Scan Report

NETSPARKER SCAN REPORT SUMMARY
TARGET URL http://103.7.64.84/

SCAN DATE 17-01-2020 10:01:59
Total
Requests
1122
26
Identified
6
REPORT DATE 17-01-2020 10:09:29 Average
SCAN DURATION 00:05:23 Speed
3.47 req/sec.
Confirmed
NETSPARKER VERSION 4.8.0.13139-master-20c2f1d
SCAN SETTINGS 0
Critical
ENABLED ENGINES SQL Injection, SQL Injection (Boolean), SQL Injection (Blind), Cross-site Scripting,
13
Authentication
Command Injection, Command Injection (Blind), Local File Inclusion, Remote File
Scheduled
Inclusion, Code Evaluation, HTTP Header Injection, Open Redirection, Expression
Language Injection, Web App Fingerprint, RoR Code Execution, WebDAV, Reflected File Informational
Download, Insecure Reflected Content, XML External Entity, File Upload, Windows Short
Filename, Server-Side Request Forgery (pattern based), Server-Side Request Forgery
(DNS), SQL Injection (Out of Band), XML External Entity (Out of Band), Cross-site
Scripting (Blind), Remote File Inclusion (Out of Band), Code Evaluation (Out of Band)
URL REWRITE MODE Heuristic
DETECTED URL None
REWRITE RULES
VULNERABILITIES IMPORTANT
4%
MEDIUM
12%
LOW
35%
INFORMATION
50%
1 / 29
VULNERABILITY SUMMARY
URL Parameter Method Vulnerability Confirmed
http://103.7.64.84/ GET Out-of-date Version No

(Apache)
GET Weak Ciphers Yes

Enabled
GET Invalid SSL Yes

Certificate
GET Insecure Yes

Transportation
Security Protocol
Supported (SSLv3)
GET Version Disclosure No

(Apache)
TRACE TRACE/TRACK No
Method Detected
GET Insecure Yes

Transportation
Security Protocol
Supported (TLS
1.0)
GET Apache Web Server No

Identified
GET Missing X-XSS No

Protection Header
GET Content Security No

Policy (CSP) Not
Implemented
https://103.7.64.84/ GET Version Disclosure No

(PHP)
GET Out-of-date Version No

(PHP)
GET HTTP Strict No

Transport Security
(HSTS) Policy Not
Enabled
https://103.7.64.84/?%2527%2522-- GET [Possible] Phishing No

%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252f by Navigating
qo8ljpmoabg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme% Browser Tabs
2522%253e%253c%252fscRipt%253e
GET Subresource No
Integrity (SRI) Not
Implemented
https://103.7.64.84/c:/boot.ini GET Email Address No

Disclosure
GET Generic Email No

Address Disclosure
https://103.7.64.84/robots.txt TRACE TRACE/TRACK No

Method Detected
GET Robots.txt Yes

Detected
https://103.7.64.84/sitemap.xml TRACE TRACE/TRACK No

Method Detected
GET Sitemap Detected No
OPTIONS OPTIONS Method Yes

Enabled
https://103.7.64.84/wp-admin/ TRACE TRACE/TRACK No

Method Detected
https://103.7.64.84/wp-admin/admin-ajax.php TRACE TRACE/TRACK No

Method Detected
https://103.7.64.84/wp-includes/js/tw-sack.js GET Out-of-date Version No

(WordPress)
GET WordPress No
Detected
2 / 29
1. Out-of-date Version (Apache) 1 TOTAL
IMPORTANT
Netsparker identified you are using an out-of-date version of Apache.
Impact
Since this is an old version of the software, it may be vulnerable to attacks.
Remedy
Please upgrade your installation of Apache to the latest stable version.
Remedy References
Downloading the Apache HTTP Server
Known Vulnerabilities in this Version

Apache mod_cache and mod_dav Request Handling Denial of Service Vulnerability
The mod_cache and mod_dav modules in the Apache HTTP Server allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.
External References
CVE-2010-1452
Apache APR-util apr_brigade_split_line() Denial of Service Vulnerability

Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util), as used in the mod_reqtimeout module in the Apache HTTP Server
and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.
External References
CVE-2010-1623
Apache APR apr_fnmatch() Denial of Service Vulnerability

Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, allows context-
dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
External References
CVE-2011-0419
Exploit
http://www.securityfocus.com/data/vulnerabilities/exploits/47820.txt
Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

The byterange filter in the Apache HTTP Server allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as
exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.
External References
CVE-2011-3192
Exploit
http://www.securityfocus.com//data/vulnerabilities/exploits/49303.c
http://www.securityfocus.com/data/vulnerabilities/exploits/49303-2.c
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

The mod_proxy module in the Apache HTTP Server does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote
attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
External References
CVE-2011-3368
Exploit
http://www.securityfocus.com//data/vulnerabilities/exploits/49957.py
Apache HTTP Server Scoreboard Local Security Bypass Vulnerability

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a
certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
External References
CVE-2012-0031
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of
(1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at
sign) character and a : (colon) character in invalid positions.
External References
CVE-2011-4317
3 / 29
Apache HTTP Server CVE-2011-3348 Denial Of Service Vulnerability
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error
state" in the backend server) via a malformed HTTP request.
External References
CVE-2011-3348
mod_proxy_ajp DoS Vulnerability

The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to
cause a denial of service (worker consumption) via an expensive request.
External References
CVE-2012-4557
Apache Multiple XSS Vulnerability

Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x
before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.
External References
CVE-2012-4558
Apache Code Execution Vulnerability

mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute
arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.
External References
CVE-2013-1862
Apache Denial of Service Vulnerabillity

mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a
MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.
External References
CVE-2013-1896
Apache 'main/util.c' Denial of Service Vulnerability

The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote
attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.
External References
CVE-2013-6438
Apache 'mod_log_config.c' Denial of Service Vulnerability

The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon
crash) via a crafted cookie that is not properly handled during truncation.
External References
CVE-2014-0098
Classification
OWASP 2013-A9 PCI V3.1-6.2 PCI V3.2-6.2 CAPEC-310
1.1. http://103.7.64.84/
http://103.7.64.84/
Identified Version
2.2.15 (contains 4 important and 10 other vulnerabilities)
Latest Version
2.2.31
Vulnerability Database
Result is based on 30-12-2016 vulnerability database content.
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Cache-Control: no-cache
Connection: Keep-Alive
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.16 Safari/537.36
Accept-Language: en-us,en;q=0.5
X-Scanner: Netsparker
Accept-Encoding: gzip, deflate
4 / 29
Response
HTTP/1.1 302 Found
Server: Apache/2.2.15 (CentOS)
Expires: Sun, 19 Jan 2020 04:31:58 GMT

