You are on page 1of 13

Web Application Report

This report includes important security information about your Web Application.

Security Report
This report was created by IBM Rational AppScan 7.9.0.3 03-02-2011 15:23:20

03-02-2011 15:23:20 Copyright IBM Corp. 2000, 2009. All Rights Reserved.

1/13

Report Information
Web Application Report Scan Name: grievance.nic.in-scores-L2-19-jan-2011

Scanned Host(s) Host grievance.nic.in Operating System Win32 Web Server IIS, IIS6 Application Server ASP.NET

Content This report contains the following sections: Executive Summary Detailed Security Issues Remediation Tasks Application Data Application URLs

03-02-2011 15:23:20

2/13

Executive Summary
Test Policy Application-Only Security Risks Following are the security risks that appeared most often in the application. To explore which issues included these risks, please refer to the 'Detailed Security Issues' section in this report. It may be possible to steal user login information such as usernames and passwords that are sent unencrypted It is possible to gather sensitive debugging information It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations It is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user It might be possible to escalate user privileges and gain administrative permissions over the web application

Vulnerable URLs 32% of the URLs had test results that included security issues.

Vulnerable URLs (32%) Not vulnerable URLs (68%)

Scanned URLs 102 URLs were scanned by AppScan. Security Issue Possible Causes Following are the most common causes for the security issues found in the application. The causes below are those that repeated in the maximal number of issues. To explore which issues included these causes, please refer to the 'Detailed Security Issues' section in this report. Insecure web application programming or configuration Sensitive input fields such as usernames, password and credit card numbers are passed unencrypted
3/13

03-02-2011 15:23:21

Proper bounds checking were not performed on incoming parameter values No validation was done in order to make sure that user input matches the data type expected Exceptions and error messages, which may contain sensitive debugging information, are presented to users

URLs with the Most Security Issues (number issues) http://grievance.nic.in/scores/ (7) http://grievance.nic.in/scores/Registration.aspx (6) http://grievance.nic.in/scores/Default.aspx (5) http://grievance.nic.in/scores/SebiContents.aspx (5) http://grievance.nic.in/scores/WaitFormNetUsers.aspx (3)

Security Issues per Host Hosts http://grievance.nic.in/ Total High 7 7 Medium 0 0 Low 18 18 Informational 4 4 Total 29 29

03-02-2011 15:23:21

4/13

Security Issue Distribution per Threat Class The following is a list of the security issues, distributed by Threat Class.

Authentication: Brute Force Authentication: Insufficient Authentication Authorization: Credential/Session Prediction Authorization: Insufficient Authorization Authorization: Insufficient Session Expiration Authorization: Session Fixation Client-side Attacks: Content Spoofing Client-side Attacks: Cross-site Scripting Command Execution: Buffer Overflow Command Execution: Format String Attack Command Execution: LDAP Injection Command Execution: OS Commanding Command Execution: SQL Injection Command Execution: SSI Injection Command Execution: XPath Injection Information Disclosure: Directory Indexing Information Disclosure: Information Leakage Information Disclosure: Path Traversal Information Disclosure: Predictable Resource Location Logical Attacks: Abuse of Functionality Logical Attacks: Denial of Service Application Privacy Tests Application Quality Tests 0 1 2 3 4 5 6 7 8

03-02-2011 15:23:21

5/13

Security Issue Cause Distribution 100% Application-related Security Issues (29 out of a total of 29 issues). Application-related Security Issues can usually be fixed by application developers, as they result from defects in the application code. 0% Infrastructure and Platform Security Issues (0 out of a total 29 issues). Infrastructure and Platform Security Issues can usually be fixed by system and network administrators as these security issues result from misconfiguration of, or defects in 3rd party products.

03-02-2011 15:23:21

6/13

Detailed Security Issues


Vulnerable URL: http://grievance.nic.in/scores/ Total of 1 security issues in this URL [1 of 1] Authentication Bypass Using SQL Injection Severity: Test Type: Vulnerable URL: Remediation Tasks: High Application http://grievance.nic.in/scores/ (Parameter = ctl00$LoginC$txtpwd) Filter out hazardous characters from user input

Variant 1 of 2 [ID=3892] The following changes were applied to the original request: Removed parameter 'ctl00$LoginC$txt_hidden' Set parameter 'ctl00$LoginC$txtpwd's value to 'A%27+OR+%277659%27%3D%277659' Removed HTTP header 'Cookie=ASP.NET_SessionId' Validation In Response:
N/A

Reasoning: This test consists of four requests: valid login, invalid login, SQL attack, and another invalid login. If the responses to the two invalid logins are the same, and the injected SQL response looks like the first (valid) request, AppScan establishes that the SQL injection succeeded. Vulnerable URL: http://grievance.nic.in/scores/Registration.aspx Total of 1 security issues in this URL [1 of 1] Application Error Severity: Test Type: Vulnerable URL: Remediation Tasks: High Application http://grievance.nic.in/scores/Registration.aspx (Parameter = ctl00 $SebiCPH$Registration1$DDLState) Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions

Variant 1 of 32 [ID=11039] The following changes were applied to the original request: Cleared the value of parameter 'ctl00$SebiCPH$Registration1$DDLState' Validation In Response:
HTTP/1.1 500 Internal Server Error

