SUMMARY OF FINDINGS (Scanned Node: 192.168.56.1)


Risk Count
High 12
Medium 28
Low 2
Warning 0
Information 0
Total 42

No Vulnerability Name Risk Severity Cvss score Occurrences
1 Insecure communication High High 8.1 9
2 Directory traversal High High 7.5 3
3 Verb tampering Medium Medium 6.4 9
4 Weak password policy Medium Medium 5.6 1
5 Sensitive information disclosure in response headers Medium Medium 5.0 10
6 Missing httponly flag in the set-cookie Medium Medium 5.0 2
7 Missing security headers - X-Content-Type-Options Medium Medium 5.0 2
8 Missing security headers - X-Frame-Options Medium Medium 5.0 2
9 Technical information exposure on the webpage Low Low 3.1 2
10 Autocomplete on password fields Medium Medium 4.3 1
11 Autocomplete on sensitive fields Medium Medium 4.3 1

Payloads and Evidence are highlighted in the red color.


Findings: 1 Insecure communication

Risk High
Severity High
CVSS Score 8.1
Occurrences 9
Details Yaazhini detected insecure communication vulnerability. Insecure communications are when a client and server communicate over a non-secure (unencrypted) channel. Without encrypting the channel, the developer can’t guarantee the integrity of the data.
Remediation Make sure all client-to-server connections are encrypted with SSL.
URL:http://192.168.56.1/dvwa/vulnerabilities/sqli/
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/index.php
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:11:39 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 5278
keep-alive: timeout=5, max=100
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200
URL:http://192.168.56.1/dvwa/vulnerabilities/xss_r/?name=abc
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/vulnerabilities/xss_r/
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:12:09 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 5157
keep-alive: timeout=5, max=100
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200
URL:http://192.168.56.1/dvwa/vulnerabilities/weak_id/
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:11:42 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 4310
keep-alive: timeout=5, max=99
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200
URL:http://192.168.56.1/dvwa/login.php
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:11:10 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
set-cookie: PHPSESSID=duhpjesrk9drkdvvg02cnn5alv; path=/,PHPSESSID=duhpjesrk9drkdvvg02cnn5alv; path=/,security=low
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 1523
keep-alive: timeout=5, max=100
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200
URL:http://192.168.56.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:11:55 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 5337
keep-alive: timeout=5, max=100
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200
URL:http://192.168.56.1/dvwa/index.php
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Referer: http://192.168.56.1/dvwa/login.php
Connection: keep-alive
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:11:30 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 7510
keep-alive: timeout=5, max=99
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200
URL:http://192.168.56.1/dvwa/vulnerabilities/xss_r/
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:12:01 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 5137
keep-alive: timeout=5, max=100
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200
URL:http://192.168.56.1/dvwa/vulnerabilities/exec/
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/vulnerabilities/xss_r/?name=abc
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:12:15 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 4966
keep-alive: timeout=5, max=100
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200
URL:http://192.168.56.1/dvwa/vulnerabilities/exec/
Occurrences in this URL: 1
Request Response
Method: POST
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Origin: http://192.168.56.1
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/vulnerabilities/exec/
Upgrade-Insecure-Requests: 1

ip=127.0.0.1&Submit=Submit		 date: Fri, 16 Jul 2021 11:12:26 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
x-powered-by: PHP/7.3.5
expires: Tue, 23 Jun 2009 12:00:00 GMT
cache-control: no-cache, must-revalidate
pragma: no-cache
content-length: 5395
keep-alive: timeout=5, max=100
connection: Keep-Alive
content-type: text/html;charset=utf-8
Cache-Control: no-cache
status code: 200

Findings: 2 Directory traversal

Risk High
Severity High
CVSS Score 7.5
Occurrences 3
Details Yaazhini detected the directory traversal in the application. A directory traversal attack aims to access files and directories stored outside the webroot folder. By manipulating the URL path with 'dot-dot-slash (../)' sequences and its variations by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code or configuration and critical system files.
Remediation Disable directory traversal.
URL:http://192.168.56.1/dvwa/dvwa/
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/vulnerabilities/exec/		 date: Fri, 16 Jul 2021 11:13:59 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
content-length: 1618
keep-alive: timeout=5, max=90
connection: Keep-Alive
content-type: text/html;charset=UTF-8
status code: 200

