Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Tugas I
II5166 Keamanan Informasi Lanjut
Semester 1 - 2012/2013
Pengajar: Dr. Ir. Budi Rahardjo
Dikerjakan Oleh: Perdana Kusumah / 23512076 / Program LTI
Tugas: Mencari contoh software yang security-nya bermasalah!
Berikut beberapa contoh aplikasi web-based yang memiliki masalah dengan security-nya:
1. UDESA (http://www.udesa.co.za). Memiliki kelemahan pada bagian user authentication, dapat dilakukan SQL injection pada web aplikasi ini. Dengan memasukkan scipt tambahan SQL 1’ OR ‘1’ = ‘1, siapapun dapat masuk ke dalam menu admin.
Gambar 1. Tampilan Awal Login UDESA
Gambar 2. UDESA ketika dientri sql injection
Gambar 3. Berhasil masuk ke dalam menu admin UDESA
2. SANDERS GOLF (http://www.crsandersgolf.com ). Web aplikasi ini sama halnya dengan permasalahan yang dihadapi pada poin 1.
Gambar 4. Tampilan Awal Login SANDERS GOLF
Gambar 5. SANDERS GOLF ketika dientri sql injection
Gambar 6. Berhasil masuk ke dalam menu admin SANDERS GOLF
3. KPU DKI Jakarta (http://www.kpujakarta.go.id ).
Gambar 7. Tampilan KPU DKI Jakarta sebelum ada masalah
Web aplikasi ini memiliki beberapa permasalahan, seperti: a. Informasi mengenai database yang digunakan dapat diketahui, yaitu MySQL.
Gambar 8. KPU DKI Jakarta menampilkan error database MySQL
b. Apabila terjadi kesalahan entri dari pengguna, memunculkan query syntax yang digunakan.
Gambar 9. Tampilan error KPU DKI Jakarta ketika peguna salah entri
c. Pada field pencarian, hanya mengambil apapun yang dientri oleh pengguna tanpa adanya filtering. Hal ini memungkinkan untuk dilakukannya sql injection (seperti pembuatan query sendiri oleh pengguna, penambahan script ataupun delete database).
Gambar 10. KPU DKI Jakarta dapat dientri query oleh pengguna
Gambar 11. Form login KPU DKI Jakarta dapat dientri dengan sql injection
d. Memunculkan daftar file dari suatu directory dalam web-server.
Gambar 12. Daftar file yang ada dalam directory web-server KPU DKI Jakarta
4. NIC ITB (http://nic.itb.ac.id ) Secara keseluruhan security web NIC ITB ini sudah cukup baik, namun ada beberapa kelemahan setelah dilakukan scanning menggunakan software khusus untuk tracing (acunetix). Berikut beberapa hal yang dapat disampaikan: a. Versi PHP yang digunakan masih versi lama (5.2.17), dimana dimungkinkan dilakukan DOS
attack terhadap hash table-nya. b. Ketik terjadi error request, masih memunculkan header information yang berisi HTTPOnly
cookies. c. Pada form pengisian username dan password masih dimungkinkan dilakukan brute force
attack karena belum ada mekanisme pembatasan jumlah kesalahan entri username dan password yang salah. Namun, web ini sudah baik untuk menangani sql injection.
d. Konfigurasi HTTP TRACE masih enabled, sehingga informasi sensitif header HTTP (seperti cookies dan authentication data) masih dimungkinkan untuk diakses.
e. Pada konfigurasi textbox input username atau password masih ada pengaturan autocomplete=”on”, sehingga informasi tersebut masih tersimpan di dalam browser-cache, dampaknya ada reminder dari browser kepada pengguna terkait nilai yang pernah dientri sebelumnya.
Terlampir report hasil scan acunetix.
LAMPIRAN
Apache httpOnly Cookie Disclosure
MediumSeverity
ValidationType
Scripting (Apache_httpOnly_Cookie_Disclosure.script)Reported by module
Impact
Description
Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of BadRequest (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectorsinvolving a (1) long or (2) malformed header in conjunction with crafted web script. Affected Apache versions (up to 2.0.21).
Information disclosure.
Recommendation
Upgrade Apache 2.x to the latest version. Apache 2.2.22 is the first version that fixed this issue.
