acunetix

Acunetix Website Audit

7 July, 2014

Developer Report

Generated by Acunetix WVS Reporter (v9.0 Build 20140422)

Scan of http://localhost:80/DVWA-1.0.8/

Scan information

Scan details

Start time 07-07-2014 02:36:19Finish time 07-07-2014 02:56:02Scan time 19 minutes, 43 secondsProfile Default

Server informationResponsive TrueServer banner Apache/2.4.9 (Win32) OpenSSL/1.0.1g PHP/5.5.11Server OS WindowsServer technologies PHP

Threat level

Acunetix Threat Level 3One or more high-severity type vulnerabilities have been discovered by the scanner. Amalicious user can exploit these vulnerabilities and compromise the backend databaseand/or deface your website.

Alerts distribution

HighMediumLowInformational 13

126119

105Total alerts found

Knowledge baseList of file extensionsFile extensions can provide information on what technologies are being used on this website.List of file extensions detected:

- php => 29 file(s)- css => 4 file(s)- js => 1 file(s)- md => 1 file(s)- ini => 1 file(s)

Top 10 response timesThe files listed below had the slowest response times measured during the crawling process. The average response timefor this site was 616.61 ms. These files could be targetted in denial of service attacks.

1. /dvwa-1.0.8/vulnerabilities/view_help.php, response time 3187 ms

GET /dvwa-1.0.8/vulnerabilities/view_help.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/Acunetix-Aspect: enabledAcunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c

2Acunetix Website Audit

Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63Safari/537.36Accept: */*

2. /dvwa-1.0.8/security.php, response time 546 ms

GET /dvwa-1.0.8/security.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/index.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66cAcunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=nsnh7p443gi2u75kmj5q1r3k23; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63Safari/537.36Accept: */*

3. /dvwa-1.0.8/instructions.php, response time 516 ms

GET /dvwa-1.0.8/instructions.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/index.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66cAcunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=nsnh7p443gi2u75kmj5q1r3k23; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63Safari/537.36Accept: */*

List of client scriptsThese files contain Javascript code referenced from the website.

- /dvwa-1.0.8/dvwa/js/dvwapage.js

List of files with inputsThese files have at least one input (GET or POST).

- /dvwa-1.0.8/login.php - 1 inputs- /dvwa-1.0.8/security.php - 3 inputs- /dvwa-1.0.8/setup.php - 1 inputs- /dvwa-1.0.8/vulnerabilities/fi - 1 inputs- /dvwa-1.0.8/vulnerabilities/csrf - 1 inputs- /dvwa-1.0.8/vulnerabilities/sqli - 1 inputs- /dvwa-1.0.8/vulnerabilities/exec - 1 inputs- /dvwa-1.0.8/vulnerabilities/brute - 1 inputs- /dvwa-1.0.8/vulnerabilities/xss_s - 1 inputs- /dvwa-1.0.8/vulnerabilities/xss_r - 1 inputs- /dvwa-1.0.8/vulnerabilities/upload - 1 inputs


- /dvwa-1.0.8/vulnerabilities/captcha - 2 inputs- /dvwa-1.0.8/vulnerabilities/sqli_blind - 1 inputs- /dvwa-1.0.8/vulnerabilities/view_source_all.php - 1 inputs- /dvwa-1.0.8/ids_log.php - 1 inputs

List of external hostsThese hosts were linked from this website but they were not scanned because they are not listed in the list of hostsallowed.(Settings->Scanners settings->Scanner->List of hosts allowed).

- hiderefer.com- www.php.net- www.zend.com- data- www.google.com- www.captcha.net

List of email addressesList of all email addresses found on this host.

- [email protected]

Alerts summary

Cross site scripting

Affects Variations2/dvwa-1.0.8/vulnerabilities/brute/2/dvwa-1.0.8/vulnerabilities/captcha/2/dvwa-1.0.8/vulnerabilities/csrf/2/dvwa-1.0.8/vulnerabilities/exec/2/dvwa-1.0.8/vulnerabilities/sqli/2/dvwa-1.0.8/vulnerabilities/sqli_blind/2/dvwa-1.0.8/vulnerabilities/upload/2/dvwa-1.0.8/vulnerabilities/xss_r/2/dvwa-1.0.8/vulnerabilities/xss_s/

PHP allow_url_fopen enabled

Affects Variations1/dvwa-1.0.8/phpinfo.php

Apache server-info enabled

Affects Variations1Web Server

Apache server-status enabled



Application error message

Affects Variations2/dvwa-1.0.8/login.php2/dvwa-1.0.8/vulnerabilities/brute/4/dvwa-1.0.8/vulnerabilities/captcha/1/dvwa-1.0.8/vulnerabilities/csrf/1/dvwa-1.0.8/vulnerabilities/exec/1/dvwa-1.0.8/vulnerabilities/sqli/1/dvwa-1.0.8/vulnerabilities/sqli_blind/1/dvwa-1.0.8/vulnerabilities/xss_r/2/dvwa-1.0.8/vulnerabilities/xss_s/

Directory listing

Affects Variations1/dvwa-1.0.8/config1/dvwa-1.0.8/docs1/dvwa-1.0.8/dvwa1/dvwa-1.0.8/dvwa/css1/dvwa-1.0.8/dvwa/images1/dvwa-1.0.8/dvwa/includes1/dvwa-1.0.8/dvwa/includes/dbms1/dvwa-1.0.8/dvwa/js1/dvwa-1.0.8/vulnerabilities1/dvwa-1.0.8/vulnerabilities/brute/help1/dvwa-1.0.8/vulnerabilities/captcha/help1/dvwa-1.0.8/vulnerabilities/csrf/help1/dvwa-1.0.8/vulnerabilities/exec/help1/dvwa-1.0.8/vulnerabilities/fi/help1/dvwa-1.0.8/vulnerabilities/sqli/help1/dvwa-1.0.8/vulnerabilities/sqli_blind/help1/dvwa-1.0.8/vulnerabilities/upload/help1/dvwa-1.0.8/vulnerabilities/xss_r/help1/dvwa-1.0.8/vulnerabilities/xss_s/help

