Upload File

webapps vulnerability report - s4apps.com · webapps vulnerability report 1 intro webapps...

  • Home
  • Documents
  • Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information
29
Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information regarding each web application vulnerability found by Core Impact during the course of the testing. These vulnerabilities represent key vulnerable points within the tested applications and can be used to better understand the risk associated with the web application. For more information regarding the types of vulnerabilities found, consult the Vulnerability Descriptions at the end of the report. SECTION PAGE Workspace information 2 Starting urls 3 Summary 4 Vulnerabilities breakdown 5 Vulnerability analysis 6 A1. SQLi - vulnerabilities 8 A1. SQLi - vulns. details 12 A1. SQLi - requests 20 A3. XSS - vulnerabilities 24 A3. XSS - basic info 25 A3. XSS - attack info 26 A3. XSS - attack info (cont) 27 A3. XSS - requests 28 A3. XSS - browsers 29

Upload: others

Post on 30-Oct-2019

76 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 1 Intro

Webapps Vulnerability ReportJanuary 13, 2017 at 4:17 PM

This report provides detailed information regarding each web application vulnerability found by Core Impactduring the course of the testing. These vulnerabilities represent key vulnerable points within the testedapplications and can be used to better understand the risk associated with the web application.

For more information regarding the types of vulnerabilities found, consult the Vulnerability Descriptions atthe end of the report.

SECTION PAGEWorkspace information 2Starting urls 3Summary 4Vulnerabilities breakdown 5Vulnerability analysis 6A1. SQLi - vulnerabilities 8A1. SQLi - vulns. details 12A1. SQLi - requests 20A3. XSS - vulnerabilities 24A3. XSS - basic info 25A3. XSS - attack info 26A3. XSS - attack info (cont) 27A3. XSS - requests 28A3. XSS - browsers 29

Page 2: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 2 Workspace information

Workspace(s) information

Name Company/Test Area Started Finished Exact Time Running TimeDemo 01/13/17 12:08 PM 01/13/17 04:14 PM 4h 6m 21s 23m 55s

Page 3: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 3 Starting urls

Starting URLs

Workspace Scenario Starting URLDemo vmcorelab http://www.vmcorelab.com/

Page 4: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 4 Summary

Summary

Risks

Vulnerabilities TotalSuccessfully exploited 17

Exploited in webpages 17Exploited in hosts 0

Assets

URLs TotalFound 32At Risk (confirmed vulnerabilities) 14Broken links 1

Hosts TotalFound (by 'WebApps Web Server Network Vulnerability Test' module) 0At Risk (confirmed vulnerabilities) 0

General

Effort TotalModules run 65

Page 5: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 5 Vulnerabilities breakdown

Vulnerabilities breakdown

All

OWASP Top Ten Categories Pages Tested VulnerabilitiesA1. Injection 32 16

SQL Injection 32 16HTML - 16Web Service - 0

OS Command Injection 32 0HTML - 0Web Service - 0

A2. Broken Authentication and Session Management 0 0Weak Credentials 0 0

A3. Cross-Site Scripting (XSS) 32 1HTML 32 1

Reflected - 1Persistent - 0

Flash 0 0A4. Insecure Direct Object References 0 0

Hidden Web Pages 0 0A5. Security Misconfiguration 0 0

WebDAV 0 0Default Host Credentials 0 0

A6. Sensitive Data Exposure 0 0Sensitive Information 0 0

Database 0 0Web Pages 0 0

Weak SSL Ciphers 0 0A7. Missing Function Level Access Control 0 0A8. Cross-Site Request Forgery (CSRF) 0 0A9. Using Components with Known Vulnerabilities 0 0

Host Vulnerabilities 0 0A10. Unvalidated Redirects and Forwards 0 0Other Vulnerabilities 0 0

RFI for PHP 0 0LFI for PHP 0 0

Page 6: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 6 Vulnerability analysis

Vulnerability analysis

Confirmed vulnerabilities grouped by OWASP categories

Top ten most vulnerable urls

Workspace Scenario URL Vulns

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 2

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName 2

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter= 2

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter= 1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_join_1.aspx?filter= 1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter= 1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter= 1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_redirect.aspx?filter= 1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string.aspx?filter= 1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_string.aspx?filter= 1

