Horde WebMail Version 3.3.11 HTTP Header Injection Report | CWE-113 24 May, 2011

XSS, Cross Site Scripting in Horde WebMail Version 3.3.11, CWE-79, CAPEC-86, DORK, GHDB Report

Generated by Acunetix WVS Reporter (v7.0 Build 20110518)

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

Screen Grab (below) documenting the CWE-113 Reporting using Acunetix 7 May 2011 Build, HTTP Header Injection, Horde WebMail Version 3.3.11

Scan of http://vulnerable.horde.webmail.version3.3.11.host/imp/login.php

Scan details

Scan information

Starttime

5/22/2011 10:13:04 AM

Finish time

5/22/2011 11:41:16 AM

Scan time

1 hours, 28 minutes

Profile

Default

Server information

Responsive

True

Server banner

Microsoft-IIS/7.5

Server OS

Windows

Server technologies

ASP.NET

Threat level

Acunetix Threat Level 3 One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these vulnerabilities and compromise the backend database and/or deface your website.

Alerts distribution

Total alerts found

136

High

30

Medium

0

Low

39

Informational

67

Knowledge base

List of open TCP ports

Open Port 25 / smtp Port Banner: P.home ESMTP MailEnable Service, Version: 5.10-- ready at 05/22/11 10:13:23 Open Port 21 / ftp No port banner available. Open Port 53 / domain No port banner available. Open Port 80 / http Port Banner: HTTP/1.1 200 OKType: text/htmlModified: Sat, 21 May 2011 16:23:04 GMTRanges: bytes: "e07c565cd317cc1:0": Microsoft-IIS/7.5Powered-By: ASP.NET: Sun, 22 May 2011 15:15:11 GMT: close ... Open Port 110 / pop3 Port Banner: +OK Welcome to MailEnable POP3 Server

Acunetix Website Audit

2

EHLO returns: 250-home [173.193.214.243], this server offers 4 extensions -AUTH LOGIN -SIZE 5120000 -HELP AUTH=LOGIN returns: 211 Help:->Supported Commands: HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP

List of file extensions

File extensions can provide information on what technologies are being used on this website. List of file extensions detected: php => 6 file(s) css => 4 file(s) ico => 1 file(s) png => 14 file(s) gif => 6 file(s) js => 4 file(s)

List of files with inputs

These files have at least one input (GET or POST). /imp/login.php - 2 inputs /imp/redirect.php - 2 inputs /imp/test.php - 1 inputs

