Embed Size (px)
Citation preview
Web Application Report
This report includes important security information about your Web Application.
Security Report
This report was created by IBM Rational AppScan 7.9.0.3
03-02-2011 15:23:20
03-02-2011 15:23:20 1© Copyright IBM Corp. 2000, 2009. All Rights Reserved.
/13
Report InformationReport InformationReport InformationReport Information
Web Application Report
Scan Name: grievance.nic.in-scores-L2-19-jan-2011
Scanned Host(s)
Host Operating System Web Server Application Server
grievance.nic.in IIS, IIS6 ASP.NETWin32
Content
This report contains the following sections:
• Executive Summary
• Detailed Security Issues
• Remediation Tasks
• Application Data
• Application URLs
03-02-2011 15:23:20 2/13
Executive SummaryExecutive SummaryExecutive SummaryExecutive Summary
Test Policy
• Application-Only
Security Risks
Following are the security risks that appeared most often in the application. To explore which issues included these risks, please refer to the 'Detailed Security Issues' section in this report.
• It may be possible to steal user login information such as usernames and passwords that are sent unencrypted
• It is possible to gather sensitive debugging information
• It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations
• It is possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user
• It might be possible to escalate user privileges and gain administrative permissions over the web application
Vulnerable URLs
32% of the URLs had test results that included security issues.
Vulnerable URLs (32%)
Not vulnerable URLs (68%)
Scanned URLs
102 URLs were scanned by AppScan.
Security Issue Possible Causes
Following are the most common causes for the security issues found in the application. The causes below are those that repeated in the maximal number of issues. To explore which issues included these causes, please refer to the 'Detailed Security Issues' section in this report.• Insecure web application programming or configuration
• Sensitive input fields such as usernames, password and credit card numbers are passed unencrypted
03-02-2011 15:23:21 3/13
• Proper bounds checking were not performed on incoming parameter values
• No validation was done in order to make sure that user input matches the data type expected
• Exceptions and error messages, which may contain sensitive debugging information, are presented to users
URLs with the Most Security Issues (number issues)
• http://grievance.nic.in/scores/ (7)
• http://grievance.nic.in/scores/Registration.aspx (6)
• http://grievance.nic.in/scores/Default.aspx (5)
• http://grievance.nic.in/scores/SebiContents.aspx (5)
• http://grievance.nic.in/scores/WaitFormNetUsers.aspx (3)
Security Issues per Host
Hosts High Medium Low Informational Total
http://grievance.nic.in/ 7 0 18 4 29
Total 7 0 18 4 29
03-02-2011 15:23:21 4/13
Security Issue Distribution per Threat Class
The following is a list of the security issues, distributed by Threat Class.
Authentication: Brute Force
Authentication: Insufficient Authentication
Authorization: Credential/Session Prediction
Authorization: Insufficient Authorization
Authorization: Insufficient Session Expiration
Authorization: Session Fixation
Client-side Attacks: Content Spoofing
Client-side Attacks: Cross-site Scripting
Command Execution: Buffer Overflow
Command Execution: Format String Attack
Command Execution: LDAP Injection
Command Execution: OS Commanding
Command Execution: SQL Injection
Command Execution: SSI Injection
Command Execution: XPath Injection
Information Disclosure: Directory Indexing
Information Disclosure: Information Leakage
Information Disclosure: Path Traversal
Information Disclosure: Predictable Resource Location
Logical Attacks: Abuse of Functionality
Logical Attacks: Denial of Service
Application Privacy Tests
Application Quality Tests
0 1 2 3 4 5 6 7 8
03-02-2011 15:23:21 5/13
Security Issue Cause Distribution
100% Application-related Security Issues (29 out of a total of 29 issues).Application-related Security Issues can usually be fixed by application developers, as they result from defects in the application code.0% Infrastructure and Platform Security Issues (0 out of a total 29 issues).Infrastructure and Platform Security Issues can usually be fixed by system and network administrators as these security issues result from misconfiguration of, or defects in 3rd party products.
