Professional Documents
Culture Documents
Report
Acunetix Security Audit
23 October 2023
Generated by Acunetix
1
Scan of online-assessment.apidataserv.com
Scan details
Scan information
Start time 23/10/2023, 07:41:32
Start url https://online-assessment.apidataserv.com/login
Host online-assessment.apidataserv.com
Scan time 5 minutes, 48 seconds
Profile Full Scan
Server information nginx/1.14.2
Responsive True
Server OS Unknown
Threat level
One or more medium-severity type vulnerabilities have been discovered by the scanner. You should investigate each of
these vulnerabilities to ensure they will not escalate to more severe problems.
Alerts distribution
2
Alerts summary
Classification
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 5.3
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
Web Server 1
/FNu46MsRQH.cgi 1
Classification
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Partial
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
3
Base Score: 5.3
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: Low
Affected items Variation
Web Server 1
Classification
Base Score: 4.3
Access Vector: Network_accessible
Access Complexity: Medium
Authentication: None
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-693
Affected items Variation
Web Server 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 2
4
Error page path disclosure
Classification
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 0.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
Web Server 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
/login 1
Classification
5
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 7.5
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
Web Server 1
Classification
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 7.5
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
6
Web Server 1
/FNu46MsRQH.cgi 1
Classification
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 7.5
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Unchanged
Confidentiality Impact: High
Integrity Impact: None
Availability Impact: None
CWE CWE-200
Affected items Variation
/FNu46MsRQH.cgi 1
Classification
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
/login 1
7
Alerts details
Severity Medium
Reported by module /Scripts/PerFolder/Invalid_Page_Text_Search.script
Description
Application error or warning messages may expose sensitive information about an application's internal workings to an
attacker.
Acunetix found an error or warning message that may disclose sensitive information. The message may also contain the
location of the file that produced an unhandled exception. Consult the 'Attack details' section for more information about the
affected page.
Impact
Error messages may disclose sensitive information which can be used to escalate attacks.
Recommendation
Verify that this page is disclosing error or warning messages and properly configure the application to log errors to a file
instead of displaying the error to the user.
References
Affected items
Web Server
Details
Pattern found:
Fatal error
Request headers
GET /vZgPQhJ5Ls.jsp HTTP/1.1
Cookie:
ci_session=tsqb2lobjcp62m4nfi07cs7mf0eeng8c;csrf_cookie_name=16aaa76ead90d793833ed86bbb60
f39f
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
/FNu46MsRQH.cgi
Details
8
Pattern found:
Fatal error
Request headers
GET /FNu46MsRQH.cgi HTTP/1.1
Referer: https://online-assessment.apidataserv.com/login
Cookie:
ci_session=tsqb2lobjcp62m4nfi07cs7mf0eeng8c;csrf_cookie_name=16aaa76ead90d793833ed86bbb60
f39f
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Severity Medium
Reported by module /SlowHTTPDOS
Description
Your web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks.
Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to be
completely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate is
very low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resources busy,
this creates a denial of service.
Impact
A single machine can take down another machine's web server with minimal bandwidth and side effects on unrelated
services and ports.
Recommendation
Consult Web references for information about protecting your web server against this type of attack.
References
Affected items
Web Server
Details
Time difference between connections: 10000 ms
Request headers
9
Clickjacking: X-Frame-Options header missing
Severity Low
Reported by module /Scripts/PerServer/Clickjacking_X_Frame_Options.script
Description
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user
into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential
information or taking control of their computer while clicking on seemingly innocuous web pages.
The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking
attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed
to render a page inside a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is
not embedded into other sites.
Impact
Recommendation
Configure your web server to include an X-Frame-Options header and a CSP header with frame-ancestors directive.
Consult Web references for more information about the possible values for this header.
References
Affected items
Web Server
Details
Request headers
GET / HTTP/1.1
Cookie:
ci_session=tsqb2lobjcp62m4nfi07cs7mf0eeng8c;csrf_cookie_name=16aaa76ead90d793833ed86bbb60
f39f
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Severity Low
10
Reported by module /RPA/Cookie_Without_Secure.js
Description
This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the
cookie can only be accessed over secure SSL/TLS channels. This is an important security protection for session cookies.
Impact
Recommendation
If possible, you should set the Secure flag for this cookie.