List of email addresses

List of all email addresses found on this host. md@webbplatsen.se

Alerts summary

Blind SQL Injection - Unconfirmed

Affects

Variations

/imp/redirect.php

1

CRLF injection/HTTP response splitting

Affects

Variations

/imp/redirect.php

29

Possible sensitive directories

Affects

Variations

/imp/config

1

/imp/js/src

1

/imp/scripts

1

/imp/scripts/SQL

1

/imp/scripts/sql

1

/js/src

1

Possible sensitive files

Affects

Variations

/imp/test.php

1

Acunetix Website Audit

4

			User credentials are sent in clear text
Affects																		Variations
/imp																		1
/imp/index.php																		1
/imp/login.php																		1
/imp/login.php (0543eee9a9fc90cdbcebb4184dc0f436)																		1
/imp/login.php (158764c7d282ec5f81da00419114f313)																		1
/imp/login.php (1d46c5eb93aa7d11eef06bf0a0191c08)																		1
/imp/login.php (1d86503a775e69aaf8cfae2e3c4262b8)																		1
/imp/login.php (218aabb29b4f5701fbeef27d6e22e8ae)																		1
/imp/login.php (28fc832e122bfd3d7aa0d9fc9e93c214)																		1
/imp/login.php (2a85dcb007870d301225d725fb7aced5)																		1
/imp/login.php (36ce5744f27f6f06f85c2dac9f0ac09c)																		1
/imp/login.php (3a784d3148a695e5246e4f7712293772)																		1
/imp/login.php (4435f865242a495136a5f5376d63a435)																		1
/imp/login.php (4bff40967d6a993cb33f6ffe4f726c45)																		1
/imp/login.php (733b34e2771d847f3e677868a914fc27)																		1
/imp/login.php (7f2892c38a099a99d15882e6395df8ed)																		1
/imp/login.php (81366dbb3a1b19d17070dae7247058f6)																		1
/imp/login.php (8d2af24adeca98940d4ca72de057c259)																		1
/imp/login.php (92d3a0adc0d0c42811b54244a0913050)																		1
/imp/login.php (98144b1b8c67561c22adeba83a43a266)																		1
/imp/login.php (9b42f8057a8701d8c0448698f0d7a0ff)																		1
/imp/login.php (a12e6bd4443144c1b8c23ea00c2ffe38)																		1
/imp/login.php (a2ba6948a038d7a3a440afb1fc9eceed)																		1
/imp/login.php (b0db092b89360e30820e995c6abbbc83)																		1
/imp/login.php (b3cb8470038a18bddad7a22934963f28)																		1
/imp/login.php (b6658f01c57b6184aa9e241e81e8115a)																		1
/imp/login.php (b80345ac9e258e2e5fc0788690b47d67)																		1
/imp/login.php (eb39b850bb307c9b610a48be2af0d636)																		1
/imp/login.php (f9867d029cae700bee7e0e09c3c5e9bc)																		1
/imp/login.php (fa2cb8a65862e58974030595118192cb)																		1
/imp/redirect.php																		1
/imp/test.php																		1
			Broken links
Affects																		Variations
/imp/function.session-regenerate-id																		1
			Email address found
Affects																		Variations
/imp/themes/wps_sober/screen.css																		1
/themes/wps_sober/screen.css																		1
Acunetix Website Audit																	5

			GHDB: Horde Mail
Affects																		Variations
/imp																		1
/imp/index.php																		1
/imp/login.php																		1
/imp/login.php (0543eee9a9fc90cdbcebb4184dc0f436)																		1
/imp/login.php (158764c7d282ec5f81da00419114f313)																		1
/imp/login.php (1d46c5eb93aa7d11eef06bf0a0191c08)																		1
/imp/login.php (1d86503a775e69aaf8cfae2e3c4262b8)																		1
/imp/login.php (218aabb29b4f5701fbeef27d6e22e8ae)																		1
/imp/login.php (28fc832e122bfd3d7aa0d9fc9e93c214)																		1
/imp/login.php (2a85dcb007870d301225d725fb7aced5)																		1
/imp/login.php (36ce5744f27f6f06f85c2dac9f0ac09c)																		1
/imp/login.php (3a784d3148a695e5246e4f7712293772)																		1
/imp/login.php (4435f865242a495136a5f5376d63a435)																		1
/imp/login.php (4bff40967d6a993cb33f6ffe4f726c45)																		1
/imp/login.php (733b34e2771d847f3e677868a914fc27)																		1
/imp/login.php (7f2892c38a099a99d15882e6395df8ed)																		1
/imp/login.php (81366dbb3a1b19d17070dae7247058f6)																		1
/imp/login.php (8d2af24adeca98940d4ca72de057c259)																		1
/imp/login.php (92d3a0adc0d0c42811b54244a0913050)																		1
/imp/login.php (98144b1b8c67561c22adeba83a43a266)																		1
/imp/login.php (9b42f8057a8701d8c0448698f0d7a0ff)																		1
/imp/login.php (a12e6bd4443144c1b8c23ea00c2ffe38)																		1
/imp/login.php (a2ba6948a038d7a3a440afb1fc9eceed)																		1
/imp/login.php (b0db092b89360e30820e995c6abbbc83)																		1
/imp/login.php (b3cb8470038a18bddad7a22934963f28)																		1
/imp/login.php (b6658f01c57b6184aa9e241e81e8115a)																		1
/imp/login.php (b80345ac9e258e2e5fc0788690b47d67)																		1
/imp/login.php (eb39b850bb307c9b610a48be2af0d636)																		1
/imp/login.php (f9867d029cae700bee7e0e09c3c5e9bc)																		1
/imp/login.php (fa2cb8a65862e58974030595118192cb)																		1
/imp/redirect.php																		1
Acunetix Website Audit																	6

