Developer

Report
Acunetix Security Audit

06 April 2020

Generated by Acunetix

1
Target - http://10.80.67.59/
Scan details
Scan information
Start url http://10.80.67.59/ECM7/
Host http://10.80.67.59/

Threat level

Acunetix Threat Level 3

One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these
vulnerabilities and compromise the backend database and/or deface your website.

Alerts distribution

Total alerts found 1

High 1
Medium 0
Low 0
Informational 0

2
Alerts summary

Blind SQL Injection

Classification
Base Score: 6.8
Access Vector: Network_accessible
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
Base Score: 10.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3 User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None
CWE CWE-89
Affected items Variation
/ECM7/RMSDMSN/Common/Services/HomeHandler.ashx 1

3
Alerts details

Blind SQL Injection

Severity High
Reported by module /Scripts/PerScheme/Blind_Sql_Injection.script

Description

SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a
web application's database server.

Impact

An attacker can use SQL injection it to bypass a web application's authentication and authorization mechanisms and
retrieve the contents of an entire database. SQLi can also be used to add, modify and delete records in a database,
affecting data integrity. Under the right circumstances, SQLi can also be used by an attacker to execute OS commands,
which may then be used to escalate an attack even further.

Recommendation

Use parameterized queries when dealing with SQL queries that contains user input. Parameterized queries allows the
database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.

References

SQL Injection (SQLi) - Acunetix (https://www.acunetix.com/websitesecurity/sql-injection/)

Types of SQL Injection (SQLi) - Acunetix (https://www.acunetix.com/websitesecurity/sql-injection2/)
Prevent SQL injection vulnerabilities in PHP applications and fix them - Acunetix
(https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/)
SQL Injection - OWASP (https://www.owasp.org/index.php/SQL_Injection)
Bobby Tables: A guide to preventing SQL injection (https://bobby-tables.com/)

Affected items

/ECM7/RMSDMSN/Common/Services/HomeHandler.ashx
Details
URL encoded POST input NOT_DEPARTMENT was set to 1AYg9J'''''''

Tests performed:

432' => ERROR

432'' => OK
Pa88jC''' => ERROR
7RMFZJ'''' => OK
QC4j4r''''' => ERROR
0CXgYk'''''' => OK
1AYg9J''''''' => ERROR

Original value: 10
Request headers

4
POST /ECM7/RMSDMSN/Common/Services/HomeHandler.ashx?
PreveVal=5982%7CdWWChBOMMALsk7NM/vM2NGHj37v8fFyG%20Ray%209kCK38=1&dm=1 HTTP/1.1

Content-Type: application/x-www-form-urlencoded

X-Requested-With: XMLHttpRequest

Referer: http://10.80.67.59/ECM7/

Cookie: ASP.NET_SessionId=0gyrwfdyzct32uvm0yzhdmfb;MachineName=MachineName not

Found;LoginFailed_U1=8r0fXyGRyXJ9SWQqD0mQpQ==;LOGINUSER=j/4ZQL/P9q0yCMWPI8FRvg==;OfficeCo
okieNICMOI=qmFtXQUrJ3jpvFtwEYdc2w==;Office_U1=qmFtXQUrJ3jpvFtwEYdc2w==

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate

Content-Length: 147

Host: 10.80.67.59

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)

Chrome/41.0.2228.0 Safari/537.21

Connection: Keep-alive

DocNo=1234&HTTPMETHOD=SaveNotification&L=1&NOT_DEPARTMENT=1AYg9J'''''''&SENDNOTIFICATION_
ALTMGR=0&SENDNOTIFICATION_DEPTSEC=0&SENDNOTIFICATION_MGR=0

5
Scanned items (coverage report)
http://10.80.67.59/ECM7/RMSDMSN/Common/Services/HomeHandler.ashx