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /dvwa/dvwa</title> </head> <body> <h1>Index of /dvwa/dvwa</h1> <table> <tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr> <tr><th colspan="5"><hr></th></tr> <tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/dvwa/">Parent Directory</a> </td><td>&nbsp;</td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="css/">css/</a> </td><td align="right">2018-06-05 10:40 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="images/">images/</a> </td><td align="right">2018-06-05 10:40 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="includes/">includes/</a> </td><td align="right">2018-06-05 10:40 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="js/">js/</a> </td><td align="right">2018-06-05 10:40 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><th colspan="5"><hr></th></tr> </table> <address>Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5 Server at 192.168.56.1 Port 80</address> </body></html>
URL:http://192.168.56.1/dvwa/vulnerabilities/
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/index.php
Upgrade-Insecure-Requests: 1		 date: Fri, 16 Jul 2021 11:14:00 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
content-length: 3967
keep-alive: timeout=5, max=64
connection: Keep-Alive
content-type: text/html;charset=UTF-8
status code: 200

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /dvwa/vulnerabilities</title> </head> <body> <h1>Index of /dvwa/vulnerabilities</h1> <table> <tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr> <tr><th colspan="5"><hr></th></tr> <tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/dvwa/">Parent Directory</a> </td><td>&nbsp;</td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="brute/">brute/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="captcha/">captcha/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="csrf/">csrf/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="exec/">exec/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="fi/">fi/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="sqli/">sqli/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="sqli_blind/">sqli_blind/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="upload/">upload/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="view_help.php">view_help.php</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">632 </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="view_source.php">view_source.php</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">1.6K</td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/text.gif" alt="[TXT]"></td><td><a href="view_source_all.php">view_source_all.php</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">2.6K</td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="weak_id/">weak_id/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="xss_d/">xss_d/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="xss_r/">xss_r/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/folder.gif" alt="[DIR]"></td><td><a href="xss_s/">xss_s/</a> </td><td align="right">2017-09-19 10:19 </td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><th colspan="5"><hr></th></tr> </table> <address>Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5 Server at 192.168.56.1 Port 80</address> </body></html>
URL:http://192.168.56.1/dvwa/dvwa/images/
Occurrences in this URL: 1
Request Response
Method: GET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: image/webp,*/*
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: http://192.168.56.1/dvwa/vulnerabilities/exec/		 date: Fri, 16 Jul 2021 11:12:40 GMT
server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
content-length: 2300
keep-alive: timeout=5, max=75
connection: Keep-Alive
content-type: text/html;charset=UTF-8
status code: 200

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <html> <head> <title>Index of /dvwa/dvwa/images</title> </head> <body> <h1>Index of /dvwa/dvwa/images</h1> <table> <tr><th valign="top"><img src="/icons/blank.gif" alt="[ICO]"></th><th><a href="?C=N;O=D">Name</a></th><th><a href="?C=M;O=A">Last modified</a></th><th><a href="?C=S;O=A">Size</a></th><th><a href="?C=D;O=A">Description</a></th></tr> <tr><th colspan="5"><hr></th></tr> <tr><td valign="top"><img src="/icons/back.gif" alt="[PARENTDIR]"></td><td><a href="/dvwa/dvwa/">Parent Directory</a> </td><td>&nbsp;</td><td align="right"> - </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/image2.gif" alt="[IMG]"></td><td><a href="RandomStorm.png">RandomStorm.png</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">4.4K</td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/image2.gif" alt="[IMG]"></td><td><a href="dollar.png">dollar.png</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">299 </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/image2.gif" alt="[IMG]"></td><td><a href="lock.png">lock.png</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">761 </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/image2.gif" alt="[IMG]"></td><td><a href="login_logo.png">login_logo.png</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">8.9K</td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/image2.gif" alt="[IMG]"></td><td><a href="logo.png">logo.png</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">4.9K</td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/image2.gif" alt="[IMG]"></td><td><a href="spanner.png">spanner.png</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">464 </td><td>&nbsp;</td></tr> <tr><td valign="top"><img src="/icons/image2.gif" alt="[IMG]"></td><td><a href="warning.png">warning.png</a> </td><td align="right">2017-09-19 10:19 </td><td align="right">423 </td><td>&nbsp;</td></tr> <tr><th colspan="5"><hr></th></tr> </table> <address>Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5 Server at 192.168.56.1 Port 80</address> </body></html>

