Thursday, August 22, 2013

Scanned Vulnerabilities




Which Vulnerabilities does Web Vulnerability Scanner Check for?


Web Vulnerability Scanner automatically checks for the following vulnerabilities, among others:

Web Server Configuration Checks

  • Checks for Web Servers Problems – Determines if dangerous HTTP methods are enabled on the web server (e.g. PUT, TRACE, DELETE)
  • Verify Web Server Technologies
  • Vulnerable Web Servers
  • Vulnerable Web Server Technologies – such as “PHP 4.3.0 file disclosure and possible code execution.

Parameter Manipulation Checks

  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • SQL Injection
  • Code Execution
  • Directory Traversal
  • HTTP Parameter Pollution
  • File Inclusion
  • Script Source Code Disclosure
  • CRLF Injection
  • Cross Frame Scripting (XFS)
  • PHP Code Injection
  • XPath Injection
  • Path Disclosure
    (Unix and Windows)
  • LDAP Injection
  • Cookie Manipulation
  • Arbitrary File creation (AcuSensor Technology)
  • Arbitrary File deletion (AcuSensor Technology)
  • Email Injection (AcuSensor Technology)
  • File Tampering (AcuSensor Technology)
  • URL redirection
  • Remote XSL inclusion
  • DOM XSS
  • MultiRequest Parameter Manipulation
  • Blind SQL/XPath Injection
  • Input Validation
  • Buffer Overflows
  • Sub-Domain Scanning

File Checks

  • Checks for Backup Files or Directories - Looks for common files (such as logs, application traces, CVS web repositories)
  • Cross Site Scripting in URI
  • Checks for Script Errors

File Uploads

  • Unrestricted File uploads Checks

Directory Checks

  • Looks for Common Files (such as logs, traces, CVS)
  • Discover Sensitive Files/Directories
  • Discovers Directories with Weak Permissions
  • Cross Site Scripting in Path and PHPSESSID Session Fixation.
  • Web Applications
  • HTTP Verb Tampering

Text Search

  • Directory Listings
  • Source Code Disclosure
  • Check for Common Files
  • Check for Email Addresses
  • Microsoft Office Possible Sensitive Information
  • Local Path Disclosure
  • Error Messages
  • Trojan Shell Scripts (such as popular PHP shell scripts like r57shell, c99shell etc)

Weak Password Checks

  • Weak HTTP Passwords
  • Authentication attacks
  • Weak FTP passwords

Google Hacking Database (GHDB)

  • Over 1200 Google Hacking Database Search Entries

Port Scanner and Network Alerts

  • Finds All Open Ports on Servers
  • Displays Network Banner of Port
  • DNS Server Vulnerability: Open Zone Transfer
  • DNS Server Vulnerability: Open Recursion
  • DNS Server Vulnerability: Cache Poisoning
  • Finds List of Writable FTP Directories
  • FTP Anonymous Access Allowed
  • Checks for Badly Configured Proxy Servers
  • Checks for Weak SNMP Community Strings
  • Finds Weak SSL Cyphers
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Queries For Google Search

Code and Queries: admin account info" filetype:log !Host=*.* intext:enc_UserPassword=* ext:pcf "# -FrontPage-...