Affected Items

Affected Items
Report
Acunetix website audit
25 January 2019
WEB APPLICATION SECURITY

Generated by Acunetix Reporter
Scan of http://juice-shop.herokuapp.com
Scan details
Scan information
Start time 25/01/2019, 10:27:14
Start url http://juice-shop.herokuapp.com
Host http://juice-shop.herokuapp.com
Scan time 61 minutes, 54 seconds
Profile Full Scan
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these
vulnerabilities and compromise the backend database and/or deface your website.
Alerts distribution
Total alerts found 8

High 2
Medium 5
Low 1
Informational 0
Affected items
/rest/product/search
Alert group Blind SQL Injection
Severity High
This script is possibly vulnerable to SQL Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by
manipulating the user input. An SQL injection occurs when web applications accept user input
Description that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet.
Despite the fact that it is relatively easy to protect against, there is a large number of web
applications vulnerable.
Your script should filter metacharacters from user input.
Recommendations
Check detailed information for more information about fixing this vulnerability.
Alert variants
URL encoded GET input q was set to Wstty3'''''''
Tests performed:
845' => ERROR

845'' => OK
w3j41X''' => ERROR
Details UtUXyd'''' => OK
8c6Wbs''''' => ERROR
38eP5m'''''' => OK
Wstty3''''''' => ERROR
Original value: 1
GET /rest/product/search?q=Wstty3''''''' HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://juice-shop.herokuapp.com
Host: juice-shop.herokuapp.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group SQL injection
Severity High
This script is possibly vulnerable to SQL Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by
manipulating the user input. An SQL injection occurs when web applications accept user input
Description that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet.
Despite the fact that it is relatively easy to protect against, there is a large number of web
applications vulnerable.
Your script should filter metacharacters from user input.
Recommendations
Check detailed information for more information about fixing this vulnerability.
Alert variants
URL encoded GET input q was set to 1'"
Error message found:

Details
near ""%' OR description LIKE '%1'"":
syntax error
GET /rest/product/search?q=1'" HTTP/1.1

Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group Application error message
Severity Medium
This page contains an error/warning message that may disclose sensitive information. The
message can also contain the location of the file that produced the unhandled exception.
Description
This may be a false positive if the error message is found in documentation pages.
Recommendations Review the source code for this script.
Alert variants
URL encoded GET input q was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'Ã°ÂŸÂ’Â©
Details Pattern found:
DatabaseError:
GET /rest/product/search?q=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'ð© HTTP/1.1

Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/rest
Severity Medium
Description
Alert variants
HTTP Header input X-Forwarded-Host was set to MXJuamU1VVNG
Internal Server Error
GET /rest/ HTTP/1.1

Referer: http://www.google.com/search?hl=en&q=testing
Chrome/41.0.2228.0 Safari/537.21
Client-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Forwarded-Host: MXJuamU1VVNG
Accept-Language: en
Via: 1.1 wa.www.test.com
Origin: http://www.test.com/
Cookie: io=KHGWp0-hA1Zo53SqAFzM; cookieconsent_status=dismiss; language=ar_SA
Accept: */*
/rest/admin
Severity Medium
Description
Alert variants
HTTP Header input X-Forwarded-Host was set to eFhhdTB1SUxB
GET /rest/admin/ HTTP/1.1

Chrome/41.0.2228.0 Safari/537.21
X-Forwarded-Host: eFhhdTB1SUxB
Accept-Language: en
Accept: */*
/api
Severity Medium
Description
Alert variants
HTTP Header input X-Forwarded-Host was set to cko5RE1IZmxZ
GET /api/ HTTP/1.1

Chrome/41.0.2228.0 Safari/537.21
X-Forwarded-Host: cko5RE1IZmxZ
Accept-Language: en
Accept: */*
/rest/product
Severity Medium
Description
Alert variants
HTTP Header input X-Forwarded-Host was set to NUtZQ3FlUWhX
GET /rest/product/ HTTP/1.1

