Scribd Logo
Upload

Welcome to Scribd!

  • Vastrzone Application Security Assessment Report DATE: 01 JUNE 2022

    Uploaded by

    MAJ. VIKAS TYAGI DGR Batch 08
    7 views17 pages
    Blue Team GNU assessed the Business Value of Data Platform application and found several vulnerabilities. The findings include server-side request forgery using XMLRPC, brute force attacks on XMLRPC credentials, cross-site scripting, directory traversal, a business logic flaw allowing free purchases, anonymous access without authentication, user enumeration, information disclosure of frameworks used, and missing security headers. The report recommends addressing these issues to secure the application.

    Original Description:

    Original Title

    VastszoneVAPTansh

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Blue Team GNU assessed the Business Value of Data Platform application and found several vulnerabilities. The findings include server-side request forgery using XMLRPC, brute force attacks on XMLRPC credentials, cross-site scripting, directory traversal, a business logic flaw allowing free purchases, anonymous access without authentication, user enumeration, information disclosure of frameworks used, and missing security headers. The report recommends addressing these issues to secure the application.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views17 pages

    Vastrzone Application Security Assessment Report DATE: 01 JUNE 2022

    Uploaded by

    MAJ. VIKAS TYAGI DGR Batch 08
    Blue Team GNU assessed the Business Value of Data Platform application and found several vulnerabilities. The findings include server-side request forgery using XMLRPC, brute force attacks on XMLRPC credentials, cross-site scripting, directory traversal, a business logic flaw allowing free purchases, anonymous access without authentication, user enumeration, information disclosure of frameworks used, and missing security headers. The report recommends addressing these issues to secure the application.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    VASTRZONE APPLICATION SECURITY ASSESSMENT REPORT

    VERSION 1.0

    DATE: 01 JUNE 2022


    Executive Summary

    Blue Team GNU assessed and reviewed The Business Value of Data Platform application at
    ICT from an application security perspective. The primary objective of this assessment was to
    determine vulnerabilities in the application weighted by risk.

    As a result, the primary focus of the assessment was on detection of both technical as well as
    logical types of
    issues which may pose high risk to the application.

    The findings discovered during the assessment include

    Because of risks associated with these findings, Blue Team GNU recommends that the
    vulnerabilities be fixed across the entire application.

    Although Blue Team GNU makes every effort to identify as many vulnerabilities and
    weaknesses accurately as possible, because of time-limited testing and nature of security
    assessments, it is possible that not all vulnerabilities, weaknesses or instances are identified. As
    a result, it is strongly recommended that the development team look at the findings to
    understand root cause and apply proper fixes across the entire application consistently. The
    development team should also continue best practices of secure software development by
    implementing security controls across the entire application.
    Finding#1

    Name:-Server Side Request Forgery - Xmlrpc


    Status:-New
    Severity:-Medium
    Exploitability Easy
    Function / Target:-Xmlrpc
    Description:- Server-side request forgery is a web security vulnerability that allows an attacker to
    induce the server-side application to make requests to an unintended location.
    Risk / Impact:- the attacker might cause the server to make a connection to internal-only
    services within the organization's infrastructure. In other cases, they may be able to force the
    server to connect to arbitrary external systems, potentially leaking sensitive data such as
    authorization credentials.

    Step 1 - Access to xmlrpc file.


    Step 2 - List the available Methods

    Step 3 - Look for pingback plugin


    Step 3: Generate domain using burp collaborator and craft a malicious request as follows

    Step 4 - Note that Burp Collaborator received request from the server
    Finding#2
    Name:- Brute Force Attack - Xmlrpc
    Exploitability:- Easy
    Target:-xmlrpc
    Finding:-A brute force attack is a hacking method that uses trial and error to crack passwords,
    login credentials, and encryption keys. It is a simple yet reliable tactic for gaining unauthorized
    access to individual accounts and organizations’ systems and networks.
    Risk:-The hacker tries multiple usernames and passwords, often using a computer to test a wide
    range of combinations, until they find the correct login information.

    Step 1:- look for “wp.getUserBlogs” method using xmlrpc and craft the request as follows
    Findings#3

    Name:-Cross-Site Scripting
    Severity:-High
    Exploitability:-Easy
    Target:- Multiple
    Finding:- Because of lack of proper encoding of output data/values, XSS attack is possible. This
    can lead to numerous client-side attacks including attempts to hijack session or steal sensitive
    client-side data.
    Risk:- Attacker can exploit XSS vulnerability by injecting client-side script in order to launch
    numerous client-side attacks and also attempt to hijack session or steal sensitive client-side
    data if such information is accessible from client-side script.

    Step 1 - Break the context for reflected input in response and craft the malicious request as
    follows
    Finding#4

    Name:- Directory/ File Traversal


    Severity:- High
    Exploitability:- Easy
    Target:-Multiple
    Finding:- Directory traversal (also known as file path traversal) is a web security vulnerability
    that allows an attacker to read arbitrary files on the server that is running an application.
    Risk:- Attacker can exploit directory traversal to read some critical files over the server

    Step 1 - Identify the endpoint


    Step 2 - Craft the request as follows and note the list of directory / file available
    Finding#5

    Name:- Business Login Bypass - Purchase Product at Zero (0) Value


    Severity:-High
    Exploitability:-Easy
    Target :- Multiple
    Finding :- Business logic vulnerabilities are flaws in the design and implementation of an
    application that allow an attacker to elicit unintended behavior.
    Risk :- This potentially enables attackers to manipulate legitimate functionality to achieve a
    malicious goal.

    Step 1 - Login with valid credentials and add points for discount on product
    Step 2 - Note the value of parameter of “wps-cart-points”..

    Step 3 - Replace the value of parameter “wps-cart-points” from “100” to “200000”.


    Step 4 - Note the response
    Step 6 - Follow the journey of checkout and observe that order is placed with bill of “Zero(0)” .

    Finding#6

    Name :- Anonymous Page Access


    Severity :- Low
    Exploitability :- Difficult
    Target :- Multiple
    Finding :- The application was found to be allowing anonymous functionality access without
    proper authentication and authorization mechanism in place.
    Risk :- An attacker may be able to access functionality without any authentication and
    authorization mechanism in place.

    Step 1 - Navigate to this url.


    Finding#7

    Name :- User Enumeration


    Severity :- Medium
    Exploitability :- Medium
    Target :- Multiple
    Finding :- The application was found to be vulnerable to Enumeration attack on User ID.
    Risk :- Attacker may be able to exploit it with the brute force attack and able to enumerate the
    User ID.

    Step 1 - Navigate to this url and enter common usernames.

    Step 2 - Observe the response


    Finding#8

    Name:-Framework Type and Version


    Severity:-Low
    Exploitability:-Difficult
    Target:-Multiple
    Finding :- The application was found to be leaking internal information (framework type and
    version).
    Risk:-By having access to an internal information, an attacker can learn about the internals of
    the application and analyze that information for finding possible weaknesses within the
    application. In this case, if a vulnerable version of the framework is used, then possible security
    issues with the framework type and version may be looked up. Weaknesses may then be
    exploited with possible attacks.

    Step 1 - Observe the response


    Finding#9

    Name :- Missing Security Header


    Severity:-Low
    Exploitability:-Easy
    Target:-Multiple
    Finding :- The application was not found to having security headers like X-XSS-Protection,HSTS
    Risk:- Attacks like Cross Site Scripting and Man in the Middle attack can be executed

    Step 1 - Observe the Headers in response

    You might also like