Acunetix Website Audit

22 March, 2021

Developer Report

Generated by Acunetix WVS Reporter (v10.5 Build 20160217)

Scan of http://192.168.203.128:80/
Scan details

Scan information
Start time 21-03-2021 20:35:47
Finish time The scan was aborted
Scan time 10 hours, 18 minutes
Profile Default
Server information
Responsive True
Server banner Apache/2.2.11 (Win32) DAV/2 mod_ssl/2.2.11 OpenSSL/0.9.8i PHP/5.2.9
Server OS Windows
Server technologies PHP

Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A
malicious user can exploit these vulnerabilities and compromise the backend database
and/or deface your website.

Alerts distribution

Total alerts found 101

High 8
Medium 54
Low 18
Informational 21

Knowledge base
phpMyAdmin web application
phpMyAdmin web application was detected in directory /phpmyadmin.

Alerts summary

Apache 2.2.14 mod_isapi Dangling Pointer

Classification
CVSS Base Score: 10.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Complete
- Integrity Impact: Complete
- Availability Impact: Complete
CWE CWE-20
CVE CVE-2010-0425
Affected items Variation
Web Server s
1

Acunetix Website Audit 2

 Cross site scripting (verified)
Classification
CVSS Base Score: 6.4

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: None
CVSS3 Base Score: 5.3

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
CWE CWE-79
Affected items Variation
/phpmyadmin/setup/config.php s
1
/uploads/manager.php 6

Apache httpd remote denial of service

Classification
CVSS Base Score: 7.9

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Complete
CVSS3 Base Score: 5.3

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CWE CWE-399
CVE CVE-2011-3192
Affected items Variation
Web Server s
1

Acunetix Website Audit 3

 Apache httpOnly cookie disclosure
Classification
CVSS Base Score: 4.4

- Access Vector: Network

- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CWE CWE-264
CVE CVE-2012-0053
Affected items Variation
Web Server s
1

Application error message

Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CVSS3 Base Score: 7.5

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
CWE CWE-200
Affected items Variation
/checklogin.php s
2
/phpmyadmin/index.php 9
/phpmyadmin/phpmyadmin.css.php 2
/phpmyadmin/setup/ 6
/phpmyadmin/setup/config.php 2
/phpmyadmin/setup/index.php 11
/phpmyadmin/setup/validate.php 6

Acunetix Website Audit 4

 Directory listing
Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CVSS3 Base Score: 7.5

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
CWE CWE-538
Affected items Variation
/includes s
1
/uploads 1

Error message on page

Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CVSS3 Base Score: 7.5

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
CWE CWE-200
Affected items Variation
/checklogin.php s
1
/config.php 1
/includes/config_db.php 1
/phpmyadmin 1
/phpmyadmin/index.php 1
/uploads/logfile.php 1
/user_form.php 1
/user_form2.php 1
/vendor.php 1

Acunetix Website Audit 5

 HTML form without CSRF protection
Classification
CVSS Base Score: 2.6

- Access Vector: Network

- Access Complexity: High
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
CVSS3 Base Score: 4.3

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
CWE CWE-352
Affected items Variation
/login.php s
1

PHP hangs on parsing particular strings as floating point number

Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
CVSS3 Base Score: 5.3

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CWE CWE-189
CVE CVE-2010-4645
Affected items Variation
Web Server s
1

Acunetix Website Audit 6

 User credentials are sent in clear text
Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CVSS3 Base Score: 9.1

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
CWE CWE-310
Affected items Variation
/login.php s
1

Clickjacking: X-Frame-Options header missing

Classification
CVSS Base Score: 6.8

- Access Vector: Network

- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
CWE CWE-693
Affected items Variation
Web Server s
1

Cookie without HttpOnly flag set

Classification
CVSS Base Score: 0.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CWE CWE-16
Affected items Variation
/ s
7

Acunetix Website Audit 7

 Documentation file
Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CWE CWE-538
Affected items Variation
/phpmyadmin/CHANGELOG s
1
/phpmyadmin/INSTALL 1
/phpmyadmin/readme 1
/phpmyadmin/README 1

Login page password-guessing attack

Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CVSS3 Base Score: 5.3

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Low
CWE CWE-307
Affected items Variation
/checklogin.php s
1

Possible relative path overwrite

Classification
CVSS Base Score: 0.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CWE CWE-20
Affected items Variation
/phpmyadmin/index.php s
1

Acunetix Website Audit 8

 Possible sensitive directories
Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CVSS3 Base Score: 7.5

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
CWE CWE-200
Affected items Variation
/phpmyadmin s
1
/phpmyadmin/setup 1
/uploads 1

TRACE method is enabled

Classification
CVSS Base Score: 0.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CWE CWE-16
Affected items Variation
Web Server s
1

Acunetix Website Audit 9

 Broken links
Classification
CVSS Base Score: 0.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CWE CWE-16
Affected items Variation
/function.mysql-connect s
1
/includes/function.mysql-connect 1
/phpmyadmin/setup/function.date-default-timezone-get 1
/phpmyadmin/setup/function.file-put-contents 1
/phpmyadmin/setup/function.mysql-connect 1
/phpmyadmin/setup/function.require 1
/phpmyadmin/setup/function.require-once 1
/uploads/function.passthru 1

Password type input with auto-complete enabled

Classification
CVSS Base Score: 0.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: None
CVSS3 Base Score: 7.5

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
CWE CWE-200
Affected items Variation
/login.php s
1

Acunetix Website Audit 10

 Possible internal IP address disclosure
Classification
CVSS Base Score: 5.0

- Access Vector: Network

- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CVSS3 Base Score: 7.5

- Attack Vector: Network

- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
CWE CWE-200
Affected items Variation
/ s
1
/function.mysql-connect 1
/icons 1
/icons/ 1
/includes 1
/includes/function.mysql-connect 1
/phpmyadmin/ 1
/phpmyadmin/themes/ 1
/phpmyadmin/themes/original/ 1
/phpmyadmin/themes/original/img/ 1
/uploads 1
/uploads/function.passthru 1

Acunetix Website Audit 11

Alert details

Apache 2.2.14 mod_isapi Dangling Pointer

Severity High
Type Configuration
Reported by module Scripting (Version_Check.script)
Description
This alert was generated using only banner information. It may be a false positive.
By sending a specially crafted request followed by a reset packet it is possible to trigger a vulnerability in Apache
mod_isapi that will unload the target ISAPI module from memory. However function pointers still remain in memory and
are called when published ISAPI functions are referenced. This results in a dangling pointer vulnerability.

Affected Apache versions (up to 2.2.14 on Windows platform).

Impact
Successful exploitation results in the execution of arbitrary code with SYSTEM privileges.

Recommendation
Upgrade Apache to the latest version.
References
Apache homepage
CVE-2010-0425
Apache 2.2.14 mod_isapi Dangling Pointer

Affected items

Web Server
Details
Current version is : Apache/2.2.11

Acunetix Website Audit 12

 Cross site scripting (verified)

Severity High
Type Validation
Reported by module Scripting (XSS.script)
Description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.

Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in
the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will
execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the
browser.
Impact
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in
order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the
user. It is also possible to modify the content of the page presented to the user.
Recommendation
Your script should filter metacharacters from user input.
References
XSS Annihilation
OWASP PHP Top 5
How To: Prevent Cross-Site Scripting in ASP.NET
XSS Filter Evasion Cheat Sheet
The Cross Site Scripting Faq
VIDEO: How Cross-Site Scripting (XSS) Works
Acunetix Cross Site Scripting Attack
Cross site scripting
OWASP Cross Site Scripting

Affected items

/phpmyadmin/setup/config.php
Details
URL encoded POST input DefaultLang was set to af-utf-8'"()&%<acx><ScRiPt >Ysh5(9289)</ScRiPt>
Request headers
POST /phpmyadmin/setup/config.php HTTP/1.1
Content-Length: 156
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

submit_download=Download&DefaultLang=af-utf-8'%22()%26%25<acx><ScRiPt%20>Ysh5(9289)</ScR
iPt>&eol=unix&ServerDefault=1&token=1b8e7cbeec1da2295b3f432d5edc35c4