Findings: 3 Verb tampering

Risk Medium
Severity Medium
CVSS Score 6.4
Occurrences 9
Details Yaazhini detected verb tampering vulnerability. The HTTP includes many request methods other than the standard GET, POST, PUT and PATCH requests. A web server may respond to these alternative methods and return some data. Sometimes it may reveal some fruitful information to the attacker.
Remediation
  • Apply a whitelist of permitted HTTP Methods e.g. GET, POST, PUT.
  • Reject all requests not matching the whitelisted HTTP Methods with HTTP response code 405 Method not allowed.

    		•
    URL:http://192.168.56.1/dvwa/vulnerabilities/sqli/
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/index.php
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:58 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    keep-alive: timeout=5, max=100
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/vulnerabilities/sqli/ HTTP/1.1 Host: 192.168.56.1 Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 Referer: http://192.168.56.1/dvwa/index.php Accept-Encoding: gzip, deflate
    URL:http://192.168.56.1/dvwa/vulnerabilities/xss_r/?name=abc
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/xss_r/
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:58 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    keep-alive: timeout=5, max=93
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/vulnerabilities/xss_r/?name=abc HTTP/1.1 Host: 192.168.56.1 Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 Referer: http://192.168.56.1/dvwa/vulnerabilities/xss_r/ Accept-Encoding: gzip, deflate
    URL:http://192.168.56.1/dvwa/vulnerabilities/weak_id/
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    keep-alive: timeout=5, max=91
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/vulnerabilities/weak_id/ HTTP/1.1 Host: 192.168.56.1 Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/ Accept-Encoding: gzip, deflate
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    keep-alive: timeout=5, max=83
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/login.php HTTP/1.1 Host: 192.168.56.1 Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 Accept-Encoding: gzip, deflate
    URL:http://192.168.56.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    keep-alive: timeout=5, max=82
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1 Host: 192.168.56.1 Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/ Accept-Encoding: gzip, deflate
    URL:http://192.168.56.1/dvwa/index.php
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Referer: http://192.168.56.1/dvwa/login.php
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:58 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    keep-alive: timeout=5, max=100
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/index.php HTTP/1.1 Host: 192.168.56.1 Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 Referer: http://192.168.56.1/dvwa/login.php Accept-Encoding: gzip, deflate
    URL:http://192.168.56.1/dvwa/vulnerabilities/xss_r/
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:58 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    keep-alive: timeout=5, max=93
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/vulnerabilities/xss_r/ HTTP/1.1 Host: 192.168.56.1 Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit Accept-Encoding: gzip, deflate
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Content-Type: application/x-www-form-urlencoded
    Origin: http://192.168.56.1
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/login.php
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:58 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=9loh2v2l7h8ffuso7nh6f1oldc; path=/,PHPSESSID=9loh2v2l7h8ffuso7nh6f1oldc; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=96
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Login :: Damn Vulnerable Web Application (DVWA) v1.10 *Development*</title> <link rel="stylesheet" type="text/css" href="dvwa/css/login.css" /> </head> <body> <div id="wrapper"> <div id="header"> <br /> <p><img src="dvwa/images/login_logo.png" /></p> <br /> </div> <!--<div id="header">--> <div id="content"> <form action="login.php" method="post"> <fieldset> <label for="user">Username</label> <input type="text" class="loginInput" size="20" name="username"><br /> <label for="pass">Password</label> <input type="password" class="loginInput" AUTOCOMPLETE="off" size="20" name="password"><br /> <br /> <p class="submit"><input type="submit" value="Login" name="Login"></p> </fieldset> <input type='hidden' name='user_token' value='2c3f4c5cd7593478e92825524b5a4553' /> </form> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <!-- <img src="dvwa/images/RandomStorm.png" /> --> </div > <!--<div id="content">--> <div id="footer"> <p><a href="http://www.dvwa.co.uk/" target="_blank">Damn Vulnerable Web Application (DVWA)</a></p> </div> <!--<div id="footer"> --> </div> <!--<div id="wrapper"> --> </body> </html>
    URL:http://192.168.56.1/dvwa/vulnerabilities/exec/
    Occurrences in this URL: 1
    Request Response
    Method: TRACE
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/xss_r/?name=abc
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    keep-alive: timeout=5, max=89
    connection: Keep-Alive
    transfer-encoding: chunked
    content-type: message/http
    status code: 200