Affected items
Web Server
Verified vulnerability
Details
Set-Cookie: ci_session=tsqb2lobjcp62m4nfi07cs7mf0eeng8c; expires=Mon, 23-Oct-2023 09:41:35 GMT; Max-
Age=7200; path=/; HttpOnly; SameSite=Lax
Request headers
GET /login HTTP/1.1
Referer: https://online-assessment.apidataserv.com/login
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Web Server
Verified vulnerability
Details
Set-Cookie: csrf_cookie_name=16aaa76ead90d793833ed86bbb60f39f; expires=Mon, 23-Oct-2023 09:41:35 GMT; Max-
Age=7200; path=/; HttpOnly; SameSite=Lax
Request headers
GET /login HTTP/1.1
Referer: https://online-assessment.apidataserv.com/login
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Severity Low
Reported by module /Scripts/PerServer/Error_Page_Path_Disclosure.script
11
Description
Application errors or warning messages may disclose sensitive information about an application's internal workings to an
attacker.
Acunetix found one or more fully qualified path names that may disclose a web server's file system structure. Consult the
'Attack details' section for more information about the affected page.
Impact
Error messages information about an application's internal workings may be used to escalate attacks.
Recommendation
Properly configure the application not to disclose information about an application's internal workings to the user.
Affected items
Web Server
Details
Pattern found:
/var/www/online
Request headers
GET /FNu46MsRQH.cgi HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Severity Informational
Reported by module /httpdata/CSP_not_implemented.js
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks,
including Cross Site Scripting (XSS) and data injection attacks.
Content Security Policy (CSP) can be implemented by adding a Content-Security-Policy header. The value of this header
is a string containing the policy directives describing your Content Security Policy. To implement CSP, you should define
lists of allowed origins for the all of the types of resources that your site utilizes. For example, if you have a simple site that
needs to load scripts, stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP
header could look like the following:
Content-Security-Policy:
default-src 'self';
script-src 'self' https://code.jquery.com;
12
It was detected that your web application doesn't implement Content Security Policy (CSP) as the CSP header is missing
from the response. It's recommended to implement Content Security Policy (CSP) into your web application.
Impact
CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as cross-site scripting/XSS
attacks, attacks that require embedding a malicious resource, attacks that involve malicious use of iframes, such as
clickjacking attacks, and others.
Recommendation
It's recommended to implement Content Security Policy (CSP) into your web application. Configuring Content Security
Policy involves adding the Content-Security-Policy HTTP header to a web page and giving it values to control resources
the user agent is allowed to load for that page.
References
Affected items
/login
Details
Request headers
GET /login HTTP/1.1
Referer: https://online-assessment.apidataserv.com/login
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Severity Informational
Reported by module /Crawler/12-Crawler_Password_Input_Autocomplete.js
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should
be saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the
name is entered. An attacker with local access could obtain the cleartext password from the browser cache.
Impact
Recommendation
13
Affected items
Web Server
Details
Form name: <empty>
Form action: /login
Form method: POST
Form input:
password [password]
Request headers
GET /login HTTP/1.1
Referer: https://online-assessment.apidataserv.com/login
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Severity Informational
Reported by module /Scripts/PerFolder/Invalid_Page_Text_Search.script
Description
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing
scheme of the internal network. This information can be used to conduct further attacks.
Impact
Recommendation
Affected items
Web Server
Details
Pattern found:
192.168.2.34
Request headers
14
GET /vZgPQhJ5Ls.jsp HTTP/1.1
Cookie:
ci_session=tsqb2lobjcp62m4nfi07cs7mf0eeng8c;csrf_cookie_name=16aaa76ead90d793833ed86bbb60
f39f
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
/FNu46MsRQH.cgi
Details
Pattern found:
192.168.2.34
Request headers
GET /FNu46MsRQH.cgi HTTP/1.1
Referer: https://online-assessment.apidataserv.com/login
Cookie:
ci_session=tsqb2lobjcp62m4nfi07cs7mf0eeng8c;csrf_cookie_name=16aaa76ead90d793833ed86bbb60
f39f
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Severity Informational
Reported by module /Scripts/PerFile/Text_Search_File.script
Description
One or more fully qualified path names were found on this page. From this information the attacker may learn the file
system structure from the web server. This information can be used to conduct further attacks.