Acunetix Website Audit 13

/uploads/manager.php
Details
URI was set to "onmouseover='ZEum(9934)'bad="
The input is reflected inside a tag parameter between double quotes.
Request headers
GET /uploads/manager.php/%22onmouseover%3d'ZEum(9934)'bad%3d%22 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads/manager.php
Details
URI was set to javascript&colon;ZEum&lpar;9886&rpar;;
The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter.
Request headers
GET /uploads/manager.php/javascript%26colon;ZEum%26lpar;9886%26rpar;; HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads/manager.php
Details
URI was set to "onmouseover='ZEum(9394)'bad="
The input is reflected inside a tag parameter between double quotes.
Request headers
GET /uploads/manager.php/%22onmouseover%3d'ZEum(9394)'bad%3d%22 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads/manager.php

Acunetix Website Audit 14

Details
URI was set to "onmouseover='ZEum(9705)'bad="
The input is reflected inside a tag parameter between double quotes.
Request headers
GET /uploads/manager.php/%22onmouseover%3d'ZEum(9705)'bad%3d%22 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads/manager.php
Details
URI was set to javascript&colon;ZEum&lpar;9689&rpar;;
The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter.
Request headers
GET /uploads/manager.php/javascript%26colon;ZEum%26lpar;9689%26rpar;; HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads/manager.php
Details
URI was set to javascript&colon;ZEum&lpar;9793&rpar;;
The input is reflected inside A tag href parameter, a FORM tag action parameter or (I)FRAME src parameter.
Request headers
GET /uploads/manager.php/javascript%26colon;ZEum%26lpar;9793%26rpar;; HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 15

 Apache httpd remote denial of service

Severity Medium
Type Configuration
Reported by module Scripting (Version_Check.script)
Description
A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by the Apache
HTTPD server:

http://seclists.org/fulldisclosure/2011/Aug/175

An attack tool is circulating in the wild. Active use of this tools has been observed. The attack can be done remotely and
with a modest number of requests can cause very significant memory and CPU usage on the server.

This alert was generated using only banner information. It may be a false positive.
Affected Apache versions (1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19).
Impact
Remote Denial of Service

Recommendation
Upgrade to the latest version of Apache HTTP Server (2.2.20 or later), available from the Apache HTTP Server Project
Web site.
References
Apache HTTPD Security ADVISORY
Apache HTTP Server 2.2.20 Released
Apache httpd Remote Denial of Service (memory exhaustion)
CVE-2011-3192
CVE-2011-3192

Affected items

Web Server
Details
Current version is : 2.2.11

Acunetix Website Audit 16

 Apache httpOnly cookie disclosure

Severity Medium
Type Validation
Reported by module Scripting (Apache_httpOnly_Cookie_Disclosure.script)
Description
Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad
Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors
involving a (1) long or (2) malformed header in conjunction with crafted web script.

Affected Apache versions (up to 2.0.21).

Impact
Information disclosure.

Recommendation
Upgrade Apache 2.x to the latest version. Apache 2.2.22 is the first version that fixed this issue.
References
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
CVE-2012-0053
Fixed in Apache httpd 2.2.22

Affected items

Web Server
Details
Pattern found: <pre>
Cookie: acunetixCookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Request headers
GET / HTTP/1.1
(line truncated)
...AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ...

Acunetix Website Audit 17

 Application error message

Severity Medium
Type Validation
Reported by module Scripting (Generic_Oracle_Padding.script)
Description
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.

This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.

Recommendation
Review the source code for this script.
References
PHP Runtime Configuration

Affected items

/checklogin.php
Details
URL encoded GET input mypassword was set to YmtlWG1Cb1V5SGdNY0twVg==
Error message found: <b>Warning</b>: mysql_connect() [<a
href='function.mysql-connect'>function.mysql-connect</a>]: Host 'localhost' is not allowed to connect to this MySQL
server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on line <b>15</b><br />
Request headers
GET
/checklogin.php?Submit=Login&mypassword=YmtlWG1Cb1V5SGdNY0twVg%3d%3d&myusername=alnmeakw
HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/checklogin.php
Details
URL encoded GET input myusername was set to YjFrQ2lQM3k=
Error message found: <b>Warning</b>: mysql_connect() [<a
href='function.mysql-connect'>function.mysql-connect</a>]: Host 'localhost' is not allowed to connect to this MySQL
server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on line <b>15</b><br />
Request headers
GET /checklogin.php?Submit=Login&mypassword=g00dPa%24%24w0rD&myusername=YjFrQ2lQM3k%3d
HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php

Acunetix Website Audit 18

Details
URL encoded GET input collation_connection was set to
acu9366%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca9366
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'acu9366＜s1﹥s2ʺs3ʹuca9366', '1', '', '',
'1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET
/phpmyadmin/index.php?collation_connection=acu9366%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uc
a9366&convcharset=utf-8&lang=en-utf-8&phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ff
d&target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;

Acunetix Website Audit 19

fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php

Acunetix Website Audit 20

Details
Cookie input expanded_dir_list was set to bWRaUzRXS2lOTld3czdVb1BvVndYTEZVRlFvdVFJcFdQRmpyTmNQc0c=
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
(line truncated) ...hpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=bWRaUzRXS2lOTld3czdVb1BvVndYTEZVRlFvdVFJcFdQRmpyTmNQc0c=;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Acunetix Website Audit 21
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php
Details
Cookie input fm_current_root was set to OTlqQzc2WHBBdWhBQVpvTDdsMnl2SVVx
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
(line truncated) ...okie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
Acunetix Website Audit 22
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=OTlqQzc2WHBBdWhBQVpvTDdsMnl2SVVx; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php

Acunetix Website Audit 23

Details
URL encoded GET input lang was set to acu8699%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca8699
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="error">Unknown language: acu8699＜s1﹥s2ʺs3ʹuca8699.</div><div
class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET
/phpmyadmin/index.php?collation_connection=utf8_general_ci&convcharset=utf-8&lang=acu869
9%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca8699&phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f
811c0ffd&target=index.php&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;

Acunetix Website Audit 24

loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php

Acunetix Website Audit 25

Details
Cookie input loggedon was set to a1NyT1hUNVdHWjRiUE5tYWlDUGdsdGJEMXRXOXhBMFE=
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
(line truncated) ...: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=a1NyT1hUNVdHWjRiUE5tYWlDUGdsdGJEMXRXOXhBMFE=;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Acunetix Website Audit 26
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php
Details
URL encoded GET input phpMyAdmin was set to
TzBsYVk5ZFFyOEhzQ2Q2bWt5UjVQZDlxa21WeHRlTjkyNnVJZlNYZw==
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET
/phpmyadmin/index.php?collation_connection=utf8_general_ci&convcharset=utf-8&lang=en-ut
Acunetix Website Audit 27
f-8&phpMyAdmin=TzBsYVk5ZFFyOEhzQ2Q2bWt5UjVQZDlxa21WeHRlTjkyNnVJZlNYZw%3d%3d&target=index
.php&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php

Acunetix Website Audit 28

Details
Cookie input pma_collation_connection was set to
acu9972%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca9972
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'acu9972＜s1﹥s2ʺs3ʹuca9972', '1', '', '',
'1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
(line truncated) ...f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8;
pma_collation_connection=acu9972%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca9972;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;

Acunetix Website Audit 29

pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Referer: http://192.168.203.128:80/
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php
Details
Cookie input pma_theme was set to cDZYVmNhd2w=
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>

Acunetix Website Audit 30

Request headers
GET /phpmyadmin/index.php HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=cDZYVmNhd2w=; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php