Vary: Accept-Encoding
Keep-Alive: timeout=15, max=100
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
Content-Encoding:
Location: https://103.7.64.84/
Date: Fri, 17 Jan 2020 04:31:58 GMT
Cache-Control: max-age=172800
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://103.7.64.84/">here</a>.</p>
<hr>
<address>Apache/2.2.15 (CentOS) Server at 103.7.64.84 Port 80</address>
</body></html>
5 / 29
2. Weak Ciphers Enabled 1 TOTAL
MEDIUM
Netsparker detected that weak ciphers are enabled during secure communication (SSL).
CONFIRMED
You should allow only strong ciphers on your web server to protect secure communication with your visitors.
Impact
1
Attackers might decrypt SSL traffic between your server and your visitors.
Actions to Take
1. For Apache, you should modify the SSLCipherSuite directive in the httpd.conf.
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
2. For Microsoft IIS, you should make some changes to the system registry.
Click Start, click Run, type regedt32 or type regedit, and then click OK.
In Registry Editor, locate the following registry key: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders
Set "Enabled" DWORD to "0x0" for the following registry keys:
SCHANNEL\Ciphers\DES 56/56
SCHANNEL\Ciphers\RC4 64/128
SCHANNEL\Ciphers\NULL
SCHANNEL\Hashes\MD
Remedy
Configure your web server to disallow using weak ciphers.
External References
OWASP - Insecure Configuration Management
OWASP - Insufficient Transport Layer Protection
Classification
OWASP 2013-A6 PCI V3.1-6.5.4 PCI V3.2-6.5.4 CWE-327 CAPEC-217 WASC-4
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Base: 6.8 (Medium)
Temporal: 6.8 (Medium)
Environmental: 6.8 (Medium)
2.1. http://103.7.64.84/ Confirmed

http://103.7.64.84/
List of Supported Weak Ciphers

TLS_RSA_WITH_RC4_128_MD5 (0x0004)
TLS_RSA_WITH_RC4_128_SHA (0x0005)
TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xC011)
Request
[NETSPARKER] SSL Connection
Response
6 / 29
3. Invalid SSL Certificate 1 TOTAL
MEDIUM
Netsparker identified an invalid SSL certificate.
CONFIRMED
An SSL certificate can be created and signed by anyone. You should have a valid SSL certificate to make your visitors sure about the secure communication between your website and
them. If you have an invalid certificate, your visitors will have trouble distinguishing between your certificate and those of attackers.
1
Impact
Attackers can perform man-in-the-middle attacks and observe the encryption traffic between your website and its visitors.
Remedy
Fix the problem with your SSL certificate to provide secure communication between your website and its visitors.
External References
Classification
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Base: 6.8 (Medium)
3.1. http://103.7.64.84/ Confirmed

http://103.7.64.84/
List of Problems
The Name on the security certificate does not match the name of the site - CN=*.netdatavault.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated
Request
Response
7 / 29
4. Insecure Transportation Security Protocol Supported (SSLv3) 1 TOTAL
MEDIUM
Netsparker detected that insecure transportation security protocol (SSLv3) is supported by your web server.
CONFIRMED
SSLv3 has several flaws. An attacker can cause connection failures and they can trigger the use of SSL 3.0 to exploit vulnerabilities like POODLE.
Impact
1
Remedy
Configure your web server to disallow using weak ciphers. You need to restart the web server to enable changes.
For Apache, adjust the SSLProtocol directive provided by the mod_ssl module. This directive can be set either at the server level or in a virtual host configuration.
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
For Nginx, locate any use of the directive ssl_protocols in the nginx.conf file and remove SSLv3.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
For Microsoft IIS, you should make some changes on the system registry.
1. Click on Start and then Run, type regedt32 or regedit, and then click OK.
2. In Registry Editor, locate the following registry key or create if it does not exist:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\
3. Locate a key named Server or create if it doesn't exist.

4. Under the Server key, locate a DWORD value named Enabled or create if it doesn't exist and set its value to "0".
For Lighttpd, put the following lines in your configuration file:
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
External References
How to disable SSlv3
How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
This POODLE Bites: Exploiting The SSL 3.0 Fallback
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012
Classification
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Base: 6.8 (Medium)
4.1. http://103.7.64.84/ Confirmed

http://103.7.64.84/
Request
Response
8 / 29
5. Version Disclosure (Apache) 1 TOTAL
LOW
Netsparker identified a version disclosure (Apache) in the target web server's HTTP response.
This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.
Impact
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Remedy
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
Remedy References
Apache ServerTokens Directive
Classification
CWE-205 CAPEC-170 WASC-45 HIPAA-164.306(A), 164.308(A)
5.1. http://103.7.64.84/
http://103.7.64.84/
Extracted Version
2.2.15
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Response
HTTP/1.1 302 Found

