Mobile Application Scanner Sample report



SUMMARY OF FINDINGS (Scanned Node: localhost:3000)


Risk Count
High 2
Medium 2
Low 0
Total 4

No Vulnerability Name Risk Severity Cvss score Occurrences
1 Insecure Communication High High 8.1 1
2 Cross site scripting – reflected High High 7.1 1
3 Sensitive Information disclosure in response headers Medium Medium 5.0 2
4 Improper Exception Handling Medium Medium 5.0 2


Findings: 1 Insecure Communication

Risk High
Severity High
CVSS Score 8.1
Occurrences 1
Details Insecure communications is when a client and server communicate over a non-secure (unencrypted) channel. Without encrypting the channel, the developer can’t guarantee the integrity of the data.
Recommendation Make sure all client-to-server connections are encrypted with SSL.
Occurrence: 1
URL: http://localhost:3000/getdata?id=1
Request Response
Method: GET
Host: localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Referer: http://localhost:3000/app/
Connection: keep-alive
Cookie: connect.sid=s%3AdeHU6yNSRss_0b-0PUa-yZW9rz1lHS0Y.ZdJkeqHkenmbUPVEPE5kXyMXV13ZeOcAWOrCVb4QNFw
X-Powered-By: Express
ETag: W/"56-aP2Ue+YueOmYIrkB5B2YqFMCpHE"
Date: Mon, 29 Apr 2019 06:58:27 GMT
x-anyproxy-origin-content-length: 0
x-anyproxy-origin-connection: keep-alive

Payloads are highlighted in red color.

Findings: 2 Cross site scripting – reflected

Risk High
Severity High
CVSS Score 7.1
Occurrences 1
Details Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
Recommendation Never Insert Untrusted Data Except in Allowed Locations HTML Escaped Before Inserting Untrusted Data into HTML Element Content Attributed Escape Before Inserting untrusted data into HTML Common Attributes JavaScript Escape Before Inserting Untrusted data into javascript data values Css escape and strictly validate before inserting untrusted data into html style property values
Occurrence: 1
URL:http://localhost:3000/xss_r?id=<script>alert(123)</script>
Request Response
Method: GET
Host: localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Referer: http://localhost:3000/app/
Connection: keep-alive
Cookie: connect.sid=s%3AdeHU6yNSRss_0b-0PUa-yZW9rz1lHS0Y.ZdJkeqHkenmbUPVEPE5kXyMXV13ZeOcAWOrCVb4QNFw
x-powered-by: Express
content-type: application/json; charset=utf-8
content-length: 49
etag: W/"31-RKvND6OVD2JAnSg2S0wtj3shbgo"
date: Mon, 29 Apr 2019 06:58:41 GMT
connection: keep-alive
status code: 200

{"cmd":[],"search":"<script>alert(123)</script>"}
Payloads are highlighted in red color.

Findings: 3 Sensitive Information disclosure in response headers

Risk Medium
Severity Medium
CVSS Score 5.0
Occurrences 2
Details Banner grabbing or active reconnaissance is a type of attack during which the attackers send requests to the system they are attempting to attack in order to gather more information about it. If the system is not well configured, it may leak information about itself, such as the server version, PHP/ASP.NET version, OpenSSH version, etc. These type of issues are not exploitable in most cases, but are considered as web application security issues because they allows attackers to gather information which can be used later in the attack lifecycle.
Recommendation Remove unnecessary information from HTTP response headers related to the OS, web-server version and application frameworks

1.     X-Powered-By header is visible to client
Occurrence: 1
URL: http://localhost:3000/getdata?id=1
Request Response
Method: GET
Host: localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Referer: http://localhost:3000/app/
Connection: keep-alive
Cookie: connect.sid=s%3AdeHU6yNSRss_0b-0PUa-yZW9rz1lHS0Y.ZdJkeqHkenmbUPVEPE5kXyMXV13ZeOcAWOrCVb4QNFw
x-powered-by: Express
content-type: application/json; charset=utf-8
content-length: 86
etag: W/"56-aP2Ue+YueOmYIrkB5B2YqFMCpHE"
date: Mon, 29 Apr 2019 06:58:41 GMT
connection: keep-alive
status code: 200

Payloads are highlighted in red color.
Occurrence: 2
URL: http://localhost:3000/xss_r?id=Apple
Request Response
Method: GET
Host: localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Referer: http://localhost:3000/app/
Connection: keep-alive
Cookie: connect.sid=s%3AdeHU6yNSRss_0b-0PUa-yZW9rz1lHS0Y.ZdJkeqHkenmbUPVEPE5kXyMXV13ZeOcAWOrCVb4QNFw
x-powered-by: Express
content-type: application/json; charset=utf-8
content-length: 100
etag: W/"64-BcSpwxpbcQpKK7Z+usbp92y0cq8"
date: Mon, 29 Apr 2019 06:58:41 GMT
connection: keep-alive
status code: 200

Payloads are highlighted in red color.

