Remediation Report for Server Administrator

 Scan Name: webscantest
 Date: 10/24/2017 7:44:45 AM
 Authenticated User: admin
 Total Links / Attackable Links: 475 / 475
 Target URL: https://webscantest.com
http://webscantest.com
 Reports:

Summary


Vulnerability Type

Root Causes

Variances

Directory Indexing  3   3 
Information Disclosure  1   2 
Predictable Resource Location  22   22 
Server Type Disclosure  2   2 
Total:  28   29 

By Risk

Variances: 29

Details


Collapse Directory Indexing

Confidence
Severity
some text
  Collapse Site: http://webscantest.com:80
URL: http://webscantest.com/css/ Root Cause #180:  Validate Expand
URL: http://webscantest.com/images/ Root Cause #181:  Validate Expand
URL: http://webscantest.com/myfiles/ Root Cause #182:  Validate Expand

Description:  

A full list of a directory's content can be viewed. This reveals each file and subdirectory, regardless of whether or not it is related to the web application. A directory listing may also reveal backup files, include files, or configuration files that are not normally viewable by users. When these types of files can be found, they often disclose sensitive information about the application.


Recommendations:  

Refer to your web server's documentation for instructions on prohibiting directory listings.


Collapse Information Disclosure

Confidence
Severity
some text
  Collapse Site: http://webscantest.com:80
URL: http://webscantest.com/crosstraining/sitereviews.php Root Cause #198: (2 Attack Variances)  Expand

Description:  

A path was found in the error information returned by the server. This can give an attacker clues as to the directory topology and setup of your web application.


Recommendations:  

Remove all references to local path from the web application.


Collapse Predictable Resource Location

Confidence
Severity
some text
  Collapse Site: http://webscantest.com:80
URL: http://webscantest.com/rfplaces/conn.inc Root Cause #212:  Validate Expand
URL: http://webscantest.com/rfplaces/consts.inc Root Cause #213:  Validate Expand
URL: http://webscantest.com/rfplaces/database.inc Root Cause #214:  Validate Expand
URL: http://webscantest.com/rfplaces/debug.inc Root Cause #215:  Validate Expand
URL: http://webscantest.com/rfplaces/functions.inc Root Cause #216:  Validate Expand
URL: http://webscantest.com/rfplaces/global.inc Root Cause #217:  Validate Expand
URL: http://webscantest.com/rfplaces/global.js Root Cause #218:  Validate Expand
URL: http://webscantest.com/rfplaces/globals.inc Root Cause #219:  Validate Expand
URL: http://webscantest.com/rfplaces/globals.jsa Root Cause #220:  Validate Expand
URL: http://webscantest.com/rfplaces/include/ Root Cause #221:  Validate Expand
URL: http://webscantest.com/rfplaces/include/consts.inc Root Cause #222:  Validate Expand
URL: http://webscantest.com/rfplaces/include/database.inc Root Cause #223:  Validate Expand
URL: http://webscantest.com/rfplaces/include/debug.inc Root Cause #224:  Validate Expand
URL: http://webscantest.com/rfplaces/include/functions.inc Root Cause #225:  Validate Expand
URL: http://webscantest.com/rfplaces/include/global.inc Root Cause #226:  Validate Expand
URL: http://webscantest.com/rfplaces/include/vars.inc Root Cause #227:  Validate Expand
URL: http://webscantest.com/rfplaces/local.js Root Cause #228:  Validate Expand
URL: http://webscantest.com/rfplaces/somedir2.tar.gz Root Cause #229:  Validate Expand
URL: http://webscantest.com/rfplaces/somedir2.zip Root Cause #230:  Validate Expand
URL: http://webscantest.com/rfplaces/vars.inc Root Cause #231:  Validate Expand
URL: http://webscantest.com/robots.txt Root Cause #232:  Validate Expand
some text
  Collapse Site: http://www.webscantest.com:80
URL: http://www.webscantest.com/robots.txt Root Cause #233:  Validate Expand

Description:  

An "include" file was found within the web document root and its content could be read. Application include files are used to centralize common functions or code that is to be shared among several scripts. They often contain sensitive information such as database connection credentials, database query constructions, and other application logic.


