SUMMARY OF FINDINGS (Scanned Node: req)


Risk Count
High 2
Medium 6
Low 0
Warning 0
Information 1
Total 9

No Vulnerability Name Risk Severity Cvss score Occurrences
1 Insecure communication High High 8.1 1
2 Sql injection - MySQL High High 7.4 1
3 Verb tampering Medium Medium 6.4 1
4 Missing security headers - X-Content-Type-Options Medium Medium 5.0 1
5 Missing security headers - X-Frame-Options Medium Medium 5.0 1
6 Sensitive information disclosure in response headers - server Medium Medium 5.0 1
7 Sensitive information disclosure in response headers - x-powered-by Medium Medium 5.0 1
8 Missing Content Security Policy in response header Medium Medium 5.0 1
9 Missing security headers - X-XSS-Protection Information Information 1

Payloads and Evidence are highlighted in the red color.


Findings: 1 Insecure communication

Risk High
Severity High
CVSS Score 8.1
Occurrences 1
Details Vooki detected insecure communication vulnerability. Insecure communications are when a client and server communicate over a non-secure (unencrypted) channel. Without encrypting the channel, the developer can’t guarantee the integrity of the data.
Remediation Make sure all client-to-server connections are encrypted with SSL.
URL:http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
Occurrences in this URL: 1
Request Response
Method: GET
Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172		 status code: 200

Findings: 2 Sql injection - MySQL

Risk High
Severity High
CVSS Score 7.4
Occurrences 1
Details Vooki identified SQL Injection vulnerability. A SQL injection attack consists of the insertion or injection of a SQL query via the client's input data to the application. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input to affect the execution of predefined SQL commands. A successful SQL injection can
  • Read sensitive data from the database.
  • Modify database data (Insert/Update/Delete).
  • Execute administration operations on the database (such as shutdown the DBMS).
  • Recover the content of a given file present on the DBMS file system.
  • In some cases, issue commands to the operating system.
    		•
    Remediation SQL Injection flaws are introduced when software developers create dynamic database queries that include user-supplied input. Techniques for preventing SQL Injection vulnerabilities are:
  • Use of prepared statements (with Parameterized Queries)
  • Use of stored procedures (only in java)
  • Whitelist input validation.
  • Escape all user-supplied inputs.

    		•
    URL:http://localhost/dvwa/vulnerabilities/sqli/?id='&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: GET
    Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172    		 date: Fri, 16 Jul 2021 06:00:24 GMT
    server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8
    x-powered-by: PHP/8.0.8
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    cache-control: no-store, no-cache, must-revalidate
    pragma: no-cache
    content-length: 162
    keep-alive: timeout=5, max=97
    connection: Keep-Alive
    content-type: text/html; charset=UTF-8
    status code: 200

    <pre>You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''''' at line 1</pre>

    Findings: 3 Verb tampering

    Risk Medium
    Severity Medium
    CVSS Score 6.4
    Occurrences 1
    Details Vooki detected verb tampering vulnerability. The HTTP includes many request methods other than the standard GET, POST, PUT and PATCH requests. A web server may respond to these alternative methods and return some data. Sometimes it may reveal some fruitful information to the attacker.
    Remediation
  • Apply a whitelist of permitted HTTP Methods e.g. GET, POST, PUT.
  • Reject all requests not matching the whitelisted HTTP Methods with HTTP response code 405 Method not allowed.

    		•
    URL:http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172    		 date: Fri, 16 Jul 2021 06:00:24 GMT
    server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8
    keep-alive: timeout=5, max=96
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1 Host: localhost Connection: keep-alive Content-Length: 0 Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Electron/12.0.7 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US

    Findings: 4 Missing security headers - X-Content-Type-Options

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 1
    Details Vooki detected that 'X-Content-Type-Options' security header is missing. There are some HTTP response headers that your application can use to increase security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. The 'X-Content-Type-Options' response HTTP header indicates the browser that the MIME types in the Content-Type headers should not be changed and be followed. Example: X-Content-Type-Options: nosniff If 'X-Content-Type-Options: nosniff' is specified in the response header, the browser checks the content type and blocks the request if the content type is mismatched.
    Remediation It's recommended to implement the x-content-type-options security header. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
    URL:http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: GET
    Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172    		 date: Fri, 16 Jul 2021 06:00:24 GMT
    server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8
    x-powered-by: PHP/8.0.8
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 4266
    keep-alive: timeout=5, max=94
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200