Content-Length: 236
Content-Encoding:
Date: Fri, 17 Jan 2020 04:31:58 GMT

<html><head>
</head><body>
<h1>Found</h1>
<hr>
</body></html>
9 / 29
6. Version Disclosure (PHP) 1 TOTAL
LOW
Netsparker identified a version disclosure (PHP) in target web server's HTTP response.
This information can help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.
Impact
An attacker might use the disclosed information to harvest specific security vulnerabilities for the version identified.
Remedy
Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
Classification
CWE-205 CAPEC-170 WASC-45 HIPAA-164.306(A), 164.308(A)
6.1. https://103.7.64.84/
https://103.7.64.84/
Extracted Version
5.6.40
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Referer: http://103.7.64.84/
Response
HTTP/1.1 301 Moved Permanently
X-Powered-By: PHP/5.6.40
Vary: Accept-Encoding,User-Agent
Content-Length: 20
Content-Type: text/html; charset=UTF-8
Content-Encoding:
Location: https://www.netdatavault.com/
Date: Fri, 17 Jan 2020 04:32:08 GMT
10 / 29
7. TRACE/TRACK Method Detected 5 TOTAL
LOW
Netsparker detected the TRACE/TRACK method is allowed.
Impact
It is possible to bypass the HttpOnly cookie limitation and read the cookies in a cross-site scripting attack by using the TRACE/TRACK method within an XmlHttpRequest. This is not possible with modern
browsers, so the vulnerability can only be used when targeting users with unpatched and old browsers.
Remedy
Disable this method in all production systems. Even though the application is not vulnerable to cross-site scripting, a debugging feature such as TRACE/TRACK should not be required in a production system
and therefore should be disabled.
External References
Cross Site Tracing
US-CERT VU#867593
Classification
OWASP 2013-A5 CWE-16 CAPEC-107 WASC-14
7.1. http://103.7.64.84/
http://103.7.64.84/
Certainty
Request
TRACE / HTTP/1.1
Host: 103.7.64.84
X-NS: N7242288S
Content-Length: 0
Response
HTTP/1.1 200 OK
Content-Type: message/http
Transfer-Encoding: chunked
Date: Fri, 17 Jan 2020 04:31:59 GMT
TRACE / HTTP/1.1
X-NS: N7242288S
Host: 103.7.64.84
Content-Length: 0
7.2. https://103.7.64.84/robots.txt
https://103.7.64.84/robots.txt
Certainty
Request
TRACE /robots.txt HTTP/1.1
Host: 103.7.64.84
Referer: https://103.7.64.84/robots.txt
X-NS: N2396935S
Content-Length: 0
Response
HTTP/1.1 200 OK
Date: Fri, 17 Jan 2020 04:32:21 GMT
TRACE /robots.txt HTTP/1.1
X-NS: N2396935S
Host: 103.7.64.84
Content-Length: 0
7.3. https://103.7.64.84/sitemap.xml
https://103.7.64.84/sitemap.xml
Certainty
Request
TRACE /sitemap.xml HTTP/1.1
Host: 103.7.64.84
Referer: https://103.7.64.84/sitemap.xml
X-NS: N5712244S
Content-Length: 0
11 / 29
Response
HTTP/1.1 200 OK
Date: Fri, 17 Jan 2020 04:32:13 GMT
TRACE /sitemap.xml HTTP/1.1
X-NS: N5712244S
Host: 103.7.64.84
Content-Length: 0
7.4. https://103.7.64.84/wp-admin/
https://103.7.64.84/wp-admin/
Certainty
Request
TRACE /wp-admin/ HTTP/1.1
Host: 103.7.64.84
X-NS: N87970S
Content-Length: 0
Response
HTTP/1.1 200 OK
Date: Fri, 17 Jan 2020 04:32:21 GMT
TRACE /wp-admin/ HTTP/1.1
X-NS: N87970S
Host: 103.7.64.84
Content-Length: 0
7.5. https://103.7.64.84/wp-admin/admin-ajax.php
https://103.7.64.84/wp-admin/admin-ajax.php
Certainty
Request
TRACE /wp-admin/admin-ajax.php HTTP/1.1
Host: 103.7.64.84
X-NS: N13342390S
Content-Length: 0
Response
HTTP/1.1 200 OK
Date: Fri, 17 Jan 2020 04:32:17 GMT
TRACE /wp-admin/admin-ajax.php HTTP/1.1
X-NS: N13342390S
Host: 103.7.64.84
Content-Length: 0
12 / 29
8. Insecure Transportation Security Protocol Supported (TLS 1.0) 1 TOTAL
LOW
Netsparker detected that insecure transportation security protocol (TLS 1.0) is supported by your web server.
CONFIRMED
TLS 1.0 has several flaws. An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST (Browser Exploit Against SSL/TLS).
Websites using TLS 1.0 will be considered non-compliant by PCI after 30 June 2018. 1
Impact
Remedy
Configure your web server to disallow using weak ciphers. You need to restart the web server to enable changes.
For Apache, adjust the SSLProtocol directive provided by the mod_ssl module. This directive can be set either at the server level or in a virtual host configuration.
SSLProtocol +TLSv1.1 +TLSv1.2
For Nginx, locate any use of the directive ssl_protocols in the nginx.conf file and remove TLSv1.
ssl_protocols TLSv1.1 TLSv1.2;
For Microsoft IIS, you should make some changes on the system registry.
1. Click on Start and then Run, type regedt32 or regedit, and then click OK.
2. In Registry Editor, locate the following registry key or create if it does not exist:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\
3. Locate a key named Server or create if it doesn't exist.

4. Under the Server key, locate a DWORD value named Enabled or create if it doesn't exist and set its value to "0".
External References
How to disable TLS v1.0
IIS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2003, 2008 and 2012
Date Change for Migrating from SSL and Early TLS
Browser Exploit Against SSL/TLS Attack (BEAST)
Classification
8.1. http://103.7.64.84/ Confirmed

http://103.7.64.84/
Request
Response
13 / 29
9. [Possible] Phishing by Navigating Browser Tabs 1 TOTAL
LOW
Opened windows through normal hrefs with target="_blank" can modify window.opener.location and replace the parent webpage with something else, even on a different origin.
While this doesn't allow script execution, it does allow phishing attacks that silently replace the parent tab.
Impact
If the links lack of rel="noopener noreferrer" attribute, third party site can change the URL of source tab using window.opener.location.assign and trick the user as if he is still in a trusted page and lead him
to enter his secret information or credentials to this malicious copy.
Remedy
To prevent pages from abusing window.opener, use rel=noopener. This ensures window.opener is null in Chrome 49 and Opera 36.
For older browsers and in Firefox, you could use rel=noreferrer which also disables the Referer HTTP header.
<a href="..." target="_blank" rel="noopener noreferrer">...</a>
External References
Target="_blank" - the most underestimated vulnerability ever
Blankshield & reverse tabnabbing attacks
Classification
OWASP 2013-A5
9.1. https://103.7.64.84/?%2527%2522--
%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252fqo8ljpmoa
bg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme%2522%253e%253c
%252fscRipt%253e
https://103.7.64.84/?%2527%2522--%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%2...
Parameters
Parameter Type Value
%2527%2522-- GET
%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cs
cRipt%2520src%253d%2522%252f%252fqo8ljpmoabg5toyruuj5x
u77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%
252346%253bme%2522%253e%253c%252fscRipt%253e
External Links
https://twitter.com/NDVCloudFactory
https://www.facebook.com/NetDataVaultIDCandCloudServices
https://www.linkedin.com/company/netdatavault-data-center-and-cloud-services?trk=company_logo
Certainty
Request
GET /?%2527%2522--%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252fqo8ljpmoabg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme%2522%253e%253c%252fscRipt%253e HTTP/1.1
Host: 103.7.64.84
Referer: http://103.7.64.84/
Response
…
at best fits your application.</p>
<h4><strong>Call +91 129-2250400</strong></h4></div>
</aside><aside id="sociable_widget-3" class="widget clearfix socials-wg"><ul class="atpsocials"><li><a href="https://twitter.com/NDVCloudFactory" target="_blank"><i class="fa fa-twitter fa-lg" title="Twitter"></i> </a></li><li><a
href="https://www.facebook.com/NetDataVaultIDCandCloudServices" target="_blank"><i class="fa fa-facebook fa-lg" title="Facebook"></i> </a></li><li><a href="https://www.linkedin.com/company/netdatavault-data-center-and-cloud-services?
trk=company_logo" target="_blank"><i class="fa fa-linkedin fa-lg" title="LinkedIn"></i> </a></li></ul></aside> </div></div>
<div class="clear"></div>
<div class="copyright clearfix">