Impact
Recommendation
References
15
Affected items
/FNu46MsRQH.cgi
Details
Pattern found:
/var/www/online
Request headers
GET /FNu46MsRQH.cgi HTTP/1.1
Referer: https://online-assessment.apidataserv.com/login
Cookie:
ci_session=tsqb2lobjcp62m4nfi07cs7mf0eeng8c;csrf_cookie_name=16aaa76ead90d793833ed86bbb60
f39f
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
Severity Informational
Reported by module /RPA/SRI_Not_Implemented.js
Description
Subresource Integrity (SRI) is a security feature that enables browsers to verify that third-party resources they fetch (for
example, from a CDN) are delivered without unexpected manipulation. It works by allowing developers to provide a
cryptographic hash that a fetched file must match.
Third-party resources (such as scripts and stylesheets) can be manipulated. An attacker that has access or has hacked the
hosting CDN can manipulate or replace the files. SRI allows developers to specify a base64-encoded cryptographic hash of
the resource to be loaded. The integrity attribute containing the hash is then added to the <script> HTML element tag. The
integrity string consists of a base64-encoded hash, followed by a prefix that depends on the hash algorithm. This prefix can
either be sha265, sha384 or sha512.
The script loaded from the external URL specified in the Details section doesn't implement Subresource Integrity (SRI). It's
recommended to implement Subresource Integrity (SRI) for all the scripts loaded from external hosts.
Impact
An attacker that has access or has hacked the hosting CDN can manipulate or replace the files.
Recommendation
Use the SRI Hash Generator link (from the References section) to generate a <script> element that implements
Subresource Integrity (SRI).
For example, you can use the following <script> element to tell a browser that before executing the
https://example.com/example-framework.js script, the browser must first compare the script to the expected hash, and
verify that there's a match.
16
<script src="https://example.com/example-framework.js"
integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
crossorigin="anonymous"></script>
References
Affected items
/login
Details
Request headers
GET /login HTTP/1.1
Referer: https://online-assessment.apidataserv.com/login
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
Host: online-assessment.apidataserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/73.0.3683.103 Safari/537.36
Connection: Keep-alive
17
Scanned items (coverage report)
https://online-assessment.apidataserv.com/
https://online-assessment.apidataserv.com/FNu46MsRQH.cgi
https://online-assessment.apidataserv.com/assets/
https://online-assessment.apidataserv.com/assets/css/
https://online-assessment.apidataserv.com/assets/css/all.css
https://online-assessment.apidataserv.com/assets/css/dashboard.css
https://online-assessment.apidataserv.com/assets/css/daterangepicker.css
https://online-assessment.apidataserv.com/assets/css/elib.css
https://online-assessment.apidataserv.com/assets/css/img/
https://online-assessment.apidataserv.com/assets/css/img/svg/
https://online-assessment.apidataserv.com/assets/css/knowledge.css
https://online-assessment.apidataserv.com/assets/css/mockup_css/
https://online-assessment.apidataserv.com/assets/css/mockup_css/style.css
https://online-assessment.apidataserv.com/assets/css/style.css
https://online-assessment.apidataserv.com/assets/img/
https://online-assessment.apidataserv.com/assets/img/jpg/
https://online-assessment.apidataserv.com/assets/img/png/
https://online-assessment.apidataserv.com/assets/img/svg/
https://online-assessment.apidataserv.com/assets/plugins/
https://online-assessment.apidataserv.com/assets/plugins/bootstrap/
https://online-assessment.apidataserv.com/assets/plugins/bootstrap/css/
https://online-assessment.apidataserv.com/assets/plugins/bootstrap/css/bootstrap.min.css
https://online-assessment.apidataserv.com/assets/plugins/datepicker/
https://online-assessment.apidataserv.com/assets/plugins/datepicker/css/
https://online-assessment.apidataserv.com/assets/plugins/datepicker/css/bootstrap-datepicker.min.css
https://online-assessment.apidataserv.com/assets/plugins/select2/
https://online-assessment.apidataserv.com/assets/plugins/select2/css/
https://online-assessment.apidataserv.com/assets/plugins/select2/css/select2-bootstrap4.min.css
https://online-assessment.apidataserv.com/assets/plugins/select2/css/select2.min.css
https://online-assessment.apidataserv.com/assets/plugins/sweetalert2/
https://online-assessment.apidataserv.com/assets/plugins/sweetalert2/sweetalert2.min.css
https://online-assessment.apidataserv.com/assets/webfonts/
https://online-assessment.apidataserv.com/login
https://online-assessment.apidataserv.com/public/
https://online-assessment.apidataserv.com/public/assets/
https://online-assessment.apidataserv.com/public/assets/img/
https://online-assessment.apidataserv.com/public/assets/img/svg/
https://online-assessment.apidataserv.com/register
https://online-assessment.apidataserv.com/robots.txt
18