dradis-burp 3.12.0 → 3.13.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,229 @@
1
+ <html><head><title>Burp Scanner Report HTML</title>
2
+ <meta http-equiv="Content-Security-Policy" content="default-src 'none';img-src 'self' data:;style-src 'unsafe-inline'" />
3
+ <style type="text/css">
4
+ body { background: #dedede; font-family: 'Droid sans', Helvetica, Arial, sans-serif; color: #404042; -webkit-font-smoothing: antialiased; }
5
+ #container { width: 930px; padding: 0 15px; margin: 20px auto; background-color: #ffffff; }
6
+ table { font-family: Arial, sans-serif; }
7
+ a:link, a:visited { color: #ff6633; text-decoration: none; transform: 0.3s; }
8
+ a:hover, a:active { color: #e24920; text-decoration: underline; }
9
+ h1 { font-size: 1.6em; line-height: 1.4em; font-weight: normal; color: #404042; }
10
+ h2 { font-size: 1.3em; line-height: 1.2em; padding: 0; margin: 0.8em 0 0.3em 0; font-weight: normal; color: #404042;}
11
+ h4 { font-size: 1.0em; line-height: 1.2em; padding: 0; margin: 0.8em 0 0.3em 0; font-weight: bold; color: #404042;}
12
+ .rule { height: 0px; border-top: 1px solid #404042; padding: 0; margin: 20px -15px 0 -15px; }
13
+ .title { color: #ffffff; background: #ff6633; margin: 0 -15px 10px -15px; overflow: hidden; }
14
+ .title h1 { color: #ffffff; padding: 10px 15px; margin: 0; font-size: 1.8em; }
15
+ .title img { float: right; display: inline; padding: 1px; }
16
+ .heading { background: #404042; margin: 0 -15px 10px -15px; padding: 0; display: inline-block; overflow: hidden; }
17
+ .heading img { float: right; display: inline; margin: 8px 10px 0 10px; padding: 0; }
18
+ .code { font-family: 'Courier New', Courier, monospace; }
19
+ table.overview_table { border: 2px solid #e6e6e6; margin: 0; padding: 5px;}
20
+ table.overview_table td.info { padding: 5px; background: #dedede; text-align: right; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
21
+ table.overview_table td.info_end { padding: 5px; background: #dedede; text-align: right; border-top: 2px solid #ffffff; }
22
+ table.overview_table td.colour_holder { padding: 0px; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
23