03-02-2011 15:23:21 6/13
Detailed Security IssuesDetailed Security IssuesDetailed Security IssuesDetailed Security Issues
Vulnerable URL: http://grievance.nic.in/scores/
Total of 1 security issues in this URL
[1 of 1] Authentication Bypass Using SQL Injection
Severity: High
Test Type: Application
Vulnerable URL: http://grievance.nic.in/scores/ (Parameter = ctl00$LoginC$txtpwd)
Remediation Tasks: Filter out hazardous characters from user input
Variant 1 of 2 [ID=3892]
The following changes were applied to the original request:• Removed parameter 'ctl00$LoginC$txt_hidden'• Set parameter 'ctl00$LoginC$txtpwd's value to 'A%27+OR+%277659%27%3D%277659'• Removed HTTP header 'Cookie=ASP.NET_SessionId'
Validation In Response:
N/A
Reasoning:
This test consists of four requests: valid login, invalid login, SQL attack, and another invalid login. If the responses to the two invalid logins are the same, and the injected SQL response looks like the first (valid) request, AppScan establishes that the SQL injection succeeded.
Vulnerable URL: http://grievance.nic.in/scores/Registration.aspx
Total of 1 security issues in this URL
[1 of 1] Application Error
Severity: High
Test Type: Application
Vulnerable URL: http://grievance.nic.in/scores/Registration.aspx (Parameter = ctl00$SebiCPH$Registration1$DDLState)
Remediation Tasks: Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions
Variant 1 of 32 [ID=11039]
The following changes were applied to the original request:• Cleared the value of parameter 'ctl00$SebiCPH$Registration1$DDLState'
Validation In Response:
• HTTP/1.1 500500500500 Internal Server Error
03-02-2011 15:23:21 7/13
Reasoning:
The application has responded with an error message, indicating an undefined state that may expose sensitive information.
Vulnerable URL: http://grievance.nic.in/scores/ScriptResource.axd
Total of 1 security issues in this URL
[1 of 1] Application Error
Severity: High
Test Type: Application
Vulnerable URL: http://grievance.nic.in/scores/ScriptResource.axd (Parameter = d)
Remediation Tasks: Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions
Variant 1 of 18 [ID=1298]
The following changes were applied to the original request:• Cleared the value of parameter 'd'
Validation In Response:
• <span><H1>Server ErrorServer ErrorServer ErrorServer Error in '/scores' Application.<hr width=100% size=1 color=silver></H1>
Reasoning:
The application has responded with an error message, indicating an undefined state that may expose sensitive information.
Vulnerable URL: http://grievance.nic.in/scores/WaitFormNetUsers.aspx
Total of 2 security issues in this URL
[1 of 2] Application Error
Severity: High
Test Type: Application
Vulnerable URL: http://grievance.nic.in/scores/WaitFormNetUsers.aspx (Parameter = tested)
Remediation Tasks: Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions
Variant 1 of 9 [ID=25305]
The following changes were applied to the original request:• Cleared the value of parameter 'tested'
Validation In Response:
• HTTP/1.1 500500500500 Internal Server Error
Reasoning:
The application has responded with an error message, indicating an undefined state that may expose sensitive information.
03-02-2011 15:23:21 8/13
[2 of 2] Application Error
Severity: High
Test Type: Application
Vulnerable URL: http://grievance.nic.in/scores/WaitFormNetUsers.aspx (Parameter = CSession)
Remediation Tasks: Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions
Variant 1 of 9 [ID=25152]
The following changes were applied to the original request:• Cleared the value of parameter 'CSession'
Validation In Response:
• HTTP/1.1 500500500500 Internal Server Error
Reasoning:
The application has responded with an error message, indicating an undefined state that may expose sensitive information.