Acunetix Website Audit 31

Details
URL encoded GET input token was set to S0ZrczRFZzNZUG9EakY3Q0ZRdWdPdkFhUVJ6ZGo0Q2k=
Error message found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET
/phpmyadmin/index.php?target=index.php&token=S0ZrczRFZzNZUG9EakY3Q0ZRdWdPdkFhUVJ6ZGo0Q2k
%3d HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
Acunetix Website Audit 32
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/phpmyadmin.css.php
Details
URL encoded GET input js_frame was set to right
Error message found: <b>Warning</b>: Constants may only evaluate to scalar values in
<b>C:\xampp\phpMyAdmin\phpmyadmin.css.php</b> on line <b>12</b><br />
Request headers
GET
/phpmyadmin/phpmyadmin.css.php?collation_connection=utf8_general_ci&convcharset=utf-8&js
_frame[]=right&lang=en-utf-8&nocache=3704777855&token=1b8e7cbeec1da2295b3f432d5edc35c4
HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/phpmyadmin.css.php
Details
URL encoded GET input js_frame was set to right
Error message found: <b>Warning</b>: Constants may only evaluate to scalar values in
<b>C:\xampp\phpMyAdmin\phpmyadmin.css.php</b> on line <b>12</b><br />
Request headers
GET
/phpmyadmin/phpmyadmin.css.php?js_frame[]=right&nocache=3704777855&token=1b8e7cbeec1da22
95b3f432d5edc35c4 HTTP/1.1
Referer: http://192.168.203.128:80/
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/
Details
URL encoded GET input formset was set to OEtvUDV4QkQ=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Acunetix Website Audit 33
Request headers
POST /phpmyadmin/setup/?formset=OEtvUDV4QkQ%3d&page=form HTTP/1.1
Content-Length: 761
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...pDump=on&IconvExtraParams=//TRANSLIT&IgnoreMultiSubmitErrors=on&LoginCookieDeleteAll=
on&LoginCookieRecall=on&LoginCookieStore=0&LoginCookieValidity=1800&MaxCharactersInDispl
ayedSQL=1000&MaxDbList=100&MaxTableList=250&MemoryLimit=0&OBGzip=auto&PersistentConnecti
ons=on&QueryHistoryDB=on&QueryHistoryMax=25&RecodingEngine=auto&SaveDir=1&ShowSQL=on&Ski
pLockedTables=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4&TrustedProxie
s=1&UploadDir=1&UseDbSearch=on&VerboseMultiSubmit=on&ZipDump=on

/phpmyadmin/setup/
Details
URL encoded POST input IconvExtraParams was set to ekNTY09VNVRaMw==
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
POST /phpmyadmin/setup/?formset=features&page=form HTTP/1.1
Content-Length: 771
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...convExtraParams=ekNTY09VNVRaMw%3d%3d&IgnoreMultiSubmitErrors=on&LoginCookieDeleteAll=
on&LoginCookieRecall=on&LoginCookieStore=0&LoginCookieValidity=1800&MaxCharactersInDispl
ayedSQL=1000&MaxDbList=100&MaxTableList=250&MemoryLimit=0&OBGzip=auto&PersistentConnecti
ons=on&QueryHistoryDB=on&QueryHistoryMax=25&RecodingEngine=auto&SaveDir=1&ShowSQL=on&Ski
pLockedTables=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4&TrustedProxie
s=1&UploadDir=1&UseDbSearch=on&VerboseMultiSubmit=on&ZipDump=on

/phpmyadmin/setup/

Acunetix Website Audit 34

Details
URL encoded POST input lang was set to acu6755%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca6755
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
POST /phpmyadmin/setup/?token=1b8e7cbeec1da2295b3f432d5edc35c4&version_check=1 HTTP/1.1
Content-Length: 94
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

lang=acu6755%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca6755&token=1b8e7cbeec1da2295b3f432d5e
dc35c4

/phpmyadmin/setup/
Details
URL encoded POST input token was set to TXpNRVR6SlBXd0Nid2R1RzdhOVhORkYxZ1FOZ09RRVo=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
POST /phpmyadmin/setup/?formset=export&page=form HTTP/1.1
Content-Length: 391
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

submit_save=Save&check_page_refresh=&Export-asfile=on&Export-charset=iso-8859-1&Export-c
ompression=none&Export-file_template_database=__DB__&Export-file_template_server=__SERVE
R__&Export-file_template_table=__TABLE__&Export-format=codegen&Export-onserver=on&Export
-onserver_overwrite=on&Export-remember_file_template=on&submit_reset=Reset&token=TXpNRVR
6SlBXd0Nid2R1RzdhOVhORkYxZ1FOZ09RRVo%3d

/phpmyadmin/setup/

Acunetix Website Audit 35

Details
URL encoded POST input TrustedProxies was set to
acu9398%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca9398
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
POST /phpmyadmin/setup/?formset=features&page=form HTTP/1.1
Content-Length: 810
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...ubmitErrors=on&LoginCookieDeleteAll=on&LoginCookieRecall=on&LoginCookieStore=0&LoginC
ookieValidity=1800&MaxCharactersInDisplayedSQL=1000&MaxDbList=100&MaxTableList=250&Memor
yLimit=0&OBGzip=auto&PersistentConnections=on&QueryHistoryDB=on&QueryHistoryMax=25&Recod
ingEngine=auto&SaveDir=1&ShowSQL=on&SkipLockedTables=on&submit_reset=Reset&token=1b8e7cb
eec1da2295b3f432d5edc35c4&TrustedProxies=acu9398%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca9
398&UploadDir=1&UseDbSearch=on&VerboseMultiSubmit=on&ZipDump=on

/phpmyadmin/setup/
Details
URL encoded GET input version_check was set to
acu1615%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca1615
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\core.lib.php</b> on line
<b>588</b><br />
Request headers
POST
/phpmyadmin/setup/?token=1b8e7cbeec1da2295b3f432d5edc35c4&version_check=acu1615%EF%BC%9C
s1%EF%B9%A5s2%CA%BAs3%CA%B9uca1615 HTTP/1.1
Content-Length: 52
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

lang=af-utf-8&token=1b8e7cbeec1da2295b3f432d5edc35c4

Acunetix Website Audit 36

/phpmyadmin/setup/config.php
Details
URL encoded POST input DefaultLang was set to
acu7527%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7527
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\config.php</b> on line
<b>62</b><br />
Request headers
POST /phpmyadmin/setup/config.php HTTP/1.1
Content-Length: 151
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

submit_download=Download&DefaultLang=acu7527%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7527&
eol=unix&ServerDefault=1&token=1b8e7cbeec1da2295b3f432d5edc35c4

/phpmyadmin/setup/config.php
Details
URL encoded POST input token was set to eTRiUEdsdFpMZldvdWw2WW9wcXFCbmxvRXl2ZG1BSkE=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\config.php</b> on line
<b>96</b><br />
Request headers
POST /phpmyadmin/setup/config.php HTTP/1.1
Content-Length: 121
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

submit_display=Display&DefaultLang=af-utf-8&eol=unix&ServerDefault=1&token=eTRiUEdsdFpMZ
ldvdWw2WW9wcXFCbmxvRXl2ZG1BSkE%3d

/phpmyadmin/setup/index.php

Acunetix Website Audit 37

Details
URL encoded GET input check_page_refresh was set to
acu6710%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca6710
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
GET
/phpmyadmin/setup/index.php?submit=New%20server&check_page_refresh=acu6710%EF%BC%9Cs1%EF
%B9%A5s2%CA%BAs3%CA%B9uca6710&mode=add&page=servers&token=1b8e7cbeec1da2295b3f432d5edc35
c4 HTTP/1.1
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/index.php
Details
URL encoded GET input mode was set to acu7047%EF%BC%9Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7047
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
GET
/phpmyadmin/setup/index.php?submit=New%20server&check_page_refresh=&mode=acu7047%EF%BC%9
Cs1%EF%B9%A5s2%CA%BAs3%CA%B9uca7047&page=servers&token=1b8e7cbeec1da2295b3f432d5edc35c4
HTTP/1.1
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-AllowDeny-order was set to OElJVWtaeko3Z09a
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1043
Acunetix Website Audit 38
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...host=localhost&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4

/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-controlpass was set to WVNxSkxEUTV5Q0hFYlNUcA==
Error message found: Fatal error
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1051
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...host=localhost&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4

/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-controluser was set to dUVtS1VSOHc=
Error message found: Fatal error
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1

Acunetix Website Audit 39

Content-Length: 1045
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...host=localhost&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4

/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-CountTables was set to
Error message found: Fatal error
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1012
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...host=localhost&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4

/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-host was set to NEd1eUJKSElD
Error message found: Fatal error
Request headers
POST

Acunetix Website Audit 40

/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1042
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...t=NEd1eUJKSElD&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Serv
ers-0-password=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4

/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-password was set to MElHSHRjdVdQaU9WNUpycQ==
Error message found: Fatal error
Request headers
POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1051
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...st&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Servers-0-passwo
rd=MElHSHRjdVdQaU9WNUpycQ%3d%3d&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=
1&Servers-0-relation=1&Servers-0-ShowDatabasesCommand=SHOW%20DATABASES&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4

/phpmyadmin/setup/index.php
Details
URL encoded POST input Servers-0-ShowDatabasesCommand was set to RkNYUmpKMGNrR1VpZTVnag==
Error message found: Fatal error
Request headers