<div class="
…
14 / 29
10. Email Address Disclosure 1 TOTAL
INFORMATION
Netsparker identified an email address disclosure.
Impact
Email addresses discovered within the application can be used by both spam email engines and also brute-force tools. Furthermore, valid email addresses may lead to social engineering attacks.
Remedy
Use generic email addresses such as contact@ or info@ for general communications and remove user/people-specific email addresses from the website; should this be required, use submission forms for this
purpose.
External References
Wikipedia - Email Spam
Classification
CWE-200 CAPEC-118 WASC-13 OWASP-PC-C7
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base: 5.3 (Medium)
10.1. https://103.7.64.84/c:/boot.ini
https://103.7.64.84/c:/boot.ini
Certainty
Request
GET /c:/boot.ini HTTP/1.1
Host: 103.7.64.84
Referer: http://103.7.64.84/
Response
…
ne"><span class="icon"><i class="icon-phone"></i></span><span class="details">+91-129-2250400</span></p><p><span class="icon"><i class="icon-envelope"></i></span><span class="details"><a
href="mailto:sales@netdatavault.com">sales@netdatavault.com</a></span></p><p><span class="icon"><i class="icon-link"></i></span><span class="details"><a href="http://www.netdatavault.com">http://www.netdatavault.com</a></span></p></div></aside>
</div><div
…
15 / 29
11. Sitemap Detected 1 TOTAL
INFORMATION
Netsparker detected a sitemap file on the target website.
Impact
This issue is reported as additional information only. There is no direct impact arising from this issue.
Classification
OWASP-PC-C7
11.1. https://103.7.64.84/sitemap.xml
Certainty
Request
GET /sitemap.xml HTTP/1.1
Host: 103.7.64.84
Response
…
iso-8859-1
Content-Encoding:
Location: https://103.7.64.84/sitemap.xml
Date: Fri, 17 Jan 2020 04:32:12 GMT
<?xml version="1.0" encoding="UTF-8"?>

<urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9
http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xs
…
16 / 29
12. Robots.txt Detected 1 TOTAL
INFORMATION
Netsparker detected a Robots.txt file with potentially sensitive content.
CONFIRMED
Impact
Depending on the content of the file, an attacker might discover hidden directories and files.
1
Remedy
Ensure you have nothing sensitive exposed within this file, such as the path of an administration panel. If disallowed paths are sensitive and you want to keep it from unauthorized access, do not write them
in the Robots.txt, and ensure they are correctly protected by means of authentication.
Robots.txt is only used to instruct search robots which resources should be indexed and which ones are not.
The following block can be used to tell the crawler to index files under /web/ and ignore the rest:
User-Agent: *
Allow: /web/
Disallow: /
Please note that when you use the instructions above, search engines will not index your website except for the specified directories.
If you want to hide certain section of the website from the search engines X-Robots-Tag can be set in the response header to tell crawlers whether the file should be indexed or not:
X-Robots-Tag: googlebot: nofollow

X-Robots-Tag: otherbot: noindex, nofollow
By using X-Robots-Tag you don't have to list the these files in your Robots.txt.
It is also not possible to prevent media files from being indexed by putting using Robots Meta Tags. X-Robots-Tag resolves this issue as well.
For Apache, the following snippet can be put into httpd.conf or an .htaccess file to restrict crawlers to index multimedia files without exposing them in Robots.txt
<Files ~ "\.pdf$">
# Don't index PDF files.
Header set X-Robots-Tag "noindex, nofollow"
</Files>
<Files ~ "\.(png|jpe?g|gif)$">
#Don't index image files.
Header set X-Robots-Tag "noindex"
</Files>
External References
Controlling Crawling and Indexing
X-Robots-Tag: A Simple Alternate For Robots .txt and Meta Tag
Classification
OWASP-PC-C7
12.1. https://103.7.64.84/robots.txt Confirmed

https://103.7.64.84/robots.txt
Interesting Robots.txt Entries

Disallow: /wp-admin/
Request
GET /robots.txt HTTP/1.1
Host: 103.7.64.84
Response
HTTP/1.1 302 Found
Content-Length: 242
Content-Encoding:
Location: https://103.7.64.84/robots.txt
Date: Fri, 17 Jan 2020 04:32:16 GMT
User-agent: *
Disallow: /wp-admin/
Allow: /wp-admin/admin-ajax.php
17 / 29
13. Out-of-date Version (PHP) 1 TOTAL
INFORMATION
Netsparker identified you are using an out-of-date version of PHP.
Impact
Remedy
Please upgrade your installation of PHP to the latest stable version.
Remedy References
Downloading PHP
Classification
OWASP 2013-A9 PCI V3.1-6.2 PCI V3.2-6.2 CAPEC-310 OWASP-PC-C1
13.1. https://103.7.64.84/
https://103.7.64.84/
Identified Version
5.6.40
Latest Version
5.6.26
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Referer: http://103.7.64.84/
Response
HTTP/1.1 301 Moved Permanently
Content-Length: 20
Content-Encoding:
Location: https://www.netdatavault.com/
Date: Fri, 17 Jan 2020 04:32:08 GMT
18 / 29
14. Generic Email Address Disclosure 1 TOTAL
INFORMATION
Netsparker identified a generic email address disclosure.
Impact
Generic email addresses discovered within the application.
Remedy
This is reported for informational purposes only.
You can use submission forms for this purpose to avoid automated email address harvesting tools.
External References
Wikipedia - Email Spam
Classification
CWE-200 CAPEC-118 WASC-13 OWASP-PC-C7
14.1. https://103.7.64.84/c:/boot.ini
https://103.7.64.84/c:/boot.ini
Email Address(es)
sales@netdatavault.com
Certainty
Request
GET /c:/boot.ini HTTP/1.1
Host: 103.7.64.84
Referer: http://103.7.64.84/
Response
…
ne"><span class="icon"><i class="icon-phone"></i></span><span class="details">+91-129-2250400</span></p><p><span class="icon"><i class="icon-envelope"></i></span><span class="details"><a
href="mailto:sales@netdatavault.com">sales@netdatavault.com</a></span></p><p><span class="icon"><i class="icon-link"></i></span><span class="details"><a href="http://www.netdatavault.com">http://www.netdatavault.com</a></span></p></div></aside>
</div><div
…
19 / 29
15. HTTP Strict Transport Security (HSTS) Policy Not Enabled 1 TOTAL
INFORMATION
Netsparker identified that HTTP Strict Transport Security (HSTS) policy is not enabled.
The target website is being served from not only HTTP but also HTTPS and it lacks of HSTS policy implementation.
HTTP Strict Transport Security (HSTS) is a web security policy mechanism whereby a web server declares that complying user agents (such as a web browser) are to interact with it using only secure HTTP
(HTTPS) connections. The HSTS Policy is communicated by the server to the user agent via a HTTP response header field named "Strict-Transport-Security". HSTS Policy specifies a period of time during
which the user agent shall access the server in only secure fashion.
When a web application issues HSTS Policy to user agents, conformant user agents behave as follows:
Automatically turn any insecure links referencing the web application into secure links. (For instance, http://example.com/some/page/ will be modified to https://example.com/some/page/ before
accessing the server.)
If the security of the connection cannot be ensured (e.g. the server's TLS certificate is self-signed), show an error message and do not allow the user to access the web application.
Remedy
Configure your webserver to redirect HTTP requests to HTTPS.
For Apache, you should have modification in the httpd.conf.
# load module
LoadModule headers_module modules/mod_headers.so
# redirect all HTTP to HTTPS (optional)

