渗透性扫描测试报告
《渗透性扫描测试报告》由会员分享,可在线阅读,更多相关《渗透性扫描测试报告(12页珍藏版)》请在装配图网上搜索。
1、渗透性扫描测试报告1. 测试目标利用现有的 webtool 对目标 WebGoat-5.1,insecure 进行善意渗透扫描测试,找出的操作 漏洞所在,并提交一份详细的测试报告2. 测试配置测试环境:CPU Pentium(R) 2.8GHz内存 1GB网卡 100Mbps操作系统 Windows XP Service Pack2测试版本:WebTooll.O测试对象:WebGoat-5.l: http:/localhost:8080/WebGoat-5.l/attack登陆前 insecure :http:/localhost:8080/insecure/public/index.jsp登
2、陆后 insecure: http:/localhost:8080/insecure/secure/index.jsp3. 测试 WebGoat测试步骤:3.l 安装 WebGoat:3.1.1 到 tomcat 的安装目录的 webapps 目录,将 WebGoat-5.1.war复制到 webapps 目录下3.1.2 重启 tomcat 后打开浏览器,输入 http:/localhost:8080/WebGoat-5.1/attack 出现 WebGoat的用户登录窗口3.1.3在登录窗口输入用户名guest密码guest点击“确定进入WebGoat开始页面3.1.4点击页面下部中央的“
3、Start WebGoat”进入WebGoat页面3.2打开WebTool系统,进入web tool工作界面 方式一:双击桌面 WebTool 图标 方式二:开始- 所有程序-WebTool-WebTool3.3在任务名称栏输入“WebGoatl”,在URL栏输入要扫描的站点http:/localhost:8080/WebGoat-5.1/attack3.4 点击主界面右下角“高级”按钮,输入扫描参数,其中 本地代理地址: localhost本地代理端口: 8080其他默认,点击确定应用此次配置进入主界面3.5 点击 “下一步”,进入下一步界面3.6点击中间“浏览器登录”按钮,打开WebToo
4、l Browser窗口,在弹出的登录窗口中 输入用户名密码“gues t”,点击登录,WebTool Browser窗口出现OWASP WebGoa t V5.1 的页面3.7 在 OWASP WebGoat V5.1 的页面下方中央点击 “St art WebGoa t” 进入 St art WebGoat 页面3.8 在 WebTool 界面点击“开始扫描”按钮,进入扫描页面并且在预扫描窗口的待扫描 站点显示要扫描的站点3.9 开始预扫描:选中预扫描窗口中的待扫描站点,然后点击右侧的“开始预扫描”按钮3.10 开始扫描:右侧显示“预扫描完成”“开始扫描”按钮显示可用,单击“开始扫 描”3.
5、11 查看结果:当扫描完成后,点击导航栏“任务管理”按钮,进入任务管理界面,点 击“查看结果文件”,就会打开结果文件 result 可以查看结果信息3.12 导出结果:选中刚才完成的扫描任务,点击“导出扫描结果”,弹出导出结果保 存窗口,选择保存结果文件的目地目录和文件名,点击“Save”保存结果文件。4.测试WebGoat结果分析存在漏洞页面类型描述规则http:/localhost:8080/WebGoat-5.1/attackSQL Injection test 20that the application is redirecting your request to another r
6、esource on the serverform1112_1616.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=50&m enu=50SQL Injection test 30that the application is redirecting your request to another resource on the serverform1112_162O.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=75 &m enu=10SQL Injection test 20that
7、 the application is redirecting your request to another resource on the serverform1_1616.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=2&m enu=50Cross site scripting 13The user could be able to execute any command on the hosting OSform1_13.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=2&m en
8、u=50SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_1648.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=2&m enu=50UncheckedLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/localhost:8080/WebGo
9、at-5.1/attack?Screen=2&m enu=50HTTPSplitting 19that the application is redirecting your request toform1568.xanother resource on the servermlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=112&m enu=50SQL Injection test 28that the application is redirecting your request to another resource on the serv
10、erform1112_1624.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=105 &m enu=70SQL Injection test 28that the application is redirecting your request to another resource on the serverform1112_1624.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=105 &m enu=70Clues in theHTML 3Developers are notoriou
11、s for leaving statements like FIXMEs, Code Broken, Hack, etc. inside the source code. Review the source code for any comments denoting passwords, backdoors, or something doesnt work right.form1_3.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=6 8&m enu=80SQL Injection test 20that the application
12、is redirecting your request to another resource on the serverform1112_1616.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=6 8&m enu=80Exploit Thread Safety Problems18The user should be able to exploit the concurrency error in this web application and view login information for another user that i
13、s attempting the same function at the same time.form1_567.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=6 8&m enu=80Cross site scripting 8The user could be able to execute any command on the hosting OS.form1_8.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=49 &m enu=80SQL Injection test 24tha
14、t the application is redirecting your request to another resource on the serverform1112_1620.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=88 &m enu=110SQL Injection test 20that the application is redirecting your request to another resource on the serverform1112_1616.xmlhttp:/localhost:8080/Web
15、Goat-5.1/attack?Screen=7&m enu=110SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_1620.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=52&m enu=110SQL Injection test 20that the application is redirecting your request to another resour
16、ce on the serverform1112_1616.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=52&m enu=110Cross site scripting 12The user could be able to execute any command on the hosting OS.form1_12.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=52&m enu=110HTTPSplitting 19that the application is redirectin
17、g your request toform1568.xanother resource on the servermlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=17 &m enu=210SQL Injection test 30that the application is redirecting your request to another resource on the serverform1112_1626.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=17 &m enu=210C
18、ross site scripting 11The user could be able to execute any command on the hosting OS.form1_11.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=17 &m enu=210UncheckedLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=17
19、 &m enu=210HTTPSplitting 19that the application is redirecting your request to another resource on the serverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=27&m enu=210SQL Injection test 30that the application is redirecting your request to another resource on the serverform1112_1626.xm
20、lhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=63 &m enu=210&stage =2SQL Injection test 311that the application is redirecting your request to another resource on the serverform1112_1643.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=63 &m enu=210&stage =3SQL Injection test 28that the applicat
