encoded POST
Import-skip_queries URL encoded POST
Acunetix Website Audit 85
submit_reset URL encoded POST
token URL encoded POST
Input scheme 12
Input name Input type
token URL encoded GET
version_check URL encoded GET
lang URL encoded POST
token URL encoded POST
Input scheme 13
Input name Input type
check_page_refresh URL encoded GET
mode URL encoded GET
page URL encoded GET
submit URL encoded GET
token URL encoded GET
URL: http://192.168.203.128/phpmyadmin/setup/config.php
Vulnerabilities have been identified for this URL
41 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
URL encoded POST
DefaultLang URL encoded POST
eol URL encoded POST
ServerDefault URL encoded POST
token URL encoded POST
Input scheme 2
Input name Input type
URL encoded POST
DefaultLang URL encoded POST
eol URL encoded POST
server%5bAllowDeny%5d%5border%5d URL encoded POST
server%5bAllowDeny%5d%5brules%5d%5b0%5d URL encoded POST
server%5bAllowNoPasswordRoot%5d URL encoded POST
server%5bauth_swekey_config%5d URL encoded POST
server%5bauth_type%5d URL encoded POST
server%5bbookmarktable%5d URL encoded POST
server%5bcolumn_info%5d URL encoded POST
server%5bconnect_type%5d URL encoded POST
server%5bcontrolpass%5d URL encoded POST
server%5bcontroluser%5d URL encoded POST
server%5bdesigner_coords%5d URL encoded POST
server%5bextension%5d URL encoded POST
server%5bhide_db%5d URL encoded POST
server%5bhistory%5d URL encoded POST
server%5bhost%5d URL encoded POST
server%5bLogoutURL%5d URL encoded POST
server%5bnopassword%5d URL encoded POST
server%5bonly_db%5d%5b0%5d URL encoded POST
server%5bpassword%5d URL encoded POST
server%5bpdf_pages%5d URL encoded POST
server%5bpmadb%5d URL encoded POST
Acunetix Website Audit 86
server%5bport%5d URL encoded POST
server%5brelation%5d URL encoded POST
server%5bSignonSession%5d URL encoded POST
server%5bSignonURL%5d URL encoded POST
server%5bsocket%5d URL encoded POST
server%5bssl%5d URL encoded POST
server%5btable_coords%5d URL encoded POST
server%5btable_info%5d URL encoded POST
server%5buser%5d URL encoded POST
server%5bverbose%5d URL encoded POST
ServerDefault URL encoded POST
token URL encoded POST
URL: http://192.168.203.128/phpmyadmin/setup/styles.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/setup/function.mysql-connect
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/setup/function.date-default-timezone-get
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/setup/scripts.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/setup/function.file-put-contents
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/setup/function.require
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/setup/function.require-once
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/setup/validate.php
Vulnerabilities have been identified for this URL
44 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
Servers-0-AllowDeny-order JSON
Servers-0-AllowDeny-rules JSON
Servers-0-AllowNoPasswordRoot JSON
Servers-0-AllowRoot JSON
Servers-0-auth_swekey_config JSON
Servers-0-auth_type JSON
Servers-0-bookmarktable JSON
Servers-0-column_info JSON
Servers-0-compress JSON
Servers-0-connect_type JSON
Servers-0-controlpass JSON
Input scheme 2
Input name Input type
Servers-0-hide_db JSON
id URL encoded POST
token URL encoded POST
values URL encoded POST
URL: http://192.168.203.128/phpmyadmin/js/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/js/mootools.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/scripts/
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/documentation.html
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/docs.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/license.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/changelog.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/phpmyadmin/translators.html
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/uploads/
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/uploads/logfile.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/uploads/manager.php
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
frame URL encoded POST
pass URL encoded POST
URL: http://192.168.203.128/uploads/function.passthru
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/config.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/includes/
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/includes/config_db.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/includes/function.mysql-connect
Vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/upload.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.203.128/icons
Vulnerabilities have been identified for this URL
No input(s) found for this URL