+ table.overview_table td.colour_holder_end { padding: 0px; border-top: 2px solid #ffffff; }
24
+ table.overview_table td.label { padding: 5px; font-weight: bold; }
25
+ table.summary_table td { padding: 5px; background: #dedede; text-align: left; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
26
+ table.summary_table td.icon { background: #404042; }
27
+ .colour_block { padding: 5px; text-align: right; display: block; font-weight: bold; }
28
+ .high_certain { border: 2px solid #f00; background: #f00; }
29
+ .high_firm { border: 2px solid #f66; background: #f66; }
30
+ .high_tentative { border: 2px solid #fcc; background: #fcc; }
31
+ .medium_certain { border: 2px solid #f90; background: #f90; }
32
+ .medium_firm { border: 2px solid #ffc266; background: #ffc266; }
33
+ .medium_tentative { border: 2px solid #ffebcc; background: #ffebcc; }
34
+ .low_certain { border: 2px solid #fe0; background: #fe0; }
35
+ .low_firm { border: 2px solid #fff566; background: #fff566; }
36
+ .low_tentative { border: 2px solid #fffccc; background: #fffccc; }
37
+ .info_certain { border: 2px solid #ababab; background: #ababab; }
38
+ .info_firm { border: 2px solid #cdcdcd; background: #cdcdcd; }
39
+ .info_tentative { border: 2px solid #eee; background: #eee; }
40
+ .row_total { border: 1px solid #dedede; background: #fff; }
41
+ .grad_mark { padding: 4px; border-left: 1px solid #404042; display: inline-block; }
42
+ .bar { margin-top: 3px; }
43
+ .TOCH0 { font-size: 1.0em; font-weight: bold; word-wrap: break-word; }
44
+ .TOCH1 { font-size: 0.8em; text-indent: -20px; padding-left: 50px; margin: 0; word-wrap: break-word; }
45
+ .TOCH2 { font-size: 0.8em; text-indent: -20px; padding-left: 70px; margin: 0; word-wrap: break-word; }
46
+ .BODH0 { font-size: 1.6em; line-height: 1.2em; font-weight: normal; padding: 10px 15px; margin: 0 -15px 10px -15px; display: inline-block; color: #ffffff; background-color: #ff6633; width: 100%; word-wrap: break-word; }
47
+ .BODH0 a:link, .BODH0 a:visited, .BODH0 a:hover, .BODH0 a:active { color: #ffffff; text-decoration: none; }
48
+ .BODH1 { font-size: 1.3em; line-height: 1.2em; font-weight: normal; padding: 13px 15px; margin: 0 -15px 0 -15px; display: inline-block; width: 100%; word-wrap: break-word; }