Acunetix Website Audit 41

POST
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=New%20serve
r&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
Content-Length: 1051
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...st&Servers-0-LogoutURL=1&Servers-0-nopassword=on&Servers-0-only_db=1&Servers-0-passwo
rd=g00dPa%24%24w0rD&Servers-0-pdf_pages=20&Servers-0-pmadb=1&Servers-0-port=1&Servers-0-
relation=1&Servers-0-ShowDatabasesCommand=RkNYUmpKMGNrR1VpZTVnag%3d%3d&Servers-0-SignonS
ession=1&Servers-0-SignonURL=1&Servers-0-socket=1&Servers-0-ssl=on&Servers-0-table_coord
s=1&Servers-0-table_info=1&Servers-0-user=root&Servers-0-verbose=1&Servers-0-verbose_che
ck=on&submit_reset=Reset&token=1b8e7cbeec1da2295b3f432d5edc35c4

/phpmyadmin/setup/index.php
Details
URL encoded GET input submit was set to Qlc1dVdOZ1ZPeHl5
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
GET
/phpmyadmin/setup/index.php?check_page_refresh=&mode=add&page=servers&submit=Qlc1dVdOZ1Z
PeHl5&token=1b8e7cbeec1da2295b3f432d5edc35c4 HTTP/1.1
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/index.php
Details
URL encoded GET input token was set to enZIbHNwME51SmZsbHNDZVVacmkycGNiUjZ0UGlHMjc=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\libraries\header_http.inc.php</b> on
line <b>22</b><br />
Request headers
GET
/phpmyadmin/setup/index.php?submit=New%20server&check_page_refresh=&mode=add&page=server
s&token=enZIbHNwME51SmZsbHNDZVVacmkycGNiUjZ0UGlHMjc%3d HTTP/1.1
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;

Acunetix Website Audit 42

expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/validate.php
Details
URL encoded POST input id was set to
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 87
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

id=&token=1b8e7cbeec1da2295b3f432d5edc35c4&values=%7b%22Servers-0-hide_db%22:%22e%22%7d

/phpmyadmin/setup/validate.php
Details
JSON input Servers-0-hide_db was set to
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 107
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21

Acunetix Website Audit 43

Accept: */*

id=Servers%2F1%2Fhide_db&token=1b8e7cbeec1da2295b3f432d5edc35c4&values=%7b%22Servers-0-h
ide_db%22:%22%22%7d

/phpmyadmin/setup/validate.php
Details
JSON input Servers-0-host was set to b3Z2N1lXZFVS
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 1427
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...%22%22%2c%22Servers-0-history%22:%22%22%2c%22Servers-0-host%22:%22b3Z2N1lXZFVS%22%2c%
22Servers-0-LogoutURL%22:%22%22%2c%22Servers-0-nopassword%22:false%2c%22Servers-0-only_d
b%22:%22%22%2c%22Servers-0-password%22:%22%22%2c%22Servers-0-pdf_pages%22:%22%22%2c%22Se
rvers-0-pmadb%22:%22%22%2c%22Servers-0-port%22:%22%22%2c%22Servers-0-relation%22:%22%22%
2c%22Servers-0-ShowDatabasesCommand%22:%22SHOW%20DATABASES%22%2c%22Servers-0-SignonSessi
on%22:%22%22%2c%22Servers-0-SignonURL%22:%22%22%2c%22Server ...

/phpmyadmin/setup/validate.php
Details
JSON input Servers-0-pmadb was set to YmdxYnpsdXBRSw==
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 1444
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...%22%22%2c%22Servers-0-history%22:%22%22%2c%22Servers-0-host%22:%22localhost%22%2c%22

Acunetix Website Audit 44

Servers-0-LogoutURL%22:%22%22%2c%22Servers-0-nopassword%22:false%2c%22Servers-0-only_db%
22:%22%22%2c%22Servers-0-password%22:%22%22%2c%22Servers-0-pdf_pages%22:%22%22%2c%22Serv
ers-0-pmadb%22:%22YmdxYnpsdXBRSw%3d%3d%22%2c%22Servers-0-port%22:%22%22%2c%22Servers-0-r
elation%22:%22%22%2c%22Servers-0-ShowDatabasesCommand%22:%22SHOW%20DATABASES%22%2c%22Ser
vers-0-SignonSession%22:%22%22%2c%22Servers-0-SignonURL%22:% ...

/phpmyadmin/setup/validate.php
Details
URL encoded POST input token was set to eVBndExpeTE5TVdiVnZTazkyQlNJdDVycGtOWjEwcks=
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 1438
Content-Type: application/x-www-form-urlencoded
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

(line truncated)
...-0-hide_db%22:%22%22%2c%22Servers-0-history%22:%22%22%2c%22Servers-0-host%22:%22local
host%22%2c%22Servers-0-LogoutURL%22:%22%22%2c%22Servers-0-nopassword%22:false%2c%22Serve
rs-0-only_db%22:%22%22%2c%22Servers-0-password%22:%22%22%2c%22Servers-0-pdf_pages%22:%22
%22%2c%22Servers-0-pmadb%22:%22%22%2c%22Servers-0-port%22:%22%22%2c%22Servers-0-relation
%22:%22%22%2c%22Servers-0-ShowDatabasesCommand%22:%22SHOW%20DATABASES%22%2c%22Servers-0-
SignonSession%22:%22%22%2c%22Servers-0-SignonURL%22:%22%22% ...

/phpmyadmin/setup/validate.php
Details
URL encoded POST input values was set to
Error message found: <b>Warning</b>: Cannot modify header information - headers already sent by (output started at
C:\xampp\phpMyAdmin\libraries\Error.class.php:359) in <b>C:\xampp\phpMyAdmin\setup\validate.php</b> on line
<b>7</b><br />
Request headers
POST /phpmyadmin/setup/validate.php HTTP/1.1
Content-Length: 71
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.203.128:80/
(line truncated) ...dmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci; pma_theme=original;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 45

id=Servers%2F1%2Fhide_db&token=1b8e7cbeec1da2295b3f432d5edc35c4&values=

Acunetix Website Audit 46

 Directory listing

Severity Medium
Type Information
Reported by module Scripting (Directory_Listing.script)
Description
The web server is configured to display the list of files contained in this directory. This is not recommended because the
directory may contain files that are not normally exposed through links on the web site.
Impact
A user can view a list of all files from this directory possibly exposing sensitive information.

Recommendation
You should make sure the directory does not contain sensitive information or you may want to restrict directory listings
from the web server configuration.
References
Directory Listing and Information Disclosure

Affected items

/includes
Details
Pattern found: Last modified</a>
Request headers
GET /includes/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads
Details
Pattern found: Last modified</a>
Request headers
GET /uploads/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 47

 Error message on page

Severity Medium
Type Validation
Reported by module Scripting (Text_Search_File.script)
Description
This page contains an error/warning message that may disclose sensitive information. The message can also contain the
location of the file that produced the unhandled exception.

This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.

Recommendation
Review the source code for this script.
References
PHP Runtime Configuration

Affected items

/checklogin.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /checklogin.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/login.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/config.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\config.php</b> on line
<b>12</b><br />
Request headers
GET /config.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Acunetix Website Audit 48
/includes/config_db.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /includes/config_db.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin

Acunetix Website Audit 49

Details
Pattern found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a
href="index.php?target=index.php&amp;lang=en-utf-8&amp;convcharset=utf-8&amp;collation_connection=utf8_general_
ci&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4&amp;phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd
" title="Open new phpMyAdmin window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png"
alt="Open new phpMyAdmin window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive

