INDIAN SCHOOL OF ETHICAL HACKING,BHUBANESWAR
WEB
SITEVULNERABILITYA
SSIGNMENT
ANDPENTESTING
PRESENTATIONS
DAKTAR SAHU
24
� TITLE DETAILS
START 15/05/2024
COMPLETED 18/05/2024
REPORT TYPE MANUAL
2|Page
�SCOPE OF TESTING:-
Security assessment includes testing for security loopholes.
And the real motive to ensure that the web page is secure and
protect from being attacked.
APPLICATION:- http://foophones.securitybrigade.com:8080/
TOOLS
BURP SUITE
DIRSEARCH
GRAPHICAL SUMMARY:-
In the below graphical representation from
foophones.securitybrigade.com.VAPT dashboard will provide
that the overall summary of manual testing result including
vulnerabilities discovered,severity and cvss scope,details PoC
and other informations such as Affected url/parameter.
3|Page
� SEVERITY
CRITICAL
HIGH
MEDIUM
LOW
4|Page
� SQL INJECTIONS
List of vulnerabilities:-
NO vuln name cvss score severity
1. Sql injection 9.3 Critical
2. Parameter Tampering 9.1 Critical
3. FileUpload Vuln 8.8 High
4. SSL/TLS NOT IMPLEMENTED 6.1 Medium
5. Security misconfiguration 5.9 Medium
5|Page
� CRITICAL
9.3
DESCRIPTIONS:-
Sql injection is a common attack vector that attacker create a
malicious sql query for backend database manipulation to access
information.The attacker who injects the malicious payload that
access database of server and steals sensitive data.
CVSS SCORE:-
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L
CWE ID:-89.
AFFECTED URL OF APPLICATION:-
http://foophones.securitybrigade.com:8080/register_confirm.php
IMPACT:-
Injection attacks can cause data loss, data corruption, security
breaches, and possibly the loss of control of the target host and
the release of sensitive information linked to the host. The
adversary can steal sensitive information from database of server
which will loose of companies.
MITIGATIONS:-
6|Page
� Filter the malicious code which user input in url.Mantain the
er metacharacter .Encryption is almost
sql query and filter
universallyy employed as a data protection technique and for a
good reason.
POC:-
7|Page
� PARAMETER TAMPERING
CRITICAL
9.1
DESCRIPTIONS:-
Parameter tampering is a form of web attack that
involves manipulating or interfering with the application
business logic that is exchanged between client and server to
alter application data, such as user credentials, permissions, and
price information.
CVSS SCORE:-
CVSS
Score:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CWE ID:-472
AFFECTED URL OF APPLICATION:-
http://foophones.securitybrigade.com:8080/buy_comfirm.Php
IMPACT:-
Attackers alter the parameters to gain unauthorized access or to
change the way the application behaves. parameter tampering
8|Page
�can range from unauthorized
unauth access to user accounts to exposed
confidential data.
MITIGATION:-
Developers must defi ne the specific data types like string or
define
alphanumeric characters. Developers
D should not automatically
hat a parameter is being passed before it is used in the
assume that
application product
duct prices, order numbers, etc .
POC:-
9|Page
� FILEUPLOAD
FILEUPLOAD VULNERABILITY
HIGH
8.8
DESCRIPTIONS:-
File upload vulnerabilities are when a web server allows
users to upload files to its file system without sufficient
10 | P a g e
�validating things like their name, type, contents, or size This
could even include server-side script files that enable remote
code execution.
CVSS SCORE:-
Cvss
score:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID:-434
AFFECTED URL OF APPLICATION:-
http://foophones.securitybrigade.com:8080/images/avatars/
IMPACT:-
Attacker could potentially upload a server-side code file
that functions as a web shell, effectively granting them full
control over the server.this could mean attackers are even able to
upload files to unanticipated locations.
MITIGATION:-
Limit the file size to a maximum value in order to prevent
denial of service attacks.Improving Web Application Security.
POC:-
11 | P a g e
� SSL/TLS NOT IMPLEMENTED
MEDIUM
6.1
12 | P a g e
�DESCRIPTIONS:-
Secure Sockets Layer (SSL) are the standard technologies
for keeping an Internet connection secure and protecting any
sensitive information sent between two systems.This scan target
was connected to over an unencrypted connection.
CVSS VECTOR:-
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE ID:-295
AFFECTED URL OF APLLICATION:-
http://foophones.securitybrigade.com:8080/
IMPACT:-
An attacker can see passwords in clear text, modify the
appearance of your website, redirect the user to other web pages
or steal session information. Therefore no message you send to
the server remains confidential.
MITIGATIONS:-
Use a different block cipher mode. Unfortunately, TLS
1.0 didn't support any other modes. Practice defense in
depth to prevent attackers from getting man-in-the-middle
access to a victim network.
POC:-
13 | P a g e
� SECURITY MISCONFIGURATION
MISCONFIGURA
MEDIUM
5.9
DESCRIPTIONS:-
14 | P a g e
� Missing appropriate security hardening across any part of the
application stack or improperly configured permissions on cloud
services.Unnecessary features are enabled or installed .
CVSS SCORE:-
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE ID:-1349
AFFETED URL OF APPLICATION:-
http://foophones.securitybrigade.com:8080/login
IMPACT:-
A misconfigured database server can cause data to be
accessible through a basic web search. If this data includes
administrator credentials, an attacker may be able to access
further data beyond the database, or launch another attack on the
company’s servers.
MITIGATION:-
A minimal platform without any unnecessary
features,components, documentation, and samples. Remove or
do not install unused features and frameworks.
POC:-
15 | P a g e
�16 | P a g e