Error message on page

Affects Variations1/dvwa-1.0.8/dvwa/includes/dbms/mysql.php1/dvwa-1.0.8/dvwa/includes/dvwapage.inc.php1/dvwa-1.0.8/dvwa/includes/dvwaphpids.inc.php1/dvwa-1.0.8/vulnerabilities/fi/include.php1/dvwa-1.0.8/vulnerabilities/view_help.php


HTML form without CSRF protection

Affects Variations1/dvwa-1.0.8/ids_log.php1/dvwa-1.0.8/security.php1/dvwa-1.0.8/setup.php1/dvwa-1.0.8/vulnerabilities/brute1/dvwa-1.0.8/vulnerabilities/csrf1/dvwa-1.0.8/vulnerabilities/exec1/dvwa-1.0.8/vulnerabilities/sqli1/dvwa-1.0.8/vulnerabilities/xss_r1/dvwa-1.0.8/vulnerabilities/xss_s

Password field submitted using GET method

Affects Variations1/dvwa-1.0.8/vulnerabilities/brute1/dvwa-1.0.8/vulnerabilities/csrf

PHP errors enabled


PHP open_basedir is not set


PHPinfo page found


Slow HTTP Denial of Service Attack


User credentials are sent in clear text

Affects Variations1/dvwa-1.0.8/vulnerabilities/brute2/dvwa-1.0.8/vulnerabilities/captcha1/dvwa-1.0.8/vulnerabilities/csrf

Documentation file

Affects Variations1/dvwa-1.0.8/README.md

File upload

Affects Variations1/dvwa-1.0.8/vulnerabilities/upload

Login page password-guessing attack

Affects Variations1/dvwa-1.0.8/vulnerabilities/brute/


Possible sensitive directories

Affects Variations1/dvwa-1.0.8/config

Possible sensitive files

Affects Variations1/dvwa-1.0.8/php.ini

Sensitive page could be cached

Affects Variations1/dvwa-1.0.8/vulnerabilities/brute (0e431722672baade827d813b3c6edf86)

Session Cookie without HttpOnly flag set

Affects Variations2/

Session Cookie without Secure flag set

Affects Variations2/

Slow response time

Affects Variations1/dvwa-1.0.8/vulnerabilities/view_help.php

TRACE method is enabled


Content type is not specified

Affects Variations1/dvwa-1.0.8/php.ini1/dvwa-1.0.8/readme.md

Email address found


GHDB: Default phpinfo page


GHDB: Files uploaded through FTP

Affects Variations1/dvwa-1.0.8/vulnerabilities1/dvwa-1.0.8/vulnerabilities/upload/help

GHDB: phpinfo()



Possible CSRF (Cross-site request forgery)

Affects Variations1/dvwa-1.0.8/security.php (0c1073004fdb8d2f67116fcd2e57528e)1/dvwa-1.0.8/security.php (4b8084ccab1d98b65ab8f6868cb5236b)1/dvwa-1.0.8/security.php (e2e317dfb2ebaca97a5ea7f915eeb9c6)1/dvwa-1.0.8/setup.php (bdfdb6cccfc418fa13f20a596815c26c)1/dvwa-1.0.8/vulnerabilities/captcha (148a12ec4c6f14514eb58e4554260cce)1/dvwa-1.0.8/vulnerabilities/captcha (aa425408e9d59bc3e8f810ffb027441d)


Alert details

Cross site scripting

HighSeverityValidationTypeScripting (XSS.script)Reported by module

Impact

Description

This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.

Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually inthe form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it willexecute the script in the user context allowing the attacker to access any cookies or session tokens retained by thebrowser.

Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user inorder to gather data from them. An attacker can steal the session cookie and take over the account, impersonating theuser. It is also possible to modify the content of the page presented to the user.

Recommendation

Your script should filter metacharacters from user input.

References

OWASP Cross Site ScriptingOWASP PHP Top 5Cross site scriptingXSS AnnihilationThe Cross Site Scripting FaqVIDEO: How Cross-Site Scripting (XSS) WorksAcunetix Cross Site Scripting AttackHow To: Prevent Cross-Site Scripting in ASP.NETXSS Filter Evasion Cheat Sheet

Affected items

Details/dvwa-1.0.8/vulnerabilities/brute/

Cookie input security was set to jngbu7e20p8m7hpevglgb4upt4_906692'():;996680The input is reflected inside Javascript code between single quotes.

GET /dvwa-1.0.8/vulnerabilities/brute/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_906692&apos%3B():%3B996680Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers




GET /dvwa-1.0.8/vulnerabilities/brute/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_997453&apos%3B():%3B914100Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/captcha/


GET /dvwa-1.0.8/vulnerabilities/captcha/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_946271&apos%3B():%3B985654Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers



GET /dvwa-1.0.8/vulnerabilities/captcha/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_982935&apos%3B():%3B901045Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/csrf/


GET /dvwa-1.0.8/vulnerabilities/csrf/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_937306&apos%3B():%3B940847Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers




GET /dvwa-1.0.8/vulnerabilities/csrf/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_983912&apos%3B():%3B943915Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/exec/


GET /dvwa-1.0.8/vulnerabilities/exec/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_944202&apos%3B():%3B966936Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers



GET /dvwa-1.0.8/vulnerabilities/exec/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_937762&apos%3B():%3B957094Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/sqli/


GET /dvwa-1.0.8/vulnerabilities/sqli/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_927790&apos%3B():%3B930146Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-alive

Request headers


Accept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*



GET /dvwa-1.0.8/vulnerabilities/sqli/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_943884&apos%3B():%3B926396Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/sqli_blind/


GET /dvwa-1.0.8/vulnerabilities/sqli_blind/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_987741&apos%3B():%3B941903Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers



GET /dvwa-1.0.8/vulnerabilities/sqli_blind/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_939518&apos%3B():%3B947204Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/upload/


GET /dvwa-1.0.8/vulnerabilities/upload/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;

Request headers


security=jngbu7e20p8m7hpevglgb4upt4_977153&apos%3B():%3B917378Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Details/dvwa-1.0.8/vulnerabilities/upload/