Another significant problem with include files is that their file extension (commonly .inc) is parsed as plain-text by the server, which reveals raw source code. This is different from script files with extensions such as .asp, .cgi, or .php. The content of a script file is interpreted by the server, which sends the result of the script's source code to a user's web browser. If the server does not recognize the file's extension as special, then the file's source code is not interpreted and the raw content is sent to the user's web browser.
Recommendations:  

  1. Make sure that all include files have a file extension that is known to and interpreted by the application engine. For example, all of the include files for an ASP application should have the .asp file extension, whereas include files for a PHP-based application should have a .php extension. The file's functionality will not be affected, but users will be unable to view source code between the application script tags (such as <% or <?).
  2. Amend your deployment policy to include the addition of appropriate file extensions to all include files.


Description:  

An "include" directory was found within the web document root. These directories often contain files with common functions or code that is to be shared among several scripts. Files within these directories often contain sensitive information such as database connection credentials, database query constructions, and other application logic.

Another significant problem with include files is that their file extension (commonly .inc) is parsed as plain-text by the server, which reveals raw source code. This is different from script files with extensions such as .asp, .cgi, or .php. The content of a script file is interpreted by the server, which sends the result of the script's source code to a user's web browser. If the server does not recognize the file's extension as special, then the file's source code is not interpreted and the raw content is sent to the user's web browser.


Recommendations:  

These types of application include files are intended to be loaded by other executable scripts within the application, such as ASP, JSP, or PHP files. Users are intended to access and browse the main application script files, but should never have to directly access one the application's include files.

  1. Move these files to a location outside of the web document root. Make sure that the web server still has read privileges to the directory so that its scripts can load and parse the include files.

Note: If the files in this directory contain HTML or generate HTML and are intended to be viewed within a web browser, then this finding can be ignored.


Description:  

A backup file was discovered. Binary archives or application files with an alternate file extension may expose source code and application logic to an attacker. If a script's file extension does not match an application extension (such as .asp, .jsp, or .php), then the server usually considers the file equivalent to plain text. When this happens, the server presents the user with the raw source code of the file instead of executing the script and providing interpreted output.
Depending on the content of the script file, the exposure of data varies between simple function calls to database connection credentials to administration passwords.


File archives such as .tgz, .tar.gz, or .zip files should never be stored within the web application's document root. If these files contain an archive of the application's source code, then it will be trivial for an attacker to download and examine the code.
Recommendations:  

  • Remove all backup files, binary archives, alternate versions of files, and test files from the web document root of production servers.
  • Amend your deployment policy to include the removal of these file types by an administrator.


Description:  

A robots.txt file is present in the directory. The robots.txt file provides a list of directories that crawling engines are requested to ignore. There is no way to force the crawling engine to honor the robots.txt file. Depending on the content of the file, it may reveal administrator interfaces or alternate URLs that are supposed to be hidden from users.


Recommendations:  

  1. Ensure that the robots.txt file does not divulge directories that are intended to be hidden from users.
  2. The security of sensitive directories should not rely on hiding their presence. Restrict access to sensitive directories (e.g. admin) by password and IP address or network location.
  3. Amend your deployment policy to include the removal of sensitive directories from robots.txt files.


Collapse Server Type Disclosure

Confidence
Severity
some text
  Collapse Site: http://webscantest.com:80
URL: http://webscantest.com/ Root Cause #255:  Validate Expand
some text
  Collapse Site: http://www.webscantest.com:80
URL: http://www.webscantest.com/ Root Cause #256:  Validate Expand

Description:  

Default configurations of web servers often provide too much information about their platform and version in HTTP headers and on error pages. This data is not itself dangerous, but it can help an attacker focus on vulnerabilities associated with your specific web server platform/version.


Recommendations:  

Configure your web server to avoid having it announce its own details. For example in Apache you would want these two configuration directives in your config file:

  • ServerSignature Off
  • ServerTokens Prod