A1 A30

2

4

6

8

10

12

14

16

18

OWASP Categories

Conf

irmed

vul

ner a

bil i t

i es

Page 7: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 7 Vulnerability analysis

Page 8: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 8 A1. SQLi - vulnerabilities

A1. SQL injection - vulnerabilities

Workspace Scenario Web Page Vuln Id Documentation Basic Information

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as anumber, where it can be used to execute arbitrary SELECT statements andextract data using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]=<filterparameter>

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "A", "a", "1=1", "@", "--", "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as anumber, where it can be used to execute arbitrary SELECT statements andextract data using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]=<filterparameter>

-Agent Configured : true-SQL Vuln Type : Blind-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "A", "a", "1=1", "@", "--", "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as anumber, where it can be used to execute arbitrary SELECT statements andextract data using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]=<filterparameter>

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "A", "a", "1=1", "@", "--", "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as adate/time, where it can be used to execute arbitrary SELECT statements andextract data using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]='<filterparameter>'

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "A", "a", "1=1", "-1.0", "1.0", "-1", "1","0", "@", "--", "'"

Page 9: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 9 A1. SQLi - vulnerabilities

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 DescriptionThe parameter is being used without sanitization inside a SQL statement as anumber, where it can be used to execute arbitrary SELECT statements andextract data using blind SQL injection techniques.The parameter is being used as a column name in the ORDER BY clause of aSELECT statement without verifying the value is valid.The query being performed should look like SELECT ... ORDER BY [column1,column2], <order parameter>[, column3, column4] ...

-Agent Configured : true-SQL Vuln Type : Blind-Detected by : HttpErrorCode-Param Name : order-Param Type : GET-Triggers : "A", "a", "1=1", "-1", "0", "@", "--", "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_where_top_1.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as astring, where it can be used to execute arbitrary SELECT statements and extractdata using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]='<filterparameter>'

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_string.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as astring, where it can be used to execute arbitrary SELECT statements and extractdata using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]='<filterparameter>'

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_string.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as astring, where it can be used to execute arbitrary SELECT statements and extractdata using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]='<filterparameter>'

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : RedirectErrorDecoder-Param Name : filter-Param Type : GET-Triggers : "'"

Page 10: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 10 A1. SQLi - vulnerabilities

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_integer.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as anumber, where it can be used to execute arbitrary SELECT statements andextract data using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]=<filterparameter>

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : RedirectErrorDecoder-Param Name : filter-Param Type : GET-Triggers : "A", "a", "1=1", "@", "--", "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as astring, where it can be used to execute arbitrary SELECT statements and extractdata using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]='<filterparameter>'

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : RedirectErrorDecoder-Param Name : filter-Param Type : GET-Triggers : "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_where_1.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as astring, where it can be used to execute arbitrary SELECT statements and extractdata using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]='<filterparameter>'

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_redirect.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as astring, where it can be used to execute arbitrary SELECT statements and extractdata using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]='<filterparameter>'

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : RedirectErrorDecoder-Param Name : filter-Param Type : GET-Triggers : "'"

Page 11: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 11 A1. SQLi - vulnerabilities

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as astring, where it can be used to execute arbitrary SELECT statements and extractdata using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE [column]='<filterparameter>'

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : SqlErrorStringPage-Param Name : filter-Param Type : GET-Triggers : "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as anumber, where it can be used to execute arbitrary SELECT statements andextract data using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE ([column]=<filterparameter>)

-Agent Configured : true-SQL Vuln Type : Blind-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "A", "a", "1=1", "@", "--", "'"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

2 DescriptionThe parameter is being used without sanitization inside a SQL statement as anumber, where it can be used to execute arbitrary SELECT statements andextract data using blind SQL injection techniques.

