Report for <%=CGI.escapeHTML(@audit_store.options['url'])%> (Generated on <%=Time.now%>)

Found a false positive? Report it here.

Summary

Charts

Found <%=@audit_store.issues.size%> issues

<% @audit_store.issues.each_with_index do |issue, i| %>

[<%=i+1%>] <%= issue.name %> ( Severity: <%= issue.severity %> )

In <%= issue.elem %> <% if issue.var%> input <%= issue.var %> <%end%> <% if issue.method %> using <%= issue.method %> <%end%> at <%= issue.url %>.

<%end%>

Configuration

Version: <%=@audit_store.version%>
Revision: <%=@audit_store.revision%>
Audit started on: <%=@audit_store.start_datetime%>
Audit finished on: <%=@audit_store.finish_datetime%>
Runtime: <%=@audit_store.delta_time%>

Runtime options

URL: <%=@audit_store.options['url']%>
User agent: <%=::CGI.escapeHTML( @audit_store.options['user_agent'] )%>

Audited elements	Modules	Filters	Cookies
<% if @audit_store.options['audit_links']%> Links <%end%> <% if @audit_store.options['audit_forms']%> Forms <%end%> <% if @audit_store.options['audit_cookies']%> Cookies <%end%> <% if @audit_store.options['audit_headers']%> Headers <%end%>	<% @audit_store.options['mods'].each do \|mod\|%> <%=mod%> <%end%>	Exclude: <% if !@audit_store.options['exclude'].empty?%> <% @audit_store.options['exclude'].each do \|rule\|%> <%=CGI.escapeHTML( rule )%> <%end%> <% else %> N/A <%end%> Include: <% if !@audit_store.options['include'].empty?%> <% @audit_store.options['include'].each do \|rule\|%> <%=CGI.escapeHTML( rule )%> <%end%> <% else %> N/A <%end%> Redundant: <% if !@audit_store.options['redundant'].empty?%> <% @audit_store.options['redundant'].each do \|rule\|%> <%=CGI.escapeHTML( rule['regexp'] )%> - Count: <%=rule['count']%> <%end%> <% else %> N/A <%end%>	<% if @audit_store.options['cookies'] && !@audit_store.options['cookies'].empty?%> <% @audit_store.options['cookies'].each_pair do \|name, val\|%> <%=CGI.escapeHTML( name )%> = <%=CGI.escapeHTML( val )%> <%end%> <% else %> N/A <%end%>

Issues

<% if @plugins['metamodules']%>

<%=@plugins['metamodules']%>

<%end%> <% @audit_store.issues.each_with_index do |issue, i|%> <%idx = i+1%>

[<%=idx%>] <%=CGI.escapeHTML(issue.name)%>

Module name: <%=CGI.escapeHTML(issue.mod_name)%>
(Internal module name: <%=CGI.escapeHTML(issue.internal_modname)%>)
Affected variable: <%=CGI.escapeHTML(issue.var)%>
Affected URL: <%= CGI.escapeHTML(issue.url)%>
HTML Element: <%=issue.elem%>
Requires manual verification?: <%=issue.verification ? 'Yes' : 'No'%>

CWE: <%=issue.cwe%>
(<%=issue.cwe_url%>)
Severity: <%=issue.severity%>
CVSSV2: <%=issue.cvssv2%>

References

<%=CGI.escapeHTML(source)%> - <%=url%>
N/A

Description

<%=CGI.escapeHTML(issue.description)%>

<% if issue.remedy_guidance && !issue.remedy_guidance.empty? %>

Remedial guidance

<%=CGI.escapeHTML(issue.remedy_guidance)%>

<%end%> <% if issue.remedy_code && !issue.remedy_code.empty? %>

Remedial code

<%=CGI.escapeHTML(issue.remedy_code)%>

<%end%>

<% issue.variations.each_with_index do |variation, j| %> <% var_idx = j + 1%>

[+] Variation <%=var_idx%>

Affected URL:

<%=CGI.escapeHTML(variation['url'])%>

<% if (variation['response'] && !variation['response'].empty?) && variation['regexp_match'] %>

<% match = CGI.escapeHTML( variation['regexp_match'] )%>

 <%=CGI.escapeHTML( variation['response'] ).gsub( match, '' + match + '' ) %>

<%end%> <% if issue.method && (issue.elem.downcase == 'form' || issue.elem.downcase == 'link' ) && ( issue.method.downcase == 'get' || issue.method.downcase == 'post' ) %> <%end%>

<% if variation['injected'] %> Injected value:

 <%=CGI.escapeHTML(variation['injected'])%>

<%end%> <% if variation['id'] %> ID:

<%=CGI.escapeHTML(variation['id'])%>

<%end%> <% if variation['regexp'] %> Regular expression:

<%=CGI.escapeHTML(variation['regexp'])%>

<%end%> <% if variation['regexp_match'] %> Matched by the regular expression:

<%=CGI.escapeHTML(variation['regexp_match'])%>

<%end%>

Headers
Request	Response
<% if variation['headers']['request'].is_a?( Hash ) %> <% variation['headers']['request'].each_pair do \|name, val\| %><%=name%><%="\t" + CGI.escapeHTML(val) + "\n"%><%end%> <%end%>	<% if variation['headers']['response'].is_a?( Hash ) %> <% variation['headers']['response'].each_pair do \|name, val\| %><%=name%><%="\t" + CGI.escapeHTML(val) + "\n"%><%end%> <%end%>

Headers

Request

Response

<% if variation['headers']['request'].is_a?( Hash ) %>

<% variation['headers']['request'].each_pair do |name, val| %><%=name%><%="\t" + CGI.escapeHTML(val) + "\n"%><%end%>

<%end%>

<% if variation['headers']['response'].is_a?( Hash ) %>

<% variation['headers']['response'].each_pair do |name, val| %><%=name%><%="\t" + CGI.escapeHTML(val) + "\n"%><%end%>

<%end%>

<% if variation['escaped_response']%>

HTML Response

<%end%>

Plugin results

<%@plugins.values.each do |plugin|%>

<%=plugin%>

<%end%>

Sitemap

<%=@audit_store.sitemap.size%> pages

<% @audit_store.sitemap.each do |url| %> <%=CGI.escapeHTML(url)%>
<%end%>