References
Apache httpOnly Cookie Disclosure
Fixed in Apache httpd 2.2.22
Affected items
Details
Web Server
Pattern found: <pre>Cookie: acunetixCookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
GET / HTTP/1.1
(line truncated)
...AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
9Acunetix Website Audit
Login page password-guessing attack
LowSeverity
ValidationType
Scripting (Html_Authentication_Audit.script)Reported by module
Impact
Description
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attackis an attempt to discover a password by systematically trying every possible combination of letters, numbers, andsymbols until you discover the one correct combination that works. This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommendedto implement some type of account lockout after a defined number of incorrect password attempts. Consult Webreferences for more information about fixing this problem.
An attacker may attempt to discover a weak password by systematically trying every possible combination of letters,numbers, and symbols until it discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
References
Blocking Brute Force Attacks
Affected items
Details
/cake/accounts/cekKompatibilitas
The scanner tested 10 invalid credentials and no account lockout was detected.
POST /cake/accounts/cekKompatibilitas HTTP/1.1
Content-Length: 81
Content-Type: application/x-www-form-urlencoded
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
data%5bAccount%5d%5bpassword%5d=s7QkeR2G&data%5bAccount%5d%5busername%5d=CCQAAbwM
Request headers
Details
/cake/accounts/cekPassword
The scanner tested 10 invalid credentials and no account lockout was detected.
POST /cake/accounts/cekPassword HTTP/1.1
Content-Length: 81
Content-Type: application/x-www-form-urlencoded
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
10Acunetix Website Audit
data%5bAccount%5d%5bpassword%5d=dmyicnnW&data%5bAccount%5d%5busername%5d=8UKB6oNT
Details
/cake/accounts/historyBlockUser
The scanner tested 10 invalid credentials and no account lockout was detected.
POST /cake/accounts/historyBlockUser HTTP/1.1
Content-Length: 81
Content-Type: application/x-www-form-urlencoded
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
data%5bAccount%5d%5bpassword%5d=FSSssvtx&data%5bAccount%5d%5busername%5d=9Ru7bUpb
Request headers
Details
/cake/accounts/historyInternet
The scanner tested 10 invalid credentials and no account lockout was detected.
POST /cake/accounts/historyInternet HTTP/1.1
Content-Length: 81
Content-Type: application/x-www-form-urlencoded
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
data%5bAccount%5d%5bpassword%5d=Sq12DaYu&data%5bAccount%5d%5busername%5d=kgGDz1e5
Request headers
Details
/cake/accounts/resetByAdmin
The scanner tested 10 invalid credentials and no account lockout was detected.
POST /cake/accounts/resetByAdmin HTTP/1.1
Content-Length: 136
Content-Type: application/x-www-form-urlencoded
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
data%5bAccount%5d%5bpasswordadmin%5d=bd8KgPAh&data%5bAccount%5d%5busernameadmin%5d=W3gT7
zwd&data%5bAccount%5d%5busernameuser%5d=mqxqsucr
Request headers
Details
/cake/web/login
The scanner tested 10 invalid credentials and no account lockout was detected.
POST /cake/web/login HTTP/1.1
Content-Length: 81
Content-Type: application/x-www-form-urlencoded
Request headers
11Acunetix Website Audit
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
data%5bAccount%5d%5bpassword%5d=KoYMEgdR&data%5bAccount%5d%5busername%5d=MdB5cmRa
12Acunetix Website Audit
Possible sensitive directories
LowSeverity
ValidationType
Scripting (Possible_Sensitive_Directories.script)Reported by module
Impact
Description
A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks forcommon sensitive resources like backup directories, database dumps, administration pages, temporary directories. Eachone of these directories could help an attacker to learn more about his target.
This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.
Recommendation
Restrict access to this directory or remove it from the website.
References
Web Server Security and Database Server Security
Affected items
Details
/cake/app/config
No details are available.
GET /cake/app/config HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Request headers
Details
/cake/app/tmp
No details are available.
GET /cake/app/tmp HTTP/1.1
Accept: acunetix/wvs
Range: bytes=0-99999
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Request headers
13Acunetix Website Audit
TRACE method is enabled
LowSeverity
ValidationType
Scripting (Track_Trace_Server_Methods.script)Reported by module
Impact
Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in webbrowsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies andauthentication data.
Recommendation
Disable TRACE Method on the web server.
References
W3C - RFC 2616
US-CERT VU#867593
IIS 6 WWW Service Registry Entries
Cross-site tracing (XST)
Affected items
Details
Web Server
No details are available.
TRACE /p0KgTQtkjs HTTP/1.1
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
14Acunetix Website Audit
Broken links
InformationalSeverity
InformationalType
CrawlerReported by module
Impact
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error.This page was linked from the website but it is inaccessible.
