Professional Documents
Culture Documents
Security Report For Security Test 1 2021-12-09 01 - 57 - 24
Security Report For Security Test 1 2021-12-09 01 - 57 - 24
Summary
Started at 2021-12-09 01:57:24
Issues found: 13
Total Issues
Scan Issues Found In Test Steps
Found
Sensitive Files
POST 1 1
Exposure
HTTP Method
POST 12 12
Fuzzing
Detailed Info
Issues are grouped by Security scan.
A Sensitive File Security Scan looks for files that tend to contain very sensitive information. It will
generate an alert if it can download one of these files.
If such files are found, you usually need to either remove them from your system or restrict access to
them.
Response No content
Alerts Sensitive Files Exposure: Status code extraction error!
Action Points You probably need to either remove the file /wp-admin/wp-login.php, or restrict access
to it
CWE-ID CWE-219
Issue Number #1
An HTTP Method Fuzzing Scan attempts to use other HTTP verbs (methods) than those defined in
an API. For instance, if you have defined GET and POST, it will send requests using the DELETE
and PUT verbs, expecting an appropriate HTTP error response and reporting alerts if it doesn't
receive it.
Sometimes, unexpected HTTP verbs can overwrite data on a server or get data that shouldn't be
revealed to clients.
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method PURGE should really be allowed for this resource.
Issue Number #2
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method COPY should really be allowed for this resource.
Issue Number #3
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method UNLOCK should really be allowed for this resource.
Issue Number #4
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method LOCK should really be allowed for this resource.
Issue Number #5
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method PROPFIND should really be allowed for this resource.
Issue Number #6
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method PATCH should really be allowed for this resource.
Issue Number #7
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method TRACE should really be allowed for this resource.
Issue Number #8
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method OPTIONS should really be allowed for this resource.
Issue Number #9
Response No content
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method HEAD should really be allowed for this resource.
Issue Number #10
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method DELETE should really be allowed for this resource.
Issue Number #11
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method PUT should really be allowed for this resource.
Issue Number #12
Alerts Valid HTTP Status Codes: Response status code: 302 is not in acceptable list of status codes
Action Points You should check if the HTTP method GET should really be allowed for this resource.
Issue Number #13