Scribd
Upload
7 views

http___mortiis.webd.pl-20241008-2325

The website vulnerability scanner report for http://mortiis.webd.pl indicates a high overall risk level with multiple vulnerabilities, including unsecure communication, enabled directory listing, and missing security headers. Key findings include critical PHP vulnerabilities and recommendations for upgrading software and implementing HTTPS. The scan performed 38 tests, confirming several security misconfigurations and outdated components that require immediate attention.

Uploaded by

Opti view
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

http___mortiis.webd.pl-20241008-2325

The website vulnerability scanner report for http://mortiis.webd.pl indicates a high overall risk level with multiple vulnerabilities, including unsecure communication, enabled directory listing, and missing security headers. Key findings include critical PHP vulnerabilities and recommendations for upgrading software and implementing HTTPS. The scan performed 38 tests, confirming several security misconfigurations and outdated components that require immediate attention.

Uploaded by

Opti view
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

Website Vulnerability Scanner Report

 http://mortiis.webd.pl/
Target added due to a redirect from http://mortiis.webd.pl

The Light Website Scanner didn't check for critical issues like SQLi, XSS, Command Injection, XXE, etc. Upgrade to run Deep scans with
40+ tests and detect more vulnerabilities.

Summary

Overall risk level: Risk ratings: Scan information:


High High: 1 Start time: Sep 14, 2024 / 23:50:46 UTC+03
Medium: 2 Finish time: Sep 14, 2024 / 23:52:57 UTC+03
Low: 5 Scan duration: 2 min, 11 sec

Info: 30 Tests performed: 38/38

Scan status: Finished

Findings

 Vulnerabilities found for server-side software UNCONFIRMED 

Risk Affected
CVSS CVE Summary
Level software

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using
Apache and PHP-CGI on Windows, if the system is set up to use certain code pages,
Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 php
 9.8 CVE-2024-4577
API functions. PHP CGI module may misinterpret those characters as PHP options, which may 5.6.40
allow a malicious user to pass options to PHP binary being run, and thus reveal the source
code of scripts, run arbitrary PHP code on the server, etc.

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent
changes to string objects that result in a negative length, which allows remote attackers to php
 7.5 CVE-2017-8923
cause a denial of service (application crash) or possibly have unspecified other impact by 5.6.40
leveraging a script's use of .= with a long string.

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through


2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in
onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression
php
 7.5 CVE-2017-9225 compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A
5.6.40
malformed regular expression could result in 4 bytes being written off the end of a stack
buffer of expand_case_fold_string() during the call to
onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and php
 7.5 CVE-2019-9641
7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. 5.6.40

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before
7.1.20. The php-fpm master process restarts a child process in an endless loop when using
program execution functions (e.g., passthru, exec, shell_exec, or system) with a non- php
 6.8 CVE-2015-9253
blocking STDIN stream, causing this master process to consume 100% of the CPU, and 5.6.40
consume disk space with a large volume of error logs, as demonstrated by an attack by a
customer of a shared-hosting facility.

 Details

Risk description:
The risk is that an attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to
attack the system.

Recommendation:

1/9
In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest
version.

Classification:
CWE : CWE-1026
OWASP Top 10 - 2017 : A9 - Using Components with Known Vulnerabilities
OWASP Top 10 - 2021 : A6 - Vulnerable and Outdated Components

 Communication is not secure CONFIRMED

URL Response URL Evidence

http://mortiis.webd.pl/ http://mortiis.webd.pl/ Communication is made over unsecure, unencrypted HTTP.

 Details

Risk description:
The risk is that an attacker who manages to intercept the communication at the network level can read and modify the data transmitted
(including passwords, secret tokens, credit card information and other sensitive data).

Recommendation:
We recommend you to reconfigure the web server to use HTTPS - which encrypts the communication between the web browser and the
server.

Classification:
CWE : CWE-311
OWASP Top 10 - 2017 : A3 - Sensitive Data Exposure
OWASP Top 10 - 2021 : A4 - Insecure Design

 Directory listing is enabled CONFIRMED

URL

http://mortiis.webd.pl/images

 Details

Risk description:
The risk is that it's often the case that sensitive files are "hidden" among public files in that location and attackers can use this vulnerability
to access them.