Acunetix Website Audit 50

Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/index.php
Details
Pattern found: SQL-ERROR -->
<div class="error"><h1>Error</h1>
<p>
<strong>MySQL said: </strong><a href="http://dev.mysql.com/doc/refman/5.0/en/error-messages-server.html"
target="mysql_doc"><img class="icon" src="./themes/original/img/b_help.png" width="11" height="11"
alt="Documentation" title="Documentation" /></a>
</p>
<code>
#1130 - Host 'localhost' is not allowed to connect to this MySQL server
</code><br />
</div><div class="warning">Connection for controluser as defined in your configuration failed.</div><div
class="warning">phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should
check the host, username and password in your configuration and make sure that they correspond to the information
given by the administrator of the MySQL server.</div> </td>
</tr>
</table>
<div></div><script type="text/javascript">
//<![CDATA[
// updates current settings
if (window.parent.setAll) {
window.parent.setAll('en-utf-8', 'utf8_general_ci', '1', '', '', '1b8e7cbeec1da2295b3f432d5edc35c4');
}
// set current db, table and sql query in the querywindow
if (window.parent.reload_querywindow) {
window.parent.reload_querywindow(
'',
'',
'');
}

if (window.parent.frame_content) {
// reset content frame name, as querywindow needs to set a unique name
// before submitting form data, and navigation frame needs the original name
if (typeof(window.parent.frame_content.name) != 'undefined'
&& window.parent.frame_content.name != 'frame_content') {
window.parent.frame_content.name = 'frame_content';
}
if (typeof(window.parent.frame_content.id) != 'undefined'
&& window.parent.frame_content.id != 'frame_content') {
window.parent.frame_content.id = 'frame_content';
}
//window.parent.frame_content.setAttribute('name', 'frame_content');
//window.parent.frame_content.setAttribute('id', 'frame_content');
}
//]]>
</script>
<div id="selflink" class="print_ignore">
<a href="index.php?target=index.php&amp;token=1b8e7cbeec1da2295b3f432d5edc35c4" title="Open new phpMyAdmin
window" target="_blank"><img class="icon" src="./themes/original/img/window-new.png" alt="Open new phpMyAdmin
window" />Open new phpMyAdmin window</a>
</div>
</body>
</html>
Request headers
GET /phpmyadmin/index.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/
Acunetix-Aspect: enabled
Acunetix Website Audit 51
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads/logfile.php
Details
Pattern found: <b>Warning</b>: passthru() [<a href='function.passthru'>function.passthru</a>]: Cannot execute a blank
command in <b>C:\xampp\htdocs\EMS1\uploads\logfile.php</b> on line <b>1</b><br />
Request headers
GET /uploads/logfile.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/user_form.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /user_form.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/user_form2.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /user_form2.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Acunetix Website Audit 52
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/vendor.php
Details
Pattern found: <b>Warning</b>: mysql_connect() [<a href='function.mysql-connect'>function.mysql-connect</a>]: Host
'localhost' is not allowed to connect to this MySQL server in <b>C:\xampp\htdocs\EMS1\includes\config_db.php</b> on
line <b>15</b><br />
Request headers
GET /vendor.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 53

 HTML form without CSRF protection

Severity Medium
Type Informational
Reported by module Crawler
Description
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a
type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website
trusts.

Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information
about the affected HTML form.
Impact
An attacker may force the users of a web application to execute actions of the attacker''s choosing. A successful CSRF
exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator
account, this can compromise the entire web application.
Recommendation
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.

Affected items

/login.php
Details
Form name: form1
Form action: http://192.168.203.128/checklogin.php
Form method: GET

Form inputs:

- myusername [Text]
- mypassword [Password]
- Submit [Submit]
Request headers
GET /login.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 54

 PHP hangs on parsing particular strings as floating point number

Severity Medium
Type Configuration
Reported by module Scripting (Version_Check.script)
Description
This alert was generated using only banner information. It may be a false positive.

PHP hangs when parsing '2.2250738585072011e-308' string as a floating point number.

Affected PHP versions: 5.3 up to version 5.3.5 and 5.2 up to version 5.2.17
Impact
Denial of service attack

Recommendation
Upgrade PHP to the latest version.
References
PHP Hangs On Numeric Value 2.2250738585072011e-308
PHP Homepage
CVE-2010-4645

Affected items

Web Server
Details
Current version is : PHP/5.2.9

Acunetix Website Audit 55

 User credentials are sent in clear text

Severity Medium
Type Configuration
Reported by module Crawler
Description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an
encrypted channel (HTTPS) to avoid being intercepted by malicious users.
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

Recommendation
Because user credentials are considered sensitive information, should always be transferred to the server over an
encrypted connection (HTTPS).

Affected items

/login.php
Details
Form name: form1
Form action: http://192.168.203.128/checklogin.php
Form method: GET

Form inputs:

- myusername [Text]
- mypassword [Password]
- Submit [Submit]
Request headers
GET /login.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 56

 Clickjacking: X-Frame-Options header missing

Severity Low
Type Configuration
Reported by module Scripting (Clickjacking_X_Frame_Options.script)
Description
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web
user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing
confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking
attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be
allowed to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their
content is not embedded into other sites.
Impact
The impact depends on the affected web application.

Recommendation
Configure your web server to include an X-Frame-Options header. Consult Web references for more information about
the possible values for this header.
References
Frame Buster Buster
Clickjacking Protection for Java EE
Defending with Content Security Policy frame-ancestors directive
OWASP Clickjacking
Clickjacking
The X-Frame-Options response header

Affected items

Web Server
Details
No details are available.
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 57

 Cookie without HttpOnly flag set

Severity Low
Type Informational
Reported by module Crawler
Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser
that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection
for session cookies.
Impact
None

Recommendation
If possible, you should set the HTTPOnly flag for this cookie.

Affected items

/
Details
Cookie name: "pma_theme"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/
Details
Cookie name: "pma_fontsize"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/
Details
Cookie name: "expanded_dir_list"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 58

Details
Cookie name: "resolveIDs"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/
Details
Cookie name: "order_dir_list_by"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/
Details
Cookie name: "fm_current_root"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/
Details
Cookie name: "loggedon"
Cookie domain: "192.168.203.128"
Request headers
GET / HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 59

 Documentation file

Severity Low
Type Configuration
Reported by module Scripting (Readme_Files.script)
Description
A documentation file (e.g. readme.txt, changelog.txt, ...) was found in this directory. The information contained in these
files could help an attacker identify the web application you are using and sometimes the version of the application. It's
recommended to remove these files from production systems.
Impact
These files may disclose sensitive information. This information can be used to launch further attacks.

Recommendation
Remove or restrict access to all documentation file acessible from internet.

Affected items

/phpmyadmin/CHANGELOG
Details
File contents (first 250 characters):----------------------
phpMyAdmin - ChangeLog
----------------------

$Id: ChangeLog 12312 2009-03-24 20:32:19Z lem9 $

$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $

3.1.3.1 (2009-03-24)
- [securi ...
Request headers
GET /phpmyadmin/CHANGELOG HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/INSTALL
Details
File contents (first 250 characters):$Id: INSTALL 9537 2006-10-12 16:27:13Z nijel $

phpMyAdmin - Installation
-------------------------

Please have a look to the Documentation.txt or

Documentation.html files.

...
Request headers
GET /phpmyadmin/INSTALL HTTP/1.1
Acunetix Website Audit 60
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/readme
Details
File contents (first 250 characters):$Id: README 12312 2009-03-24 20:32:19Z lem9 $

phpMyAdmin - Readme
===================

A set of PHP-scripts to manage MySQL over the web.

Version 3.1.3.1
---------------
http://www.phpmyadmin.net/

Copyright (C) 1998-2000 Tobias Ratschi ...

Request headers
GET /phpmyadmin/readme HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/README
Details
File contents (first 250 characters):$Id: README 12312 2009-03-24 20:32:19Z lem9 $

phpMyAdmin - Readme
===================

A set of PHP-scripts to manage MySQL over the web.

Version 3.1.3.1
---------------
http://www.phpmyadmin.net/

Copyright (C) 1998-2000 Tobias Ratschi ...

Request headers
GET /phpmyadmin/README HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;

Acunetix Website Audit 61

fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 62

 Login page password-guessing attack

Severity Low
Type Validation
Reported by module Scripting (Html_Authentication_Audit.script)
Description
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack
is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and
symbols until you discover the one correct combination that works.

This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended
to implement some type of account lockout after a defined number of incorrect password attempts. Consult Web
references for more information about fixing this problem.
Impact
An attacker may attempt to discover a weak password by systematically trying every possible combination of letters,
numbers, and symbols until it discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
References
Blocking Brute Force Attacks

Affected items

/checklogin.php
Details
The scanner tested 10 invalid credentials and no account lockout was detected.
Request headers
GET /checklogin.php?Submit=Login&mypassword=Jdd0BRSK&myusername=MZINGxQg HTTP/1.1
Referer: http://192.168.203.128:80/
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 63

 Possible relative path overwrite

Severity Low
Type Configuration
Reported by module Scripting (Relative_Path_Overwrite.script)
Description
Manual confirmation is required for this alert.
Gareth Heyes introduced a technique to take advantage of CSS imports with relative URLs by overwriting their target file.
This technique can be used by an attacker to trick browsers into importing HTML pages as CSS stylesheets. If the
attacker can control a part of the imported HTML pages he can abuse this issue to inject arbitrary CSS rules.
Impact
On older versions of Internet Explorer it's possible to execute arbitrary JavaScript code using Internet Explorer's
expression() function. An attacker can also extract the page source and potentially steal CSRF tokens using CSS
selectors.
Recommendation
If possible, it's recommended to use absolute links for CSS imports. The problem can be partially mitigated by preventing
framing. To prevent framing configure your web server to include an X-Frame-Options: deny header on all pages.
References
Relative Path Overwrite

Affected items

/phpmyadmin/index.php
Details
A CSS import from a relative path was found on this page: <link rel="stylesheet" type="text/css"
href="phpmyadmin.css.php?token=1b8e7cbeec1da2295b3f432d5edc35c4&amp;js_frame=right&amp;nocache=3704777
855" />The same relative CSS import is present even when a random string was placed after the filename. Also, the
response is frameable.
Request headers
GET /phpmyadmin/index.php/T1tsb/ HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 64

 Possible sensitive directories

Severity Low
Type Validation
Reported by module Scripting (Possible_Sensitive_Directories.script)
Description
A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for
common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each
one of these directories could help an attacker to learn more about his target.
Impact
This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.

Recommendation
Restrict access to this directory or remove it from the website.
References
Web Server Security and Database Server Security

Affected items

/phpmyadmin
Details
No details are available.
Request headers
GET /phpmyadmin HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21

/phpmyadmin/setup
Details
No details are available.
Request headers
GET /phpmyadmin/setup HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21

/uploads
Details
No details are available.
Request headers
GET /uploads HTTP/1.1
Acunetix Website Audit 65
Accept: acunetix/wvs
Range: bytes=0-99999
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21

Acunetix Website Audit 66

 TRACE method is enabled

Severity Low
Type Validation
Reported by module Scripting (Track_Trace_Server_Methods.script)
Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web
browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
Impact
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and
authentication data.
Recommendation
Disable TRACE Method on the web server.
References
US-CERT VU#867593
Cross-site tracing (XST)
W3C - RFC 2616

Affected items

Web Server
Details
No details are available.
Request headers
TRACE /F8xPklJmSu HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 67

 Broken links

Severity Informational
Type Informational
Reported by module Crawler
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.
This page was linked from the website but it is inaccessible.
Impact
Problems navigating the site.

Recommendation
Remove the links to this file or make it accessible.

Affected items

/function.mysql-connect
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/user_form2.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/includes/function.mysql-connect
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /includes/function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/config_db.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/function.date-default-timezone-get

Acunetix Website Audit 68

Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.date-default-timezone-get HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/function.file-put-contents
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.file-put-contents HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/config.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/function.mysql-connect
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Acunetix Website Audit 69
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/function.require
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.require HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/config.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/setup/function.require-once
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /phpmyadmin/setup/function.require-once HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/phpmyadmin/setup/config.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate

Acunetix Website Audit 70

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads/function.passthru
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") >
select Referrers Tab from the bottom of the Information pane.
Request headers
GET /uploads/function.passthru HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/logfile.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 71

 Password type input with auto-complete enabled

Severity Informational
Type Informational
Reported by module Crawler
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password
should be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are
completed as the name is entered. An attacker with local access could obtain the cleartext password from the browser
cache.
Impact
Possible sensitive information disclosure.

Recommendation
The password auto-complete should be disabled in sensitive applications.
To disable auto-complete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">

Affected items

/login.php
Details
Password type input named mypassword from form named form1 with action checklogin.php has autocomplete enabled.
Request headers
GET /login.php HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 72

 Possible internal IP address disclosure

Severity Informational
Type Informational
Reported by module Scripting (Invalid_Page_Text_Search.script)
Description
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP
addressing scheme of the internal network. This information can be used to conduct further attacks.

This alert may be a false positive, manual confirmation is required.

Impact
Possible sensitive information disclosure.

Recommendation
Prevent this information from being displayed to the user.

Affected items

/
Details
Tested on URI: /3mN0uubw5I.jsp

Pattern found in response: 192.168.203.128

Request headers
GET /3mN0uubw5I.jsp HTTP/1.1
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/function.mysql-connect
Details
Pattern found: 192.168.203.128
Request headers
GET /function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/user_form2.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/icons
Details
Pattern found: 192.168.203.128
Request headers
GET /icons HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Acunetix-Aspect: enabled
Acunetix Website Audit 73
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/icons/
Details
Tested on URI: /icons/eV3N3rnWvb.jsp

Pattern found in response: 192.168.203.128

Request headers
GET /icons/eV3N3rnWvb.jsp HTTP/1.1
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/includes
Details
Pattern found: 192.168.203.128
Request headers
GET /includes/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/includes/function.mysql-connect
Details
Pattern found: 192.168.203.128
Request headers
GET /includes/function.mysql-connect HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/includes/config_db.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Acunetix Website Audit 74
Accept: */*

/phpmyadmin/
Details
Tested on URI: /phpmyadmin/CnDJtqlfnV.jsp

Pattern found in response: 192.168.203.128

Request headers
GET /phpmyadmin/CnDJtqlfnV.jsp HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/themes/
Details
Tested on URI: /phpmyadmin/themes/4kQf9uPDvA.jsp

Pattern found in response: 192.168.203.128

Request headers
GET /phpmyadmin/themes/4kQf9uPDvA.jsp HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/themes/original/
Details
Tested on URI: /phpmyadmin/themes/original/a5yabRMSTJ.jsp

Pattern found in response: 192.168.203.128

Request headers
GET /phpmyadmin/themes/original/a5yabRMSTJ.jsp HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Acunetix Website Audit 75
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/phpmyadmin/themes/original/img/
Details
Tested on URI: /phpmyadmin/themes/original/img/VNCM4rcGwh.jsp

Pattern found in response: 192.168.203.128

Request headers
GET /phpmyadmin/themes/original/img/VNCM4rcGwh.jsp HTTP/1.1
Cookie: phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_lang=en-utf-8;
pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0;
loggedon=d41d8cd98f00b204e9800998ecf8427e;
phpMyAdmin=61578fbfb6f814388021b6cfa67b9d8f811c0ffd; pma_fontsize=82%25;
pma_lang=en-utf-8; pma_charset=utf-8; pma_collation_connection=utf8_general_ci;
pma_theme=original; order_dir_list_by=1A
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads
Details
Pattern found: 192.168.203.128
Request headers
GET /uploads/ HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

/uploads/function.passthru
Details
Pattern found: 192.168.203.128
Request headers
GET /uploads/function.passthru HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.203.128/uploads/logfile.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: expanded_dir_list=%3AC%3A%3Axampp%3Ahtdocs%3AEMS1%3Auploads;
fm_current_root=C%3A%2Fxampp%2Fhtdocs%2F; resolveIDs=0
Host: 192.168.203.128
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*

Acunetix Website Audit 76

Scanned items (coverage report)
Scanned 49 URLs. Found 31 vulnerable.
URL: http://192.168.203.128/
Vulnerabilities have been identified for this URL
1 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
Host HTTP Header

URL: http://192.168.203.128/login.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/about.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/index.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/vendor.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/user_form.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/user_form2.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/checklogin.php
Vulnerabilities have been identified for this URL
3 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
URL encoded GET
mypassword URL encoded GET
myusername URL encoded GET

URL: http://192.168.203.128/function.mysql-connect
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/print.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL

Acunetix Website Audit 77

 URL: http://192.168.203.128/phpmyadmin/index.php
Vulnerabilities have been identified for this URL
8 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
collation_connection URL encoded GET
convcharset URL encoded GET
lang URL encoded GET
phpMyAdmin URL encoded GET
target URL encoded GET
token URL encoded GET

Input scheme 2
Input name Input type
target URL encoded GET
token URL encoded GET

URL: http://192.168.203.128/phpmyadmin/phpmyadmin.css.php
Vulnerabilities have been identified for this URL
9 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
collation_connection URL encoded GET
convcharset URL encoded GET
js_frame URL encoded GET
lang URL encoded GET
nocache URL encoded GET
token URL encoded GET

Input scheme 2
Input name Input type
js_frame URL encoded GET
nocache URL encoded GET
token URL encoded GET

URL: http://192.168.203.128/phpmyadmin/themes/
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/themes/original/
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/themes/original/img/
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/readme
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/install
No vulnerabilities have been identified for this URL
No input(s) found for this URL