    Findings: 5 Missing security headers - X-Frame-Options

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 1
    Details Vooki detected that 'X-Frame-Options' security header is missing. There are some HTTP response headers that your application can use to increase security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. X-Frame-Options: The 'X-Frame-Options' HTTP response header can be used to indicate whether browsers should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object>. Values of 'X-Frame-Options' header: X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN DENY: If 'X-Frame-Options: DENY' is specified, the page cannot be displayed in a frame, regardless of the site attempting to do so. SAMEORIGIN: If 'X-Frame-Options: DENY' is specified, the page can only be displayed in a frame on the same origin as the page itself.
    Remediation It's recommended to implement the 'X-Frame-Options' security header with 'deny' or 'sameorigin' value. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
    URL:http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: GET
    Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172    		 date: Fri, 16 Jul 2021 06:00:24 GMT
    server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8
    x-powered-by: PHP/8.0.8
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 4266
    keep-alive: timeout=5, max=94
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200

    Findings: 6 Sensitive information disclosure in response headers - server

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 1
    Details Vooki detected a Sensitive information disclosure in the server response header. Information gathering is a type of attack during which the attackers send requests to the server to gather more information. If the server is not configured correctly, it may leak information about itself, such as the server version, PHP/ASP.NET version, OpenSSH version. These issues are not exploitable in most cases but are considered web application security issues because they allow attackers to gather the information that can be used later in the attack lifecycle.
    Remediation
  • Remove the unnecessary information from HTTP response headers related to the OS, web server version, and application frameworks.
  • Ensure that your web server does not send out response headers or background information that reveals technical details about the back-end technology type, version, or setup.

    		•
    URL:http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: GET
    Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172    		 date: Fri, 16 Jul 2021 06:00:24 GMT
    server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8
    x-powered-by: PHP/8.0.8
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 4266
    keep-alive: timeout=5, max=93
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200

    Findings: 7 Sensitive information disclosure in response headers - x-powered-by

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 1
    Details Vooki detected a Sensitive information disclosure in the x-powered-by response header. Information gathering is a type of attack during which the attackers send requests to the server to gather more information. If the server is not configured correctly, it may leak information about itself, such as the server version, PHP/ASP.NET version, OpenSSH version. These issues are not exploitable in most cases but are considered web application security issues because they allow attackers to gather the information that can be used later in the attack lifecycle.
    Remediation
  • Remove the unnecessary information from HTTP response headers related to the OS, web server version, and application frameworks.
  • Ensure that your web server does not send out response headers or background information that reveals technical details about the back-end technology type, version, or setup.

    		•
    URL:http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: GET
    Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172    		 date: Fri, 16 Jul 2021 06:00:24 GMT
    server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8
    x-powered-by: PHP/8.0.8
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 4266
    keep-alive: timeout=5, max=93
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200

    Findings: 8 Missing Content Security Policy in response header

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 1
    Details Vooki detected that the Content Security Policy (CSP) is missing in the response header. It is an added layer of security that helps to detect and mitigate data injection and Cross Site Scripting (XSS) vulnerabilities.
    Remediation It's recommended to include the Content Security Policy (CSP) header in the response. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
    URL:http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: GET
    Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172    		 date: Fri, 16 Jul 2021 06:00:19 GMT
    server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8
    x-powered-by: PHP/8.0.8
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 4266
    keep-alive: timeout=5, max=100
    connection: Keep-Alive
    content-type: text/html;charset=utf-8

    Findings: 9 Missing security headers - X-XSS-Protection

    Risk Information
    Severity Information
    Occurrences 1
    Details Vooki detected that 'X-XSS-Protection' security header is missing. There are some HTTP response headers that your application can use to increase security ofyour application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. X-XSS-Protection: The HTTP 'X-XSS-Protection' response header is a mechanism that stops pages from loading when Internet Explorer, Chrome, and Safari detect reflected cross-site scripting (XSS) attacks. For example: X-XSS-Protection: 1 X-XSS-Protection: 1; mode=block X-XSS-Protection: 1;report=<reporting-URL>
    Remediation It's recommended to implement the 'X-XSS-Protection' security header Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
    URL:http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: GET
    Cookie: security=low; _ga=GA1.1.606855242.1626373710; _gid=GA1.1.1871091112.1626373710; acceptCookies=true; PHPSESSID=tlu0k06487lr584t29v0gub172    		 date: Fri, 16 Jul 2021 06:00:24 GMT
    server: Apache/2.4.48 (Win64) OpenSSL/1.1.1k PHP/8.0.8
    x-powered-by: PHP/8.0.8
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 4266
    keep-alive: timeout=5, max=94
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200