forked from ShiftLeftSecurity/HelloShiftLeft
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathw3af-demo-site (1).xml
152 lines (152 loc) · 16.7 KB
/
w3af-demo-site (1).xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?xml version="1.0" encoding="UTF-8"?>
<w3afrun start="1309962285" startstr="Wed Jul 06 09:24:45 2011" xmloutputversion="1.00">
<scaninfo target="http://192.168.1.20/demo/">
<audit>
<plugin name="xpath"/>
<plugin name="xss"/>
<plugin name="osCommanding"/>
<plugin name="blindSqli"/>
<plugin name="xsrf"/>
<plugin name="formatString"/>
<plugin name="sqli"/>
<plugin name="LDAPi"/>
<plugin name="eval"/>
<plugin name="responseSplitting"/>
</audit>
<bruteforce/>
<grep>
<plugin name="httpAuthDetect"/>
<plugin name="error500"/>
<plugin name="collectCookies"/>
</grep>
<evasion/>
<output>
<plugin name="xmlFile">
<config parameter="fileName" value="output-w3af.xml"/>
</plugin>
<plugin name="textFile">
<config parameter="verbose" value="True"/>
<config parameter="fileName" value="output-w3af.txt"/>
<config parameter="httpFileName" value="output-http.txt"/>
<config parameter="showCaller" value="False"/>
</plugin>
<plugin name="console">
<config parameter="verbose" value="False"/>
</plugin>
</output>
<mangle/>
<discovery>
<plugin name="fingerprint_WAF"/>
<plugin name="detectTransparentProxy"/>
<plugin name="detectReverseProxy"/>
<plugin name="webSpider">
<config parameter="onlyForward" value="True"/>
<config parameter="followRegex" value=".*"/>
<config parameter="ignoreRegex" value=""/>
</plugin>
<plugin name="urlFuzzer"/>
<plugin name="findBackdoor"/>
<plugin name="afd"/>
<plugin name="allowedMethods"/>
</discovery>
</scaninfo>
<vulnerability id="[3893]" method="POST" name="XPATH injection vulnerability" plugin="xpath" severity="Medium" url="http://192.168.1.20/demo/XPathInjection2.php" var="username">
XPATH injection was found at: "http://192.168.1.20/demo/XPathInjection2.php", using HTTP method POST. The sent post-data was: "username=d'z"0&password=FrAmE30.". The modified parameter was "username". This vulnerability was found in the request with id 3893.
</vulnerability>
<vulnerability id="[3894]" method="POST" name="XPATH injection vulnerability" plugin="xpath" severity="Medium" url="http://192.168.1.20/demo/XPathInjection2.php" var="password">
XPATH injection was found at: "http://192.168.1.20/demo/XPathInjection2.php", using HTTP method POST. The sent post-data was: "username=John8212&password=d'z"0". The modified parameter was "password". This vulnerability was found in the request with id 3894.
</vulnerability>
<vulnerability id="[3956]" method="POST" name="Cross site scripting vulnerability" plugin="xss" severity="Medium" url="http://192.168.1.20/demo/EvalInjection2.php" var="command">
Cross Site Scripting was found at: "http://192.168.1.20/demo/EvalInjection2.php", using HTTP method POST. The sent post-data was: "command=<ScRIPt+SrC=http://YNwU/x.js></ScRIPt>". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 3956.
</vulnerability>
<vulnerability id="[4021]" method="POST" name="Cross site scripting vulnerability" plugin="xss" severity="Medium" url="http://192.168.1.20/demo/XSS-reflected2.php" var="username">
Cross Site Scripting was found at: "http://192.168.1.20/demo/XSS-reflected2.php", using HTTP method POST. The sent post-data was: "username=<SCrIPT>alert("CARP")</SCrIPT>". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 4021.
</vulnerability>
<vulnerability id="[4044]" method="POST" name="Cross site scripting vulnerability" plugin="xss" severity="Medium" url="http://192.168.1.20/demo/XSS-cookie.php" var="cookie">
Cross Site Scripting was found at: "http://192.168.1.20/demo/XSS-cookie.php", using HTTP method POST. The sent post-data was: "cookie=<SCrIPT>alert("xJjP")</SCrIPT>". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 4044.
</vulnerability>
<vulnerability id="[4078, 4100]" method="POST" name="Permanent cross site scripting vulnerability" plugin="xss" severity="High" url="http://192.168.1.20/demo/XSS-cookie.php" var="cookie">
Permanent Cross Site Scripting was found at: http://192.168.1.20/demo/XSS-cookie.php . Using method: POST. The XSS was sent to the URL: http://192.168.1.20/demo/XSS-cookie.php. The sent post data is: "cookie=<ScRIpT>fake_alert(String.fromCharCode(VcRd))</SCriPT>" . This vulnerability was found in the requests with ids 4078 and 4100.