    TRACE /dvwa/vulnerabilities/exec/ HTTP/1.1 Host: 192.168.56.1 Connection: keep-alive Content-Length: 0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Upgrade-Insecure-Requests: 1 Referer: http://192.168.56.1/dvwa/vulnerabilities/xss_r/?name=abc Accept-Encoding: gzip, deflate

    Findings: 4 Weak password policy

    Risk Medium
    Severity Medium
    CVSS Score 5.6
    Occurrences 1
    Details Yaazhini detected the weak password policy in the application. A weak password policy leaves the application open to the dictionary and brute force attack against the user account. The attacker can take over the user account if he guesses or determines a weak password.
    Remediation Implement a strong password policy that includes the following:
  • One or more uppercase characters
  • One or more numerical digits
  • One or more special characters
  • Minimum length of 8 characters
  • Disallow any part of the username
  • Disallow dictionary words
  • Disallow any character more than three times in succession
  • Disallow previously used passwords

    		•
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: POST
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Content-Type: application/x-www-form-urlencoded
    Origin: http://192.168.56.1
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/login.php
    Upgrade-Insecure-Requests: 1

    Login=Login&password=password&user_token=6c36e666e030e90ef005255908b436a6&username=admin    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:11:29 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=100
    location: index.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    Cache-Control: no-cache
    status code: 302

    Findings: 5 Sensitive information disclosure in response headers

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 10
    Details Yaazhini detected sensitive information disclosure in response headers. Information gathering is a type of attack during which the attackers send requests to the server to gather more information. If the server is not configured correctly, it may leak information about itself, such as the server version, PHP/ASP.NET version, OpenSSH version. These issues are not exploitable in most cases but are considered web application security issues because they allow attackers to gather the information that can be used later in the attack lifecycle.
    Remediation
  • Remove the unnecessary information from HTTP response headers related to the OS, web server version, and application frameworks.
  • Ensure that your web server does not send out response headers or background information that reveals technical details about the back-end technology type, version, or setup.