21、ion is redirecting your request to another resource on the serverform1_1624.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=63 &m enu=210&stage =4SQL Injection test 29that the application is redirecting your request to another resource on the serverform1112_1625.xmlhttp:/localhost:8080/WebGoat-5.
22、1/attack?Screen=2 8&m enu=210SQL Injection test 29that the application is redirecting your request to another resource on the serverform1112_1625.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=46&m enu=310SQL Injection test 31that the application is redirecting your request to another resource on
23、 the serverform1112_1627.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=93 &m enu=310SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_1620.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=95 &m enu=320SQL Injection test 24that the ap
24、plication is redirecting your request to another resource on the serverform1112_1620.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=97&m enu=320SQL Injection test 311that the application is redirecting your request to another resource on the serverform1112_1643.xmlhttp:/localhost:8080/WebGoat-5.1
25、/attack?Screen=21 &m enu=410Cross site scripting 13The user could be able to execute any command on the hosting OS.form1_13.xmlhttp:/localhost:8080/WebGoat-5.1/aSQLthat the application isform1ttack?Screen=21 &m enu=410Injectiontest 24redirecting your request to another resource on the server112_1648
26、.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=21 &m enu=410UncheckedLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=21 &m enu=410HTTPSplitting 19that the application is redirecting your request to another resourc
27、e on the serverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=57&m enu=410&stage =1SQL Injection test 31that the application is redirecting your request to another resource on the serverform1112_1627.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=57&m enu=410&stage =2SQL Injection
28、test 28that the application is redirecting your request to another resource on the serverform1112_1624.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=57&m enu=410&stage =3SQL Injection test 241that the application is redirecting your request to another resource on the serverform1112_1652.xmlhttp
29、:/localhost:8080/WebGoat-5.1/a ttack?Screen=57&m enu=410&stage =4SQL Injection test 241that the application is redirecting your request to another resource on the serverform1112_1636.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=57&m enu=410&stage =5SQL Injection test 20that the application is
30、redirecting your request to another resource on the serverform1_1616.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=57&m enu=410&stage =6SQL Injection test 291that the application is redirecting your request to another resource on the serverform1112_1641.xmlhttp:/localhost:8080/WebGoat-5.1/attac
31、k?Screen=86 &m enu=410SQL Injection test 20that the application is redirecting your request to another resource on the serverform1112_1616.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=85 &m enu=410SQL Injection test 24that the application is redirecting your request to another resource on the s
32、erverform1112_1620.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=12&m enu=410SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_1646.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=85 &m enu=410Cross site scripting 10The user could b
33、e able to execute any command on the hosting OS.form1_10.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=12&m enu=410Exploit Thread Safety Problems18The user should be able to exploit the concurrency error in this web application and view login information for another user that is attempting the s
34、ame function at the same time.form1_567.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=85 &m enu=410HTTPSplitting 19that the application is redirecting your request to another resource on the serverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=111 &m enu=410SQL Injection test 24that
35、 the application is redirecting your request to another resource on the serverform1112_162O.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=111 &m enu=410Cross site scripting 10The user could be able to execute any command on the hosting OS.form1_10.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Scree
36、n=111 &m enu=410UncheckedLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=111 &m enu=410HTTPSplitting 19that the application is redirecting your request to another resource on the serverform1_568.xmlhttp:/localhost:808
37、0/WebGoat-5.1/attack?Screen=10&m enu=510SQL Injection test 28that the application is redirecting your request to another resource on the serverform1112_1624.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=34&m enu=610SQL Injection test 29that the application is redirecting your request to another
38、resource on the serverform1112_1625.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=34&m enu=610Cross site scripting 10The user could be able to execute any command on the hosting OS.form1_10.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=44&m enu=610SQL Injection test 30that the application is
39、 redirecting your request to another resource on the serverform1112_1626.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=44&m enu=610Cross site scripting 14The user could be able to execute any command on the hosting OS.form1_14.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=44&m enu=610Uncheck
40、edLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=44&m enu=610HTTPSplitting 19that the application is redirecting your request to another resource on the serverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Scre