<VirtualHost *:80>
ServerAlias *
RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</VirtualHost>
# HTTPS-Host-Configuration
<VirtualHost *:443>
# Use HTTP Strict Transport Security to force client to use secure connections only
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
# Further Configuration goes here

[...]
</VirtualHost>
External References
Wikipedia - HTTP Strict Transport Security
Configure HSTS (HTTP Strict Transport Security) for Apache/Nginx
Classification
OWASP-PC-C8
15.1. https://103.7.64.84/
https://103.7.64.84/
Certainty
Request
GET / HTTP/1.1
Host: www.netdatavault.com
Response
HTTP/1.1 200 OK
Set-Cookie: __cfduid=d61237aad9e40774db0664840d26a03c91579235532; expires=Sun, 16-Feb-20 04:32:12 GMT; path=/; domain=.netdatavault.com; HttpOnly; SameSite=Lax
Link: <https://www.netdatavault.com/wp-json/>; rel="https://api.w.org/"
Link: <https://www.netdatavault.com/>; rel=shortlink
Server: cloudflare
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Content-Encoding:
CF-RAY: 55659aa13b97bc06-LHR
Date: Fri, 17 Jan 2020 04:32:15 GMT
<!DOCTYPE html>



<html lang="en-US" prefix="og: http://ogp.me/ns#">

<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width" />
<link rel="profile" href="https://gmpg.org/xfn/11" />
<link rel="pingback" href="https://www.netdatavault.com/xmlrpc.php" />

<link rel="shortcut icon" href="https://www.netdatavault.com/wp-content/uploads/2016/06/favicon.ico" type="image/x-icon" />
<title>Cloud Data Center India, Managed VPS Hosting Server Providers - NDV</title>

<meta name="description" content="North India's first Tier 3 certified data center offering cloud server hosting, dedicated server hosting, VPS hosting & data center services."/>
<link rel="canonical" href="https://www.net
…
20 / 29
16. Out-of-date Version (WordPress) 1 TOTAL
INFORMATION
Netsparker identified the target web site is using WordPress and detected that it is out of date. WordPress is a free and open-source content management system (CMS) based on PHP
and MySQL.
Impact
Remedy
Please upgrade your installation of WordPress to the latest stable version.
Remedy References
Downloading WordPress
Classification
OWASP 2013-A9 PCI V3.1-6.2 PCI V3.2-6.2 CAPEC-310 OWASP-PC-C1
16.1. https://103.7.64.84/wp-includes/js/tw-sack.js
https://103.7.64.84/wp-includes/js/tw-sack.js
Identified Version
4.6
Latest Version
4.7
Certainty
Request
GET /wp-includes/js/tw-sack.js HTTP/1.1
Host: 103.7.64.84
Response
HTTP/1.1 200 OK
Expires: Sun, 16 Feb 2020 04:33:35 GMT
Content-Length: 1543
Last-Modified: Wed, 13 Sep 2017 13:07:38 GMT
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Encoding:
Date: Fri, 17 Jan 2020 04:33:35 GMT
ETag: "802c7-1369-55911d8131a80"
/* Simple AJAX Code-Kit (SACK) v1.6.1 */

/* �2005 Gregory Wild-Smith */
/* www.twilightuniverse.com */
/* Software licenced under a modified X11 licence,
see documentation or authors website for more details */
function sack(file) {
this.xmlhttp = null;
this.resetData = function() {
this.method = "POST";
this.queryStringSeparator = "?";
this.argumentSeparator = "&";
this.URLString = "";
this.encodeURIString = true;
this.execute = false;
this.element = null;
this.elementObj = null;
this.requestFile = file;
this.vars = new Object();
this.responseStatus = new Array(2);
};
this.resetFunctions = function() {
this.onLoading = function() { };
this.onLoaded = function() { };
this.onInteractive = function() { };
this.onCompletion = function() { };
this.onError = function() { };
this.onFail = function() { };
};
this.reset = function() {
this.resetFunctions();
this.resetData();
};
this.createAJAX = function() {
try {
this.xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e1) {
try {
this.xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e2) {
}
}
if (! this.xmlhttp) {
if (typeof XMLHttpRequest != "undefined") {
this.xmlhttp = new XMLHttpRequest();
} else {
this.failed = true;
}
}
};
this.setVar = function(name, value){

this.vars[name] = Array(value, false);
};
this.encVar = function(name, value, returnvars) {

if (true == returnvars) {
return Array(encodeURIComponent(name), encodeURIComponent(value));
} else {
this.vars[encodeURIComponent(name)]
…
21 / 29
17. WordPress Detected 1 TOTAL
INFORMATION
Netsparker identified that the target web site is using WordPress. WordPress is a free and open-source content management system (CMS) based on PHP and MySQL.
Impact
Classification
OWASP-PC-C7
17.1. https://103.7.64.84/wp-includes/js/tw-sack.js
https://103.7.64.84/wp-includes/js/tw-sack.js
Identified Version
4.6
Latest Version
4.7
Certainty
Request
GET /wp-includes/js/tw-sack.js HTTP/1.1
Host: 103.7.64.84
Response
HTTP/1.1 200 OK
Expires: Sun, 16 Feb 2020 04:33:35 GMT
Content-Length: 1543
Last-Modified: Wed, 13 Sep 2017 13:07:38 GMT
Accept-Ranges: bytes
Content-Type: text/javascript
Content-Encoding:
Date: Fri, 17 Jan 2020 04:33:35 GMT
ETag: "802c7-1369-55911d8131a80"
/* Simple AJAX Code-Kit (SACK) v1.6.1 */