49
+ .BODH1 a:link, .BODH1 a:visited, .BODH1 a:hover, .BODH1 a:active { color: #404042; text-decoration: none; }
50
+ .BODH2 { font-size: 1.0em; font-weight: bold; line-height: 2.0em; width: 100%; word-wrap: break-word; }
51
+ .PREVNEXT { font-size: 0.7em; font-weight: bold; color: #ffffff; padding: 3px 10px; border-radius: 10px;}
52
+ .PREVNEXT:link, .PREVNEXT:visited { color: #ff6633 !important; background: #ffffff !important; border: 1px solid #ff6633 !important; text-decoration: none; }
53
+ .PREVNEXT:hover, .PREVNEXT:active { color: #fff !important; background: #e24920 !important; border: 1px solid #e24920 !important; text-decoration: none; }
54
+ .TEXT { font-size: 0.8em; padding: 0; margin: 0; word-wrap: break-word; }
55
+ TD { font-size: 0.8em; }
56
+ .HIGHLIGHT { background-color: #fcf446; }
57
+ .rr_div { border: 2px solid #ff6633; width: 916px; word-wrap: break-word; -ms-word-wrap: break-word; margin: 0.8em 0; padding: 5px; font-size: 0.8em; max-height: 300px; overflow-y: auto; }
58
+
59
+ div.scan_issue_false_positive_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAQaSURBVFhHxZdNbBNXEIDHa8d/guCUJDLCoEKiHkJVELQKRYpAQhyqCjiBOICExA24kAOIA4WcCiKppR4bbqWoDQeCkBCQVkFABOGnEIJDI2IEQQHZwbjYsfy33sfM88T2uv5Zi6R80Whn5u3MvJ19L34LRvH5fFZVVb8TQnRrmvYnyiuUGEoK5S36R1B+RdkdiUQaOezjSSQSrZj0Fy5iCJpUJpP5I5VKreU0tUNPjElOUDLOWzMYq+HlJxQHpzVGLBZbgrFDMsscgLl82MmVnL4y1DYMeMOxcwbmfIeXdi5TGrzh8/koXkCQ1hSX00PvHIvf5RvnE9otuTVh4iv4Y/6uBZYFP7BpCJfFBUktCXEtzp7SWE1WcJqdYFWs0sYHPWk2m4+SLidAbdn5z87xgfCAUi1ZIWfbzsKD6APwvvKypzI2xQYbFm2ArhVdmQ5XxyqTyTQuB3C7naHepLW0WDO8RsBfkJOR6Ih4MvNEytjMmBgIDYh9Y/vk2JXQFQoTM+qM2OPbo4s7PHFY3Pr3lhTvpFcsvrE4N+YcdIqLwYtnZHGMt2FLYjITsm1kmy5RKQbDg3KMJjVLz8seXRzdU8i10DXd+K7RXVTTpuDTf4+tcMrZIB67h7XyeGwe2NG8A+rN9ewBsCt21kqz5bMt0OJoYQvgReKFk2oruBg2s88wrY5W6PuyD5bZl7EHoMnaxFp5KG4WmjDVVrAN37LPEFPJKbgXucdWbUzEJ1gD2Niwkd7vWgXbn+9LCWibFdL7uhf2Pt3LlnGuhq6CP+6XeoOlAfYv3Q9Yu82Cdv5FIk11+lYee35M7mFCExqcD54HxaRIuxqPoo8gkArA0Psh6J7slj7Kf2n1JWi2NpNZXzUTBeOKhv7pfjgXOAfP4s94pDo9kz2w9fFWeXVb3XDQcxBG20ehvb7gJwHfQwIlx/Hnx3XbJZgM8kiWA+MHRNudNrby9AX6dHHF27AMCVqEYzwXQ6y0G/tVNQLWfkiL8Dbbhuhc3gm+dh9bHwfW/pvWwPWsmaV41c8z15VAIHAZlVzVSCbCWm1EVH1csV2CJNVW3G43nWx/ZydMp6ZZy5LQEqxVprhz1SZANam23IaKovyICyJDOv2nK2Q4MgyqUNkqz/3ofday0P+Acq+Tlj8e8U+TnjuQuG+6b6RFuiOUDrEnT52pDg4tPwSnWk6xJ88R/xHoneqFsBpmTx4T/m1v3A4XvrrAniz49F78HegkPTeBdYPrGvvX91/GU8s37NLhUByw0LKQrTxRNVrxRESnIVediy3JY5T1uAP+G4Sd+XSH0lnwWP71fEwCc75Lp9ObuExl8H7qxFx/mHzB6Y3xST/NCqF3hgn+/4/TYmY/zzHxz1iAPs+nqBAKPWUYL6M49hvqNXyeA3wAUPUS+7uslXoAAAAASUVORK5CYII=)}
60
+ div.scan_issue_high_certain_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAL3SURBVFhHvZfPaxNBFMdfN8ZQLTlEghEKFSNWExApFfEmeBL/gOKp9/4F8ebNW/8A7wW9F9RTe6iUerCkND21lzaiBi0YEUyjGb9v9226m7xNZrbiBx47MzvzvvPj7ezMBFnSIDo/S/QwAzNEd1CELBVgWVgbjj7iuQN7+4PoTZ7oK9Jn5xfRdQi+6MEhnmbIKhVjlpYCKxT8MtQ9+UP06oRoTty4wyOGk2fsbEg0kzFmYcGYtTUTo1qN1UPbHp7LsElxa8dPoito/C7qrG/T08YcHoriAPxOaQNfDczkNXE/Gp42NPikOfKNR5lELqe3gcHnMZ73REYHFa6OFGcrl0VtgFZLrx+3FseUyMXhNYf4e6VR3HiUGhwPWv1hq8P6MeHJk24S1fAp3ZVsMp0OUbMpmQgHB5IYy20M9Kmkgw7wtCBR80tsODqSRIQG5tASDLQWLoXfAewkLG7/qWijtZ8B7kBWNMnDeuRQ8MR/Y4s22v19SdjBmqztYbN5jMwFKbfjbDHgw5qs7fHeLmX2DIpxhzg4HWFtXoL7krdncAkcAjAKtOc8TEVZ8va02/Fl2NuThBvQrvBXgD9nCqKjTjkDIN/fiJz5BzPAcAfco4eJfnbaxmRHh4MwXffDGRiMBwegvc1BuCl5N8JP0XEDigLtD7wE60HWEZ72lRWixUUpSMX6xGeii5eJviGTC8r+G50vRJe8Ek5g+D2+lEI3JvH/KmMb4V+LI6zJ2n4GwTCLgt94ageIYSuVjFldNabbDQ4ju7vGzMzodRWDVg+fXtUXD8GP4blWWbWtrUA4Sr2u11UMWssiewr2MrsjGZ98k8jn9TZxix3JYuDF+EPpqA4Ui3qbU0s+lIbgWD4/thMplgA+j7tED0RmNGjAM6FfTNg4CDc2RBmMCUL44ovJDXFvB8dE4tUstKmp4J6Qzarv0Tbd1SwKrxkcJF9OFeNOo/NWl1Nsx3bwjPD1HA0e8UECRbdgRdg55L9DuAnbwd7+2v56TvQXGcdZcmkc3RsAAAAASUVORK5CYII=)}
61
+ div.scan_issue_high_firm_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAALmSURBVFhHpZdNaxNRFIYnCTGokI2WIqQgtrWQQhfFIpZCA67EX2Bx199QcOHCnRvpQrpyZRGh/gcX3UjBhSI2brooVKyJmEoDgUy+ru87c4ZMJjcz904eOM25X+e9n9N7HVOq1eqVXq/3SCn1ajAYfIT9hLVgHdhf5H+DvYM9bTabN6XZ9LTb7QUEfSMi4xwfK7W351uj4WWxU/1+/0On01mVMPZwxAjygsG8qGG6XaUODpSqVJRynKGxMyHQdoCfXdhVCWtGq9W6hbafvChRzs6UKpVGhQNjmQbEqmIm70j4eDhtaPBb2o7DUerEae22VBoHMS/wc19k9KDC7VhxcnKiF5+ZkQqx/OGeErlRuOYQ/ywVJ8NR6jqwuSkVEuFpGd8T3HB+uQG6PbC9LYXJQOulyDpZ/uG0ZDKZ516OCaWSOCHKZXGSgdYO+rFE3+tAPp9/hswcfSMWNMuoy5sAtbDcO/Sz6EkBGU+8ElN0o52fF8cMalI7i/V4jMQ1yTdjbk6cEBYzQKhJ7Wwul3soeeZER8t0oSAJc6jNJXggaXOWl8URomlDoL2axVTYLR4pFkdPguX6B0C7zFOAaCkIjzrlDICidwxTEZ4Bi29AFHbA9V1LwtOu+zCZ4XIT/pCEHcFR5H7QHUsDoP2Vm/BI0nYEM5ByAxJof+ESHPpJSxYXHWdry3H29yUjFYeZWq12fXZ2toGE/ZdkOtx6vX7D8/BJfIv1sKfZ9C8orisZ5lDTEydIL+G/U88vMuD8XKmNjeFdoFxW6vRUCpOB1sB13dGPBy8JUp7M2troZYS2siKFyUBrV2SHGF/JePONigd2eSmVYtFfyQgKki+lcR2o16XSRCZfSgNwLb+X2IkUS4CYF91utyIy8aA+Z0L/MCHchOvrQ/GETYhYfJjclfBmxD7NAhKOIdqme5qF4ZohwOTHqQZ2Gp2f7nEaJXieI/BrCPB5/otCMI7yH36+o+w9fIvnueP8BxSS9SUfeqeFAAAAAElFTkSuQmCC)}
62
+ div.scan_issue_high_tentative_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOISURBVFhHvZfPS1RRFMfv+KMxE1MMJHARTaXkLpDEhS5CsEUbQxFxE/0BEkgLEYo2maSL0I0EBhoULsKFIpLoJoUEJWICsUWQ0Uxm0jBjM+PMnL7n3TPOvN6bH2+EPnDm3Xd/nO+5d+69716VL16v91QsFrtJRE8TicRb2FdYCBaF/UT+B9g0rC8QCJyTZjlxyTMj4XD4ktvtvg/HnS6Xq0b9+aPU6qpSGxtKBYO6UkWFUlevKtXertTZswp1j2BvEPAjtPXqSg7hHsfj8YfcQzgjCgaJ7t0jqqoiUtCws/Jyov5+osNDowm3hY8nSJ4Wt/kRCoXOo/E7wwuzv090+bK9qJ21tBwHwcCXFyN5UdxnJxqNXkOD79JWMzdnL5TNeCTSgM9feFwXGXtQ4YJFnHnwIOW4tZVoeJhoZESLeDxm4aS53XrkzPzgOSVyZvg/h/h7qWjmxg3tdHJSMtI4wnzr6bEGwLa4KJVM8GqxzgmecLr8H8Jh3ZumJsmwYW/PPoBpXpVWoPVYZDU8LOh9TMrNrKxoZ1NTkpGBujprAGtrUmhGtOpF3uj9c11kw/Y20fi4XobZqKw0i1dXZ23DmoY40m5EFNLZBbKwYBZnGxiQQntE062wW3XqrALhXjY0mMV5zzg4kAqZYW3Upgn9WiC9vVbx3V0pzMmEwlBsyotzRkfN4s3NTsT5b1hHK/qtXx0yP09UXJwS7+rKPVGt/OYAnOPzpT5KLpfeGeNxKXRGYQHcvavFS0uJXr2SzMLgALDVOYQ/uxwA9/xkhIvw88nYEJxQUqKfd+7oZ4FAe6sIp5x1ec+ftjZJnAxobxbhifOVQ4aGlPJ4lNrdlYyCWXX5fL4ztbW1+3hx67z/RsTv99cYKXwYXhhT4j/CmoY4g/d6+UTmZmuLqKND7wO87c7OSkH+QCsRiUQaRV7DhwQpz4zfbz0V80a0vCwV8gNaYyKbIuuRLAmfC9LFk9bXJxXywnQk41Vg0NjYGMWy6EahT7KsZJr1gYAkcrKHob8NHdxuNMcBMCj4gm/0rYxB8M3HjpYWSWQGPg/gu7usrOyzZGUGlfl4nrqYpDM4qP/35PDzMT3tEmIHfPHF5Iq4zw/L1SydnR2imRmipaWsX0G05ZU1BnN2NUuHT8xwMAlnfAPOCw4awb+2LLWTkLyew/EzCPD1/BsLwRLQPMDjI8peIu3geq7UX+xyemrcb22vAAAAAElFTkSuQmCC)}
63
+ div.scan_issue_info_certain_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAMwSURBVFhHvZdPaBNBFMYna/7poRBrSoQeihFbkpsXT4VeRTwF2hw85Oyth4DgQU8tRisijQevYlDBk+hJaHOQQoWKkUhKpQiJaFFSCESbkGT83uS122ST7myq+cHLvn0z+763O7OTHaFLPp/3NhqNy1LKe61W6y2sCKvC6rBfiH+EPYFdq1QqZ/iy47O3t3ceSR+ziBZUVLPZfF6r1aKcxjl0x0hym5Jx3gMQl6lUSk5NTcnR0VE5Pz8vUSi3mnAhd+Ce5LR6VKvVs7j4XTuNlYWFBYluHZZMJrnVCnLlUeA59LOnXq9fxAXf+dqeBINBSwHj4+Pc2hvkLONwCX07MPioQIcJt9v92uVyhTikDcabvd4gZwCHVzSn2pE2BwXQmKOAFzriGHP2TBKJBHtHEvT5fC+hY50TNOHQoMX+JAyHwzIQCPSdhP3A9YssK1z0Q4/F6/UWcPcnVPQ/QzVAKwrbVEPg8XhuDEucIC1MyqTyUY0PVkbwlGodEtD8Dc3TBsbjynHEi8WiWFpaEnNzcxzRgzSVNipJ4/x6O9yfcrkscrmcKJVKSrRQKIj19XV1JLAOqLhDHgmMxQaKsCWdTlsWn8MWiUS4pz7QXjPwKMJIYMv09LRYXl4WeP0ExDhqMjY2xp4+0I7QZHBMJpOxPIGZmRludUbHUqwLlmv2TEZGRthzBhVw9CKuCZZY9hxRM/AUPvOJNoPebTfQ/kCTcI3Ptel1t4MUBe0NGoLV9unxGHAIVo2dnZ03cBzNgwHFuqmRthEKhejL9hkHtfgXc4A0SVu9hoZhLGJCNFWLBnZfP3bQ+49P/LvkqwIwGTYRUwEd8N3P3mBA6wGGMU/+wUKEP5VbaHjPp45xUFQOT/wm+2YB0Wi0jicxiyJ+cKgvvcQ0h+Un+sWg84fPzQIINHzF2Fy1K2J7e5s9k62tLfZ6g5y7yD3r9/u/cKg/6DyBWdqxMVlZWZHxeFzGYjGJt8DyZ0Q2OTkp8WEis9ksX9UGuWhjcgF99Onemtl9Dxw26svCDRzuw5xtzQ5DX8xIMPzNaTf723MkfggB2p5/IyFYC5q7OHxC21P4DrbnQvwF214N3RLEYxoAAAAASUVORK5CYII=)}
64
+ div.scan_issue_info_firm_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOPSURBVFhHxZdNaBNREMdfkiZp0lJoiBBLDwU9Jf1AK5WGHupRpAcRe7Kn3rz3IArtTUFLRdCDB/Ei+HkScxIqPQmGRFKaJmkQqVVSTJNSGtPEJvE/L9MN+dh0k7bxB4+dmd19Mztv9n0IraysrJj29/cvFwqFB/l8/iPaD7QUWhYtjubL5XLPcP/Gzs6OnV87Ont7e2fR6VNygqsmKCgE8yqTybi4G1V0fK2CvtjpdM6ivxmdTmdkswSdC6/XK8LhsEin08Llcgm32y30ej0/UQTv/kVbgH0OfaTZXEbNAFKp1GmLxfIWL7nZVMbS0pLw+/2sFRkZGRGjo6OslYMggtlsdqK9vf0bmxTKQwZ48Dyc+9ScE8gOSyWCwSBL1aAvp8lk8iKQi2xSKAsAD/S1tbV9wAsONmmGhqUe6LMbl/dUU0VLESUAGnME8FqLcxrzSgYGBliqyymz2fwOfiysl2oAXzCHYplltS4HRbi6ukp/iejv769ZhGrgL7lnMBhukSwDoLRgjEL4egPpJw0ykIMvF1pYhmw0Gu+0yjlBvpCFGSkjGhuuv9DMZGgV8PsHgdj0iOQ69KadY9oVPp9PeDwetmgDzq2opSuUgcfQbxbN6lCxxeNxsbu7K9vW1paIxWJie3tb3u/s7BTT09NSboAnOmSAJp1zbFAlEAiIxcVF1qqx2WxiamqKNW3g4z/r4fwM63Xp6ekR4+PjYmxsTHR305xSjtVqZUk78O2kv6CrqNbHbreLoaEhMTw8LAYHB9laAtM3Sw3RpW3mqKCjo4OlEphHWGoMCiBTFI8GZjaWGiKjRyGoL2MqNPu1lcC3n4rQx7pmmvzaKsg3TURfWP8ffMICpn8D4VjqoEEym5ubHhqCBLLwko0tg3w6HI6U/A2RhbsoiPpbmmMEvgrY4t8nWQaALIRhk4ZWAF8PsTOSG0tlIgqFQrQF11SQ2Liy1BQBZPw2y6UAsM/LIhOTCCLGJlVqbUAP25Qyv3FYuQY/yhlBCYDAje8Ym4nDgqDluJJkMslSbdBnEn1P4mwQZZOk5sEED/ehvUBAytlgY2NDLC8vU/WK9fX1msNAqyQtWrRY9fb2slX2RweTq3AeYZNCWQYOoExgx3sJ4jyanCMSiYSIRCIiGo2q1gBlYW1tTT5LwDGNywL6u1DLuSZO+nCqmYPjOTp+BAd0PP9JjtDy8JnE5SvuPYfcwPFciH+oJiV1ec52uwAAAABJRU5ErkJggg==)}
65