Chrome/41.0.2228.0 Safari/537.21
X-Forwarded-Host: NUtZQ3FlUWhX
Accept-Language: en
Accept: */*
Web Server
Alert group Possible virtual host found
Severity Low
Virtual hosting is a method for hosting multiple domain names (with separate handling of each
name) on a single server (or pool of servers). This allows one server to share its resources, such
as memory and processor cycles, without requiring all services provided to use the same host
Description name.
This web server is responding differently when the Host header is manipulated and various
common virtual hosts are tested. This could indicate there is a Virtual Host present.
Recommendations Consult the virtual host configuration and check if this virtual host should be publicly accessible.
Alert variants
Virtual host: mail
Response:
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-88

59-1" />
Details <meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="pragma" content="no-cache" />
<title>Internet Use Policy Exception</title>
</head>
<body bgcolor="white">
<font face=Verdana>
<table width="800" border="0" bordercolor="000000" bgcolor="white"

cellspacing="6">
<tr bgcolor="white">
<td>
<table width="400" align="left" height="100" bgcolo

Scanned items (coverage report)
http://juice-shop.herokuapp.com/
http://juice-shop.herokuapp.com/1999
http://juice-shop.herokuapp.com/1999/html
http://juice-shop.herokuapp.com/2000
http://juice-shop.herokuapp.com/2000/svg
http://juice-shop.herokuapp.com/address
http://juice-shop.herokuapp.com/address/0x0f933ab9fcaaa782d0279c300d73750e1311eae6
http://juice-shop.herokuapp.com/address/1AbKfgvw9psQ41NbLi8kufDQTezwG8DRZm
http://juice-shop.herokuapp.com/address/Xr556RzuwX6hg5EGpkybbv5RanJoZN17kW
http://juice-shop.herokuapp.com/api
http://juice-shop.herokuapp.com/api/Challenges
http://juice-shop.herokuapp.com/assets
http://juice-shop.herokuapp.com/assets/i18n
http://juice-shop.herokuapp.com/assets/i18n/en.json
http://juice-shop.herokuapp.com/assets/public
http://juice-shop.herokuapp.com/assets/public/images
http://juice-shop.herokuapp.com/assets/public/images/JuiceShop_Logo.png
http://juice-shop.herokuapp.com/bkimminich
http://juice-shop.herokuapp.com/bkimminich/juice-shop
http://juice-shop.herokuapp.com/bkimminich/juice-shop/issues
http://juice-shop.herokuapp.com/bkimminich/pgp_keys.asc
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax/libs
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax/libs/cookieconsent2
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax/libs/jquery
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1
http://juice-shop.herokuapp.com/cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js
http://juice-shop.herokuapp.com/cgi-bin
http://juice-shop.herokuapp.com/cgi-bin/webscr
http://juice-shop.herokuapp.com/en_US
http://juice-shop.herokuapp.com/en_US/i
http://juice-shop.herokuapp.com/en_US/i/scr
http://juice-shop.herokuapp.com/favicon.ico
http://juice-shop.herokuapp.com/ftp
http://juice-shop.herokuapp.com/ftp/acquisitions.md
http://juice-shop.herokuapp.com/ftp/coupons_2013.md.bak
http://juice-shop.herokuapp.com/ftp/eastere.gg
http://juice-shop.herokuapp.com/ftp/incident-support.kdbx
http://juice-shop.herokuapp.com/ftp/legal.md
http://juice-shop.herokuapp.com/ftp/package.json.bak
http://juice-shop.herokuapp.com/ftp/quarantine
http://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_linux_64.url
http://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_macos_64.url
http://juice-shop.herokuapp.com/ftp/quarantine/juicy_malware_windows_64.exe.url
http://juice-shop.herokuapp.com/ftp/suspicious_errors.yml