/* �2005 Gregory Wild-Smith */
/* www.twilightuniverse.com */
/* Software licenced under a modified X11 licence,
see documentation or authors website for more details */
function sack(file) {
this.resetData = function() {
this.method = "POST";
this.queryStringSeparator = "?";
this.argumentSeparator = "&";
this.URLString = "";
this.encodeURIString = true;
this.execute = false;
this.element = null;
this.elementObj = null;
this.requestFile = file;
this.vars = new Object();
this.responseStatus = new Array(2);
};
this.resetFunctions = function() {
this.onLoading = function() { };
this.onLoaded = function() { };
this.onInteractive = function() { };
this.onCompletion = function() { };
this.onError = function() { };
this.onFail = function() { };
};
this.reset = function() {
this.resetFunctions();
this.resetData();
};
this.createAJAX = function() {
try {
this.xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e1) {
try {
this.xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e2) {
}
}
if (! this.xmlhttp) {
if (typeof XMLHttpRequest != "undefined") {
this.xmlhttp = new XMLHttpRequest();
} else {
this.failed = true;
}
}
};
this.setVar = function(name, value){

this.vars[name] = Array(value, false);
};
this.encVar = function(name, value, returnvars) {

if (true == returnvars) {
return Array(encodeURIComponent(name), encodeURIComponent(value));
} else {
this.vars[encodeURIComponent(name)]
…
22 / 29
18. OPTIONS Method Enabled 1 TOTAL
INFORMATION
Netsparker detected that OPTIONS method is allowed. This issue is reported as extra information.
CONFIRMED
Impact
Information disclosed from this page can be used to gain additional information about the target system.
1
Remedy
Disable OPTIONS method in all production systems.
External References
Testing for HTTP Methods and XST (OWASP-CM-008)
HTTP/1.1: Method Definitions
Classification
OWASP 2013-A5 CWE-16 CAPEC-107 WASC-14
18.1. https://103.7.64.84/sitemap.xml Confirmed

Allowed methods
GET,HEAD,POST,OPTIONS,TRACE
Request
OPTIONS /sitemap.xml HTTP/1.1
Host: 103.7.64.84
Content-Length: 0
Response
HTTP/1.1 200 OK
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Length: 20
Content-Type: text/xml
Content-Encoding:
Date: Fri, 17 Jan 2020 04:33:34 GMT
23 / 29
19. Apache Web Server Identified 1 TOTAL
INFORMATION
Netsparker identified a web server (Apache) in the target web server's HTTP response.
Impact
External References
Apache ServerTokens Directive
Classification
OWASP-PC-C7
CVSS 3.0
CVSS Vector String: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:O/RC:C
Base: 5.3 (Medium)
19.1. http://103.7.64.84/
http://103.7.64.84/
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Response
HTTP/1.1 302 Found
Content-Length: 236
Content-Encoding:
Date: Fri, 17 Jan 2020 04:31:58 GMT

<html><head>
</head><body>
<h1>Found</h1>
<hr>
</body></html>
24 / 29
20. Missing X-XSS Protection Header 1 TOTAL
INFORMATION
Netsparker detected a missing X-XSS-Protection header which means that this website could be at risk of a Cross-site Scripting (XSS) attacks.
Impact
Remedy
Add the X-XSS-Protection header with a value of "1; mode= block".
X-XSS-Protection: 1; mode=block
External References
MSDN - Internet Explorer 8 Security Features
Internet Explorer 8 XSS Filter
Classification
HIPAA-164.308(A) OWASP-PC-C9
20.1. http://103.7.64.84/
http://103.7.64.84/
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
Response
HTTP/1.1 302 Found
Content-Length: 236
Content-Encoding:
Date: Fri, 17 Jan 2020 04:31:58 GMT

<html><head>
</head><body>
<h1>Found</h1>
<hr>
</body></html>
25 / 29
21. Subresource Integrity (SRI) Not Implemented 1 TOTAL
INFORMATION
Subresource Integrity (SRI) provides a mechanism to check integrity of the resource hosted by third parties like Content Delivery Networks (CDNs) and verifies that the fetched
resource has been delivered without unexpected manipulation.
SRI does this using hash comparison mechanism. In this way, hash value declared in HTML elements (for now only script and link elements are supported) will be compared with the hash value of the
resource hosted by third party.
Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.
Remedy
Using Subresource Integrity is simply to add integrity attribute to the script tag along with a base64 encoded cryptographic hash value.
<script src="https://code.jquery.com/jquery-2.1.4.min.js" integrity="sha384-R4/ztc4ZlRqWjqIuvf6RX5yb/v90qNGx6fS48N0tRxiGkqveZETq72KgDVJCp2TC" crossorigin="anonymous"></script>
The hash algorithm must be one of sha256, sha384 or sha512, followed by a '-' character.
External References
Subresource Integrity
Do not let your CDN betray you: Use Subresource Integrity
Web Application Security with Subresource Integrity
SRI Hash Generator
Classification
21.1. https://103.7.64.84/?%2527%2522--
%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252fqo8ljpmoa
bg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme%2522%253e%253c
%252fscRipt%253e
https://103.7.64.84/?%2527%2522--%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%2...
Parameters
Parameter Type Value
%2527%2522-- GET
%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cs
cRipt%2520src%253d%2522%252f%252fqo8ljpmoabg5toyruuj5x
u77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%
252346%253bme%2522%253e%253c%252fscRipt%253e
Identified Sub Resource(s)