Acunetix Website Audit 78

URL: http://192.168.203.128/phpmyadmin/changelog
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/setup/
Vulnerabilities have been identified for this URL
135 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
lang URL encoded POST
token URL encoded POST

Input scheme 2
Input name Input type
formset URL encoded GET
page URL encoded GET

Input scheme 3
Input name Input type
token URL encoded GET
version_check URL encoded GET

Input scheme 4
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Import-allow_interrupt URL encoded POST
Import-format URL encoded POST
Import-skip_queries URL encoded POST
submit_reset URL encoded POST
token URL encoded POST

Input scheme 5
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
BrowseMarkerEnable URL encoded POST
BrowsePointerEnable URL encoded POST
CharEditing URL encoded POST
CharTextareaCols URL encoded POST
CharTextareaRows URL encoded POST
check_page_refresh URL encoded POST
DefaultTabDatabase URL encoded POST
DefaultTabServer URL encoded POST
DefaultTabTable URL encoded POST
ForeignKeyDropdownOrder URL encoded POST
ForeignKeyMaxLimit URL encoded POST
InsertRows URL encoded POST
LightTabs URL encoded POST
MaxRows URL encoded POST
NavigationBarIconic URL encoded POST
Order URL encoded POST

Acunetix Website Audit 79

PropertiesIconic URL encoded POST
ProtectBinary URL encoded POST
QueryWindowDefTab URL encoded POST
ShowAll URL encoded POST
ShowChgPassword URL encoded POST
ShowCreateDb URL encoded POST
ShowFunctionFields URL encoded POST
ShowPhpInfo URL encoded POST
ShowServerInfo URL encoded POST
ShowStats URL encoded POST
SQLQuery-Edit URL encoded POST
SQLQuery-Explain URL encoded POST
SQLQuery-Refresh URL encoded POST
SQLQuery-ShowAsPHP URL encoded POST
SQLQuery-Validate URL encoded POST
submit_reset URL encoded POST
SuggestDBName URL encoded POST
token URL encoded POST

Input scheme 6
Input name
formset
page
check_page_refresh
DisplayDatabasesList
DisplayServersList
LeftDefaultTabTable
LeftDisplayLogo
LeftDisplayServers
LeftFrameDBSeparator
LeftFrameDBTree
LeftFrameLight
LeftFrameTableLevel
LeftFrameTableSeparator
LeftLogoLink
LeftLogoLinkWindow
LeftPointerEnable
ShowTooltip
ShowTooltipAliasDB
ShowTooltipAliasTB
submit_reset
token
Input type
URL encoded GET
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST

Input scheme 7
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Export-asfile URL encoded POST
Export-charset URL encoded POST
Export-compression URL encoded POST
Export-file_template_database URL encoded POST
Export-file_template_server URL encoded POST

Acunetix Website Audit 80

Export-file_template_table URL encoded POST
Export-format URL encoded POST
Export-onserver URL encoded POST
Export-onserver_overwrite URL encoded POST
Export-remember_file_template URL encoded POST
submit_reset URL encoded POST
token URL encoded POST

Input scheme 8
Input name Input type
token URL encoded GET
version_check URL encoded GET
lang URL encoded POST
token URL encoded POST

Input scheme 9
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
AllowAnywhereRecoding URL encoded POST
AllowArbitraryServer URL encoded POST
AllowUserDropDatabase URL encoded POST
blowfish_secret URL encoded POST
BZipDump URL encoded POST
check_page_refresh URL encoded POST
CheckConfigurationPermissions URL encoded POST
CompressOnFly URL encoded POST
Confirm URL encoded POST
DefaultCharset URL encoded POST
ExecTimeLimit URL encoded POST
ForceSSL URL encoded POST
GZipDump URL encoded POST
IconvExtraParams URL encoded POST
IgnoreMultiSubmitErrors URL encoded POST
LoginCookieDeleteAll URL encoded POST
LoginCookieRecall URL encoded POST
LoginCookieStore URL encoded POST
LoginCookieValidity URL encoded POST
MaxCharactersInDisplayedSQL URL encoded POST
MaxDbList URL encoded POST
MaxTableList URL encoded POST
MemoryLimit URL encoded POST
OBGzip URL encoded POST
PersistentConnections URL encoded POST
QueryHistoryDB URL encoded POST
QueryHistoryMax URL encoded POST
RecodingEngine URL encoded POST
SaveDir URL encoded POST
ShowSQL URL encoded POST
SkipLockedTables URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
TrustedProxies URL encoded POST
UploadDir URL encoded POST

Acunetix Website Audit 81

UseDbSearch URL encoded POST
VerboseMultiSubmit URL encoded POST
ZipDump URL encoded POST

URL: http://192.168.203.128/phpmyadmin/setup/index.php
Vulnerabilities have been identified for this URL
194 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
URL encoded GET
check_page_refresh URL encoded GET
mode URL encoded GET
page URL encoded GET
token URL encoded GET

Input scheme 2
Input name Input type
check_page_refresh URL encoded GET
mode URL encoded GET
page URL encoded GET
submit URL encoded GET
token URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Servers-0-AllowDeny-order URL encoded POST
Servers-0-AllowDeny-rules URL encoded POST
Servers-0-AllowNoPasswordRoot URL encoded POST
Servers-0-AllowRoot URL encoded POST
Servers-0-auth_swekey_config URL encoded POST
Servers-0-auth_type URL encoded POST
Servers-0-bookmarktable URL encoded POST
Servers-0-column_info URL encoded POST
Servers-0-compress URL encoded POST
Servers-0-connect_type URL encoded POST
Servers-0-controlpass URL encoded POST
Servers-0-controluser URL encoded POST
Servers-0-CountTables URL encoded POST
Servers-0-designer_coords URL encoded POST
Servers-0-DisableIS URL encoded POST
Servers-0-extension URL encoded POST
Servers-0-hide_db URL encoded POST
Servers-0-history URL encoded POST
Servers-0-host URL encoded POST
Servers-0-LogoutURL URL encoded POST
Servers-0-nopassword URL encoded POST
Servers-0-only_db URL encoded POST
Servers-0-password URL encoded POST
Servers-0-pdf_pages URL encoded POST
Servers-0-pmadb URL encoded POST
Servers-0-port URL encoded POST
Servers-0-relation URL encoded POST
Servers-0-ShowDatabasesCommand URL encoded POST
Servers-0-SignonSession URL encoded POST
Servers-0-SignonURL URL encoded POST
Acunetix Website Audit 82
Servers-0-socket URL encoded POST
Servers-0-ssl URL encoded POST
Servers-0-table_coords URL encoded POST
Servers-0-table_info URL encoded POST
Servers-0-user URL encoded POST
Servers-0-verbose URL encoded POST
Servers-0-verbose_check URL encoded POST
submit_reset URL encoded POST
token URL encoded POST

Input scheme 3
Input name Input type
formset URL encoded GET
page URL encoded GET

Input scheme 4
Input name Input type
lang URL encoded POST
token URL encoded POST

Input scheme 5
Input name Input type
token URL encoded GET
version_check URL encoded GET

Input scheme 6
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
DisplayDatabasesList URL encoded POST
DisplayServersList URL encoded POST
LeftDefaultTabTable URL encoded POST
LeftDisplayLogo URL encoded POST
LeftDisplayServers URL encoded POST
LeftFrameDBSeparator URL encoded POST
LeftFrameDBTree URL encoded POST
LeftFrameLight URL encoded POST
LeftFrameTableLevel URL encoded POST
LeftFrameTableSeparator URL encoded POST
LeftLogoLink URL encoded POST
LeftLogoLinkWindow URL encoded POST
LeftPointerEnable URL encoded POST
ShowTooltip URL encoded POST
ShowTooltipAliasDB URL encoded POST
ShowTooltipAliasTB URL encoded POST
submit_reset URL encoded POST
token URL encoded POST