			Password type input with autocomplete enabled
Affects																		Variations
/imp																		1
/imp/index.php																		1
/imp/login.php																		1
/imp/login.php (0543eee9a9fc90cdbcebb4184dc0f436)																		1
/imp/login.php (158764c7d282ec5f81da00419114f313)																		1
/imp/login.php (1d46c5eb93aa7d11eef06bf0a0191c08)																		1
/imp/login.php (1d86503a775e69aaf8cfae2e3c4262b8)																		1
/imp/login.php (218aabb29b4f5701fbeef27d6e22e8ae)																		1
/imp/login.php (28fc832e122bfd3d7aa0d9fc9e93c214)																		1
/imp/login.php (2a85dcb007870d301225d725fb7aced5)																		1
/imp/login.php (36ce5744f27f6f06f85c2dac9f0ac09c)																		1
/imp/login.php (3a784d3148a695e5246e4f7712293772)																		1
/imp/login.php (4435f865242a495136a5f5376d63a435)																		1
/imp/login.php (4bff40967d6a993cb33f6ffe4f726c45)																		1
/imp/login.php (733b34e2771d847f3e677868a914fc27)																		1
/imp/login.php (7f2892c38a099a99d15882e6395df8ed)																		1
/imp/login.php (81366dbb3a1b19d17070dae7247058f6)																		1
/imp/login.php (8d2af24adeca98940d4ca72de057c259)																		1
/imp/login.php (92d3a0adc0d0c42811b54244a0913050)																		1
/imp/login.php (98144b1b8c67561c22adeba83a43a266)																		1
/imp/login.php (9b42f8057a8701d8c0448698f0d7a0ff)																		1
/imp/login.php (a12e6bd4443144c1b8c23ea00c2ffe38)																		1
/imp/login.php (a2ba6948a038d7a3a440afb1fc9eceed)																		1
/imp/login.php (b0db092b89360e30820e995c6abbbc83)																		1
/imp/login.php (b3cb8470038a18bddad7a22934963f28)																		1
/imp/login.php (b6658f01c57b6184aa9e241e81e8115a)																		1
/imp/login.php (b80345ac9e258e2e5fc0788690b47d67)																		1
/imp/login.php (eb39b850bb307c9b610a48be2af0d636)																		1
/imp/login.php (f9867d029cae700bee7e0e09c3c5e9bc)																		1
/imp/login.php (fa2cb8a65862e58974030595118192cb)																		1
/imp/redirect.php																		1
/imp/test.php																		1
			Windows Terminal Services server running
Affects																		Variations
Server																		1
Acunetix Website Audit																	7

Alert details

Blind SQL Injection

Severity

High

Type

Validation

Reported by module

Scripting (Blind_Sql_Injection.script)

Description

This script is possibly vulnerable to SQL Injection attacks. SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

Impact

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.

Recommendation

Your script should filter metacharacters from user input. Check detailed information for more information about fixing this vulnerability.