-Agent Configured : true-SQL Vuln Type : Blind-Detected by : ASCIIDeltaErrorDecoder-Param Name : filter-Param Type : GET-Triggers : "-1.0", "-1", "0"

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_join_1.aspx?filter=

1 DescriptionThe parameter is being used without sanitization inside a SQL statement as astring, where it can be used to execute arbitrary SELECT statements and extractdata using blind SQL injection techniques.The parameter is being used as a value for filtering in the WHERE or HAVINGclause of a SELECT statement without sanitization.The query being performed should look like SELECT ... WHERE([column]='<filter parameter>')

-Agent Configured : true-SQL Vuln Type : Verbose-Detected by : HttpErrorCode-Param Name : filter-Param Type : GET-Triggers : "'"

Page 12: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 12 A1. SQLi - vulns. details

A1. SQL injection - vulnerabities details

Workspace Scenario Web Page Vuln Id Backend Information Capabilities Constraints Channels

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: true-Escapes Quotes: false

-BlindPrefix: (1-Postfix: )True value: 0

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: 0 AND 1=0 UNION ALLPostfix: --True value:

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: no-Delete data : no-Modify data : no-Read files : no-Write files: no-Execute procedures: no-Run processes: no

-Slow Data Extraction: true-Escapes Quotes: false

-BlindPrefix: (1-Postfix: )True value: 0

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix:Postfix:True value:

Page 13: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 13 A1. SQLi - vulns. details

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: (1-Postfix: )True value: 0

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: 0 AND 1=0 UNION ALLPostfix: --True value:

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+UPPER(Postfix: )+'True value: '01-jun-01'

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: 01-jun-01' AND 1=0 UNIONALLPostfix: --True value:

Page 14: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 14 A1. SQLi - vulns. details

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: no-Delete data : no-Modify data : no-Read files : no-Write files: no-Execute procedures: no-Run processes: no

-Slow Data Extraction: true-Escapes Quotes: false

-BlindPrefix: (1-Postfix: )True value: 0

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix:Postfix:True value:

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_where_top_1.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+Postfix: +'True value: ''

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: ' AND 1=0 UNION ALLPostfix: --True value:

Page 15: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 15 A1. SQLi - vulns. details

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_string.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+Postfix: +'True value: ''

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: ' AND 1=0 UNION ALLPostfix: --True value:

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_string.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+Postfix: +'True value: ''

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: ' AND 1=0 UNION ALLPostfix: --True value:

Page 16: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 16 A1. SQLi - vulns. details

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_integer.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: (1-Postfix: )True value: 0

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: 0 AND 1=0 UNION ALLPostfix: --True value:

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+Postfix: +'True value: ''

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: ' AND 1=0 UNION ALLPostfix: --True value:

Page 17: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 17 A1. SQLi - vulns. details

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_where_1.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+Postfix: +'True value: ''

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: ' AND 1=0 UNION ALLPostfix: --True value:

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_redirect.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+Postfix: +'True value: ''

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: ' AND 1=0 UNION ALLPostfix: --True value:

Page 18: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 18 A1. SQLi - vulns. details

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+Postfix: +'True value: ''

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: ' AND 1=0 UNION ALLPostfix: --True value:

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: no-Delete data : no-Modify data : no-Read files : no-Write files: no-Execute procedures: no-Run processes: no

-Slow Data Extraction: true-Escapes Quotes: false

-BlindPrefix: (1-Postfix: )True value: 0

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix:Postfix:True value:

Page 19: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 19 A1. SQLi - vulns. details

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

2 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: no-Delete data : no-Modify data : no-Read files : no-Write files: no-Execute procedures: no-Run processes: no

-Slow Data Extraction: true-Escapes Quotes: false

-BlindPrefix: (1-Postfix: )True value: 0

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix:Postfix:True value:

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_join_1.aspx?filter=

1 -Database Engine: MicrosoftSQL Server-Database Version:-Database OS:-Database Arch:

-Administrator privileges: yes-Read data: yes-Add data: yes-Delete data : yes-Modify data : yes-Read files : yes-Write files: yes-Execute procedures: yes-Run processes: yes

-Slow Data Extraction: false-Escapes Quotes: false

-BlindPrefix: '+Postfix: +'True value: ''

-ConcatInColumnPrefix:Postfix:True value:

-UnionSelectPrefix: ' AND 1=0) UNION ALLPostfix: --True value:

Page 20: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 20 A1. SQLi - requests