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
Details
/cake/app/config
No details are available.
GET /cake/app/config/ HTTP/1.1
Pragma: no-cache
Referer: http://nic.itb.ac.id/cake/app/config/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/app/plugins
No details are available.
GET /cake/app/plugins/ HTTP/1.1
Pragma: no-cache
Referer: http://nic.itb.ac.id/cake/app/plugins/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
15Acunetix Website Audit
Details
/cake/app/tmp
No details are available.
GET /cake/app/tmp/ HTTP/1.1
Pragma: no-cache
Referer: http://nic.itb.ac.id/cake/app/tmp/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/css/img
No details are available.
GET /cake/css/img HTTP/1.1
Pragma: no-cache
Referer: http://nic.itb.ac.id/cake/css/img
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/news/web
No details are available.
GET /cake/news/web HTTP/1.1
Pragma: no-cache
Referer: http://nic.itb.ac.id/cake/news/web
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/news/web/downloadorder
No details are available.
16Acunetix Website Audit
GET /cake/news/web/downloadorder HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/news/view/8
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/web/downloadorder
No details are available.
GET /web/downloadorder HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/news
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
17Acunetix Website Audit
Email address found
InformationalSeverity
InformationalType
Scripting (Text_Search.script)Reported by module
Impact
Description
One or more email addresses have been found on this page. The majority of spam comes from email addressesharvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scourthe internet looking for email addresses on any website they come across. Spambot programs look for strings [email protected] and then record any addresses found.
Email addresses posted on Web sites may attract spam.
Recommendation
Check references for details on how to solve this problem.
References
Why Am I Getting All This Spam?
Spam-Proofing Your Website
Affected items
Details
/cake/news/view/7
Pattern found: [email protected]
GET /cake/news/view/7 HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/news
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/web/exampledownloadorder
Pattern found: [email protected]
GET /cake/web/exampledownloadorder HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/downloads/downloadorder
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Request headers
18Acunetix Website Audit
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
19Acunetix Website Audit
GHDB: Possible temporary file/directory
InformationalSeverity
InformationalType
GHDBReported by module
Impact
Description
The description for this alert is contributed by the GHDB community, it may contain inappropriate language.Category : Sensitive Directories Many times, this search will reveal temporary files and directories on the web server. The information included in thesefiles and directories will vary, but an attacker could use this information in an information gathering campaign. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.
Not available. Check description.
Recommendation
Not available. Check description.
References
Acunetix Google hacking
The Google Hacking Database (GHDB) community
Affected items
Details
/cake/app/tmp
We found inurl:/tmp
GET /cake/app/tmp/ HTTP/1.1
Pragma: no-cache
Referer: http://nic.itb.ac.id/cake/app/tmp/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/app/tmp
We found inurl:/tmp
GET /cake/app/tmp HTTP/1.1
Pragma: no-cache
Referer: http://nic.itb.ac.id/cake/app/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
Request headers
20Acunetix Website Audit
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
21Acunetix Website Audit
Password type input with autocomplete enabled
InformationalSeverity
InformationalType
CrawlerReported by module
Impact
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the passwordshould be saved. Thereafter when the form is displayed, the name and password are filled in automatically or arecompleted as the name is entered. An attacker with local access could obtain the cleartext password from the browsercache.
Possible sensitive information disclosure
Recommendation
The password autocomplete should be disabled in sensitive applications. To disable autocomplete, you may use a code similar to: <INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
Details
/cake/accounts/blokirAccount
Password type input named data[Account][passwordadmin] from unnamed form with action/cake/accounts/blokirAccount has autocomplete enabled.
GET /cake/accounts/blokirAccount HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/accounts/cekKompatibilitas
Password type input named data[Account][password] from unnamed form with action /cake/accounts/cekKompatibilitashas autocomplete enabled.
GET /cake/accounts/cekKompatibilitas HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Request headers
22Acunetix Website Audit
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Details
/cake/accounts/cekPassword
Password type input named data[Account][password] from unnamed form with action /cake/accounts/cekPassword hasautocomplete enabled.
GET /cake/accounts/cekPassword HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/accounts/historyBlockUser
Password type input named data[Account][password] from unnamed form with action /cake/accounts/historyBlockUserhas autocomplete enabled.
GET /cake/accounts/historyBlockUser HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/accounts/historyInternet
Password type input named data[Account][password] from unnamed form with action /cake/accounts/historyInternet hasautocomplete enabled.
