Reflection Report

 Scan Name: Webscantest
 Date: 9/12/2017 9:33:08 PM
 Authenticated User: testuser
 Total Links / Attackable Links: 409 / 409
 Target URL: http://webscantest.com/
https://webscantest.com/
 Reports:

Reflections of Injected Content

URL: http://webscantest.com:80/datastore/search_get_by_id.php?id=5

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
last_search GET Reflected in response No Inside double-quoted attribute, Inside href attribute

URL: http://webscantest.com:80/datastore/search_single_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/infodb/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
fname POST Reflected in response No Inside html page text " ' < 

URL: http://webscantest.com:80/datastore/search_get_by_id.php?id=3

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id GET Reflected in response No Inside response header, Inside html page text  

URL: http://webscantest.com:80/datastore/search_by_id.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/datastore/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/datastore/search_double_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/login.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
login_error GET Reflected in response No Inside html page text " < ' 

URL: http://webscantest.com:80/shutterdb/search_by_id.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/shutterdb/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/soap/demo/api/

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
photo POST Reflected in response No Inside html page text  
price POST Reflected in response No Inside html page text  
name POST Reflected in response No Inside html page text  
description POST Reflected in response No Inside html page text  

URL: http://webscantest.com:80/shutterdb/filter_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
filter POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/myfiles/

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
Unnamed GET Reflected in response No Inside double-quoted attribute, Inside href attribute, Inside title body  

URL: http://webscantest.com:80/payment_analysis/checkdata.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
number POST Reflected in response No Inside html page text

URL: http://webscantest.com:80/payment_analysis/checkdata_get.php?anything=test&number=3&strlen1=test&strlen2=test&strlen3=test&str_only=string&letters_only=string&alpha_only=string

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
number GET Reflected in response No Inside html page text

URL: http://webscantest.com:80/crosstraining/blockedbyns.php?Comment=comment&submit=submit

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
Comment GET Reflected in response No Inside noscript body < " ' 

URL: http://webscantest.com:80/crosstraining/checkitem_lookup.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
q POST Reflected in response No Inside double-quoted attribute < " ' 

URL: http://webscantest.com:80/crosstraining/linkout.php?name=Rake

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name GET Reflected in response No Inside double-quoted attribute, Inside href attribute < ' 

URL: http://webscantest.com:80/crosstraining/aboutyou2.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
returnto POST Reflected in response No Inside double-quoted attribute, Inside href attribute ' < " 
lname POST Reflected in response No Inside html page text  
fname POST Reflected in response No Inside html page text ' < " 
nick POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/bjax/servertime.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
msg POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/business/account.php?accountId=123456789-abcdef

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
accountId GET Reflected in response No Inside html page text ' < " 

URL: http://webscantest.com:80/crosstraining/aboutyou.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
lname POST Reflected in response No Inside html page text
nick POST Reflected in response No Inside html page text  
fname POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/crosstraining/request.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
fname POST Reflected in response No Inside response header, Inside html page text < ' " 

URL: http://webscantest.com:80/csrf/redirect.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
property POST Reflected in response No Inside response header, Inside html page text

URL: http://webscantest.com:80/csrf/session.php?jsession=123456789

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
jsession GET Reflected in response No Inside html page text " ' < 

URL: http://webscantest.com:80/csrf/token.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
token POST Reflected in response No Inside html page text < " ' 
property POST Reflected in response No Inside html page text < " ' 

URL: http://webscantest.com:80/csrf/redirect.php?msg=test

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
msg GET Reflected in response No Inside html page text

URL: http://webscantest.com:80/crosstraining/reservation_submit.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
departure_date POST Reflected in response No Inside html page text " ' 
email POST Reflected in response No Inside html page text " ' 
arrive_date POST Reflected in response No Inside html page text " ' < 
fname POST Reflected in response No Inside html page text

URL: http://webscantest.com:80/crosstraining/search.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
q POST Reflected in response No Inside double-quoted attribute " ' 

URL: http://webscantest.com:80/csrf/csrfpost.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
property POST Reflected in response No Inside html page text ' " <