http://juice-shop.herokuapp.com/gb.svg
http://juice-shop.herokuapp.com/index.php
http://juice-shop.herokuapp.com/index.php/O-Saft
http://juice-shop.herokuapp.com/index.php/WASPY_Awards_2017
http://juice-shop.herokuapp.com/investor
http://juice-shop.herokuapp.com/investor/alerts
http://juice-shop.herokuapp.com/juice-shop
http://juice-shop.herokuapp.com/juiceshop
http://juice-shop.herokuapp.com/main.js
http://juice-shop.herokuapp.com/o
http://juice-shop.herokuapp.com/o/oauth2
http://juice-shop.herokuapp.com/o/oauth2/v2
http://juice-shop.herokuapp.com/o/oauth2/v2/auth
http://juice-shop.herokuapp.com/oauth2
http://juice-shop.herokuapp.com/oauth2/v1
http://juice-shop.herokuapp.com/oauth2/v1/userinfo
http://juice-shop.herokuapp.com/OWASP
http://juice-shop.herokuapp.com/owasp.juiceshop
http://juice-shop.herokuapp.com/OWASP/owasp-swag
http://juice-shop.herokuapp.com/OWASP/owasp-swag/tree
http://juice-shop.herokuapp.com/OWASP/owasp-swag/tree/master
http://juice-shop.herokuapp.com/OWASP/owasp-swag/tree/master/projects
http://juice-shop.herokuapp.com/OWASP/owasp-swag/tree/master/projects/juice-shop
http://juice-shop.herokuapp.com/owasp_juiceshop
http://juice-shop.herokuapp.com/polyfills.js
http://juice-shop.herokuapp.com/products
http://juice-shop.herokuapp.com/products/owasp-juice-shop
http://juice-shop.herokuapp.com/products/owasp-juice-shop/794
http://juice-shop.herokuapp.com/pwning-owasp-juice-shop
http://juice-shop.herokuapp.com/pwning-owasp-juice-shop/content
http://juice-shop.herokuapp.com/pwning-owasp-juice-shop/content/part2
http://juice-shop.herokuapp.com/pwning-owasp-juice-shop/content/part2/score-board.html
http://juice-shop.herokuapp.com/pwning-owasp-juice-shop/content/part3
http://juice-shop.herokuapp.com/pwning-owasp-juice-shop/content/part3/donations.html
http://juice-shop.herokuapp.com/redirect
http://juice-shop.herokuapp.com/rest
http://juice-shop.herokuapp.com/rest/admin
http://juice-shop.herokuapp.com/rest/admin/application-configuration
http://juice-shop.herokuapp.com/rest/admin/application-version
http://juice-shop.herokuapp.com/rest/product
http://juice-shop.herokuapp.com/rest/product/search
http://juice-shop.herokuapp.com/runtime.js
http://juice-shop.herokuapp.com/socket.io
http://juice-shop.herokuapp.com/styles.css
http://juice-shop.herokuapp.com/us.svg
http://juice-shop.herokuapp.com/vendor.js
http://juice-shop.herokuapp.com/watch

Affected Items

Загружено:

Сведения о документе

Авторское право

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Affected Items

Загружено:

Авторское право:

Affected Items

WEB APPLICATION SECURITY

Acunetix Threat Level 3

Total alerts found 8

845' => ERROR

URL encoded GET input q was set to 1'"

Error message found:

GET /rest/product/search?q=1'" HTTP/1.1

Details Pattern found:

GET /rest/product/search?q=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'ð​​© HTTP/1.1

Details Pattern found:

Internal Server Error

GET /rest/ HTTP/1.1

Details Pattern found:

Internal Server Error

GET /rest/admin/ HTTP/1.1

Details Pattern found:

Internal Server Error

GET /api/ HTTP/1.1

Details Pattern found:

Internal Server Error

GET /rest/product/ HTTP/1.1

<meta http-equiv="content-type" content="text/html; charset=ISO-88

Details <meta http-equiv="cache-control" content="no-cache" />

<meta http-equiv="pragma" content="no-cache" />

<title>Internet Use Policy Exception</title>

<table width="800" border="0" bordercolor="000000" bgcolor="white"

<table width="400" align="left" height="100" bgcolo

Вам также может понравиться

GET /rest/product/search?q=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'ð© HTTP/1.1