GET /dvwa-1.0.8/vulnerabilities/upload/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_924361&apos%3B():%3B985996Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/xss_r/


GET /dvwa-1.0.8/vulnerabilities/xss_r/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_936500&apos%3B():%3B904008Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers



GET /dvwa-1.0.8/vulnerabilities/xss_r/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_905965&apos%3B():%3B925657Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/vulnerabilities/xss_s/


GET /dvwa-1.0.8/vulnerabilities/xss_s/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_977635&apos%3B():%3B953629Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers



GET /dvwa-1.0.8/vulnerabilities/xss_s/ HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4;security=jngbu7e20p8m7hpevglgb4upt4_988547&apos%3B():%3B951397Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


PHP allow_url_fopen enabled

HighSeverityConfigurationTypeScripting (PHPInfo.script)Reported by module

Impact

Description

The PHP configuration directive allow_url_fopen is enabled. When enabled, this directive allows data retrieval fromremote locations (web site or FTP server). A large number of code injection vulnerabilities reported in PHP-based webapplications are caused by the combination of enabling allow_url_fopen and bad input filtering.

allow_url_fopen is enabled by default.

Application dependant - possible remote file inclusion.

Recommendation

You can disable allow_url_fopen from php.ini or .htaccess.

php.iniallow_url_fopen = 'off'

.htaccessphp_flag allow_url_fopen off

Affected items

Details/dvwa-1.0.8/phpinfo.php

This vulnerability was detected using the information from phpinfo() page /dvwa-1.0.8/phpinfo.phpallow_url_fopen: On

GET /dvwa-1.0.8/phpinfo.php HTTP/1.1Cookie: PHPSESSID=6so549u133f82da5orevuihpi3; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Apache server-info enabled

MediumSeverityConfigurationTypeScripting (Apache_Server_Information.script)Reported by module

Impact

Description

Apache /server-info displays information about your Apache configuration. If you are not using this feature, disable it.

Possible sensitive information disclosure.

Recommendation

Disable this functionality if not required. Comment out the <Location /server-info> section from httpd.conf.

References

Apache Homepage

Affected items

DetailsWeb Server

Pattern found: <title>Server Information</title>

GET /server-info HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Apache server-status enabled

MediumSeverityConfigurationTypeScripting (Apache_Server_Information.script)Reported by module

Impact

Description

Apache /server-status displays information about your Apache status. If you are not using this feature, disable it.


Recommendation

Disable this functionality if not required. Comment out the <Location /server-status> section from httpd.conf.

References

Apache Homepage

Affected items

DetailsWeb Server

Pattern found: <title>Apache Status</title>

GET /server-status HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Application error message

MediumSeverityValidationTypeScripting (Error_Message.script)Reported by module

Impact

Description

This page contains an error/warning message that may disclose sensitive information. The message can also contain thelocation of the file that produced the unhandled exception.

This may be a false positive if the error message is found in documentation pages.

The error messages may disclose sensitive information. This information can be used to launch further attacks.

Recommendation

Review the source code for this script.

References

PHP Runtime Configuration

Affected items

Details/dvwa-1.0.8/login.php

URL encoded POST input password was set to passwordError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\login.php on line 19 

POST /dvwa-1.0.8/login.php HTTP/1.1Content-Length: 46Content-Type: application/x-www-form-urlencodedReferer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Login=Login&password[]=password&username=admin

Request headers

Details/dvwa-1.0.8/login.php

URL encoded POST input username was set to adminError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\login.php on line 15 

POST /dvwa-1.0.8/login.php HTTP/1.1Content-Length: 46Content-Type: application/x-www-form-urlencodedReferer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Login=Login&password=password&username[]=admin

Request headers



URL encoded GET input password was set to g00dPa%24%24w0rDError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\brute\source\high.php on line 12 

GET/dvwa-1.0.8/vulnerabilities/brute/?Login=Login&password[]=g00dPa%24%24w0rD&username=qsqcwfhk HTTP/1.1Referer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


URL encoded GET input username was set to qsqcwfhkError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\brute\source\high.php on line 7 

GET/dvwa-1.0.8/vulnerabilities/brute/?Login=Login&password=g00dPa%24%24w0rD&username[]=qsqcwfhk HTTP/1.1Referer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


URL encoded POST input password_conf was set to g00dPa%24%24w0rDError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\captcha\source\high.php on line 12 

POST /dvwa-1.0.8/vulnerabilities/captcha/ HTTP/1.1Content-Length: 187Content-Type: application/x-www-form-urlencodedReferer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Change=Change&password_conf[]=g00dPa%24%24w0rD&password_current=g00dPa%24%24w0rD&password_new=g00dPa%24%24w0rD&recaptcha_challenge_field=1&recaptcha_response_field=manual_challenge&step=1

Request headers


URL encoded POST input password_conf was set to g00dPa%24%24w0rDError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\captcha\source\high.php on line 12 



Change=Change&password_conf[]=g00dPa%24%24w0rD&password_current=g00dPa%24%24w0rD&password_new=g00dPa%24%24w0rD&step=1

Request headers


URL encoded POST input password_new was set to g00dPa%24%24w0rDError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\captcha\source\high.php on line 7 


Change=Change&password_conf=g00dPa%24%24w0rD&password_current=g00dPa%24%24w0rD&password_new[]=g00dPa%24%24w0rD&step=1

Request headers


URL encoded POST input password_new was set to g00dPa%24%24w0rDError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\captcha\source\high.php on line 7 


Change=Change&password_conf=g00dPa%24%24w0rD&password_current=g00dPa%24%24w0rD&password_new[]=g00dPa%24%24w0rD&recaptcha_challenge_field=1&recaptcha_response_field=manual_challenge&step=1

Request headers


URL encoded GET input password_current was set to g00dPa%24%24w0rDError message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\csrf\source\high.php on line 11 Request headers


GET/dvwa-1.0.8/vulnerabilities/csrf/?Change=Change&password_conf=g00dPa%24%24w0rD&password_current[]=g00dPa%24%24w0rD&password_new=g00dPa%24%24w0rD HTTP/1.1Referer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*