    • 1.     X-Powered-By header is visible to client
    2.     Server header is visible to client
    URL:http://192.168.56.1/dvwa/vulnerabilities/sqli/
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/index.php
    Upgrade-Insecure-Requests: 1    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:13:59 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=70
    location: ../../login.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    status code: 302
    URL:http://192.168.56.1/dvwa/vulnerabilities/xss_r/?name=abc
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/xss_r/
    Upgrade-Insecure-Requests: 1    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:14:00 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=60
    location: ../../login.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    status code: 302
    URL:http://192.168.56.1/dvwa/vulnerabilities/weak_id/
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/
    Upgrade-Insecure-Requests: 1    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:14:00 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=86
    location: ../../login.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    status code: 302
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:14:00 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=92k9ptt9vond3ohht17e3a3e70; path=/,PHPSESSID=92k9ptt9vond3ohht17e3a3e70; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=59
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200
    URL:http://192.168.56.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/
    Upgrade-Insecure-Requests: 1    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:14:00 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=63
    location: ../../login.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    status code: 302
    URL:http://192.168.56.1/dvwa/index.php
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Referer: http://192.168.56.1/dvwa/login.php
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:13:59 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=72
    location: login.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    status code: 302
    URL:http://192.168.56.1/dvwa/vulnerabilities/xss_r/
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit
    Upgrade-Insecure-Requests: 1    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:14:00 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=69
    location: ../../login.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    status code: 302
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: POST
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Content-Type: application/x-www-form-urlencoded
    Origin: http://192.168.56.1
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/login.php
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:14:00 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=tfhrbrpbhl749sj65a2ijk7rs4; path=/,PHPSESSID=tfhrbrpbhl749sj65a2ijk7rs4; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=66
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200
    URL:http://192.168.56.1/dvwa/vulnerabilities/exec/
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/xss_r/?name=abc
    Upgrade-Insecure-Requests: 1    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:14:00 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=66
    location: ../../login.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    status code: 302
    URL:http://192.168.56.1/dvwa/vulnerabilities/exec/
    Occurrences in this URL: 1
    Request Response
    Method: POST
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Content-Type: application/x-www-form-urlencoded
    Origin: http://192.168.56.1
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/vulnerabilities/exec/
    Upgrade-Insecure-Requests: 1    		 cache-control: no-store, no-cache, must-revalidate
    connection: Keep-Alive
    content-length: 0
    content-type: text/html; charset=UTF-8
    date: Fri, 16 Jul 2021 11:14:00 GMT
    expires: Thu, 19 Nov 1981 08:52:00 GMT
    keep-alive: timeout=5, max=59
    location: ../../login.php
    pragma: no-cache
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    status code: 302

    Findings: 6 Missing httponly flag in the set-cookie

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 2
    Details HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie. it tells the browser that this particular cookie should only be accessed by the server.
    Remediation Yaazhini detected the HttpOnly flag in the set-cookie response header is missing. HttpOnly flag an option that can be set by the application server when sending a new cookie to the browser within an HTTP Response. The purpose of an HttpOnly flag is to prevent the cookie from being used by the client-side script (JavaScript).
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:14:00 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=4lejptelhoanmb3u22sb0q2dt4; path=/,PHPSESSID=4lejptelhoanmb3u22sb0q2dt4; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=67
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: POST
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Content-Type: application/x-www-form-urlencoded
    Origin: http://192.168.56.1
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/login.php
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=3fesvbq8nbppov0o1l5fjjcg11; path=/,PHPSESSID=3fesvbq8nbppov0o1l5fjjcg11; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=78
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200

    Findings: 7 Missing security headers - X-Content-Type-Options

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 2
    Details Yaazhini detected that 'X-Content-Type-Options' security header is missing. This issue is only applicable for hybrid apps. There are some HTTP response headers that your application can use to increase security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. The 'X-Content-Type-Options' response HTTP header indicates the browser that the MIME types in the Content-Type headers should not be changed and be followed. Example: X-Content-Type-Options: nosniff If 'X-Content-Type-Options: nosniff' is specified in the response header, the browser checks the content type and blocks the request if the content type is mismatched.
    Remediation It's recommended to implement the x-content-type-options security header. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=drt2cet307brqo824liepc3ue5; path=/,PHPSESSID=drt2cet307brqo824liepc3ue5; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=71
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: POST
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Content-Type: application/x-www-form-urlencoded
    Origin: http://192.168.56.1
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/login.php
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=73pon4qr2ogoetddbsa4dkvhps; path=/,PHPSESSID=73pon4qr2ogoetddbsa4dkvhps; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=79
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200

