1.1. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmSite.aspx [STTTState cookie]
2.4. http://vulnerable.smarterstats.6.0.host:9999/Default.aspx [ctl00%24PageTitle parameter]
2.5. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [ASP.NET_SessionId cookie]
2.6. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [ASP.NET_SessionId cookie]
2.7. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [ASP.NET_SessionId cookie]
2.8. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [Referer HTTP header]
2.9. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [STHashCookie cookie]
2.10. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [STHashCookie cookie]
2.11. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [STHashCookie cookie]
2.12. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [STTTState cookie]
2.13. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [STTTState cookie]
2.14. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [SelectedLanguage cookie]
2.15. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [SelectedLanguage cookie]
2.16. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [User-Agent HTTP header]
2.17. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [loginsettings cookie]
2.18. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [op parameter]
2.19. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [op parameter]
2.20. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [op parameter]
2.21. http://vulnerable.smarterstats.6.0.host:9999/login.aspx [Referer HTTP header]
2.22. http://vulnerable.smarterstats.6.0.host:9999/login.aspx [STHashCookie cookie]
2.23. http://vulnerable.smarterstats.6.0.host:9999/Client/frmViewReports.aspx [ReportType parameter]
3.10. http://vulnerable.smarterstats.6.0.host:9999/Client/frmViewReports.aspx [STHashCookie cookie]
3.11. http://vulnerable.smarterstats.6.0.host:9999/Client/frmViewReports.aspx [STTTState cookie]
3.13. http://vulnerable.smarterstats.6.0.host:9999/Client/frmViewReports.aspx [loginsettings cookie]
3.16. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [STHashCookie cookie]
3.17. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [STTTState cookie]
3.18. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [loginsettings cookie]
3.19. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [op parameter]
3.20. http://vulnerable.smarterstats.6.0.host:9999/Services/SiteAdmin.asmx [SelectedLanguage cookie]
4. Cleartext submission of password
4.1. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmEmailReportSettings.aspx
4.2. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmGeneralSettings.aspx
4.3. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmSite.aspx
4.4. http://vulnerable.smarterstats.6.0.host:9999/Client/frmUser.aspx
4.5. http://vulnerable.smarterstats.6.0.host:9999/Login.aspx
5. Cross-domain Referer leakage
5.1. http://vulnerable.smarterstats.6.0.host:9999/Client/frmViewReports.aspx
5.2. http://vulnerable.smarterstats.6.0.host:9999/Login.aspx
5.3. http://vulnerable.smarterstats.6.0.host:9999/UserControls/Popups/frmHelp.aspx
5.4. http://vulnerable.smarterstats.6.0.host:9999/UserControls/Popups/frmHelp.aspx
5.5. http://vulnerable.smarterstats.6.0.host:9999/UserControls/Popups/frmHelp.aspx
5.6. http://vulnerable.smarterstats.6.0.host:9999/UserControls/Popups/frmHelp.aspx
6. Cookie without HttpOnly flag set
7. Password field with autocomplete enabled
7.1. http://vulnerable.smarterstats.6.0.host:9999/Login.aspx
7.2. http://vulnerable.smarterstats.6.0.host:9999/login.aspx
8.1. http://vulnerable.smarterstats.6.0.host:9999/Admin/
8.2. http://vulnerable.smarterstats.6.0.host:9999/Admin/Defaults/
8.3. http://vulnerable.smarterstats.6.0.host:9999/Admin/GettingStarted/
8.4. http://vulnerable.smarterstats.6.0.host:9999/Admin/Popups/
8.5. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/
8.6. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/
8.7. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/
8.8. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/BrowserOverrides/
