|
|
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||
|
 |
| CWE-215 | CAPEC-107 | DISSA_ASC-APP3110 | OWASP2007-A9 |
| Description: |
The TRACE verb supported by most web servers can be manipulated to produce a Cross-Site Scripting attack that results in sending arbitrary HTML to the victim's browser. The TRACE verb is designed to echo a user's input and intended for debugging or testing a web server. The TRACE verb is not required for web applications to function (web applications and we/b browsers usually only need the HEAD, GET, and POST verbs). Usually, an attacker will attempt to manipulate an XST vulnerability in order to present malicious HTML as if it came from a legitimate source. Because TRACE echoes input sent to the web server, an attacker will attempt to create a malicious payload and trick a victim into submitting that payload to the server. The payload then appears in the victim's browser and may be an attempt to steal session ID information, passwords, or other sensitive information. Although the impact of this attack may be high, it is often difficult to successfully exploit. It is related to the more serious Cross-Site Scripting (XSS) vulnerability; however, Cross-Site Tracing attacks the web server whereas XSS attacks the web application. |
| Recommendations: |
Refer to your web server's manual for information on how to disable the TRACE method. |
|
 |
Site: http://www.webscantest.com:80| URL: http://www.webscantest.com:80/myfiles/ | Root Cause #75: |
|
|
| URL: http://www.webscantest.com:80/picshare/up |
Root Cause #76: |
|
|
| Root Cause #77: |
|
|
| Root Cause #78: |
|
|
| URL: http://www.webscantest.com:80/rfplaces/in |
Root Cause #79: |
|
|
| CWE-548 | CAPEC-87 | DISSA_ASC-APP3110 | OWASP2007-A6 | OVAL-912 |
| Description: |
A full list of a directory's content can be viewed. This reveals each file and subdirectory, regardless of whether or not it is related to the web application. A directory listing may also reveal backup files, include files, or configuration files that are not normally viewable by users. When these types of files can be found, they often disclose sensitive information about the application. |
| Recommendations: |
Refer to your web server's documentation for instructions on prohibiting directory listings. |
|
 |
Site: http://www.webscantest.com:80
|
|
| CWE-529 | CAPEC-143 | DISSA_ASC-APP3050 | OWASP2007-A6 | OVAL-608 |
| Description: |
A robots.txt file is present in the directory. The robots.txt file provides a list of directories that crawling engines are requested to ignore. There is no way to force the crawling engine to honor the robots.txt file. Depending on the content of the file, it may reveal administrator interfaces or alternate URLs that are supposed to be hidden from users. |
| Recommendations: |
1. Ensure that the robots.txt file does not divulge directories that are intended to be hidden from users. 2. The security of sensitive directories should not rely on hiding their presence. Restrict access to sensitive directories (e.g. admin) by password and IP address or network location. 3. Amend your deployment policy to include the removal of sensitive directories from robots.txt files. |
|
|
Site: http://www.webscantest.com:80
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| CWE-541 | CAPEC-143 | DISSA_ASC-APP3050 | OWASP2007-A6 | OVAL-608 |
| Description: |
An "include" file was found within the web document root and its content could be read. Application include files are used to centralize common functions or code that is to be shared among several scripts. They often contain sensitive information such as database connection credentials, database query constructions, and other application logic. Another significant problem with include files is that their file extension (commonly .inc) is parsed as plain-text by the server, which reveals raw source code. This is different from script files with extensions such as .asp, .cgi, or .php. The content of a script file is interpreted by the server, which sends the result of the script's source code to a user's web browser. If the server does not recognize the file's extension as special, then the file's source code is not interpreted and the raw content is sent to the user's web browser. |
| Recommendations: |
1. Make sure that all include files have a file extension that is known to and interpreted by the application engine. For example, all of the include files for an ASP application should have the .asp file extension, whereas include files for a PHP-based application should have a .php extension. The file's functionality will not be affected, but users will be unable to view source code between the application script tags (such as <% or <?). 2. Amend your deployment policy to include the addition of appropriate file extensions to all include files. |
|
|
Site: http://www.webscantest.com:80| CWE-530 | CAPEC-143 | DISSA_ASC-APP3050 | OWASP2007-A6 | OVAL-608 |
| Description: |
A README file was found within the web document root. README files are normally used to describe installation procedures or release notes for a web application or web application engine. These types of files often describe configuration, installation, or other information about the application or server. Even if the file does not contain sensitive information, its presence may enable an attacker to guess other file names or directories used by the application associated with the README file. The presence of this file also implies that a strong build policy has not been followed for the web server. |
| Recommendations: |
Follow these steps:
|
|
|
Site: http://www.webscantest.com:80| CWE-532 | CAPEC-143 | DISSA_ASC-APP3050 | OWASP2007-A6 | OVAL-608 |
| Description: |
A log file was found within the web document root. Log files from web, FTP, or other services should not be stored in the application's document root. These log files may reveal administration pages, user names, or other sensitive data which an attacker could use to access restricted files or services. For example, FTP logs may contain full file path information and FTP account user names. Log files often contain remote IP address information, which could point attackers to additional targets. |
| Recommendations: |
If log files are being generated by a legitimate source:
|
|
|
Site: http://www.webscantest.com:80| CWE-541 | CAPEC-143 | DISSA_ASC-APP3050 | OWASP2007-A6 | OVAL-608 |
| Description: |
An "include" directory was found within the web document root. These directories often contain files with common functions or code that is to be shared among several scripts. Files within these directories often contain sensitive information such as database connection credentials, database query constructions, and other application logic. Another significant problem with include files is that their file extension (commonly .inc) is parsed as plain-text by the server, which reveals raw source code. This is different from script files with extensions such as .asp, .cgi, or .php. The content of a script file is interpreted by the server, which sends the result of the script's source code to a user's web browser. If the server does not recognize the file's extension as special, then the file's source code is not interpreted and the raw content is sent to the user's web browser. |
| Recommendations: |
These types of application include files are intended to be loaded by other executable scripts within the application, such as ASP, JSP, or PHP files. Users are intended to access and browse the main application script files, but should never have to directly access one the application's include files. 1. Move these files to a location outside of the web document root. Make sure that the web server still has read privileges to the directory so that its scripts can load and parse the include files. Note: If the files in this directory contain HTML or generate HTML and are intended to be viewed within a web browser, then this finding can be ignored. |
|
|
Site: http://www.webscantest.com:80| CWE-530 | CAPEC-143 | DISSA_ASC-APP3050 | OWASP2007-A6 | OVAL-608 |
| Description: |
A backup file was discovered. Binary archives or application files with an alternate file extension may expose source code and application logic to an attacker. If a script's file extension does not match an application extension (such as .asp, .jsp, or .php), then the server usually considers the file equivalent to plain text. When this happens, the server presents the user with the raw source code of the file instead of executing the script and providing interpreted output.
Depending on the content of the script file, the exposure of data varies between simple function calls to database connection credentials to administration passwords.
File archives such as .tgz, .tar.gz, or .zip files should never be stored within the web application's document root. If these files contain an archive of the application's source code, then it will be trivial for an attacker to download and examine the code. |
| Recommendations: |
|
|
|
Site: http://www.webscantest.com:80
|
| CWE-526 |
| Description: |
Default configurations of web servers often provide too much information about their platform and version in HTTP headers and on error pages. This data is not itself dangerous, but it can help an attacker focus on vulnerabilities associated with your specific web server platform/version. |
| Recommendations: |
Configure your web server to avoid having it announce its own details. For example in Apache you would want these two configuration directives in your config file: ServerSignature Off ServerTokens Prod |