    Findings: 8 Missing security headers - X-Frame-Options

    Risk Medium
    Severity Medium
    CVSS Score 5.0
    Occurrences 2
    Details Yaazhini detected that 'X-Frame-Options' security header is missing. This issue is only applicable for hybrid apps. There are some HTTP response headers that your application can use to increase security of your application. Once set, these HTTP response headers can restrict modern browsers from running into easily preventable vulnerabilities. X-Frame-Options: The 'X-Frame-Options' HTTP response header can be used to indicate whether browsers should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object>. Values of 'X-Frame-Options' header: X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN DENY: If 'X-Frame-Options: DENY' is specified, the page cannot be displayed in a frame, regardless of the site attempting to do so. SAMEORIGIN: If 'X-Frame-Options: DENY' is specified, the page can only be displayed in a frame on the same origin as the page itself.
    Remediation It's recommended to implement the 'X-Frame-Options' security header with 'deny' or 'sameorigin' value. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options https://www.owasp.org/index.php/OWASP_Secure_Headers_Project#xcto
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=drt2cet307brqo824liepc3ue5; path=/,PHPSESSID=drt2cet307brqo824liepc3ue5; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=71
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: POST
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Content-Type: application/x-www-form-urlencoded
    Origin: http://192.168.56.1
    Connection: keep-alive
    Referer: http://192.168.56.1/dvwa/login.php
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:13:59 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=73pon4qr2ogoetddbsa4dkvhps; path=/,PHPSESSID=73pon4qr2ogoetddbsa4dkvhps; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=79
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    status code: 200

    Findings: 9 Technical information exposure on the webpage

    Risk Low
    Severity Low
    CVSS Score 3.1
    Occurrences 2
    Details Yaazhini identified technical information exposure on the webpage. Information disclosure is when an application fails to properly protect technical, sensitive and confidential information from parties that are not supposed to have access to the subject matter in normal circumstances.
    Remediation Remove unnecessary technical information from the webpage.
    URL:http://192.168.56.1/dvwa/index.php
    Occurrences in this URL: 2
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Referer: http://192.168.56.1/dvwa/login.php
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:11:30 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 7510
    keep-alive: timeout=5, max=99
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    Cache-Control: no-cache