</vulnerability>
<vulnerability id="[4268]" method="POST" name="OS commanding vulnerability" plugin="osCommanding" severity="High" url="http://192.168.1.20/demo/OSCommandInjection2.php" var="fileName">
OS Commanding was found at: "http://192.168.1.20/demo/OSCommandInjection2.php", using HTTP method POST. The sent post-data was: "fileName=%7Cping+-n+3+localhost". This vulnerability was found in the request with id 4268.
</vulnerability>
<vulnerability id="[4518, 4519]" method="POST" name="Blind SQL injection vulnerability" plugin="" severity="High" url="http://192.168.1.20/demo/SQLI2.php" var="username">
Blind SQL injection was found at: "http://192.168.1.20/demo/SQLI2.php", using HTTP method POST. The injectable parameter is: "username". This vulnerability was found in the requests with ids 4518 to 4519.
</vulnerability>
<vulnerability id="[4803]" method="POST" name="SQL injection vulnerability" plugin="sqli" severity="High" url="http://192.168.1.20/demo/SQLI2.php" var="username">
SQL injection in a MySQL database was found at: "http://192.168.1.20/demo/SQLI2.php", using HTTP method POST. The sent post-data was: "username=d'z"0". This vulnerability was found in the request with id 4803.
</vulnerability>
<vulnerability id="[22]" method="None" name="Unhandled error in web application" plugin="error500" severity="Medium" url="http://192.168.1.20/demo/" var="None">
An unidentified web application error (HTTP response code 500) was found at: "http://192.168.1.20/demo/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 22.
</vulnerability>
<vulnerability id="[23]" method="None" name="Unhandled error in web application" plugin="error500" severity="Medium" url="http://192.168.1.20/demo/" var="None">
An unidentified web application error (HTTP response code 500) was found at: "http://192.168.1.20/demo/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 23.
</vulnerability>
<vulnerability id="[4746]" method="POST" name="Format string vulnerability" plugin="formatString" severity="Medium" url="http://192.168.1.20/demo/FormatString2.php" var="name">
A possible (detection is really hard...) format string was found at: "http://192.168.1.20/demo/FormatString2.php", using HTTP method POST. The sent post-data was: "name=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n". This vulnerability was found in the request with id 4746.
</vulnerability>
<vulnerability id="[4916]" method="POST" name="eval() input injection vulnerability" plugin="eval" severity="High" url="http://192.168.1.20/demo/EvalInjection2.php" var="command">
eval() input injection was found at: "http://192.168.1.20/demo/EvalInjection2.php", using HTTP method POST. The sent post-data was: "command=sleep(9)%3B". This vulnerability was found in the request with id 4916.
</vulnerability>
<vulnerability id="[4860]" method="POST" name="LDAP injection vulnerability" plugin="LDAPi" severity="High" url="http://192.168.1.20/demo/LDAPInjection2.php" var="username">
LDAP injection was found at: "http://192.168.1.20/demo/LDAPInjection2.php", using HTTP method POST. The sent post-data was: "username=%5E(%23%24%21%40%23%24)(()))%2A%2A%2A%2A%2A%2A&password=FrAmE30.". The modified parameter was "username". This vulnerability was found in the request with id 4860.
</vulnerability>
<information id="[3893]" name="XPATH injection vulnerability" plugin="xpath" url="http://192.168.1.20/demo/XPathInjection2.php">
XPATH injection was found at: "http://192.168.1.20/demo/XPathInjection2.php", using HTTP method POST. The sent post-data was: "username=d'z"0&password=FrAmE30.". The modified parameter was "username". This vulnerability was found in the request with id 3893.
</information>
<information id="[3894]" name="XPATH injection vulnerability" plugin="xpath" url="http://192.168.1.20/demo/XPathInjection2.php">
XPATH injection was found at: "http://192.168.1.20/demo/XPathInjection2.php", using HTTP method POST. The sent post-data was: "username=John8212&password=d'z"0". The modified parameter was "password". This vulnerability was found in the request with id 3894.
</information>
<information id="[3956]" name="Cross site scripting vulnerability" plugin="xss" url="http://192.168.1.20/demo/EvalInjection2.php">
Cross Site Scripting was found at: "http://192.168.1.20/demo/EvalInjection2.php", using HTTP method POST. The sent post-data was: "command=<ScRIPt+SrC=http://YNwU/x.js></ScRIPt>". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 3956.
</information>
<information id="[4021]" name="Cross site scripting vulnerability" plugin="xss" url="http://192.168.1.20/demo/XSS-reflected2.php">
Cross Site Scripting was found at: "http://192.168.1.20/demo/XSS-reflected2.php", using HTTP method POST. The sent post-data was: "username=<SCrIPT>alert("CARP")</SCrIPT>". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 4021.
</information>
<information id="[4044]" name="Cross site scripting vulnerability" plugin="xss" url="http://192.168.1.20/demo/XSS-cookie.php">
Cross Site Scripting was found at: "http://192.168.1.20/demo/XSS-cookie.php", using HTTP method POST. The sent post-data was: "cookie=<SCrIPT>alert("xJjP")</SCrIPT>". This vulnerability affects ALL browsers. This vulnerability was found in the request with id 4044.