URL encoded POST input ip was set to 1Error message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\exec\source\high.php on line 7 

POST /dvwa-1.0.8/vulnerabilities/exec/ HTTP/1.1Content-Length: 20Content-Type: application/x-www-form-urlencodedReferer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

ip[]=1&submit=submit

Request headers


URL encoded GET input id was set to 1Error message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\sqli\source\high.php on line 8 

GET /dvwa-1.0.8/vulnerabilities/sqli/?id[]=1&Submit=Submit HTTP/1.1Referer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


URL encoded GET input id was set to 1Error message found: Warning: stripslashes() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\sqli_blind\source\high.php on line 8 

GET /dvwa-1.0.8/vulnerabilities/sqli_blind/?id[]=1&Submit=Submit HTTP/1.1Referer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers



URL encoded GET input name was set to uhfltlekError message found: Warning: htmlspecialchars() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\xss_r\source\high.php on line 10 

GET /dvwa-1.0.8/vulnerabilities/xss_r/?name[]=uhfltlek HTTP/1.1Referer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


URL encoded POST input mtxMessage was set to 20Error message found: Warning: trim() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\xss_s\source\high.php on line 6 

POST /dvwa-1.0.8/vulnerabilities/xss_s/ HTTP/1.1Content-Length: 57Content-Type: application/x-www-form-urlencodedReferer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

btnSign=Sign%20Guestbook&mtxMessage[]=20&txtName=dslxtfkg

Request headers


URL encoded POST input txtName was set to dslxtfkgError message found: Warning: trim() expects parameter 1 to be string, array given inC:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\xss_s\source\high.php on line 7 

POST /dvwa-1.0.8/vulnerabilities/xss_s/ HTTP/1.1Content-Length: 57Content-Type: application/x-www-form-urlencodedReferer: http://localhost:80/DVWA-1.0.8/Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

btnSign=Sign%20Guestbook&mtxMessage=20&txtName[]=dslxtfkg

Request headers


Directory listing

MediumSeverityInformationTypeScripting (Directory_Listing.script)Reported by module

Impact

Description

The web server is configured to display the list of files contained in this directory. This is not recommended because thedirectory may contain files that are not normally exposed through links on the web site.

A user can view a list of all files from this directory possibly exposing sensitive information.

Recommendation

You should make sure the directory does not contain sensitive information or you may want to restrict directory listingsfrom the web server configuration.References

Directory Listing and Information Disclosure

Affected items

Details/dvwa-1.0.8/config

Pattern found: Last modified</a>

GET /dvwa-1.0.8/config/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/config/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/docs


GET /dvwa-1.0.8/docs/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/docs/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/dvwa


GET /dvwa-1.0.8/dvwa/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/dvwa/css


GET /dvwa-1.0.8/dvwa/css/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/css/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/dvwa/images


GET /dvwa-1.0.8/dvwa/images/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/images/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/dvwa/includes


GET /dvwa-1.0.8/dvwa/includes/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/includes/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/dvwa/includes/dbms


GET /dvwa-1.0.8/dvwa/includes/dbms/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/includes/dbms/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/dvwa/js


GET /dvwa-1.0.8/dvwa/js/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/js/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/vulnerabilities


GET /dvwa-1.0.8/vulnerabilities/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/brute/help


GET /dvwa-1.0.8/vulnerabilities/brute/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/brute/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/captcha/help


GET /dvwa-1.0.8/vulnerabilities/captcha/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/vulnerabilities/csrf/help


GET /dvwa-1.0.8/vulnerabilities/csrf/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/exec/help


GET /dvwa-1.0.8/vulnerabilities/exec/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/exec/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/fi/help


GET /dvwa-1.0.8/vulnerabilities/fi/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/fi/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/vulnerabilities/sqli/help


GET /dvwa-1.0.8/vulnerabilities/sqli/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/sqli/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/sqli_blind/help


GET /dvwa-1.0.8/vulnerabilities/sqli_blind/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/sqli_blind/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/upload/help


GET /dvwa-1.0.8/vulnerabilities/upload/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/upload/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/vulnerabilities/xss_r/help


GET /dvwa-1.0.8/vulnerabilities/xss_r/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/xss_r/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/xss_s/help


GET /dvwa-1.0.8/vulnerabilities/xss_s/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/xss_s/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Error message on page

MediumSeverityValidationTypeScripting (Text_Search_File.script)Reported by module

Impact

Description

This page contains an error/warning message that may disclose sensitive information. The message can also contain thelocation of the file that produced the unhandled exception.

This may be a false positive if the error message is found in documentation pages.

The error messages may disclose sensitive information. This information can be used to launch further attacks.

Recommendation

Review the source code for this script.

References

PHP Runtime Configuration

Affected items

Details/dvwa-1.0.8/dvwa/includes/dbms/mysql.php

Pattern found: Fatal error

GET /dvwa-1.0.8/dvwa/includes/dbms/mysql.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/includes/dbms/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/dvwa/includes/dvwapage.inc.php

Pattern found: Warning: define() expects at least 2 parameters, 1 given inC:\xampp2\htdocs\DVWA-1.0.8\dvwa\includes\dvwaPage.inc.php on line 5 

GET /dvwa-1.0.8/dvwa/includes/dvwapage.inc.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/includes/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)

Request headers


Chrome/28.0.1500.63 Safari/537.36Accept: */*

Details/dvwa-1.0.8/dvwa/includes/dvwaphpids.inc.php

Pattern found: Warning: define() expects at least 2 parameters, 1 given inC:\xampp2\htdocs\DVWA-1.0.8\dvwa\includes\dvwaPhpIds.inc.php on line 4 

GET /dvwa-1.0.8/dvwa/includes/dvwaphpids.inc.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/dvwa/includes/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/fi/include.php

Pattern found: Fatal error

GET /dvwa-1.0.8/vulnerabilities/fi/include.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/fi/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/view_help.php

Pattern found: Warning: file_get_contents(../vulnerabilities//help/help.php): failed to open stream: No such file ordirectory in C:\xampp2\htdocs\DVWA-1.0.8\vulnerabilities\view_help.php on line 14 

GET /dvwa-1.0.8/vulnerabilities/view_help.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


HTML form without CSRF protection

MediumSeverityInformationalTypeCrawlerReported by module

Impact

Description

This alert may be a false positive, manual confirmation is required.Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is atype of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the websitetrusts.

Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more informationabout the affected HTML form.

An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRFexploit can compromise end user data and operation in case of normal user. If the targeted end user is the administratoraccount, this can compromise the entire web application.

Recommendation

Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.

Affected items

Details/dvwa-1.0.8/ids_log.php

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/ids_log.phpForm method: GET

Form inputs:

- clear_log [Submit]

GET /dvwa-1.0.8/ids_log.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/security.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/security.php

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/security.phpForm method: POST

Form inputs:

- security [Select]- seclev_submit [Submit]

GET /dvwa-1.0.8/security.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/index.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=nsnh7p443gi2u75kmj5q1r3k23; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/setup.php

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/setup.phpForm method: POST

Form inputs:

- create_db [Submit]

GET /dvwa-1.0.8/setup.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/index.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=nsnh7p443gi2u75kmj5q1r3k23; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/vulnerabilities/brute

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/vulnerabilities/brute/Form method: GET

Form inputs:

- username [Text]- password [Password]- Login [Submit]

GET /dvwa-1.0.8/vulnerabilities/brute/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/brute/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/csrf

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/Form method: GET

Form inputs:

- password_current [Password]- password_new [Password]- password_conf [Password]- Change [Submit]

GET /dvwa-1.0.8/vulnerabilities/csrf/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/vulnerabilities/exec

Form name: pingForm action: http://localhost/dvwa-1.0.8/vulnerabilities/exec/Form method: POST

Form inputs:

- ip [Text]- submit [Submit]

GET /dvwa-1.0.8/vulnerabilities/exec/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/exec/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/sqli

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/vulnerabilities/sqli/Form method: GET

Form inputs:

- id [Text]- Submit [Submit]

GET /dvwa-1.0.8/vulnerabilities/sqli/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/sqli/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Details/dvwa-1.0.8/vulnerabilities/xss_r

Form name: XSSForm action: http://localhost/dvwa-1.0.8/vulnerabilities/xss_r/Form method: GET

Form inputs:

- name [Text]

GET /dvwa-1.0.8/vulnerabilities/xss_r/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/xss_r/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/xss_s

Form name: guestformForm action: http://localhost/dvwa-1.0.8/vulnerabilities/xss_s/Form method: POST

Form inputs:

- txtName [Text]- mtxMessage [TextArea]- btnSign [Submit]

GET /dvwa-1.0.8/vulnerabilities/xss_s/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/xss_s/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Password field submitted using GET method


Impact

Description

This page contains a form with a password field. This form submits user data using the GET method, therefore thecontents of the password field will appear in the URL. Sensitive information should not be passed via the URL. URLscould be logged or leaked via the Referer header.


Recommendation

The password field should be submitted through POST instead of GET.

Affected items


form name: "<unnamed>"form action: "#"password input: "password"


Request headers


form name: "<unnamed>"form action: "#"password input: "password_current"

GET /dvwa-1.0.8/vulnerabilities/csrf/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)

Request headers




PHP errors enabled

MediumSeverityConfigurationTypeScripting (PHPInfo.script)Reported by module

Impact

Description

The display_errors directive determines whether error messages should be sent to the browser. These messagesfrequently contain sensitive information about your web application environment, and should never be presented tountrusted sources.

display_errors is on by default.

Possible information disclosure.

Recommendation

You can disable display_errors from php.ini or .htaccess.

php.inidisplay_errors = 'off'log_errors = 'on'

.htaccessphp_flag display_errors offphp_flag log_errors on

Affected items


This vulnerability was detected using the information from phpinfo() page /dvwa-1.0.8/phpinfo.phpdisplay_errors: On


Request headers


PHP open_basedir is not set

MediumSeverityConfigurationTypeScripting (PHPInfo.script)Reported by module

Impact

Description

The open_basedir configuration directive will limit the files that can be opened by PHP to the specified directory-tree.When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the fileis outside the specified directory-tree, PHP will refuse to open it. open_basedir is a good protection against remote fileinclusion vulnerabilities. For a remote attacker it is not possible to break out of the open_basedir restrictions if he is onlyable to inject the name of a file to be included. Therefore the number of files he will be able to include with such a localfile include vulnerability is limited.

Application dependant - possible remote code inclusion.

Recommendation

You can set open_basedir from php.ini

php.iniopen_basedir = your_application_directory

Affected items


This vulnerability was detected using the information from phpinfo() page /dvwa-1.0.8/phpinfo.phpopen_basedir: no value


Request headers


PHPinfo page found

MediumSeverityValidationTypeScripting (Text_Search_File.script)Reported by module

Impact

Description

This script is using phpinfo() function. This function outputs a large amount of information about the current state of PHP.This includes information about PHP compilation options and extensions, the PHP version, server information andenvironment (if compiled as a module), the PHP environment, OS version information, paths, master and local values ofconfiguration options, HTTP headers, and the PHP License.

This file may expose sensitive information that may help an malicious user to prepare more advanced attacks.

Recommendation

Remove the file from production systems.

References

PHP phpinfo

Affected items


Pattern found: <title>phpinfo()</title>

GET /dvwa-1.0.8/phpinfo.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/index.phpAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=nsnh7p443gi2u75kmj5q1r3k23; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


phpinfo() page found at : /dvwa-1.0.8/phpinfo.php


Request headers


Slow HTTP Denial of Service Attack

MediumSeverityConfigurationTypeSlow_HTTP_DOSReported by module

Impact

Description

Your web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks.

Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires requests to becompletely received by the server before they are processed. If an HTTP request is not complete, or if the transfer rate isvery low, the server keeps its resources busy waiting for the rest of the data. If the server keeps too many resourcesbusy, this creates a denial of service.