Findings: 4 Improper Exception Handling

Risk Medium
Severity Medium
CVSS Score 5.0
Occurrences 2
Details Improper handling of errors can introduce a variety of security problems for a web site. The most common problem is when detailed internal error messages such as stack traces, database dumps, and error codes are displayed to the user (hacker). These messages reveal implementation details that should never be revealed. Such details can provide hackers important clues on potential flaws in the site and such messages are also disturbing to normal users. Even when error messages don’t provide a lot of detail, inconsistencies in such messages can still reveal important clues on how a site works, and what information is present under the covers.
Recommendation A specific policy for how to handle errors should be documented, including the types of errors to be handled and for each, what information is going to be reported back to the user, and what information is going to be logged. All developers need to understand the policy and ensure that their code follows it. In the implementation, ensure that the site is built to gracefully handle all possible errors. When errors occur, the site should respond with a specifically designed result that is helpful to the user without revealing unnecessary internal details. Certain classes of errors should be logged to help detect implementation flaws in the site and/or hacking attempts. Very few sites have any intrusion detection capabilities in their web application, but it is certainly conceivable that a web application could track repeated failed attempts and generate alerts. Note that the vast majority of web application attacks are never detected because so few sites have the capability to detect them. Therefore, the prevalence of web application security attacks is likely to be seriously underestimated.
Occurrence: 1
URL:http://localhost:3000/getdata?id=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Request Response
Method: GET
Host: localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Referer: http://localhost:3000/app/
Connection: keep-alive
Cookie: connect.sid=s%3AdeHU6yNSRss_0b-0PUa-yZW9rz1lHS0Y.ZdJkeqHkenmbUPVEPE5kXyMXV13ZeOcAWOrCVb4QNFw
x-powered-by: Express
content-security-policy: default-src 'self'
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
content-length: 1331
date: Mon, 29 Apr 2019 06:58:41 GMT
connection: keep-alive
status code: 500

500 - "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected token a in JSON at position 0<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\index.js:83:15<br> &nbsp; &nbsp;at Layer.handle [as handle_request] (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\layer.js:95:5)<br> &nbsp; &nbsp;at next (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\route.js:137:13)<br> &nbsp; &nbsp;at Route.dispatch (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\route.js:112:3)<br> &nbsp; &nbsp;at Layer.handle [as handle_request] (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\layer.js:95:5)<br> &nbsp; &nbsp;at G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\index.js:281:22<br> &nbsp; &nbsp;at Function.process_params (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\index.js:335:12)<br> &nbsp; &nbsp;at next (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\index.js:275:10)<br> &nbsp; &nbsp;at Immediate._onImmediate (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express-session\\index.js:489:7)</pre>\n</body>\n</html>\n"
Payloads are highlighted in red color.
Occurrence: 2
URL:http://localhost:3000/getdata?id=Vegabird
Request Response
Method: GET
Host: localhost:3000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Referer: http://localhost:3000/app/
Connection: keep-alive
Cookie: connect.sid=s%3AdeHU6yNSRss_0b-0PUa-yZW9rz1lHS0Y.ZdJkeqHkenmbUPVEPE5kXyMXV13ZeOcAWOrCVb4QNFw
x-powered-by: Express
content-security-policy: default-src 'self'
x-content-type-options: nosniff
content-type: text/html; charset=utf-8
content-length: 1331
date: Mon, 29 Apr 2019 06:58:41 GMT
connection: keep-alive
status code: 500

500 - "<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\">\n<title>Error</title>\n</head>\n<body>\n<pre>SyntaxError: Unexpected token V in JSON at position 0<br> &nbsp; &nbsp;at JSON.parse (&lt;anonymous&gt;)<br> &nbsp; &nbsp;at G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\index.js:83:15<br> &nbsp; &nbsp;at Layer.handle [as handle_request] (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\layer.js:95:5)<br> &nbsp; &nbsp;at next (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\route.js:137:13)<br> &nbsp; &nbsp;at Route.dispatch (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\route.js:112:3)<br> &nbsp; &nbsp;at Layer.handle [as handle_request] (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\layer.js:95:5)<br> &nbsp; &nbsp;at G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\index.js:281:22<br> &nbsp; &nbsp;at Function.process_params (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\index.js:335:12)<br> &nbsp; &nbsp;at next (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express\\lib\\router\\index.js:275:10)<br> &nbsp; &nbsp;at Immediate._onImmediate (G:\\Praveen_Singh\\Express\\xvna-master\\xvna\\node_modules\\express-session\\index.js:489:7)</pre>\n</body>\n</html>\n"
Payloads are highlighted in red color.