8.9. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Error/
8.10. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/FileDownload/
8.11. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/GettingStarted/
8.12. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Internal/
8.13. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Login/
8.14. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Mail/
8.15. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Main/
8.16. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Popup/
8.17. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Portal/
8.18. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Print/
8.19. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Reporting/
8.20. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Stats/
8.21. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Track/
8.22. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/CSS/Wizard/
8.23. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/
8.24. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Calendar/
8.25. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Calendar/Img/
8.26. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Combobox/
8.27. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Common/
8.28. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Editor/
8.29. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Editor/Img/
8.30. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Grid/
8.31. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Input/
8.32. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Spell/
8.33. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Spell/Img/
8.34. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/TabStrip/
8.35. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/TabStrip/Img/
8.36. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Toolbar/
8.37. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Toolbar/Img/
8.38. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Window/
8.39. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Window/CssImg/
8.40. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Controls/Window/Img/
8.41. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Flash/
8.42. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Images/16x16/
8.43. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Images/Pager/
8.44. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Javascript/
8.45. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Sounds/
8.46. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/
8.47. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/Customer/
8.48. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/Customer/Pager/
8.49. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/Invitations/
8.50. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/Invitations/Button/
8.51. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/Plupload/
8.52. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/icons/
8.53. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/icons/DragDrop/
8.54. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/icons/IconMenuInternal/
8.55. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/icons/IconMenuTrack/
8.56. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/icons/MessageView/
8.58. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/icons/iconmenu/
8.59. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/icons/iconmenustats/
8.60. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/misc/
8.61. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/misc/tree/
8.62. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/skin/
8.63. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/social_icons/
8.64. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/images/stats/
8.65. http://vulnerable.smarterstats.6.0.host:9999/Client/
8.66. http://vulnerable.smarterstats.6.0.host:9999/Client/Popups/
8.67. http://vulnerable.smarterstats.6.0.host:9999/Services/