Recommendation:
We recommend reconfiguring the web server in order to deny directory listing. Furthermore, you should verify that there are no sensitive
files at the mentioned URLs.

References:
http://projects.webappsec.org/w/page/13246922/Directory%20Indexing

Classification:
CWE : CWE-548
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A1 - Broken Access Control

Screenshot:

2/9
Figure 1. Directory Listing

 Missing security header: Referrer-Policy CONFIRMED

URL Evidence

Response headers do not include the Referrer-Policy HTTP security header as well as the <meta> tag with name
http://mortiis.webd.pl/ 'referrer' is not present in the response.
Request / Response

 Details

Risk description:
The risk is that if a user visits a web page (e.g. "http://example.com/pricing/") and clicks on a link from that page going to e.g.
"https://www.google.com", the browser will send to Google the full originating URL in the Referer header, assuming the Referrer-Policy
header is not set. The originating URL could be considered sensitive information and it could be used for user tracking.

Recommendation:
The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value
no-referrer of this header instructs the browser to omit the Referer header entirely.

References:
https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Missing security header: Content-Security-Policy CONFIRMED

URL Evidence

Response does not include the HTTP Content-Security-Policy security header or meta tag
http://mortiis.webd.pl/
Request / Response

 Details

Risk description:
The risk is that if the target application is vulnerable to XSS, lack of this header makes it easily exploitable by attackers.

Recommendation:
Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the
application.

References:
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

3/9
Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Missing security header: X-Content-Type-Options CONFIRMED

URL Evidence

Response headers do not include the X-Content-Type-Options HTTP security header


http://mortiis.webd.pl/
Request / Response

 Details

Risk description:
The risk is that lack of this header could make possible attacks such as Cross-Site Scripting or phishing in Internet Explorer browsers.

Recommendation:
We recommend setting the X-Content-Type-Options header such as X-Content-Type-Options: nosniff .

References:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Server software and technology found UNCONFIRMED 

Software / Version Category

LiteSpeed Web servers

PHP 5.6.40 Programming languages

 Details

Risk description:
The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation:
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating
system: HTTP server headers, HTML meta information, etc.

References:
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/01-Information_Gathering/02-
Fingerprint_Web_Server.html

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

Screenshot:

4/9
Figure 2. Website Screenshot

 Interesting files found UNCONFIRMED 

Page
URL Page Title Summary
Size

Index of 2.32
http://mortiis.webd.pl/images/ Directory indexing found.
/image KB

http://mortiis.webd.pl/cgi- Default CGI, often with a hosting manager. No known problems, but host managers
57 B
sys/scgiwrap allow sys admin via web

 Details

Risk description:
The risk is that these files/folders usually contain sensitive information which may help attackers to mount further attacks against the
server. Manual validation is required.

Recommendation:
We recommend you to analyze if the mentioned files/folders contain any sensitive information and restrict their access according to the
business purposes of the application.

Classification:
CWE : CWE-200
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Security.txt file is missing CONFIRMED

URL

Missing: http://mortiis.webd.pl/.well-known/security.txt

 Details

Risk description:
There is no particular risk in not having a security.txt file for your server. However, this file is important because it offers a designated
channel for reporting vulnerabilities and security issues.

Recommendation:
We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security
issues they find, improving the defensive mechanisms of your server.