03-02-2011 15:23:21

7/13

Reasoning: The application has responded with an error message, indicating an undefined state that may expose sensitive information. Vulnerable URL: http://grievance.nic.in/scores/ScriptResource.axd Total of 1 security issues in this URL [1 of 1] Application Error Severity: Test Type: Vulnerable URL: Remediation Tasks: High Application http://grievance.nic.in/scores/ScriptResource.axd (Parameter = d) Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions

Variant 1 of 18 [ID=1298] The following changes were applied to the original request: Cleared the value of parameter 'd' Validation In Response:
<span><H1>Server Error in '/scores' Application.<hr width=100% size=1 Server color=silver></H1>

Reasoning: The application has responded with an error message, indicating an undefined state that may expose sensitive information. Vulnerable URL: http://grievance.nic.in/scores/WaitFormNetUsers.aspx Total of 2 security issues in this URL [1 of 2] Application Error Severity: Test Type: Vulnerable URL: Remediation Tasks: High Application http://grievance.nic.in/scores/WaitFormNetUsers.aspx (Parameter = tested) Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions

Variant 1 of 9 [ID=25305] The following changes were applied to the original request: Cleared the value of parameter 'tested' Validation In Response:
HTTP/1.1 500 Internal Server Error

Reasoning: The application has responded with an error message, indicating an undefined state that may expose sensitive information.
03-02-2011 15:23:21 8/13

[2 of 2] Application Error Severity: Test Type: Vulnerable URL: Remediation Tasks: High Application http://grievance.nic.in/scores/WaitFormNetUsers.aspx (Parameter = CSession) Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions

Variant 1 of 9 [ID=25152] The following changes were applied to the original request: Cleared the value of parameter 'CSession' Validation In Response:
HTTP/1.1 500 Internal Server Error

Reasoning: The application has responded with an error message, indicating an undefined state that may expose sensitive information. Vulnerable URL: http://grievance.nic.in/scores/WebResource.axd Total of 1 security issues in this URL [1 of 1] Application Error Severity: Test Type: Vulnerable URL: Remediation Tasks: High Application http://grievance.nic.in/scores/WebResource.axd (Parameter = d) Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions

Variant 1 of 18 [ID=987] The following changes were applied to the original request: Cleared the value of parameter 'd' Validation In Response:
<span><H1>Server Error in '/scores' Application.<hr width=100% size=1 Server color=silver></H1>

Reasoning: The application has responded with an error message, indicating an undefined state that may expose sensitive information. Vulnerable URL: http://grievance.nic.in/scores/imgnew.aspx Total of 1 security issues in this URL

03-02-2011 15:23:22

9/13

[1 of 1] Application Error Severity: Test Type: Vulnerable URL: Remediation Tasks: High Application http://grievance.nic.in/scores/imgnew.aspx (Parameter = CaptchaText) Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions

Variant 1 of 18 [ID=2948] The following changes were applied to the original request: Cleared the value of parameter 'CaptchaText' Validation In Response:
HTTP/1.1 500 Internal Server Error

Reasoning: The application has responded with an error message, indicating an undefined state that may expose sensitive information. Test Screenshot:

03-02-2011 15:23:22

10/13

Remediation Tasks
Addressed Remediation Tasks Addressed Security Issues
http://grievance.nic.in/scores/ (1)

Filter out hazardous characters from user input (High) Parameter: ctl00$LoginC$txtpwd
http://grievance.nic.in/scores/Registration.aspx (1)

Authentication Bypass Using SQL Injection

Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: ctl00$SebiCPH$Registration1 $DDLState
http://grievance.nic.in/scores/ScriptResource.axd (1)

Application Error

Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: d

Application Error

http://grievance.nic.in/scores/WaitFormNetUsers.aspx (1)

Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: CSession Parameter: tested
http://grievance.nic.in/scores/WebResource.axd (1)

Application Error

Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: d

Application Error

03-02-2011 15:23:22

11/13

http://grievance.nic.in/scores/imgnew.aspx (1)

Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: CaptchaText

Application Error

03-02-2011 15:23:22

12/13

Application Data
Application URLs

http://grievance.nic.in/ http://grievance.nic.in/scores http://grievance.nic.in/App_Themes/ http://grievance.nic.in/JS/ http://grievance.nic.in/scores/ http://grievance.nic.in/scores/Default.aspx http://grievance.nic.in/scores/LetterDetails.aspx http://grievance.nic.in/scores/LogoutProcess.aspx http://grievance.nic.in/scores/Registration.aspx http://grievance.nic.in/scores/ScriptResource.axd http://grievance.nic.in/scores/SebiContents.aspx http://grievance.nic.in/scores/WaitFormNetUsers.aspx http://grievance.nic.in/scores/WebResource.axd http://grievance.nic.in/scores/imgnew.aspx http://grievance.nic.in/scores/logout.aspx http://grievance.nic.in/App_Themes/T2/ http://grievance.nic.in/scores/App_Themes/ http://grievance.nic.in/scores/JS/ http://grievance.nic.in/scores/JS/Print.js http://grievance.nic.in/scores/JS/ajxcompat.js http://grievance.nic.in/scores/JS/jquery.tools.min.js http://grievance.nic.in/scores/JS/jscheck.js http://grievance.nic.in/scores/JS/md5.js http://grievance.nic.in/scores/App_Themes/T2/ http://grievance.nic.in/scores/App_Themes/T2/img/

03-02-2011 15:23:22

13/13