8.68. http://vulnerable.smarterstats.6.0.host:9999/Temp/
8.69. http://vulnerable.smarterstats.6.0.host:9999/UserControls/
8.70. http://vulnerable.smarterstats.6.0.host:9999/UserControls/PanelBarTemplates/
8.71. http://vulnerable.smarterstats.6.0.host:9999/UserControls/Popups/
8.72. http://vulnerable.smarterstats.6.0.host:9999/aspnet_client/
8.73. http://vulnerable.smarterstats.6.0.host:9999/aspnet_client/system_web/
9.1. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmEmailReportSettings.aspx
9.2. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmGeneralSettings.aspx
10. Content type incorrectly stated
10.1. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmSite.aspx
10.2. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmSites.aspx
10.3. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmViewReports.aspx
10.4. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/AboutThisFolder.txt
10.5. http://vulnerable.smarterstats.6.0.host:9999/Client/frmViewReports.aspx
10.6. http://vulnerable.smarterstats.6.0.host:9999/Temp/0c2c2823b31f46149208732c08a4fee8.jpg
10.7. http://vulnerable.smarterstats.6.0.host:9999/Temp/1039b7037bea4372821b6b290d0745da.jpg
10.8. http://vulnerable.smarterstats.6.0.host:9999/Temp/1d4802d431604203a5254435a7181b01.jpg
10.9. http://vulnerable.smarterstats.6.0.host:9999/Temp/1f19d55ce9bf405b93deb28b84494a1f.jpg
10.10. http://vulnerable.smarterstats.6.0.host:9999/Temp/20226bc24c8e4c89926647164054826e.jpg
10.11. http://vulnerable.smarterstats.6.0.host:9999/Temp/26da1ed6256b4e7f89617f968309aea9.jpg
10.12. http://vulnerable.smarterstats.6.0.host:9999/Temp/272276131291426282a9ebb0efad2752.jpg
10.13. http://vulnerable.smarterstats.6.0.host:9999/Temp/29bf53d9459f4ad5897ed8fe1e6273c6.jpg
10.14. http://vulnerable.smarterstats.6.0.host:9999/Temp/3022c349e42e4a16915d331a96969eb5.jpg
10.15. http://vulnerable.smarterstats.6.0.host:9999/Temp/3568cde247644a1b9ec6e79fbea220fc.jpg
10.16. http://vulnerable.smarterstats.6.0.host:9999/Temp/356d07443f3445d88a06bf724a953c85.jpg
10.17. http://vulnerable.smarterstats.6.0.host:9999/Temp/3a06471f3515434aa5438ccdb1d520e8.jpg
10.18. http://vulnerable.smarterstats.6.0.host:9999/Temp/3a8d8b9425a049fd9040fcd161eeba53.jpg
10.19. http://vulnerable.smarterstats.6.0.host:9999/Temp/47b58eea1f494809bf127e28495c2dd7.jpg
10.20. http://vulnerable.smarterstats.6.0.host:9999/Temp/48e37748c1fa4d0ca56699e5b80f0064.jpg
10.21. http://vulnerable.smarterstats.6.0.host:9999/Temp/53bea176ee1943dd981fd05e032eff33.jpg
10.22. http://vulnerable.smarterstats.6.0.host:9999/Temp/56dd80bb97d8414fbcfd594ed4282909.jpg
10.23. http://vulnerable.smarterstats.6.0.host:9999/Temp/590bf795fdaf4e02b7d0880f79b70e34.jpg
10.24. http://vulnerable.smarterstats.6.0.host:9999/Temp/5bf056fa42644067bd0099f9d59829e2.jpg
10.25. http://vulnerable.smarterstats.6.0.host:9999/Temp/60cde64eb7754b5d8ef26765f12a08ff.jpg
10.26. http://vulnerable.smarterstats.6.0.host:9999/Temp/610228c0ba7b4ab6803b2930991bc819.jpg
10.27. http://vulnerable.smarterstats.6.0.host:9999/Temp/67876ddccbec458db2d3c9fec41f1ab5.jpg
10.28. http://vulnerable.smarterstats.6.0.host:9999/Temp/788d1b2c29ad41fc956d04ff9b1e6a07.jpg
10.29. http://vulnerable.smarterstats.6.0.host:9999/Temp/78969dd70ff94762832f8dc8e7f76105.jpg
10.30. http://vulnerable.smarterstats.6.0.host:9999/Temp/7b3c6e936ca34e63ab51c459ff492d1e.jpg
10.31. http://vulnerable.smarterstats.6.0.host:9999/Temp/8494271a59234d898cdd787b473092ed.jpg
10.32. http://vulnerable.smarterstats.6.0.host:9999/Temp/869b700a3e8b4973a5fdd0981173fbce.jpg
10.33. http://vulnerable.smarterstats.6.0.host:9999/Temp/87c52fec79874f5a9f7278d96f4dc7f9.jpg
10.34. http://vulnerable.smarterstats.6.0.host:9999/Temp/91331a080c0148b0bddd5d75991acb5b.jpg
10.35. http://vulnerable.smarterstats.6.0.host:9999/Temp/9b829667b5214dbb92b4f41517bde32f.jpg
10.36. http://vulnerable.smarterstats.6.0.host:9999/Temp/9e3c5a71a82b4267ac3057765f388ecb.jpg
10.37. http://vulnerable.smarterstats.6.0.host:9999/Temp/AboutThisFolder.txt