A1. SQL injection - query information

Workspace Scenario Web Page VulnId

Type ParameterName ParameterValue

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_integer.aspx?filter=

1 get filter --

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_integer.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_integer.aspx?filter=

1 get filter %40

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_integer.aspx?filter=

1 get filter 1%3D1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_integer.aspx?filter=

1 get filter a

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_integer.aspx?filter=

1 get filter A

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/remoteonly/sql_injection_string.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_redirect.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter=

1 get filter --

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter=

1 get filter %40

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter=

1 get filter 1%3D1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter=

1 get filter a

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_integer.aspx?filter=

1 get filter A

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter=

1 get filter --

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter=

1 get filter %40

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter=

1 get filter 1%3D1

Page 21: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 21 A1. SQLi - requests

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter=

1 get filter a

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_conditional_1.aspx?filter=

1 get filter A

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_join_1.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter=

1 get filter --

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter=

1 get filter %40

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter=

1 get filter 1%3D1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter=

1 get filter a

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_min_1.aspx?filter=

1 get filter A

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

1 get filter --

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

1 get filter %40

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

1 get filter 1%3D1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

1 get filter a

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

1 get filter A

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

2 get filter 0

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

2 get filter -1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_nested_1.aspx?filter=

2 get filter -1.0

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter --

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter %40

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter 0

Page 22: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 22 A1. SQLi - requests

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter 1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter -1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter 1%3D1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter 1.0

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter -1.0

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter a

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get filter A

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

1 get order LastName

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get filter

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get filter

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get filter

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get filter

Page 23: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 23 A1. SQLi - requests

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get filter

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get filter

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get filter

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get filter

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get order --

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get order %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get order %40

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get order 0

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get order -1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get order 1%3D1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get order a

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_orderby_1.aspx?filter=&order=LastName

2 get order A

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_where_1.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_linq_example_where_top_1.aspx?filter=

1 get filter %27

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/verbose/sql_injection_string.aspx?filter=

1 get filter %27

Page 24: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 24 A3. XSS - vulnerabilities

A3. Cross-Site Scripting (XSS) - vulnerabilities

Workspace Scenario Web Page Vuln Id AgentConfigured

Description

Demo vmcorelabhttp://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter=

1 true

DescriptionThere is a parameter that gets reflected to the user without propersanitization. This leads to parameter Cross-Site scripting attacks.We use a vector that includes a remote malicious file to exploit thisvulnerability.

Page 25: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 25 A3. XSS - basic info

A3. Cross-Site Scripting (XSS) - basic information

Workspace Scenario Web Page VulnId

Attack Where ParameterName

ParameterType

Persistent Demo Reflection

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter=

1 parameter filter GET no

Page 26: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 26 A3. XSS - attack info

A3. Cross-Site Scripting (XSS) - attack info

Workspace Scenario Web Page VulnId

AttackType

Prefix Postfix Type Template

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter=

1 remote /><body> < js <SCRIPT SRC=XSS></SCRIPT>

Page 27: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 27 A3. XSS - attack info (cont)

A3. Cross-Site Scripting (XSS) - attack info (cont.)

Workspace Scenario Web Page VulnId

Encoding Encoding Key Demo Injection Transformations Egg Injection

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter=

1

Page 28: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 28 A3. XSS - requests

A3. Cross-Site Scripting (XSS) - requests

Workspace Scenario Web Page Vuln Id ParameterType

ParameterName

Parameter Value

Demo vmcorelabhttp://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter=

1 get filter/%3E%3Cbody%3E%3CSCRIPT%20SRC%3Dhttp%3A//www.example.com/test%3Frnd%3D1234567890%3E%3C/SCRIPT%3E%3C

Page 29: Webapps Vulnerability Report - s4apps.com · Webapps Vulnerability Report 1 Intro Webapps Vulnerability Report January 13, 2017 at 4:17 PM This report provides detailed information