Affected items

/imp/redirect.php

Details

URL encoded POST input loginButton was set to -1" or "3"="3

Request

POST /imp/redirect.php HTTP/1.1 Content-Length: 174 Content-Type: application/x-www-form-urlencoded Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* actionID=&anchor_string=&autologin=0&ie_version=&imapuser=edrriwil&load_frameset=1&loginButton=%24%7binjecthere%7d&new_lang=da_DK&pass=acUn3t1x&server=pop&server_key=pop&url=

Response

HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Type: text/html; charset=UTF-8 Content-Encoding: gzip Expires: Thu, 19 Nov 1981 08:52:00 GMT

Acunetix Website Audit

8

Location: http://vulnerable.horde.webmail.version3.3.11.host/imp/login.php?imapuser=edrriwil&server=pop&horde_logout_token=SX7NiW9kAj-kGWWo8hM1gbRVj5Y&app=imp&logout_reason=badlogin Vary: Accept-Encoding Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 16:03:39 GMT

CRLF injection/HTTP response splitting

Severity

High

Type

Validation

Reported by module

Scripting (CRLF_Injection.script)

Description

This script is possibly vulnerable to CRLF injection attacks. HTTP headers have the structure "Key: Value", where each line is separated by the CRLF combination. If the user input is injected into the value section without properly escaping/removing CRLF characters it is possible to alter the HTTP headers structure. HTTP Response Splitting is a new application attack technique which enables various new attacks such as web cache poisoning, cross user defacement, hijacking pages with sensitive user information and cross-site scripting (XSS). The attacker sends a single HTTP request that forces the web server to form an output stream, which is then interpreted by the target as two HTTP responses instead of one response.

Impact

Is it possible for a remote attacker to inject custom HTTP headers. For example, an attacker can inject session cookies or HTML code. This may conduct to vulnerabilities like XSS (cross-site scripting) or session fixation.

Recommendation

You need to restrict CR(0x13) and LF(0x10) from the user input or properly encode the output in order to prevent the injection of custom HTTP headers.

Affected items

/imp/redirect.php

Details

URL encoded POST input anchor_string was set to SomeCustomInjectedHeader:injected_by_wvs Injected header found: : injected_by_wvs

Request

POST /imp/redirect.php HTTP/1.1 Content-Length: 250 Content-Type: application/x-www-form-urlencoded Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* actionID=&anchor_string=%0d%0a%20SomeCustomInjectedHeader%3ainjected_by_wvs&autologin=0&Horde=cc98ab8bb445fe090d5f7b594f58e208&ie_version=&imapuser=pstxmuoi&load_frameset=1&loginButton=Login&new_lang=cs_CZ&pass=acUn3t1x&server=pop&server_key=pop&url=

Response

HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache

Acunetix Website Audit

9

Possible sensitive directories

Severity

Low

Type

Validation

Reported by module

Scripting (Possible_Sensitive_Directories.script)

Description

A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of these directories could help an attacker to learn more about his target.

Impact

This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks.

Recommendation

Restrict access to this directory or remove it from the website.

Affected items

/imp/config

Details

No details are available.

Request

GET /imp/config HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)

Response

HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: http://vulnerable.horde.webmail.version3.3.11.host/imp/config/ Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 15:31:22 GMT Content-Length: 169

/imp/js/src

Details

No details are available.

Request

GET /imp/js/src HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)

Response

HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: http://vulnerable.horde.webmail.version3.3.11.host/imp/js/src/ Server: Microsoft-IIS/7.5

Acunetix Website Audit

27

Response

HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: http://vulnerable.horde.webmail.version3.3.11.host/imp/scripts/sql/ Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 16:38:09 GMT Content-Length: 174

/js/src

Details

No details are available.

Request

GET /js/src HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)

Response

HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: http://vulnerable.horde.webmail.version3.3.11.host/js/src/ Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 15:36:31 GMT Content-Length: 165

Possible sensitive files

Severity

Low

Type

Validation

Reported by module

Scripting (Possible_Sensitive_Files.script)

Description

A possible sensitive file has been found. This file is not directly linked from the website. This check looks for common sensitive resources like password files, configuration files, log files, include files, statistics data, database dumps. Each one of these files could help an attacker to learn more about his target.

Impact

This file may expose sensitive information that could help a malicious user to prepare more advanced attacks.

Recommendation

Restrict access to this file or remove it from the website.

Affected items

/imp/test.php

Details

No details are available.