A single machine can take down another machine's web server with minimal bandwidth and side effects on unrelatedservices and ports.

Recommendation

Consult Web references for information about protecting your web server against this type of attack.

References

Slowloris HTTP DoSSlowloris DOS Mitigation GuideProtect Apache Against Slowloris Attack

Affected items

DetailsWeb Server

Time difference between connections: 9907 ms


User credentials are sent in clear text


Impact

Description

User credentials are transmitted over an unencrypted channel. This information should always be transferred via anencrypted channel (HTTPS) to avoid being intercepted by malicious users.

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

Recommendation

Because user credentials are considered sensitive information, should always be transferred to the server over anencrypted connection (HTTPS).

Affected items


Form name: <empty>Form action: http://localhost/dvwa-1.0.8/vulnerabilities/brute/Form method: GET

Form inputs:

- username [Text]- password [Password]- Login [Submit]


Request headers


Details/dvwa-1.0.8/vulnerabilities/captcha

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/Form method: POST

Form inputs:

- step [Hidden]- password_current [Password]- password_new [Password]- password_conf [Password]- Change [Submit]

GET /dvwa-1.0.8/vulnerabilities/captcha/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/captcha

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/Form method: POST

Form inputs:

- step [Hidden]- password_current [Password]- password_new [Password]- password_conf [Password]- recaptcha_challenge_field [TextArea]- recaptcha_response_field [Hidden]- Change [Submit]

GET /dvwa-1.0.8/vulnerabilities/captcha/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers



Form name: <empty>Form action: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/Form method: GET

Form inputs:

- password_current [Password]- password_new [Password]- password_conf [Password]- Change [Submit]

GET /dvwa-1.0.8/vulnerabilities/csrf/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Documentation file

LowSeverityConfigurationTypeScripting (Readme_Files.script)Reported by module

Impact

Description

A documentation file (e.g. readme.txt, changelog.txt, ...) was found in this directory. The information contained in thesefiles could help an attacker identify the web application you are using and sometimes the version of the application. It'srecommended to remove these files from production systems.

These files may disclose sensitive information. This information can be used to launch further attacks.

Recommendation

Remove or restrict access to all documentation file acessible from internet.

Affected items

Details/dvwa-1.0.8/README.md

File contents (first 250 characters):![alt text](http://www.randomstorm.com/images/dvwa_grey.png "DVWA")

DAMN VULNERABLE WEB APP=======================

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to bean aid for security ...

GET /dvwa-1.0.8/README.md HTTP/1.1Cookie: PHPSESSID=6so549u133f82da5orevuihpi3; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


File upload

LowSeverityInformationalTypeCrawlerReported by module

Impact

Description

This page allows visitors to upload files to the server. Various web applications allow users to upload files (such aspictures, images, sounds, ...). Uploaded files may pose a significant risk if not handled correctly. A remote attacker couldsend a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.

If the uploaded files are not safely checked an attacker may upload malicious files.

Recommendation

Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelistapproach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like.htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder sothe files within it are not executable. If possible, rename the files that are uploaded.

Affected items

Details/dvwa-1.0.8/vulnerabilities/upload

Form name: <empty>Form action: http://localhost/dvwa-1.0.8/vulnerabilities/upload/Form method: POST

Form inputs:

- MAX_FILE_SIZE [Hidden]- uploaded [File]- Upload [Submit]

GET /dvwa-1.0.8/vulnerabilities/upload/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/upload/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Login page password-guessing attack

LowSeverityValidationTypeScripting (Html_Authentication_Audit.script)Reported by module

Impact

Description

A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attackis an attempt to discover a password by systematically trying every possible combination of letters, numbers, andsymbols until you discover the one correct combination that works.

This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommendedto implement some type of account lockout after a defined number of incorrect password attempts. Consult Webreferences for more information about fixing this problem.

An attacker may attempt to discover a weak password by systematically trying every possible combination of letters,numbers, and symbols until it discovers the one correct combination that works.

Recommendation

It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.

References

Blocking Brute Force Attacks

Affected items


The scanner tested 10 invalid credentials and no account lockout was detected.

GET /dvwa-1.0.8/vulnerabilities/brute/?Login=Login&password=jitJhAoz&username=4GhtUyxCHTTP/1.1Referer: http://localhost:80/DVWA-1.0.8/Host: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Possible sensitive directories

LowSeverityValidationTypeScripting (Possible_Sensitive_Directories.script)Reported by module

Impact

Description

A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks forcommon sensitive resources like backup directories, database dumps, administration pages, temporary directories. Eachone of these directories could help an attacker to learn more about his target.

This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.

Recommendation

Restrict access to this directory or remove it from the website.

References

Web Server Security and Database Server Security

Affected items

Details/dvwa-1.0.8/config

No details are available.

GET /dvwa-1.0.8/config HTTP/1.1Accept: acunetix/wvsRange: bytes=0-99999Cookie: PHPSESSID=6so549u133f82da5orevuihpi3; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36

Request headers


Possible sensitive files

LowSeverityValidationTypeScripting (Possible_Sensitive_Files.script)Reported by module

Impact

Description

A possible sensitive file has been found. This file is not directly linked from the website. This check looks for commonsensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Eachone of these files could help an attacker to learn more about his target.

This file may expose sensitive information that could help a malicious user to prepare more advanced attacks.

Recommendation

Restrict access to this file or remove it from the website.

References

Web Server Security and Database Server Security

Affected items

Details/dvwa-1.0.8/php.ini


GET /dvwa-1.0.8/php.ini HTTP/1.1Accept: acunetix/wvsCookie: PHPSESSID=6so549u133f82da5orevuihpi3; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36

Request headers


Sensitive page could be cached


Impact

Description

This page contains possible sensitive information (e.g. a password parameter) and could be potentially cached. Even insecure SSL channels sensitive data could be stored by intermediary proxies and SSL terminators. To prevent this, aCache-Control header should be specified.


Recommendation

Prevent caching by adding "Cache Control: No-store" and "Pragma: no-cache" to the page headers.

