Scribd
Upload
136 views

Website Vulnerability Scanner Report (Light)

This document summarizes the results of a light vulnerability scan of a website. The scan found two low risk issues: a robots.txt file that could disclose hidden pages, and enabled password autofill that could allow stored passwords to be retrieved. No other vulnerabilities were found across various security checks performed.

Uploaded by

android tips and tricks
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
136 views

Website Vulnerability Scanner Report (Light)

This document summarizes the results of a light vulnerability scan of a website. The scan found two low risk issues: a robots.txt file that could disclose hidden pages, and enabled password autofill that could allow stored passwords to be retrieved. No other vulnerabilities were found across various security checks performed.

Uploaded by

android tips and tricks
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Website Vulnerability Scanner Report (Light)

Get a PRO Account to unlock the FULL capabilities of this scanner

See wh at th e FULL scan n er can d o

Perform in-depth website scanning and discover high risk vulnerabilities.

Testi n g areas Li gh t scan Fu l l scan

Website fingerprinting  

Version-based vulnerability detection  


Common configuration issues  

SQL injection  

Cross-Site Scripting  

Local/Remote File Inclusion  

Remote command execution  

Discovery of sensitive files  

 https://www.facebook.com/sopno.heinbalok

Summary

Ov erall risk lev el: Risk rat ings: Scan informat ion:
L ow High: 0 Start time: 2020-06-11 12:39:02 UTC+03
Medium: 0 Finish time: 2020-06-11 12:39:25 UTC+03

Low: 2 Scan duration: 23 sec

Info: 8 Tests performed: 10/10

Scan status: Finished

Findings

 Robots.txt file found


https://www.facebook.com/robots.txt

 Details

Ris k de s c ription:
There is no particular security risk in having a robots.txt file. However, this file is often misused to try to hide some web pages from the users.
This should not be done as a security measure because these URLs can easily be read from the robots.txt file.

Re c omme nda tion:


We recommend you to remove the entries from robots.txt which lead to sensitive locations in the website (ex. administration panels,
configuration files, etc).

More information about this issue:


https://www.theregister.co.uk/2015/05/19/robotstxt/

 Password auto-complete is enabled

1/3
<input class="inputtext login_form_input_box" data-testid="royal_pass" id="pass" name="pass" type="password"/>

 Details

Ris k de s c ription:
When password auto-complete is enabled, the browser will remember the password entered into the login form, such that it will automatically
fill it next time the user tries to login.
However, if an attacker gains physical access to the victim's computer, he can retrieve the saved password from the browser's memory and use
it to gain access to the victim's account in the application.
Furthermore, if the application is also vulnerable to Cross-Site Scripting, the attacker could steal the saved password remotely.

Re c omme nda tion:


We recommend you to disable the password auto-complete feature on the login forms by setting the attribute autocomplete="off" on all
password fields.

More information about this issue:


https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/04-Authentication_Testing/05-
Testing_for_Vulnerable_Remember_Password.html.

 Server software and technology not found

 No vulnerabilities found for server-side software (missing version information)

 No security issue found regarding HTTP cookies

 HTTP security headers are properly configured

 Communication is secure

 No security issue found regarding client access policies

 Directory listing not found (quick scan)

 Passwords are submitted over an encrypted channel

2/3
Scan coverage information

List of tests performed (10/ 10)


 Fingerprinting the server software and technology...
 Checking for vulnerabilities of server-side software...
 Analyzing the security of HTTP cookies...
 Analyzing HTTP security headers...
 Checking for secure communication...
 Checking robots.txt file...
 Checking client access policies...
 Checking for directory listing (quick scan)...
 Checking for password auto-complete (quick scan)...
 Checking for clear-text submission of passwords (quick scan)...

Scan parameters
Website URL: https://www.facebook.com/sopno.heinbalok
Scan type: Light
Authentication: False

3/3

You might also like