Request

GET /imp/test.php HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208

Acunetix Website Audit

29

Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive Accept-Encoding: gzip,deflate

Response

HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Vary: Accept-Language Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 15:30:26 GMT Content-Length: 4560

User credentials are sent in clear text

Severity

Low

Type

Informational

Reported by module

Crawler

Description

User credentials are not encrypted when they are transmitted.

Impact

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

Recommendation

Because user credentials usually are considered sensitive information, it is recommended to be sent to the server over an encrypted connection.

Affected items

/imp

Details

It seemes that user credentials are sent to /imp/redirect.php in clear text.

Request

GET /imp/ HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://vulnerable.horde.webmail.version3.3.11.host/imp/ Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */*

Response

HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Type: text/html; charset=ISO-8859-1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Vary: Accept-Language Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 15:13:11 GMT Content-Length: 10191

Acunetix Website Audit

30

HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Type: text/html; charset=ISO-8859-1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Vary: Accept-Language Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 15:13:03 GMT Content-Length: 10193

/imp/test.php

Details

It seemes that user credentials are sent to /imp/test.php in clear text.

Request

GET /imp/test.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://vulnerable.horde.webmail.version3.3.11.host/imp/ Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */*

Response

HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Vary: Accept-Language Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 16:36:45 GMT Content-Length: 4560

Broken links

Severity

Informational

Type

Informational

Reported by module

Crawler

Description

A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error. This page was linked from the website but it is inaccessible.

Impact

Problems navigating the site.

Recommendation

Remove the links to this file or make it accessible.

Affected items

/imp/function.session-regenerate-id

Details

No details are available.

Request

GET /imp/function.session-regenerate-id HTTP/1.1 Pragma: no-cache

Acunetix Website Audit

45

Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://vulnerable.horde.webmail.version3.3.11.host/imp/redirect.php Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)

Response

HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 15:13:08 GMT Content-Length: 1245

Email address found

Severity

Informational

Type

Informational

Reported by module

Scripting (Text_Search.script)

Description

One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any addresses found.

Impact

Email addresses posted on Web sites may attract spam.

Recommendation

Check references for details on how to solve this problem.

Affected items

/imp/themes/wps_sober/screen.css

Details

Pattern found: md@webbplatsen.se

Request

GET /imp/themes/wps_sober/screen.css HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://vulnerable.horde.webmail.version3.3.11.host/imp/login.php Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */*

Response

HTTP/1.1 200 OK

Acunetix Website Audit

46

Content-Type: text/css Last-Modified: Tue, 11 Apr 2006 16:27:08 GMT Accept-Ranges: bytes ETag: "0d6dbc6845dc61:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 15:13:05 GMT

/themes/wps_sober/screen.css

Details

Pattern found: md@webbplatsen.se

Request

GET /themes/wps_sober/screen.css HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Referer: http://vulnerable.horde.webmail.version3.3.11.host/imp/login.php Cookie: Horde=f30a71ffa3e600c47245ba4d25fa54bf; imp_key=cc98ab8bb445fe090d5f7b594f58e208; auth_key=cc98ab8bb445fe090d5f7b594f58e208 Host: vulnerable.horde.webmail.version3.3.11.host Connection: Keep-alive User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */*

Response

HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Tue, 21 Dec 2010 19:25:16 GMT Accept-Ranges: bytes ETag: "076d8cb44a1cb1:0" Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Sun, 22 May 2011 15:13:05 GMT Content-Length: 19078

GHDB: Horde Mail

Severity

Informational

Type

Informational

Reported by module

GHDB

Description

The description for this alert is contributed by the GHDB community, it may contain inappropriate language. Category : Advisories and Vulnerabilities Horde Mail is web based email software, great for checking messages on the road. Several vulnerabilities were reported to Security Focus. The Google Hacking Database (GHDB) appears courtesy of the Google Hacking community.

Impact

Not available. Check description.

Acunetix Website Audit

47