Affected items

Details/dvwa-1.0.8/vulnerabilities/brute (0e431722672baade827d813b3c6edf86)


GET/dvwa-1.0.8/vulnerabilities/brute/?Login=Login&password=g00dPa%24%24w0rD&username=hfsmhlfc HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/brute/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Session Cookie without HttpOnly flag set


Impact

Description

This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browserthat the cookie can only be accessed by the server and not by client-side scripts. This is an important security protectionfor session cookies.

None

Recommendation

If possible, you should set the HTTPOnly flag for this cookie.

Affected items

Details/

Cookie name: "security"Cookie domain: "localhost"

GET / HTTP/1.1Request headers

Details/

Cookie name: "PHPSESSID"Cookie domain: "localhost"



Session Cookie without Secure flag set


Impact

Description

This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that thecookie can only be accessed over secure SSL channels. This is an important security protection for session cookies.

None

Recommendation

If possible, you should set the Secure flag for this cookie.

Affected items

Details/

Cookie name: "security"Cookie domain: "localhost"


Details/

Cookie name: "PHPSESSID"Cookie domain: "localhost"



Slow response time


Impact

Description

This page had a slow response time. The response time for this page was 3187 ms while the average response time forthis site is 616.61 ms. This types of files can be targeted in denial of service attacks. An attacker can request this pagerepeatedly from multiple computers until the server becomes overloaded.

Possible denial of service.

Recommendation

Investigate if it's possible to reduce the response time for this page.

Affected items

Details/dvwa-1.0.8/vulnerabilities/view_help.php


GET /dvwa-1.0.8/vulnerabilities/view_help.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


TRACE method is enabled

LowSeverityValidationTypeScripting (Track_Trace_Server_Methods.script)Reported by module

Impact

Description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in webbrowsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies andauthentication data.

Recommendation

Disable TRACE Method on the web server.

References

Cross-site tracing (XST)W3C - RFC 2616US-CERT VU#867593

Affected items

DetailsWeb Server


TRACE /F1g6nBvRuX HTTP/1.1Cookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers


Content type is not specified

InformationalSeverityInformationalTypeCrawlerReported by module

Impact

Description

This page does not set a Content-Type header value. This value informs the browser what kind of data to expect. If thisheader is missing, the browser may incorrectly handle the data. This could lead to security problems.

None

Recommendation

Set a Content-Type header value for this page.

Affected items

Details/dvwa-1.0.8/php.ini

HTTP/1.1 200 OKDate: Sun, 06 Jul 2014 21:25:18 GMTServer: Apache/2.4.9 (Win32) OpenSSL/1.0.1g PHP/5.5.11Last-Modified: Wed, 01 May 2013 01:16:46 GMTETag: "94-4db9ddf16bb80"Accept-Ranges: bytesContent-Length: 148Keep-Alive: timeout=5, max=99Connection: Keep-Alive

GET /dvwa-1.0.8/php.ini HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/readme.md

HTTP/1.1 200 OKDate: Sun, 06 Jul 2014 21:24:03 GMTServer: Apache/2.4.9 (Win32) OpenSSL/1.0.1g PHP/5.5.11Last-Modified: Wed, 01 May 2013 01:16:46 GMTETag: "125d-4db9ddf16bb80"Accept-Ranges: bytesContent-Length: 4701Keep-Alive: timeout=5, max=26Connection: Keep-Alive

GET /dvwa-1.0.8/README.md HTTP/1.1Request headers


Cookie: PHPSESSID=6so549u133f82da5orevuihpi3; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*


Email address found

InformationalSeverityInformationalTypeScripting (Text_Search_File.script)Reported by module

Impact

Description

One or more email addresses have been found on this page. The majority of spam comes from email addressesharvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scourthe internet looking for email addresses on any website they come across. Spambot programs look for strings [email protected] and then record any addresses found.

Email addresses posted on Web sites may attract spam.

Recommendation

Check references for details on how to solve this problem.

References

Email Address Disclosed on Website Can be Used for Spam

Affected items


Pattern found: [email protected]


Request headers


GHDB: Default phpinfo page

InformationalSeverityInformationalTypeGHDBReported by module

Impact

Description

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.Category : Files containing passwords

This will look throught default phpinfo pages for ones that have a default mysql password.

The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.

Not available. Check description.

Recommendation


References

The Google Hacking Database (GHDB) communityAcunetix Google hacking

Affected items


We found intitle:"phpinfo()" +"mysql.default_password" +"Zend Scripting Language Engine"


Request headers


GHDB: Files uploaded through FTP


Impact

Description

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.Category : Files containing juicy info

Files uploaded through ftp by other people, sometimes you can find all sorts of things from movies to important stuff.



Recommendation


References

Acunetix Google hackingThe Google Hacking Database (GHDB) community

Affected items

Details/dvwa-1.0.8/vulnerabilities

We found intitle:"Index of" upload size parent directory

GET /dvwa-1.0.8/vulnerabilities/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Request headers

Details/dvwa-1.0.8/vulnerabilities/upload/help

We found intitle:"Index of" upload size parent directory

GET /dvwa-1.0.8/vulnerabilities/upload/help/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/upload/help/Acunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=ajelmbpd4ttf274becckmrtj02; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)

Request headers




GHDB: phpinfo()


Impact

Description

The description for this alert is contributed by the GHDB community, it may contain inappropriate language.Category : Files containing juicy info

this brings up sites with phpinfo(). There is SO much cool stuff in here that you just have to check one out for yourself! Imean full blown system versioning, SSL version, sendmail version and path, ftp, LDAP, SQL info, Apache mods, Apacheenv vars, *sigh* the list goes on and on! Thanks "joe!" =)



Recommendation


References

Acunetix Google hackingThe Google Hacking Database (GHDB) community

Affected items


We found intitle:phpinfo "PHP Version"


Request headers


Possible CSRF (Cross-site request forgery)

InformationalSeverityValidationTypeCSRFReported by module

Impact

Description

Manual confirmation is required for this alert.This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class ofattack that affects web based applications with a predictable structure for invocation. An attacker tricks the user intoperforming an action of the attackers choosing by directing the victim's actions on the target application with a link orother content.The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed)to have authenticated. Here is an example:<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attemptto load the image will submit the withdrawal form with his cookie.

