| Security Issues and Fixes: 192.168.0.60 |
| Type |
Port |
Issue and Fix |
| Vulnerability |
http (80/tcp) |
The following URLs seem to be vulnerable to various SQL injection
techniques :
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L='UNION'&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L='&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L='%22&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L=9%2c+9%2c+9&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L='bad_bad_value&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L=bad_bad_value'&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L='+OR+'&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L='WHERE&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L=%3B&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
/prodotti/elenco.asp?cm=1&ID3_=&ID1_=108&L='OR&ID0=3&ID2_=117&ID1=108&ID2=117&ID0_=&ID3=
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityreviews/5DP0N1P76E.html
Nessus ID : 11139 |
| Informational |
http (80/tcp) |
A web server is running on this port
Nessus ID : 10330 |
| Informational |
http (80/tcp) |
The following directories were discovered:
/include, /log, /Log, /foto, /images, /tools
While this is not, in and of itself, a bug, you should manually inspect
these directories to ensure that they are in compliance with company
security standards
Other references : OWASP:OWASP-CM-006
Nessus ID : 11032 |
| Informational |
http (80/tcp) |
The following CGI have been discovered :
Syntax : cginame (arguments [default value])
/profilo/mission/progettazione.asp (L [IT] )
/tools/documentazione.asp (L [IT] )
/tools/area/visual.asp (L [IT] )
/tools/parla.asp (L [IT] )
/tools/guida/ (L [IT] )
/tools/guida/norme.asp (L [IT] )
/tools/guida/pianiluce.asp (L [IT] )
/prodotti/scheda.asp (ID3_ [555] ID1_ [207] IDProdotto [508] L [IT] ID0 [2] ID2_ [381] ID1 [207] ID2 [381] ID0_ [2] ID3 [555] )
/luoghi/ (L [IT] )
/restauri/video.asp (L [IT] )
/default.asp (L [IT] )
/profilo/newsletter/default.asp (L [IT] )
/prodotti/elenco.asp (cm [1] ID3_ [] ID1_ [108] L [IT] ID0 [3] ID2_ [117] ID1 [108] ID2 [117] ID0_ [] ID3 [] )
/tools/default.asp (L [IT] )
/utenti/default.asp (L [IT] )
/profilo/produttive/ (L [IT] )
/tools/okparla.asp (L [IT] )
/designers/ (L [IT] )
/profilo/mission/impresa/impresa.asp (L [IT] )
/profilo/news/elenco_news.asp (L [IT] IDTipologiaNews [1] )
/linkfooter/sales/ (L [IT] )
/designers/biografie/pezzini.asp (L [IT] )
/prodotti/ (L [IT] )
/profilo/mission/qualita.asp (L [IT] )
/luoghi/result.asp (submit [Cerca] search [1] L [IT] IDFotoCat [1020] Descrizione [] )
/prodotti/result.asp (L [IT] imageField [] q [] IDq [] )
/restauri/case/venezia.asp (L [IT] )
/tools/qualita.asp (L [IT] )
/utenti/ (L [IT] )
/utenti/login.asp (NomeFile [DEMOLITEPLUS6.zip] Login [ParlaConNoi] L [IT] TipoDocumento [19] )
/linkfooter/jobdettaglio.asp (L [IT] IDJOBFIGURA [62] )
/profilo/mondo/calendario.asp (L [IT] )
Nessus ID : 10662 |
| Informational |
http (80/tcp) |
The remote web server type is :
Microsoft-IIS/6.0
Nessus ID : 10107 |
| Informational |
http (80/tcp) |
Synopsis :
The remote web server itself is prone to cross-site scripting attacks.
Description :
The remote host is running a web server that fails to adequately
sanitize request strings of Javascript. By exploiting this flaw, an
attacker may be able to cause arbitrary HTML and script code to be
executed in a user's browser within the security context of the affected
site.
Solution :
Contact the vendor for a patch or upgrade.
Risk factor :
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Plugin output :
The request string used to detect this flaw was\n /?<script>cross_site_scripting.nasl</script>'.\n
CVE : CVE-2002-1060, CVE-2005-2453
BID : 5305, 7344, 7353, 8037, 14473
Nessus ID : 10815 |
| Informational |
http (80/tcp) |
The remote IIS server *seems* to be Microsoft IIS 6.0 - w2k3 build 3790
Nessus ID : 11874 |
| Informational |
http (80/tcp) |
The remote host appears to be running a version of IIS which allows remote
users to determine which authentication schemes are required for confidential
webpages.
Specifically, the following methods are enabled on the remote webserver:
- IIS NTLM authentication is enabled
Solution : None at this time
Risk factor : Low
CVE : CVE-2002-0419
BID : 4235
Nessus ID : 11871 |
| Informational |
http (80/tcp) |
The remote web server leaks a private IP address through the WebDAV interface.
If this web server is behind a Network Address Translation (NAT) firewall or proxy
server, then the internal IP addressing scheme has been leaked.
That address is: 192.168.30.3
This is typical of IIS 5.0 installations that are not configured properly.
See also : http://www.nextgenss.com/papers/iisrconfig.pdf
Solution : http://support.microsoft.com/default.aspx?scid=KB%3BEN-US%3BQ218180&ID=KB%3BEN-US%3BQ218180
Risk factor : Low
CVE : CVE-2002-0422
Nessus ID : 12113 |
| Informational |
http (80/tcp) |
Synopsis :
The remote server is running with WebDAV enabled.
Description :
WebDAV is an industry standard extension to the HTTP specification.
It adds a capability for authorized users to remotely add and manage
the content of a web server.
If you do not use this extension, you should disable it.
Solution :
http://support.microsoft.com/default.aspx?kbid=241520
Risk factor :
None / CVSS Base Score : 0
(AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
Nessus ID : 11424 |
| Informational |
general/tcp |
Nessus was not able to reliably identify the remote operating system. It might be:
Microsoft Windows 2000 Server Service Pack 4
Nessus ID : 11936 |