Input scheme 7
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
AllowAnywhereRecoding URL encoded POST
AllowArbitraryServer URL encoded POST
Acunetix Website Audit 83
AllowUserDropDatabase URL encoded POST
blowfish_secret URL encoded POST
BZipDump URL encoded POST
check_page_refresh URL encoded POST
CheckConfigurationPermissions URL encoded POST
CompressOnFly URL encoded POST
Confirm URL encoded POST
DefaultCharset URL encoded POST
ExecTimeLimit URL encoded POST
ForceSSL URL encoded POST
GZipDump URL encoded POST
IconvExtraParams URL encoded POST
IgnoreMultiSubmitErrors URL encoded POST
LoginCookieDeleteAll URL encoded POST
LoginCookieRecall URL encoded POST
LoginCookieStore URL encoded POST
LoginCookieValidity URL encoded POST
MaxCharactersInDisplayedSQL URL encoded POST
MaxDbList URL encoded POST
MaxTableList URL encoded POST
MemoryLimit URL encoded POST
OBGzip URL encoded POST
PersistentConnections URL encoded POST
QueryHistoryDB URL encoded POST
QueryHistoryMax URL encoded POST
RecodingEngine URL encoded POST
SaveDir URL encoded POST
ShowSQL URL encoded POST
SkipLockedTables URL encoded POST
submit_reset URL encoded POST
token URL encoded POST
TrustedProxies URL encoded POST
UploadDir URL encoded POST
UseDbSearch URL encoded POST
VerboseMultiSubmit URL encoded POST
ZipDump URL encoded POST

Input scheme 8
Input name
formset
page
BrowseMarkerEnable
BrowsePointerEnable
CharEditing
CharTextareaCols
CharTextareaRows
check_page_refresh
DefaultTabDatabase
DefaultTabServer
DefaultTabTable
ForeignKeyDropdownOrder
ForeignKeyMaxLimit
InsertRows
LightTabs
Acunetix Website Audit
Input type
URL encoded GET
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
84
MaxRows URL encoded POST
NavigationBarIconic URL encoded POST
Order URL encoded POST
PropertiesIconic URL encoded POST
ProtectBinary URL encoded POST
QueryWindowDefTab URL encoded POST
ShowAll URL encoded POST
ShowChgPassword URL encoded POST
ShowCreateDb URL encoded POST
ShowFunctionFields URL encoded POST
ShowPhpInfo URL encoded POST
ShowServerInfo URL encoded POST
ShowStats URL encoded POST
SQLQuery-Edit URL encoded POST
SQLQuery-Explain URL encoded POST
SQLQuery-Refresh URL encoded POST
SQLQuery-ShowAsPHP URL encoded POST
SQLQuery-Validate URL encoded POST
submit_reset URL encoded POST
SuggestDBName URL encoded POST
token URL encoded POST

Input scheme 9
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Export-asfile URL encoded POST
Export-charset URL encoded POST
Export-compression URL encoded POST
Export-file_template_database URL encoded POST
Export-file_template_server URL encoded POST
Export-file_template_table URL encoded POST
Export-format URL encoded POST
Export-onserver URL encoded POST
Export-onserver_overwrite URL encoded POST
Export-remember_file_template URL encoded POST
submit_reset URL encoded POST
token URL encoded POST

Input scheme 10
Input name Input type
id URL encoded GET
mode URL encoded GET
page URL encoded GET

Input scheme 11
Input name Input type
formset URL encoded GET
page URL encoded GET
URL encoded POST
check_page_refresh URL encoded POST
Import-allow_interrupt URL encoded POST
Import-format URL encoded POST
Import-skip_queries URL encoded POST
Acunetix Website Audit 85
submit_reset URL encoded POST
token URL encoded POST

Input scheme 12
Input name Input type
token URL encoded GET
version_check URL encoded GET
lang URL encoded POST
token URL encoded POST

Input scheme 13
Input name Input type
check_page_refresh URL encoded GET
mode URL encoded GET
page URL encoded GET
submit URL encoded GET
token URL encoded GET

URL: http://192.168.203.128/phpmyadmin/setup/config.php
Vulnerabilities have been identified for this URL
41 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
URL encoded POST
DefaultLang URL encoded POST
eol URL encoded POST
ServerDefault URL encoded POST
token URL encoded POST

Input scheme 2
Input name Input type
URL encoded POST
DefaultLang URL encoded POST
eol URL encoded POST
server%5bAllowDeny%5d%5border%5d URL encoded POST
server%5bAllowDeny%5d%5brules%5d%5b0%5d URL encoded POST
server%5bAllowNoPasswordRoot%5d URL encoded POST
server%5bauth_swekey_config%5d URL encoded POST
server%5bauth_type%5d URL encoded POST
server%5bbookmarktable%5d URL encoded POST
server%5bcolumn_info%5d URL encoded POST
server%5bconnect_type%5d URL encoded POST
server%5bcontrolpass%5d URL encoded POST
server%5bcontroluser%5d URL encoded POST
server%5bdesigner_coords%5d URL encoded POST
server%5bextension%5d URL encoded POST
server%5bhide_db%5d URL encoded POST
server%5bhistory%5d URL encoded POST
server%5bhost%5d URL encoded POST
server%5bLogoutURL%5d URL encoded POST
server%5bnopassword%5d URL encoded POST
server%5bonly_db%5d%5b0%5d URL encoded POST
server%5bpassword%5d URL encoded POST
server%5bpdf_pages%5d URL encoded POST
server%5bpmadb%5d URL encoded POST
Acunetix Website Audit 86
server%5bport%5d URL encoded POST
server%5brelation%5d URL encoded POST
server%5bSignonSession%5d URL encoded POST
server%5bSignonURL%5d URL encoded POST
server%5bsocket%5d URL encoded POST
server%5bssl%5d URL encoded POST
server%5btable_coords%5d URL encoded POST
server%5btable_info%5d URL encoded POST
server%5buser%5d URL encoded POST
server%5bverbose%5d URL encoded POST
ServerDefault URL encoded POST
token URL encoded POST

URL: http://192.168.203.128/phpmyadmin/setup/styles.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/setup/function.mysql-connect
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/setup/function.date-default-timezone-get
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/setup/scripts.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/setup/function.file-put-contents
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/setup/function.require
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/setup/function.require-once
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/setup/validate.php
Vulnerabilities have been identified for this URL
44 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
Servers-0-AllowDeny-order JSON
Servers-0-AllowDeny-rules JSON
Servers-0-AllowNoPasswordRoot JSON
Servers-0-AllowRoot JSON
Servers-0-auth_swekey_config JSON
Servers-0-auth_type JSON
Servers-0-bookmarktable JSON
Servers-0-column_info JSON
Servers-0-compress JSON
Servers-0-connect_type JSON
Servers-0-controlpass JSON

Acunetix Website Audit 87

Servers-0-controluser JSON
Servers-0-CountTables JSON
Servers-0-designer_coords JSON
Servers-0-DisableIS JSON
Servers-0-extension JSON
Servers-0-hide_db JSON
Servers-0-history JSON
Servers-0-host JSON
Servers-0-LogoutURL JSON
Servers-0-nopassword JSON
Servers-0-only_db JSON
Servers-0-password JSON
Servers-0-pdf_pages JSON
Servers-0-pmadb JSON
Servers-0-port JSON
Servers-0-relation JSON
Servers-0-ShowDatabasesCommand JSON
Servers-0-SignonSession JSON
Servers-0-SignonURL JSON
Servers-0-socket JSON
Servers-0-ssl JSON
Servers-0-table_coords JSON
Servers-0-table_info JSON
Servers-0-user JSON
Servers-0-verbose JSON
Servers-0-verbose_check JSON
id URL encoded POST
token URL encoded POST
values URL encoded POST

Input scheme 2
Input name Input type
Servers-0-hide_db JSON
id URL encoded POST
token URL encoded POST
values URL encoded POST

URL: http://192.168.203.128/phpmyadmin/js/
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/js/mootools.js
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/scripts/
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/documentation.html
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/docs.css
No vulnerabilities have been identified for this URL
No input(s) found for this URL

Acunetix Website Audit 88

URL: http://192.168.203.128/phpmyadmin/readme.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/license.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/changelog.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/phpmyadmin/translators.html
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/uploads/
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/uploads/logfile.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/uploads/manager.php
Vulnerabilities have been identified for this URL
2 input(s) found for this URL
Inputs

Input scheme 1
Input name Input type
frame URL encoded POST
pass URL encoded POST

URL: http://192.168.203.128/uploads/function.passthru
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/config.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/includes/
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/includes/config_db.php
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/includes/function.mysql-connect
Vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/upload.php
No vulnerabilities have been identified for this URL
No input(s) found for this URL

URL: http://192.168.203.128/icons
Vulnerabilities have been identified for this URL
No input(s) found for this URL

Acunetix Website Audit 89