https://www.netdatavault.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.9
https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/css/settings.css?ver=4.6.93
https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/style.css?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/css/animate.css?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/css/prettyPhoto.css?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/css/shortcodes.css?ver=2.0
https://www.netdatavault.com/wp-content/themes/hostmev2/css/fortawesome/font-awesome.css?ver=2.0
https://www.netdatavault.com/wp-content/themes/hostmev2/css/fontawesome/css/font-awesome.css?ver=4.0
https://www.netdatavault.com/wp-content/themes/hostmev2/css/blue.monday/jplayer.blue.monday.css?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/framework/admin/css/datepicker.css?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/css/flexslider.css?ver=1
https://www.netdatavault.com/wp-content/themes/hostmev2/css/responsive.css?ver=all
https://www.netdatavault.com/wp-content/themes/hostmev2/css/owl.carousel.css?ver=1
https://www.netdatavault.com/wp-content/themes/hostmev2/css/owl.theme.css?ver=1
https://www.netdatavault.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
https://www.netdatavault.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?ver=4.6.93
https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.6.93
https://fonts.googleapis.com/css?family=Open+Sans:300,400,700%7C
https://platform.linkedin.com/in.js
https://assets.pinterest.com/js/pinit.js
https://www.netdatavault.com/wp-includes/js/comment-reply.min.js?ver=4.8.12
https://www.netdatavault.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.9
https://www.netdatavault.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4
https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/modernizr.custom.min.js?ver=4.8.12
https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/jquery.shuffle.min.js?ver=4.8.12
https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/random-shuffle-min.js?ver=4.8.12
https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/js/custom.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.easing.1.3.js?ver=4.8.12
https://www.netdatavault.com/wp-includes/js/hoverIntent.min.js?ver=1.8.1
https://www.netdatavault.com/wp-content/themes/hostmev2/js/superfish.min.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.jplayer.min.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.preloadify.min.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.prettyPhoto.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.fitvids.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.appear.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/sys_custom.js?ver=1.0
https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.flexslider.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/waypoints.js?ver=4.8.12
https://www.netdatavault.com/wp-includes/js/wp-embed.min.js?ver=4.8.12
https://www.netdatavault.com/wp-content/themes/hostmev2/js/common.js
Certainty
Request
GET /?%2527%2522--%253e%253c%252fstyle%253e%253c%252fscRipt%253e%253cscRipt%2520src%253d%2522%252f%252fqo8ljpmoabg5toyruuj5xu77ug5e0oqemfww_95m_ww%2526%252346%253br87%2526%252346%253bme%2522%253e%253c%252fscRipt%253e HTTP/1.1
Host: 103.7.64.84
Referer: http://103.7.64.84/
26 / 29
Response
…
1em !important;
margin: 0 .07em !important;
vertical-align: -0.1em !important;
background: none !important;
padding: 0 !important;
}
</style>
<link rel='stylesheet' id='contact-form-7-css' href='https://www.netdatavault.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.9' type='text/css' media='all' />
<link rel='stylesheet' id='rs-plugin-settings-css' href='https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/css/settings.css?ver=4.6.93' type='text/css' media='all' />
<style id='rs-plugin-settings-inline-css' type='text/css'>
@import url(http://fonts.googleapis.com/css?family=Open+Sans:400,800,300,700);.tp-caption.roundedimage img{-webkit-border-radius:300px; -moz-border-radius:300px; border-radius:300px}
</style>
<link rel='stylesheet' id='SFSImainCss-css' href='https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/css/sfsi-style.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='hostmev2-style-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/style.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-animate-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/animate.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-prettyphoto-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/prettyPhoto.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-shortcodes-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/shortcodes.css?ver=2.0' type='text/css' media='all' />
<link rel='stylesheet' id='iva-fortawesome-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/fortawesome/font-awesome.css?ver=2.0' type='text/css' media='all' />
<link rel='stylesheet' id='iva-fontawesome-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/fontawesome/css/font-awesome.css?ver=4.0' type='text/css' media='all' />
<link rel='stylesheet' id='iva-jplayer.blue.monday-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/blue.monday/jplayer.blue.monday.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-datepicker-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/framework/admin/css/datepicker.css?ver=4.8.12' type='text/css' media='all' />
<link rel='stylesheet' id='iva-flexslider-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/flexslider.css?ver=1' type='text/css' media='all' />
<link rel='stylesheet' id='iva-responsive-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/responsive.css?ver=all' type='text/css' media='all' />
<link rel='stylesheet' id='iva-owl-style-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/owl.carousel.css?ver=1' type='text/css' media='all' />
<link rel='stylesheet' id='iva-owl-theme-css' href='https://www.netdatavault.com/wp-content/themes/hostmev2/css/owl.theme.css?ver=1' type='text/css' media='all' />
<script type='text/javascript'>
/* <![CDATA[ */
var atp_panel = {"SiteUrl":"https:\/\/www.netdatavault.com\/wp-content\/themes\/hostmev2"};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-includes/js/jquery/jquery.js?ver=1.12.4'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.tools.min.js?ver=4.6.93'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=4.6.93'></script>
<link rel='https://api.w.org/' href='https://www.netdatavault.com/wp-json/' />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="https://www.netdatavault.com/xmlrpc.php?rsd"
…
jFOTkdDVDVRZG9HOC9ic1RXN2UwbWhNZGQ2b2E2UUF2WXY0NWZDTm05WlAvMFUxVGg4eVV8YWtEdGlqWEYvZGptYmhlWnFqM3E1Mm1lellzMUhHbWd4blFiOE1MZWY3ND0=" content="nj7bC3HYfwVy5MjT9pcl"/>

<link href="https://fonts.googleapis.com/css?family=Open+Sans:300,400,700%7C" rel="stylesheet" type="text/css" />
<style type="text/css">.recentcomments a{display:inline !important;padding:0 !important;margin:0 !important;}</style>

<style>
body { background-color:#f
…
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
})();
</script>


<script src="//platform.linkedin.com/in.js" type="text/javascript">lang: en_US</script>

<script type="text/javascript" src="//assets.pinterest.com/js/pinit.js"></script>

<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.c
…
color: #000000 !important;
font-size: 16px !important;
text-align: center !important;
background-color: #dedede !important;
}
</style>
<script type='text/javascript' src='https://www.netdatavault.com/wp-includes/js/comment-reply.min.js?ver=4.8.12'></script>
/* <![CDATA[ */
var wpcf7 = {"apiSettings":{"root":"https:\/\/www.netdatavault.com\/wp-json\/contact-form-7\/v1","namespace":"contact-form-7\/v1"},"recaptcha":{"messages":{"empty":"Please verify that you are not a robot."}}};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.9'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/modernizr.custom.min.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/jquery.shuffle.min.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/js/shuffle/random-shuffle-min.js?ver=4.8.12'></script>
/* <![CDATA[ */
var ajax_object = {"ajax_url":"https:\/\/www.netdatavault.com\/wp-admin\/admin-ajax.php"};
var ajax_object = {"ajax_url":"https:\/\/www.netdatavault.com\/wp-admin\/admin-ajax.php","plugin_url":"https:\/\/www.netdatavault.com\/wp-content\/plugins\/ultimate-social-media-icons\/"};
/* ]]> */
</script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/plugins/ultimate-social-media-icons/js/custom.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.easing.1.3.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-includes/js/hoverIntent.min.js?ver=1.8.1'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/superfish.min.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.jplayer.min.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.preloadify.min.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.prettyPhoto.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.fitvids.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.appear.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/sys_custom.js?ver=1.0'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/jquery.flexslider.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-content/themes/hostmev2/js/waypoints.js?ver=4.8.12'></script>
<script type='text/javascript' src='https://www.netdatavault.com/wp-includes/js/wp-embed.min.js?ver=4.8.12'></script>


<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[
…
ogle-analytics.com/analytics.js','ga');
ga('create', 'UA-108625134-1', 'auto');
ga('send', 'pageview');
</script>

<script type="text/javascript" src="https://www.netdatavault.com/wp-content/themes/hostmev2/js/common.js"></script>

