1. Scan ReportProject Name:webgoat_2/2/2011 3:44:27 PMScan Time: 2/2/2011 3:59:44 PMVulnerability Distribution Top 5 Vulnerailities Most Vulnerable Fileswww.itas.vn info@itas.vn.

2. Scan Report SummaryVulnerabilityVulnerability GroupProblems Severity foundCode Injection Java High Risk1XPath InjectionJava High Risk5Reflected XSS All Clients Java High Risk367Stored XSS Java High Risk 124Command InjectionJava High Risk6SQL injectionJava High Risk 54DOM Code Injection JavaScript Vulnerabilities1Trust Boundary Violation Java Medium Threat 148Parameter TamperingJava Medium Threat 44HttpSplittingJava Medium Threat8SQL Injection EvasionJava Medium Threat2AttackXSRF Java Medium Threat8EnvironmentJava Medium Threat 38ManipulationHardcoded password inJava Medium Threat1Connection StringFiles Manipulation Java Medium Threat 18CGI Reflected XSS AllJava Medium Threat 42ClientsCGI Stored XSS Java Medium Threat 18Potential O ReflectedJava Potential 24XSS All ClientsSingleton HTTPServletJava Low Visibility 1Hardcoded Password Java Low Visibility22Verbose Error ReportingJava Low Visibility332www.itas.vn info@itas.vn . 3. Potential Stored XSS Java Potential37Cookie not Sent Over Java Low Visibility5SSLBlind SQL Injections Java Low Visibility 49DoS by UnreleasedJava Low Visibility2ResourcesImproper Exception Java Low Visibility 175HandlingEquals without Java Low Visibility2GetHashCodeThread Safety ViolationJava Struts 15In Action ClassThread Safety IssueJava Low Visibility 31Weak Cryptographic Java Low Visibility6AlgorithmURL Redirection Attack Java Low Visibility3Overly Broad ThrowsJava Best Coding Practice 45Pages Without Global Java Best Coding Practice8Error HandlerCatch Without GeneralJava Best Coding Practice 192Exception HandlingLeftover Debug CodeJava Best Coding Practice3Visible Fields Java Best Coding Practice 11Unclosed Objects Java Best Coding Practice 23Magic NumbersJava Best Coding Practice9Dynamic SQL QueriesJava Best Coding Practice 88Missing Catch BlockJava Best Coding Practice6Erroneous String Java Best Coding Practice1CompareUse of System Output Java Best Coding Practice 160StreamEmpty CatchJava Best Coding Practice 50Overly Broad Catch Java Best Coding Practice 247No Default CaseJava Best Coding Practice1www.itas.vninfo@itas.vnNam. 4. Single Line If Statement Java Best Coding Practice117Confusing Naming Java Best Coding Practice14 www.itas.vninfo@itas.vn Nam. 5. Top 10 Files (High and Medium)File NameProblems FoundParameterParser.java 345BackDoors.java 42DefaultLessonAction.java 36WebSession.java30UncheckedEmail.java27SessionFixation.java 16ViewProfile.java 16JavaScriptValidation.java15Encoding.java15AbstractLesson.java14 www.itas.vn info@itas.vn. 6. Failure to Control Generation of Code (Code Injection)Weakness ID: 94 (Weakness Class) Status: DrafDescriptionDescription Summary The product does not sufficiently filter code (control-plane) syntax from user-controlled input (data plane) when that input is used within code that the product generates.Extended Description When software allows a users input to contain code syntax, it might be possible for an attacker to craft the code in such a way that it will alter the intended control flow of the software. Such an alteration could lead to arbitrary code execution. Injection problems encompass a wide variety of issues -- all mitigated in very different ways. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities.Time of Introductionl Architecture and Designl ImplementationApplicable PlatformsLanguages Interpreted languages: (Sometimes)Common ConsequencesScope EffectConfidentialityThe injected code could access restricted data / filesAuthenticationIn some cases, injectable code controls authentication; this may lead to a remote vulnerabilityAccess ControlInjected code can access resources that the attacker is directly prevented from accessingIntegrityCode injection attacks can lead to loss of data integrity in nearly all cases as the control-plane datainjected is always incidental to data recall or writing. Additionally, code injection can often result in theexecution of arbitrary code.AccountabilityOften the actions performed by injected control code are unlogged.Likelihood of Exploit MediumDemonstrative ExamplesExample 1This example attempts to write user messages to a message file and allow users to view them. (Bad Code) Example Language: PHP $MessageFile = "cwe-94/messages.out"; if ($_GET["action"] == "NewMessage") { $name = $_GET["name"]; $message = $_GET["message"]; $handle = fopen($MessageFile, "a+"); fwrite($handle, " not found. www.itas.vninfo@itas.vn. 36. www.itas.vn info@itas.vn . 37. Path 5:Query Name - Reflected XSS All ClientsSeverity -High1.