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Welcome :: Damn Vulnerable Web Application (DVWA) v1.10 *Development*</title> <link rel="stylesheet" type="text/css" href="dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="favicon.ico" /> <script type="text/javascript" src="dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="dvwa/images/logo.png" alt="Damn Vulnerable Web Application" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul class="menuBlocks"><li onclick="window.location='.'" class="selected"><a href=".">Home</a></li> <li onclick="window.location='instructions.php'" class=""><a href="instructions.php">Instructions</a></li> <li onclick="window.location='setup.php'" class=""><a href="setup.php">Setup / Reset DB</a></li> </ul><ul class="menuBlocks"><li onclick="window.location='vulnerabilities/brute/'" class=""><a href="vulnerabilities/brute/">Brute Force</a></li> <li onclick="window.location='vulnerabilities/exec/'" class=""><a href="vulnerabilities/exec/">Command Injection</a></li> <li onclick="window.location='vulnerabilities/csrf/'" class=""><a href="vulnerabilities/csrf/">CSRF</a></li> <li onclick="window.location='vulnerabilities/fi/.?page=include.php'" class=""><a href="vulnerabilities/fi/.?page=include.php">File Inclusion</a></li> <li onclick="window.location='vulnerabilities/upload/'" class=""><a href="vulnerabilities/upload/">File Upload</a></li> <li onclick="window.location='vulnerabilities/captcha/'" class=""><a href="vulnerabilities/captcha/">Insecure CAPTCHA</a></li> <li onclick="window.location='vulnerabilities/sqli/'" class=""><a href="vulnerabilities/sqli/">SQL Injection</a></li> <li onclick="window.location='vulnerabilities/sqli_blind/'" class=""><a href="vulnerabilities/sqli_blind/">SQL Injection (Blind)</a></li> <li onclick="window.location='vulnerabilities/weak_id/'" class=""><a href="vulnerabilities/weak_id/">Weak Session IDs</a></li> <li onclick="window.location='vulnerabilities/xss_d/'" class=""><a href="vulnerabilities/xss_d/">XSS (DOM)</a></li> <li onclick="window.location='vulnerabilities/xss_r/'" class=""><a href="vulnerabilities/xss_r/">XSS (Reflected)</a></li> <li onclick="window.location='vulnerabilities/xss_s/'" class=""><a href="vulnerabilities/xss_s/">XSS (Stored)</a></li> </ul><ul class="menuBlocks"><li onclick="window.location='security.php'" class=""><a href="security.php">DVWA Security</a></li> <li onclick="window.location='phpinfo.php'" class=""><a href="phpinfo.php">PHP Info</a></li> <li onclick="window.location='about.php'" class=""><a href="about.php">About</a></li> </ul><ul class="menuBlocks"><li onclick="window.location='logout.php'" class=""><a href="logout.php">Logout</a></li> </ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Welcome to Damn Vulnerable Web Application!</h1> <p>Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.</p> <p>The aim of DVWA is to <em>practice some of the most common web vulnerability</em>, with <em>various difficultly levels</em>, with a simple straightforward interface.</p> <hr /> <br /> <h2>General Instructions</h2> <p>It is up to the user how they approach DVWA. Either by working through every module at a fixed level, or selecting any module and working up to reach the highest level they can before moving onto the next one. There is not a fixed object to complete a module; however users should feel that they have successfully exploited the system as best as they possible could by using that particular vulnerability.</p> <p>Please note, there are <em>both documented and undocumented vulnerability</em> with this software. This is intentional. You are encouraged to try and discover as many issues as possible.</p> <p>DVWA also includes a Web Application Firewall (WAF), PHPIDS, which can be enabled at any stage to further increase the difficulty. This will demonstrate how adding another layer of security may block certain malicious actions. Note, there are also various public methods at bypassing these protections (so this can be see an as extension for more advance users)!</p> <p>There is a help button at the bottom of each page, which allows you to view hints & tips for that vulnerability. There are also additional links for further background reading, which relates to that security issue.</p> <hr /> <br /> <h2>WARNING!</h2> <p>Damn Vulnerable Web Application is damn vulnerable! <em>Do not upload it to your hosting provider's public html folder or any Internet facing servers</em>, as they will be compromised. It is recommend using a virtual machine (such as <a href="https://www.virtualbox.org/" target="_blank">VirtualBox</a> or <a href="https://www.vmware.com/" target="_blank">VMware</a>), which is set to NAT networking mode. Inside a guest machine, you can downloading and install <a href="https://www.apachefriends.org/en/xampp.html" target="_blank">XAMPP</a> for the web server and database.</p> <br /> <h3>Disclaimer</h3> <p>We do not take responsibility for the way in which any one uses this application (DVWA). We have made the purposes of the application clear and it should not be used maliciously. We have given warnings and taken measures to prevent users from installing DVWA on to live web servers. If your web server is compromised via an installation of DVWA it is not our responsibility it is the responsibility of the person/s who uploaded and installed it.</p> <hr /> <br /> <h2>More Training Resources</h2> <p>DVWA aims to cover the most commonly seen vulnerabilities found in today's web applications. However there are plenty of other issues with web applications. Should you wish to explore any additional attack vectors, or want more difficult challenges, you may wish to look into the following other projects:</p> <ul> <li><a href="http://www.itsecgames.com/" target="_blank">bWAPP</a></li> <li><a href="http://sourceforge.net/projects/mutillidae/files/mutillidae-project/" target="_blank">NOWASP</a> (formerly known as <a href="http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10" target="_blank">Mutillidae</a>)</li> <li><a href="https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project" target="_blank">OWASP Broken Web Applications Project </a></li> </ul> <hr /> <br /> </div> <br /><br /> <div class="body_padded"><div class="message">You have logged in as 'admin'</div></div> </div> <div class="clear"> </div> <div id="system_info"> <div align="left"><em>Username:</em> admin<br /><em>Security Level:</em> low<br /><em>PHPIDS:</em> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.10 *Development*</p> </div> </div> </body> </html>