<script type="text/javascript">
window.$zopim||(function(d,s){var z=$zopim=function(c){z._.push(c)},$=z.s=
d.createElement(s),e=d.getElementsByTagNa
…
27 / 29
22. Content Security Policy (CSP) Not Implemented 1 TOTAL
INFORMATION
CSP is an added layer of security that helps to mitigate mainly Cross-site Scripting attacks.
CSP can be enabled instructing the browser with a Content-Security-Policy directive in a response header;
Content-Security-Policy: script-src 'self';
or in a meta tag;
<meta http-equiv="Content-Security-Policy" content="script-src 'self';">
In the above example, you can restrict script loading only to the same domain. It will also restrict inline script executions both in the element attributes and the event handlers. There are various directives
which you can use by declaring CSP:
script-src: Restricts the script loading resources to the ones you declared. By default, it disables inline script executions unless you permit to the evaluation functions and inline scripts by the unsafe-
eval and unsafe-inline keywords.
base-uri: Base element is used to resolve relative URL to absolute one. By using this CSP directive, you can define all possible URLs which could be assigned to base-href attribute of the document.
frame-ancestors: It is very similar to X-Frame-Options HTTP header. It defines the URLs by which the page can be loaded in an iframe.
frame-src / child-src: frame-src is the deprecated version of child-src. Both define the sources that can be loaded by iframe in the page. (Please note that frame-src was brought back in CSP 3)
object-src : Defines the resources that can be loaded by embedding such as Flash files, Java Applets.
img-src: As its name implies, it defines the resources where the images can be loaded from.
connect-src: Defines the whitelisted targets for XMLHttpRequest and WebSocket objects.
default-src: It is a fallback for the directives that mostly ends with -src suffix. When the directives below are not defined, the value set to default-src will be used instead:
child-src
connect-src
font-src
img-src
manifest-src
media-src
object-src
script-src
style-src
When setting the CSP directives, you can also use some CSP keywords:
none: Denies loading resources from anywhere.

self : Points to the document's URL (domain + port).
unsafe-inline: Permits running inline scripts.
unsafe-eval: Permits execution of evaluation functions such as eval().
In addition to CSP keywords, you can also use wildcard or only a scheme when defining whitelist URLs for the points. Wildcard can be used for subdomain and port portions of the URLs:
Content-Security-Policy: script-src https://*.example.com;
Content-Security-Policy: script-src https://example.com:*;
Content-Security-Policy: script-src https;
It is also possible to set a CSP in Report-Only mode instead of forcing it immediately in the migration period. Thus you can see the violations of the CSP policy in the current state of your web site while
migrating to CSP:
Content-Security-Policy-Report-Only: script-src 'self'; report-uri: https://example.com;
Impact
There is no direct impact of not implementing CSP on your website. However, if your website is vulnerable to a Cross-site Scripting attack CSP can prevent successful exploitation of that vulnerability. By not
implementing CSP you’ll be missing out this extra layer of security.
Actions to Take
Enable CSP on your website by sending the Content-Security-Policy in HTTP response headers that instruct the browser to apply the policies you specified.
Apply the whitelist and policies as strict as possible.
Rescan your application to see if Netsparker identifies any weaknesses in your policies.
Remedy
Enable CSP on your website by sending the Content-Security-Policy in HTTP response headers that instruct the browser to apply the policies you specified.
External References
An Introduction to Content Security Policy
Content Security Policy (CSP)
Classification
OWASP-PC-C9
22.1. http://103.7.64.84/
http://103.7.64.84/
Certainty
Request
GET / HTTP/1.1
Host: 103.7.64.84
28 / 29
Response
HTTP/1.1 302 Found
Content-Length: 236
Content-Encoding:
Date: Fri, 17 Jan 2020 04:31:58 GMT

<html><head>
</head><body>
<h1>Found</h1>
<hr>
</body></html>
29 / 29

Scan Report

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Scan Report

Transféré par

Droits d'auteur :

Formats disponibles

NETSPARKER SCAN REPORT SUMMARY

TARGET URL http://103.7.64.84/

http://103.7.64.84/ GET Out-of-date Version No

GET Weak Ciphers Yes

GET Invalid SSL Yes

GET Insecure Yes

GET Version Disclosure No

GET Insecure Yes

GET Apache Web Server No

GET Missing X-XSS No

GET Content Security No

https://103.7.64.84/ GET Version Disclosure No

GET Out-of-date Version No

GET HTTP Strict No

https://103.7.64.84/?%2527%2522-- GET [Possible] Phishing No

https://103.7.64.84/c:/boot.ini GET Email Address No

GET Generic Email No

https://103.7.64.84/robots.txt TRACE TRACE/TRACK No

GET Robots.txt Yes

https://103.7.64.84/sitemap.xml TRACE TRACE/TRACK No

GET Sitemap Detected No

OPTIONS OPTIONS Method Yes

https://103.7.64.84/wp-admin/ TRACE TRACE/TRACK No

https://103.7.64.84/wp-admin/admin-ajax.php TRACE TRACE/TRACK No

https://103.7.64.84/wp-includes/js/tw-sack.js GET Out-of-date Version No

Known Vulnerabilities in this Version

Apache APR-util apr_brigade_split_line() Denial of Service Vulnerability

Apache APR apr_fnmatch() Denial of Service Vulnerability

Apache HTTP Server CVE-2011-3192 Denial Of Service Vulnerability

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

Apache HTTP Server Scoreboard Local Security Bypass Vulnerability

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

mod_proxy_ajp DoS Vulnerability

Apache Multiple XSS Vulnerability

Apache Code Execution Vulnerability

Apache Denial of Service Vulnerabillity

Apache 'main/util.c' Denial of Service Vulnerability

Apache 'mod_log_config.c' Denial of Service Vulnerability

Expires: Sun, 19 Jan 2020 04:31:58 GMT

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

In Registry Editor, locate the following registry key: HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders

Set "Enabled" DWORD to "0x0" for the following registry keys:

2.1. http://103.7.64.84/ Confirmed

List of Supported Weak Ciphers

3.1. http://103.7.64.84/ Confirmed

SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

3. Locate a key named Server or create if it doesn't exist.

4.1. http://103.7.64.84/ Confirmed

Expires: Sun, 19 Jan 2020 04:31:58 GMT

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

TRACE /robots.txt HTTP/1.1

TRACE /sitemap.xml HTTP/1.1

TRACE /wp-admin/ HTTP/1.1

TRACE /wp-admin/admin-ajax.php HTTP/1.1

SSLProtocol +TLSv1.1 +TLSv1.2

ssl_protocols TLSv1.1 TLSv1.2;

3. Locate a key named Server or create if it doesn't exist.

8.1. http://103.7.64.84/ Confirmed

<a href="..." target="_blank" rel="noopener noreferrer">...</a>

<div class="copyright clearfix">

<?xml version="1.0" encoding="UTF-8"?>

X-Robots-Tag: googlebot: nofollow

12.1. https://103.7.64.84/robots.txt Confirmed