References:
https://securitytxt.org/

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration

5/9
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Spider results

URL Method Parameters Page Title Page Size Status Code

http://mortiis.webd.pl/ GET 629 B 200

http://mortiis.webd.pl/_autoindex/assets GET 673 B 404

http://mortiis.webd.pl/cgi-sys/scgiwrap GET 57 B 200

http://mortiis.webd.pl/images GET Index of /images/ 2.32 KB 200

Query:
http://mortiis.webd.pl/images/ GET Index of /images/ 2.32 KB 200
MA=

Query:
http://mortiis.webd.pl/images/ GET Index of /images/ 2.32 KB 200
ND=

Query:
http://mortiis.webd.pl/images/ GET Index of /images/ 2.32 KB 200
SA=

http://mortiis.webd.pl/_autoindex GET 673 B 404

http://mortiis.webd.pl/_autoindex/ GET 673 B 404

http://mortiis.webd.pl/_autoindex/assets/ GET 673 B 404

http://mortiis.webd.pl/_autoindex/assets/css GET 673 B 404

http://mortiis.webd.pl/_autoindex/assets/css/ GET 673 B 404

http://mortiis.webd.pl/_autoindex/assets/icons GET 673 B 404

http://mortiis.webd.pl/_autoindex/assets/icons/ GET 673 B 404

http://mortiis.webd.pl/_autoindex/assets/js GET 673 B 404

http://mortiis.webd.pl/_autoindex/assets/js/ GET 673 B 404

http://mortiis.webd.pl/images/ GET Index of /images/ 2.32 KB 200

 Details

Risk description:
The table contains all the unique pages the scanner found. The duplicated URLs are not available here as scanning those is considered
unnecessary

Recommendation:
We recommend to advanced users to make sure the scan properly detected most of the URLs in the application.

References:
All the URLs the scanner found, including duplicates (available for 90 days after the scan date)

 Website is accessible.

 Nothing was found for client access policies.

 Nothing was found for robots.txt file.

 Outdated JavaScript libraries were merged into server-side software vulnerabilities.

 Nothing was found for use of untrusted certificates.

6/9
 Nothing was found for enabled HTTP debug methods.

 Nothing was found for sensitive files.

 Nothing was found for administration consoles.

 Nothing was found for information disclosure.

 Nothing was found for software identification.

 Nothing was found for enabled HTTP OPTIONS method.

 Nothing was found for error messages.

 Nothing was found for debug messages.

 Nothing was found for code comments.

 Nothing was found for missing HTTP header - Strict-Transport-Security.

 Nothing was found for Insecure Direct Object Reference.

 Nothing was found for domain too loose set for cookies.

 Nothing was found for mixed content between HTTP and HTTPS.

 Nothing was found for internal error code.

 Nothing was found for HttpOnly flag of cookie.

 Nothing was found for Secure flag of cookie.

 Nothing was found for login interfaces.

 Nothing was found for Server Side Request Forgery.

 Nothing was found for Open Redirect.

7/9
 Nothing was found for Exposed Backup Files.

 Nothing was found for unsafe HTTP header Content Security Policy.

 Nothing was found for OpenAPI files.

 Nothing was found for file upload.

Scan coverage information

List of tests performed (38/38)


 Starting the scan...
 Checking for missing HTTP header - Referrer...
 Checking for missing HTTP header - Content Security Policy...
 Checking for secure communication...
 Checking for missing HTTP header - X-Content-Type-Options...
 Spidering target...
 Checking for directory listing...
 Checking for website technologies...
 Checking for vulnerabilities of server-side software...
 Checking for client access policies...
 Checking for robots.txt file...
 Checking for absence of the security.txt file...
 Checking for outdated JavaScript libraries...
 Checking for use of untrusted certificates...
 Checking for enabled HTTP debug methods...
 Checking for sensitive files...
 Checking for administration consoles...
 Checking for interesting files... (this might take a few hours)
 Checking for information disclosure... (this might take a few hours)
 Checking for software identification...
 Checking for enabled HTTP OPTIONS method...
 Checking for error messages...
 Checking for debug messages...
 Checking for code comments...
 Checking for missing HTTP header - Strict-Transport-Security...
 Checking for Insecure Direct Object Reference...
 Checking for domain too loose set for cookies...
 Checking for mixed content between HTTP and HTTPS...
 Checking for internal error code...
 Checking for HttpOnly flag of cookie...
 Checking for Secure flag of cookie...
 Checking for login interfaces...
 Checking for Server Side Request Forgery...
 Checking for Open Redirect...
 Checking for Exposed Backup Files...
 Checking for unsafe HTTP header Content Security Policy...
 Checking for OpenAPI files...
 Checking for file upload...

Scan parameters
Target: http://mortiis.webd.pl/
Scan type: Light
Authentication: False

Scan stats
Unique Injection Points Detected: 9
URLs spidered: 28
Total number of HTTP requests: 15110
Average time until a response was
1ms
received:
Total number of HTTP request errors: 45

8/9
9/9

You might also like