GET /cake/accounts/historyInternet HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Request headers
23Acunetix Website Audit
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Details
/cake/accounts/registrasivoip
Password type input named data[Account][password] from unnamed form with action /cake/accounts/registrasivoip hasautocomplete enabled.
GET /cake/accounts/registrasivoip HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/accounts/resetByAdmin
Password type input named data[Account][passwordadmin] from unnamed form with action/cake/accounts/resetByAdmin has autocomplete enabled.
GET /cake/accounts/resetByAdmin HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/accounts/ubahPassword
Password type input named data[Account][renewpassword] from unnamed form with action/cake/accounts/ubahPassword has autocomplete enabled.
GET /cake/accounts/ubahPassword HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Request headers
24Acunetix Website Audit
Accept: */*
Details
/cake/accounts/ubahPassword
Password type input named data[Account][newpassword] from unnamed form with action /cake/accounts/ubahPasswordhas autocomplete enabled.
GET /cake/accounts/ubahPassword HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/accounts/ubahPassword
Password type input named data[Account][password] from unnamed form with action /cake/accounts/ubahPassword hasautocomplete enabled.
GET /cake/accounts/ubahPassword HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/accounts/ubahResetPassword
Password type input named data[Account][resetpassword] from unnamed form with action/cake/accounts/ubahResetPassword has autocomplete enabled.
GET /cake/accounts/ubahResetPassword HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
25Acunetix Website Audit
Details
/cake/accounts/ubahResetPassword
Password type input named data[Account][password] from unnamed form with action/cake/accounts/ubahResetPassword has autocomplete enabled.
GET /cake/accounts/ubahResetPassword HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/accounts/ubahResetPassword
Password type input named data[Account][reresetpassword] from unnamed form with action/cake/accounts/ubahResetPassword has autocomplete enabled.
GET /cake/accounts/ubahResetPassword HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/downloads/downloadorder
Password type input named data[Download][filepassword] from unnamed form with action/cake/downloads/downloadorder has autocomplete enabled.
GET /cake/downloads/downloadorder HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
26Acunetix Website Audit
Details
/cake/downloads/downloadorder
Password type input named data[Download][password] from unnamed form with action /cake/downloads/downloadorderhas autocomplete enabled.
GET /cake/downloads/downloadorder HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/downloads/downloadpaper
Password type input named data[DownloadPaper][password] from unnamed form with action/cake/downloads/downloadpaper has autocomplete enabled.
GET /cake/downloads/downloadpaper HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
Details
/cake/web/exampledownloadorder
Password type input named from unnamed form with action /cake/web/downloadorder has autocomplete enabled.
GET /cake/web/exampledownloadorder HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/downloads/downloadorder
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
27Acunetix Website Audit
Details
/cake/web/login
Password type input named data[Account][password] from unnamed form with action /cake/web/login has autocompleteenabled.
GET /cake/web/login HTTP/1.1
Pragma: no-cache
Referer: https://nic.itb.ac.id/cake/index.php
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: CAKEPHP=2323a4ffabd8ffeq58sktcct87
Host: nic.itb.ac.id
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
Request headers
28Acunetix Website Audit
Scanned items (coverage report)
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/
6 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
/ Path Fragment
/cake/ Path Fragment
Input scheme 2
Input name Input type
/ Path Fragment
/ Path Fragment
/cake/ Path Fragment
Input scheme 3
Input name Input type
/cake/ Path Fragment
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/index.php
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/view
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/view/8
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/view/7
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/view/13
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/view/14
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/view/12
No input(s) found for this URL
29Acunetix Website Audit
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/view/10
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/view/11
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/index
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/web
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/news/web/downloadorder
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/faqs
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/policy
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/policy/view
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/policy/view/5
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/policy/view/4
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/policy/view/3
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/policy/view/6
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/policy/view/12
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/policy/view/index.php
2 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
30Acunetix Website Audit
menu URL encoded GET
mode URL encoded GET
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/service
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/service/view
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/service/view/9
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/service/view/8
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/service/view/13
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/service/view/11
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/service/view/10
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/6
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/8
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/9
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/5
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/3
No input(s) found for this URL
31Acunetix Website Audit
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/4