</information>
<information id="[4078, 4100]" name="Permanent cross site scripting vulnerability" plugin="xss" url="http://192.168.1.20/demo/XSS-cookie.php">
Permanent Cross Site Scripting was found at: http://192.168.1.20/demo/XSS-cookie.php . Using method: POST. The XSS was sent to the URL: http://192.168.1.20/demo/XSS-cookie.php. The sent post data is: "cookie=<ScRIpT>fake_alert(String.fromCharCode(VcRd))</SCriPT>" . This vulnerability was found in the requests with ids 4078 and 4100.
</information>
<information id="[4268]" name="OS commanding vulnerability" plugin="osCommanding" url="http://192.168.1.20/demo/OSCommandInjection2.php">
OS Commanding was found at: "http://192.168.1.20/demo/OSCommandInjection2.php", using HTTP method POST. The sent post-data was: "fileName=%7Cping+-n+3+localhost". This vulnerability was found in the request with id 4268.
</information>
<information id="[33]" name="Found reverse proxy" plugin="detectReverseProxy" url="http://192.168.1.20/demo/">
The remote web server seems to have a reverse proxy installed. This information was found in the request with id 33.
</information>
<information name="Active filter detected" plugin="afd" url="None">
The remote network has an active filter. IMPORTANT: The result of all the other plugins will be unaccurate, web applications could be vulnerable but "protected" by the active filter.
</information>
<information id="[4518, 4519]" name="Blind SQL injection vulnerability" plugin="" url="http://192.168.1.20/demo/SQLI2.php">
Blind SQL injection was found at: "http://192.168.1.20/demo/SQLI2.php", using HTTP method POST. The injectable parameter is: "username". This vulnerability was found in the requests with ids 4518 to 4519.
</information>
<information id="[99]" name="Potentially interesting file" plugin="urlFuzzer" url="http://192.168.1.20/demo.zip">
A potentially interesting file was found at: "http://192.168.1.20/demo.zip". This information was found in the request with id 99.
</information>
<information id="[1166]" name="Potentially interesting file" plugin="urlFuzzer" url="http://192.168.1.20/demo/PredictableResource.php.bak">
A potentially interesting file was found at: "http://192.168.1.20/demo/PredictableResource.php.bak". This information was found in the request with id 1166.
</information>
<information id="[4803]" name="SQL injection vulnerability" plugin="sqli" url="http://192.168.1.20/demo/SQLI2.php">
SQL injection in a MySQL database was found at: "http://192.168.1.20/demo/SQLI2.php", using HTTP method POST. The sent post-data was: "username=d'z"0". This vulnerability was found in the request with id 4803.
</information>
<information id="[22]" name="Unhandled error in web application" plugin="error500" url="http://192.168.1.20/demo/">
An unidentified web application error (HTTP response code 500) was found at: "http://192.168.1.20/demo/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 22.
</information>
<information id="[23]" name="Unhandled error in web application" plugin="error500" url="http://192.168.1.20/demo/">
An unidentified web application error (HTTP response code 500) was found at: "http://192.168.1.20/demo/". Enable all plugins and try again, if the vulnerability still is not identified, please verify mannually and report it to the w3af developers. This vulnerability was found in the request with id 23.
</information>
<information id="[4746]" name="Format string vulnerability" plugin="formatString" url="http://192.168.1.20/demo/FormatString2.php">
A possible (detection is really hard...) format string was found at: "http://192.168.1.20/demo/FormatString2.php", using HTTP method POST. The sent post-data was: "name=%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n%25n". This vulnerability was found in the request with id 4746.
</information>
<information id="[4916]" name="eval() input injection vulnerability" plugin="eval" url="http://192.168.1.20/demo/EvalInjection2.php">
eval() input injection was found at: "http://192.168.1.20/demo/EvalInjection2.php", using HTTP method POST. The sent post-data was: "command=sleep(9)%3B". This vulnerability was found in the request with id 4916.
</information>
<information id="[17]" name="Allowed methods for http://192.168.1.20/demo/" plugin="allowedMethods" url="http://192.168.1.20/demo/">
The URL "http://192.168.1.20/demo/" has the following allowed methods: GET, HEAD, OPTIONS, POST, TRACE. This information was found in the request with id 17.
</information>
<information id="[4860]" name="LDAP injection vulnerability" plugin="LDAPi" url="http://192.168.1.20/demo/LDAPInjection2.php">
LDAP injection was found at: "http://192.168.1.20/demo/LDAPInjection2.php", using HTTP method POST. The sent post-data was: "username=%5E(%23%24%21%40%23%24)(()))%2A%2A%2A%2A%2A%2A&password=FrAmE30.". The modified parameter was "username". This vulnerability was found in the request with id 4860.
</information>
</w3afrun>