41、en=114&m enu=610SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_1620.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=114&m enu=610Cross site scripting 15The user could be able to execute any command on the hosting OS.form1_15.xmlhttp:
42、/localhost:8080/WebGoat-5.1/attack?Screen=114&m enu=610UncheckedLink Tag 36The user could be able to send and obnoxious email message.form11632.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=114&m enu=610HTTPSplitting 19that the application is redirecting your request to another resource on the s
43、erverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=5 &m enu=610SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_1646.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=91&m enu=610&stage =1SQL Injection test 201that the app
44、lication is redirecting your request to another resource on the serverform1112_1632.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=91&m enu=610&stage =2SQL Injection test 29that the application is redirecting your request to another resource on the serverform1112_1625.xmlhttp:/localhost:8080/Web
45、Goat-5.1/a ttack?Screen=91&m enu=610&stage =3SQL Injection test 28that the application is redirecting your request to another resource on the serverform1112_1624.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=91&m enu=610&stage =4SQL Injection test 311that the application is redirecting your req
46、uest to another resource on the serverform1112_1643.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=100&m enu=610SQL Injection test 241that the application is redirecting your request to another resource on the serverform1112_1636.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=100&m enu=610Cros
47、s site scripting 11The user could be able to execute any command on the hosting OS.form1_11.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=100&m enu=610UncheckedLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=42&m
48、enu=610SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_1620.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=42&m enu=610Cross site scripting 13The user could be able to execute any command on the hosting OS.form1_13.xmlhttp:/localhost
49、:8080/WebGoat-5.1/attack?Screen=42&m enu=610HTTPSplitting 19that the application is redirecting your request to another resource on the serverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=103 &m enu=710SQL Injection test 28that the application is redirecting your request to another res
50、ource on the serverform1_1624.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=38 &m enu=810SQL Injection test 20that the application is redirecting your request to another resource on the serverform1112_1616.xmlhttp:/localhost:8080/WebGoat-5.1/aCross siteThe user could be able toform1ttack?Screen=
51、38 &m enu=810scripting 15execute any command on the hosting OS._15.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=38 &m enu=810UncheckedLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=38 &m enu=810HTTPSplitting 19t
52、hat the application is redirecting your request to another resource on the serverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=41 &m enu=910SQL Injection test 29that the application is redirecting your request to another resource on the serverform1112_1625.xmlhttp:/localhost:8080/WebG
53、oat-5.1/a ttack?Screen=41 &m enu=910Cross site scripting 13The user could be able to execute any command on the hosting OS.form1_13.xmlhttp:/localhost:8080/WebGoat-5.1/a ttack?Screen=41 &m enu=910UncheckedLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/local
54、host:8080/WebGoat-5.1/a ttack?Screen=41 &m enu=910HTTPSplitting 19that the application is redirecting your request to another resource on the serverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=98 &m enu=1010SQL Injection test 31that the application is redirecting your request to anoth
55、er resource on the serverform1112_1627.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=5 4&m enu=1110SQL Injection test 20that the application is redirecting your request to another resource on the serverform1112_1616.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=64&m enu=1110SQL Injection tes
56、t 30that the application is redirecting your request to another resource on the serverform1112_1626.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=15 &m enu=1110SQL Injection test 241that the application is redirecting your request to another resource on the serverform1112_1652.xmlhttp:/localhost
57、:8080/WebGoat-5.1/attack?Screen=36&m enu=1110SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_1620.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=36&m enu=1110Cross site scripting 12The user could be able to execute any command on the
58、 hosting OS.form1_12.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=36&m enu=1110UncheckedLink Tag 36The user could be able to send and obnoxious email message.form1_1632.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=36&m enu=1110HTTPSplitting 19that the application is redirecting your reques
59、t to another resource on the serverform1_568.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=9&m enu=1150SQL Injection test 24that the application is redirecting your request to another resource on the serverform1112_162O.xmlhttp:/localhost:8080/WebGoat-5.1/attack?Screen=25 &m enu=1150SQL Injectio
60、n test 311that the application is redirecting your request to another resource on the serverform1112_1643.xmlhttp:/192.168.100.64:8080/WebGoat-5.1/attack?Screen=107 &m enu=1150SQL Injection test 31that the application is redirecting your request to another resource on the serverform1_1627.xml结果分析:类型个数SQL Injection50HTTP Splitting11Unchecked Link Tag9Cross site scripting13总数945. 测试登陆前的 insecure测试步骤:5.
- 温馨提示:
1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
2: 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
3.本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 装配图网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。