    Findings: 10 Autocomplete on password fields

    Risk Medium
    Severity Medium
    CVSS Score 4.3
    Occurrences 1
    Details Yaazhini detected an autocomplete vulnerability on password fields. By default, browsers remember information and store in local memory whatever user submits through input fields on websites. This mechanism enables the browser to offer autocompletion and autofill. The attacker can capture the stored information if the attacker gains access to the user's computer.
    Remediation Include the attribute autocomplete = 'off' in the username, password, and the form's sensitive input fields to avoid storing the browser's data.
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:11:10 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=duhpjesrk9drkdvvg02cnn5alv; path=/,PHPSESSID=duhpjesrk9drkdvvg02cnn5alv; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=100
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    Cache-Control: no-cache
    status code: 200

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Login :: Damn Vulnerable Web Application (DVWA) v1.10 *Development*</title> <link rel="stylesheet" type="text/css" href="dvwa/css/login.css"> </head> <body> <div id="wrapper"> <div id="header"> <br> <p><img src="dvwa/images/login_logo.png"></p> <br> </div> <div id="content"> <form action="login.php" method="post"> <fieldset> <label for="user">Username</label> <input type="text" class="loginInput" size="20" name="username"><br> <label for="pass">Password</label> <input type="password" class="loginInput" AUTOCOMPLETE="off" size="20" name="password"><br> <br> <p class="submit"><input type="submit" value="Login" name="Login"></p> </fieldset> <input type='hidden' name='user_token' value='6c36e666e030e90ef005255908b436a6'> </form> <br> <br> <br> <br> <br> <br> <br> <br> <br> </div> <div id="footer"> <p><a href="http://www.dvwa.co.uk/" target="_blank">Damn Vulnerable Web Application (DVWA)</a></p> </div> </div> </body> </html>

    Findings: 11 Autocomplete on sensitive fields

    Risk Medium
    Severity Medium
    CVSS Score 4.3
    Occurrences 1
    Details Yaazhini detected an autocomplete vulnerability on sensitive fields. By default, browsers remember information and store in local memory whatever user submits through input fields on websites. This mechanism enables the browser to offer autocompletion and autofill. The attacker can capture the stored information if the attacker gains access to the user's computer.
    Remediation Include the attribute autocomplete = 'off' in the username, password, and the form's sensitive input fields to avoid storing the browser's data.
    URL:http://192.168.56.1/dvwa/login.php
    Occurrences in this URL: 1
    Request Response
    Method: GET
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Connection: keep-alive
    Upgrade-Insecure-Requests: 1    		 date: Fri, 16 Jul 2021 11:11:10 GMT
    server: Apache/2.4.39 (Win64) OpenSSL/1.1.1b PHP/7.3.5
    x-powered-by: PHP/7.3.5
    set-cookie: PHPSESSID=duhpjesrk9drkdvvg02cnn5alv; path=/,PHPSESSID=duhpjesrk9drkdvvg02cnn5alv; path=/,security=low
    expires: Tue, 23 Jun 2009 12:00:00 GMT
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    content-length: 1523
    keep-alive: timeout=5, max=100
    connection: Keep-Alive
    content-type: text/html;charset=utf-8
    Cache-Control: no-cache
    status code: 200

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Login :: Damn Vulnerable Web Application (DVWA) v1.10 *Development*</title> <link rel="stylesheet" type="text/css" href="dvwa/css/login.css"> </head> <body> <div id="wrapper"> <div id="header"> <br> <p><img src="dvwa/images/login_logo.png"></p> <br> </div> <div id="content"> <form action="login.php" method="post"> <fieldset> <label for="user">Username</label> <input type="text" class="loginInput" size="20" name="username"><br> <label for="pass">Password</label> <input type="password" class="loginInput" AUTOCOMPLETE="off" size="20" name="password"><br> <br> <p class="submit"><input type="submit" value="Login" name="Login"></p> </fieldset> <input type='hidden' name='user_token' value='6c36e666e030e90ef005255908b436a6'> </form> <br> <br> <br> <br> <br> <br> <br> <br> <br> </div> <div id="footer"> <p><a href="http://www.dvwa.co.uk/" target="_blank">Damn Vulnerable Web Application (DVWA)</a></p> </div> </div> </body> </html>