Vulnerable URL: http://grievance.nic.in/scores/WebResource.axd
Total of 1 security issues in this URL
[1 of 1] Application Error
Severity: High
Test Type: Application
Vulnerable URL: http://grievance.nic.in/scores/WebResource.axd (Parameter = d)
Remediation Tasks: Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions
Variant 1 of 18 [ID=987]
The following changes were applied to the original request:• Cleared the value of parameter 'd'
Validation In Response:
• <span><H1>Server ErrorServer ErrorServer ErrorServer Error in '/scores' Application.<hr width=100% size=1 color=silver></H1>
Reasoning:
The application has responded with an error message, indicating an undefined state that may expose sensitive information.
Vulnerable URL: http://grievance.nic.in/scores/imgnew.aspx
Total of 1 security issues in this URL
03-02-2011 15:23:22 9/13
[1 of 1] Application Error
Severity: High
Test Type: Application
Vulnerable URL: http://grievance.nic.in/scores/imgnew.aspx (Parameter = CaptchaText)
Remediation Tasks: Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions
Variant 1 of 18 [ID=2948]
The following changes were applied to the original request:• Cleared the value of parameter 'CaptchaText'
Validation In Response:
• HTTP/1.1 500500500500 Internal Server Error
Reasoning:
The application has responded with an error message, indicating an undefined state that may expose sensitive information.
Test Screenshot:
03-02-2011 15:23:22 10/13
Remediation TasksRemediation TasksRemediation TasksRemediation Tasks
Addressed Security IssuesAddressed Remediation Tasks
http://grievance.nic.in/scores/ (1)
Filter out hazardous characters from user input (High) Parameter: ctl00$LoginC$txtpwd
Authentication Bypass Using SQL Injection
http://grievance.nic.in/scores/Registration.aspx (1)
Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: ctl00$SebiCPH$Registration1$DDLState
Application Error
http://grievance.nic.in/scores/ScriptResource.axd (1)
Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: d
Application Error
http://grievance.nic.in/scores/WaitFormNetUsers.aspx (1)
Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: CSession Parameter: tested
Application Error
http://grievance.nic.in/scores/WebResource.axd (1)
Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: d
Application Error
03-02-2011 15:23:22 11/13
http://grievance.nic.in/scores/imgnew.aspx (1)
Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions (High) Parameter: CaptchaText
Application Error
03-02-2011 15:23:22 12/13
Application DataApplication DataApplication DataApplication Data
Application URLs
• http://grievance.nic.in/
• http://grievance.nic.in/scores
• http://grievance.nic.in/App_Themes/
• http://grievance.nic.in/JS/
• http://grievance.nic.in/scores/
• http://grievance.nic.in/scores/Default.aspx
• http://grievance.nic.in/scores/LetterDetails.aspx
• http://grievance.nic.in/scores/LogoutProcess.aspx
• http://grievance.nic.in/scores/Registration.aspx
• http://grievance.nic.in/scores/ScriptResource.axd
• http://grievance.nic.in/scores/SebiContents.aspx
• http://grievance.nic.in/scores/WaitFormNetUsers.aspx
• http://grievance.nic.in/scores/WebResource.axd
• http://grievance.nic.in/scores/imgnew.aspx
• http://grievance.nic.in/scores/logout.aspx
• http://grievance.nic.in/App_Themes/T2/
• http://grievance.nic.in/scores/App_Themes/
• http://grievance.nic.in/scores/JS/
• http://grievance.nic.in/scores/JS/Print.js
• http://grievance.nic.in/scores/JS/ajxcompat.js
• http://grievance.nic.in/scores/JS/jquery.tools.min.js
• http://grievance.nic.in/scores/JS/jscheck.js
• http://grievance.nic.in/scores/JS/md5.js
• http://grievance.nic.in/scores/App_Themes/T2/
• http://grievance.nic.in/scores/App_Themes/T2/img/
03-02-2011 15:23:22 13/13