This vulnerability is also known by several other names including Session Riding and One-Click Attack.

Depends on implementation.

Recommendation

Insert custom random tokens into every form and URL that will not be automatically submitted by the browser. CheckReferences for detailed information on protecting against this vulnerability.References

Cross Site Reference ForgeryCross-Site Request ForgeriesThe Cross-Site Request Forgery (CSRF/XSRF) FAQCross-site request forgeryTop 10 2007-Cross Site Request Forgery

Affected items

Details/dvwa-1.0.8/security.php (0c1073004fdb8d2f67116fcd2e57528e)


POST /dvwa-1.0.8/security.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/security.phpContent-Length: 33Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

seclev_submit=Submit&security=low

Request headers


Details/dvwa-1.0.8/security.php (4b8084ccab1d98b65ab8f6868cb5236b)



seclev_submit=Submit&security=high

Request headers

Details/dvwa-1.0.8/security.php (e2e317dfb2ebaca97a5ea7f915eeb9c6)



seclev_submit=Submit&security=medium

Request headers

Details/dvwa-1.0.8/setup.php (bdfdb6cccfc418fa13f20a596815c26c)


POST /dvwa-1.0.8/setup.php HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/setup.phpContent-Length: 39Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflate

Request headers


User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

create_db=Create%20/%20Reset%20Database

Details/dvwa-1.0.8/vulnerabilities/captcha (148a12ec4c6f14514eb58e4554260cce)


POST /dvwa-1.0.8/vulnerabilities/captcha/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/Content-Length: 185Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Change=Change&password_conf=g00dPa%24%24w0rD&password_current=g00dPa%24%24w0rD&password_new=g00dPa%24%24w0rD&recaptcha_challenge_field=1&recaptcha_response_field=manual_challenge&step=1

Request headers

Details/dvwa-1.0.8/vulnerabilities/captcha (aa425408e9d59bc3e8f810ffb027441d)


POST /dvwa-1.0.8/vulnerabilities/captcha/ HTTP/1.1Pragma: no-cacheCache-Control: no-cacheReferer: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/Content-Length: 115Content-Type: application/x-www-form-urlencodedAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsCookie: PHPSESSID=jngbu7e20p8m7hpevglgb4upt4; security=highHost: localhostConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)Chrome/28.0.1500.63 Safari/537.36Accept: */*

Change=Change&password_conf=g00dPa%24%24w0rD&password_current=g00dPa%24%24w0rD&password_new=g00dPa%24%24w0rD&step=1

Request headers


Scanned items (coverage report)

Scanned 66 URLs. Found 41 vulnerable.

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/

No input(s) found for this URL

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/login.php

3 input(s) found for this URLInputs

Input scheme 1Input name Input typeLogin URL encoded POSTpassword URL encoded POSTusername URL encoded POST

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/css/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/css/login.css


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/css/main.css


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/css/help.css


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/css/source.css


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/images/


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/js/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/js/dvwapage.js


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/includes/


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/includes/dbms/



No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/includes/dbms/dbms.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/includes/dbms/mysql.php


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/includes/dbms/pgsql.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/includes/dvwapage.inc.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/dvwa/includes/dvwaphpids.inc.php


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/index.php


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/about.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/phpinfo.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/security.php


Input scheme 1Input name Input typeseclev_submit URL encoded POSTsecurity URL encoded POST

Input scheme 2Input name Input typephpids URL encoded GET

Input scheme 3Input name Input typetest URL encoded GET

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/setup.php


Input scheme 1Input name Input typecreate_db URL encoded POST

No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/logout.php



No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/instructions.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/fi/


Input scheme 1Input name Input typepage URL encoded GET

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/fi/include.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/fi/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/fi/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/


Input scheme 1Input name Input typeChange URL encoded GETpassword_conf URL encoded GETpassword_current URL encoded GETpassword_new URL encoded GET

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/csrf/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/sqli/


Input scheme 1Input name Input typeid URL encoded GETSubmit URL encoded GET


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/sqli/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/sqli/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/exec/


Input scheme 1Input name Input typeip URL encoded POSTsubmit URL encoded POST

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/exec/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/exec/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/brute/


Input scheme 1Input name Input typeLogin URL encoded GETpassword URL encoded GETusername URL encoded GET

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/brute/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/brute/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/xss_s/


Input scheme 1Input name Input typebtnSign URL encoded POSTmtxMessage URL encoded POSTtxtName URL encoded POST

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/xss_s/help/



No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/xss_s/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/xss_r/


Input scheme 1Input name Input typename URL encoded GET

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/xss_r/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/xss_r/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/upload/


Input scheme 1Input name Input typeMAX_FILE_SIZE POST (multipart)Upload POST (multipart)uploaded POST (multipart)

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/upload/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/upload/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/


Input scheme 1Input name Input typeChange URL encoded POSTpassword_conf URL encoded POSTpassword_current URL encoded POSTpassword_new URL encoded POSTrecaptcha_challenge_field URL encoded POSTrecaptcha_response_field URL encoded POSTstep URL encoded POST

Input scheme 2Input name Input typeChange URL encoded POSTpassword_conf URL encoded POSTpassword_current URL encoded POST


password_new URL encoded POSTstep URL encoded POST

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/captcha/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/sqli_blind/


Input scheme 1Input name Input typeid URL encoded GETSubmit URL encoded GET

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/sqli_blind/help/


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/sqli_blind/help/help.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/view_help.php


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/view_source.php


No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/vulnerabilities/view_source_all.php


Input scheme 1Input name Input typeid URL encoded GET

Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/ids_log.php


Input scheme 1Input name Input typeclear_log URL encoded GET

Vulnerabilities has been identified for this URLURL: http://localhost:80/dvwa-1.0.8/readme.md


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/config/



No vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/config/config.inc.php


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/php.ini


Vulnerabilities has been identified for this URLURL: http://localhost/dvwa-1.0.8/docs/

Documents

acunetix