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/13
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/14
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/15
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/12
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/10
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/11
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/view/index.php
2 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
menu URL encoded GET
mode URL encoded GET
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/articles/index
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/web
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/web/about
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/web/login
2 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bpassword%5d URL encoded POST
data%5bAccount%5d%5busername%5d URL encoded POST
32Acunetix Website Audit
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/web/contact
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/web/exampledownloadorder
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/web/downloadorder
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bweb%5d%5busername%5d URL encoded POST
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/img
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/css
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/css/default.css
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/css/img
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/cekAccount
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5busername%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/cekPassword
2 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bpassword%5d URL encoded POST
data%5bAccount%5d%5busername%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/ubahPassword
4 input(s) found for this URL
33Acunetix Website Audit
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bnewpassword%5d URL encoded POST
data%5bAccount%5d%5bpassword%5d URL encoded POST
data%5bAccount%5d%5brenewpassword%5d URL encoded POST
data%5bAccount%5d%5busername%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/resetByAdmin
3 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bpasswordadmin%5d URL encoded POST
data%5bAccount%5d%5busernameadmin%5d URL encoded POST
data%5bAccount%5d%5busernameuser%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/blokirAccount
8 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bblokirsampaid%5d URL encoded POST
data%5bAccount%5d%5bblokirsampaim%5d URL encoded POST
data%5bAccount%5d%5bblokirsampaiy%5d URL encoded POST
data%5bAccount%5d%5bblokirsebab%5d URL encoded POST
data%5bAccount%5d%5bpasswordadmin%5d URL encoded POST
data%5bAccount%5d%5btipeblokir%5d URL encoded POST
data%5bAccount%5d%5busernameadmin%5d URL encoded POST
data%5bAccount%5d%5busernameuser%5d URL encoded POST
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/resetPassword
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/resetPassword/2
1 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5busername%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/registrasivoip
3 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bno%5d URL encoded POST
data%5bAccount%5d%5bpassword%5d URL encoded POST
data%5bAccount%5d%5busername%5d URL encoded POST
34Acunetix Website Audit
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/historyInternet
2 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bpassword%5d URL encoded POST
data%5bAccount%5d%5busername%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/historyBlockUser
2 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bpassword%5d URL encoded POST
data%5bAccount%5d%5busername%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/ubahResetPassword
5 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bhint%5d URL encoded POST
data%5bAccount%5d%5bpassword%5d URL encoded POST
data%5bAccount%5d%5breresetpassword%5d URL encoded POST
data%5bAccount%5d%5bresetpassword%5d URL encoded POST
data%5bAccount%5d%5busername%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/accounts/cekKompatibilitas
2 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bAccount%5d%5bpassword%5d URL encoded POST
data%5bAccount%5d%5busername%5d URL encoded POST
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/downloads
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/downloads/downloadorder
8 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bDownload%5d%5bakun%5d URL encoded POST
data%5bDownload%5d%5balamat%5d URL encoded POST
data%5bDownload%5d%5bdeskripsi%5d URL encoded POST
data%5bDownload%5d%5bemail%5d URL encoded POST
35Acunetix Website Audit
data%5bDownload%5d%5bfilepassword%5d URL encoded POST
data%5bDownload%5d%5bfileusername%5d URL encoded POST
data%5bDownload%5d%5bpassword%5d URL encoded POST
data%5bDownload%5d%5breferal%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/downloads/downloadpaper
9 input(s) found for this URL
Inputs
Input scheme 1
Input name Input type
data%5bDownloadPaper%5d%5bakun%5d URL encoded POST
data%5bDownloadPaper%5d%5bemail%5d URL encoded POST
data%5bDownloadPaper%5d%5bjudul%5d URL encoded POST
data%5bDownloadPaper%5d%5bjurnal%5d URL encoded POST
data%5bDownloadPaper%5d%5bpassword%5d URL encoded POST
data%5bDownloadPaper%5d%5bpenerbit%5d URL encoded POST
data%5bDownloadPaper%5d%5bpenulis%5d URL encoded POST
data%5bDownloadPaper%5d%5burl%5d URL encoded POST
data%5bDownloadPaper%5d%5bvolume%5d URL encoded POST
Vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/webroot/
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/app/webroot/img/
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/cake/app/webroot/css/
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/webroot/js/
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/webroot/files/
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/config/
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/tmp/
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/plugins/
No input(s) found for this URL
36Acunetix Website Audit
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/js
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/files
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/cake/app/img
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/web
No input(s) found for this URL
Vulnerabilities has been identified for this URL
URL: https://nic.itb.ac.id/web/downloadorder
No input(s) found for this URL
No vulnerabilities has been identified for this URL
URL: http://nic.itb.ac.id/image/
No input(s) found for this URL
37Acunetix Website Audit