Reflection Report

 Scan Name: webscantest
 Date: 10/24/2017 7:44:45 AM
 Authenticated User: admin
 Total Links / Attackable Links: 475 / 475
 Target URL: https://webscantest.com
http://webscantest.com
 Reports:

Reflections of Injected Content

URL: http://webscantest.com:80/infodb/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
fname POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/hrs/redir_nv.php?q=mightyseek

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
q GET Reflected in response No Inside response header, Inside double-quoted attribute < ' " 

URL: http://webscantest.com:80/myfiles/

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
Unnamed GET Reflected in response No Inside double-quoted attribute, Inside href attribute, Inside title body  

URL: http://webscantest.com:80/login.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
login_error GET Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/datastore/search_get_by_id.php?id=3

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id GET Reflected in response No Inside response header, Inside html page text  

URL: http://webscantest.com:80/datastore/search_double_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/hrs/redir.php?q=mightyseek

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
q GET Reflected in response No Inside response header, Inside double-quoted attribute < ' " 

URL: http://webscantest.com:80/datastore/search_single_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/shutterdb/search_by_id.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/shutterdb/filter_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
filter POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/soap/demo/api/

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
photo POST Reflected in response No Inside html page text  
price POST Reflected in response No Inside html page text  
description POST Reflected in response No Inside html page text  
name POST Reflected in response No Inside html page text  

URL: http://webscantest.com:80/shutterdb/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/payment_analysis/checkdata_get.php?anything=test&number=0&strlen1=test&strlen2=test&strlen3=test&str_only=string&letters_only=string&alpha_only=string

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
number GET Reflected in response No Inside html page text

URL: http://webscantest.com:80/payment_analysis/checkdata.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
number POST Reflected in response No Inside html page text

URL: http://webscantest.com:80/rest/demo/index.php/products/135

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
Directory[3] GET Reflected in response No Inside html page text  

URL: http://webscantest.com:80/rest/demo/index.php/products

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside html page text  
price POST Reflected in response No Inside html page text  
photo POST Reflected in response No Inside html page text  
description POST Reflected in response No Inside html page text  

URL: http://webscantest.com:80/datastore/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/crosstraining/checkitem_lookup.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
q POST Reflected in response No Inside double-quoted attribute < ' " 

URL: http://webscantest.com:80/crosstraining/blockedbyns.php?Comment=comment&submit=submit

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
Comment GET Reflected in response No Inside noscript body < ' " 

URL: http://webscantest.com:80/crosstraining/request.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
fname POST Reflected in response No Inside response header, Inside html page text < ' " 

URL: http://webscantest.com:80/crosstraining/linkout.php?name=Rake

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name GET Reflected in response No Inside double-quoted attribute, Inside href attribute < ' 

URL: http://webscantest.com:80/business/account.php?accountId=123456789-abcdef

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
accountId GET Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/bjax/servertime.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
msg POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/crosstraining/aboutyou2.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
returnto POST Reflected in response No Inside double-quoted attribute, Inside href attribute < ' " 
lname POST Reflected in response No Inside html page text  
nick POST Reflected in response No Inside html page text < ' " 
fname POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/crosstraining/aboutyou.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
lname POST Reflected in response No Inside html page text
fname POST Reflected in response No Inside html page text < ' " 
nick POST Reflected in response No Inside html page text  

URL: http://webscantest.com:80/csrf/session.php?jsession=123456789

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
jsession GET Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/csrf/redirect.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
property POST Reflected in response No Inside response header, Inside html page text

URL: http://webscantest.com:80/datastore/search_by_id.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/csrf/token.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
token POST Reflected in response No Inside html page text < ' " 
property POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/crosstraining/search.php?q=mightyseek

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
q POST Reflected in response No Inside double-quoted attribute ' " 

URL: http://webscantest.com:80/crosstraining/reservation_submit.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
fname POST Reflected in response No Inside html page text
arrive_date POST Reflected in response No Inside html page text < ' " 
departure_date POST Reflected in response No Inside html page text ' " 
email POST Reflected in response No Inside html page text ' " 

URL: http://webscantest.com:80/csrf/redirect.php?msg=test

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
msg GET Reflected in response No Inside html page text

URL: http://webscantest.com:80/csrf/csrfpost.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
property POST Reflected in response No Inside html page text < ' "