Webapps Vulnerability Report 29 A3. XSS - browsers

A3. Cross-Site Scripting (XSS) - browsers

Workspace Scenario Web Page Vuln Id Browser

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Firefox 2

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Firefox 3

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Firefox 4

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Google Chrome 10.0

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Internet Explorer 6

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Internet Explorer 7

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Internet Explorer 8

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Internet Explorer 9

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Netscape 8.1

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Netscape 8.1 (IE Mode)

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Opera 11.01

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Opera 9.02

Demo vmcorelab http://www.vmcorelab.com/testcases/sqli/blind/sql_injection_string_error_rewrite.aspx?filter= 1 Safari 5.0.4


Vulnerability Assessment Report - Cambridge, Ma

Internal Vulnerability Scan Detail Report · Your Company Name Internal Vulnerability Scan Detail Report Vulnerability Scan Detail Report SECURITY ASSESSMENT PROPRIETARY & CONFIDENTIAL

Web Vulnerability Scanner project Report

Vulnerability Report 2

Vulnerability Scanners Assignment –3 Report

2015 Enterprise Vulnerability Management Trends Report

Vulnerability Assessment Summary Report

GIRLS VULNERABILITY ASSESSMENT REPORT

Mexico Deforestation Vulnerability Final Report mwRL

Vulnerability Assessment and Penetration Testing Report

Vulnerability Assessment Report - Home - Firewall Datafirewalldata.com/resources/Sample_EVS_Analysis.pdf · 1 203.129.236.242 Vulnerability Assessment Report IP Address Analyzed 203.129.236.242

REPORT GUIDE TO COMMUNITY CLIMATE VULNERABILITY …

Web Application Vulnerability Report · • WordPress vulnerabilities: 24% (↓ from 30% in 2019) the full report below contains more vulnerability types. we also explain every vulnerability

Vulnerability scanning report by Tareq Hanaysha

Vulnerability Assessmenthealth.bmz.de/what_we_do/climate_health/Vulnerability... · 2020-08-08 · Vulnerability Assessment Final Report: Increasing resilience to health related impacts

Coastal Vulnerability Assessment Project Report Lavallette

FINAL REPORT ON GEOTECHNICAL SEISMIC VULNERABILITY

Stuart Gregg - PHP CGI Vulnerability Report

VULNERABILITY,DISCLOSURE,REPORT - PRWebww1.prweb.com/prfiles/2012/08/13/9797543/Vulnerability-Disclosure... · 1 VULNERABILITY,DISCLOSURE,REPORT! Vulnerabilities,Identified,withinthe,Dirt,Jumper,DDoS,Toolkit,Family,

From the Director · physical vulnerability, social vulnerability, economic vulnerability and ecological vulnerability. Some of the key findings from the report include: • The Port

Climate Impacts Vulnerability Assessment Report

Acunetix Web Application Vulnerability Report 2016 · Web Application Vulnerability Report 2016 55% OF WEB APPLICATIONS HAVE ONE OR MORE HIGH-SEVERITY VULNERABILITY 84% OF …

Internal Vulnerability Scan Detail Report - … Vulnerability Scan Detail Report . ... Details: DCE Services Enumeration (OID: ... Win32 service or process :

Vulnerability & Security Assessment Report Election ...votingsystems.cdn.sos.ca.gov/vendors/ess/unity3410/red-team.pdf · Vulnerability & Security Assessment Report Election Systems

Draft Vulnerability Assessment and Adaptation Report

Model based vulnerability testing report

Sample WebApp Vulnerability Scan Report

VULNERABILITY ASSESSMENT METHODOLOGIES REPORT July …

VULNERABILITY REPORT 2016 - Youthla › wp-content › ...VulnerabilityReport2016-Red-C… · VULNERABILITY REPORT 2016 | 1 VULNERABILITY REPORT 2016. 2 | VULNERABILITY REPORT 2016

Vulnerability Assessment Report - Trapp Technology

Report on social vulnerability indicators France

Vulnerability Details Report (Sites) Atlassian · Vulnerability Details Report (Sites) Atlassian Report As Of Wednesday, February 17, 2016 Prepared By [email protected] Report

WFP Georgia BASELINE VULNERABILITY ANALYSIS REPORT

FINANCIAL AUDIT DIVISION REPORT Vulnerability Management

VULNERABILITY AND CAPACITY ASSESSMENT REPORT