10.38. http://vulnerable.smarterstats.6.0.host:9999/Temp/a1b92ef93b1b4be78245313c2d051569.jpg
10.39. http://vulnerable.smarterstats.6.0.host:9999/Temp/a61092b27bce47aa8accac88254b740c.jpg
10.40. http://vulnerable.smarterstats.6.0.host:9999/Temp/a796b3465add49de8e0c091a308040ff.jpg
10.41. http://vulnerable.smarterstats.6.0.host:9999/Temp/aa9f9504e4da409ebc871fa02f1cfc5d.jpg
10.42. http://vulnerable.smarterstats.6.0.host:9999/Temp/aae65ef47a3d4937bffc2e1dbe58c809.jpg
10.43. http://vulnerable.smarterstats.6.0.host:9999/Temp/ab51ac96f4bc4739bd3a746f1b589cd7.jpg
10.44. http://vulnerable.smarterstats.6.0.host:9999/Temp/afa9a3022c3e456690253161fd12125c.jpg
10.45. http://vulnerable.smarterstats.6.0.host:9999/Temp/b2972344c54b45e38070638051bc9478.jpg
10.46. http://vulnerable.smarterstats.6.0.host:9999/Temp/b7378ea2600d4d34ad1d031c4003a06c.jpg
10.47. http://vulnerable.smarterstats.6.0.host:9999/Temp/b970dd6404e94f54894db427147a64da.jpg
10.48. http://vulnerable.smarterstats.6.0.host:9999/Temp/b994a8c169af455497c7747bd9914800.jpg
10.49. http://vulnerable.smarterstats.6.0.host:9999/Temp/c77c8b574b60474b8ac78495f6f074dc.jpg
10.50. http://vulnerable.smarterstats.6.0.host:9999/Temp/cc02654a98df41d6bd5a3edd66c42234.jpg
10.51. http://vulnerable.smarterstats.6.0.host:9999/Temp/d31a05bc3d6e479fa7f64287243f64e6.jpg
10.52. http://vulnerable.smarterstats.6.0.host:9999/Temp/dd92df2132484a6aa26dbcaa91ff4156.jpg
10.53. http://vulnerable.smarterstats.6.0.host:9999/Temp/e13bc484ceca45bb97f15bfcc30a6c03.jpg
10.54. http://vulnerable.smarterstats.6.0.host:9999/Temp/e7d9eb9eadc04c58b59155ff298566e3.jpg
10.55. http://vulnerable.smarterstats.6.0.host:9999/Temp/e7ea3804b059410d9c7faf6f178d6ae9.jpg
10.56. http://vulnerable.smarterstats.6.0.host:9999/Temp/f0463b7c1a16472f90db2c0647d531bf.jpg
10.57. http://vulnerable.smarterstats.6.0.host:9999/Temp/f0b1d954de574491a98b97217656a58a.jpg
10.58. http://vulnerable.smarterstats.6.0.host:9999/Temp/f11eb6ccf75a496c84ce62908bd4560d.jpg
10.59. http://vulnerable.smarterstats.6.0.host:9999/Temp/f8ef6da096584c109a8620d83d0d2462.jpg
10.60. http://vulnerable.smarterstats.6.0.host:9999/default.aspx
10.61. http://vulnerable.smarterstats.6.0.host:9999/login.aspx
11. Content type is not specified
11.1. http://vulnerable.smarterstats.6.0.host:9999/Admin/Defaults/frmDefaultSiteSettings.aspx
11.2. http://vulnerable.smarterstats.6.0.host:9999/Admin/Defaults/frmServerDefaults.aspx
11.3. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmReportSettings.aspx
11.4. http://vulnerable.smarterstats.6.0.host:9999/Admin/frmSite.aspx
11.5. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/ButtonBarIcons.xml
11.6. http://vulnerable.smarterstats.6.0.host:9999/App_Themes/Default/Skin.xml
11.7. http://vulnerable.smarterstats.6.0.host:9999/Client/frmImportSettings.aspx
11.8. http://vulnerable.smarterstats.6.0.host:9999/Client/frmSeoSettings.aspx
11.9. http://vulnerable.smarterstats.6.0.host:9999/Services/Web.config
11.10. http://vulnerable.smarterstats.6.0.host:9999/aspnet_client/system_web/4_0_30319/
11.11. http://vulnerable.smarterstats.6.0.host:9999/clientaccesspolicy.xml
11.12. http://vulnerable.smarterstats.6.0.host:9999/cloudscan.exe
11.13. http://vulnerable.smarterstats.6.0.host:9999/crossdomain.xml
11.14. http://vulnerable.smarterstats.6.0.host:9999/sitemap.xml
| Severity: | High |
| Confidence: | Firm |
| Host: | http://vulnerable.smarterstats.6.0.host:9999 |
| Path: | /Admin/frmSite.aspx |
| POST /Admin/frmSite.aspx Host: vulnerable.smarterstats.6.0.host:9999 Proxy-Connection: keep-alive Referer: http://vulnerable.smarterstats.6.0.host:9999 Origin: http://vulnerable.smarterstats.6.0.host:9999 X-Requested-With: XMLHttpRequest X-MicrosoftAjax: Delta=true Content-Type: application/x-www-form Cache-Control: no-cache Accept: */* User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.63 Safari/534.3 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8 Accept-Charset: ISO-8859-1,utf-8;q=0.7,* Cookie: ASP.NET_SessionId Content-Length: 30100 ctl00%24ScriptManager1 |