+ div.scan_issue_info_tentative_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAANQSURBVFhHxZfPaxNBFMcna5s0thRsYn6QS0GhkJwUQfDmUaQHEXvyL/DuSUEvUkRFEfTgQbwI/jyJnjx4FJQohqSpiBgkqWnS9GfMr6br982+7JLNbtxsa/zAsG/ebN578+btTEY4JZ1Oe7e3t0+pqnpzZ2fnLdpPtCpaE62Mlmy32w8xfn5jYyPIP9s99Xr9MIw+ICd4OoKCQjBPG41Ggs0MDs0Ytq6RMc2sAXTq0tKSurCwoKZSKbVQKEidGQ7kOkQ/m+3Bw88uqtVq1O/3v/B4PCdY1QUcilKpxD2NcDgsIpEI97pBAJlmszk7Njb2nVU6Cj918OJROE/aOSdWVlZYMqhUKiz1Altxr9f7EYEcZ5VOVwB4YXpkZOQ1fmA9lT7gtyxZA5sH8HhFNaVpNPQAeM2fOXEeCARYMrDSWXDQ5/O9hJ/emkCxXMWAIzpFmMlk+hahHfA1z261IqS0YI2ymP0+qf3HUAzwlUBblEswOjp6eVjOCfKFjF2UMqKZwrOA5iPFsIDf3whkSkEk59B37RyfrVheXha5XI41zoDz/aiF05SBe+hf0NT24BygWhGtVks6JblWqwlst3Icyyji8biUB+C+BxmgTecIK2wpl8sin89zrxfscmJmZoZ7zsDk3ytwfoj7fRkfHxexWExEo1GBb5m1BtjAWHIOfMfpK5jUuv3B9iyCwaAIhUKWm46bAMBkz1ngBFpvM4riypTcirUq2iUuA2goKIQMdxzjdrZm4PsTFWGS+47ZqwDIN21EH7j/P3iHySjPIexJHQxIo1gsvqElqCALT1g5NMgn/sJV5WIiC/MoiLYcGQLwpWJrv0GyDABZWIROKoYBfN3BbpomWS/nbDZ7BQOOChKnGEuu+IKMX2LZCCCRSDSRiTkE8YtVttDJaAZrylJfSjg9z8JPjftGAAQGfsD47N+CoCPZTOdYtgM2V2F7DqfmN1ZJLC8meHka7TEC0u8GW1tb8j4Avdjc3LScMZ2SdCzToTUxMcFaaY8uJmcw9pVVOl0Z6ECZwLXrJMRbaHJq9AdkbW1NrK+v26abskDj9C4Bx1Qst2HvmJVzR9A/Zhga/uXUTOd6DsN34YCu53lyhEYXglU8PmPsEeQBrudC/AFTuKzU4nNa5gAAAABJRU5ErkJggg==)}
66
+ div.scan_issue_low_certain_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAPTSURBVFhHvZfdaxRnFMafeSe7m0Sb2mzXGGqaFgOhadESqzWCoASxojFUIWAv0uv+ASklLW3oTS960dJ7bwTBBkVsiB9IQLzQi0bTBBqwTW1oDIr5otF87uxMn3f27O5sdnZ3JkJ/sDvnnJnd57xfZ97XQED6+xBta0W7odAOB+/DQDOvtbxGeF3kI9O0xxzg5vIibjR/gtn0L0tTNoGJq2iqUvicf3zaMBCXcJaKrS2IxQ+79sqTn2GvzzEfJGHjSgr4tvEUfndvFqFoAm6L96KXor18KCLhNIaJyu0nUd34GWKvH4XBbtE8u/MerOc5PZ2I4+AHrKCvoYvfPvgmMHkZ9RUxXOLNgxLKoip3InHwLsyqBonkeDrUAHv1sXh5jFtAR+NJPBI/Szp1D5MDaDWjeOAnrlGRV33FNfb6jFgFtJgOhqcG8aH4WfIS+PsK3jKBQWVgh4QKcFKrYuVjW5yH9pp4hXAoX1MOBvSckpBLNgE95pEK9JcS16T8uxippQmxSpKoVLg81Y8q8XMJyITbJ25x2Eq/JKzlv8QqDTV2qyp8LW46gSl2C8f8KzcSgNTKlFg5vLO/HFwdPdNXWUeIm4Ay8QUz4/AHw6+1ycURscrjapno0bb68xpiXKtn3TsB8WutFWwOZNGaWltVJnGCGVVLPBAvMwcyaE2trdj97RILzEYx1y+xBIuhtRW7ok38wGwcgjAT0Au1WxW7Ypf4gXFYdLzDELb7M1C7Ra+CmrQbDm+rN9sDpCZbiMJieXog+WJcrPCwPCP87CHe0utXmIKgtRW/N5V+Zg7ol1CRV3B5HIzoSXhP3FBkJl7Al5Av1H6gh+C2+KFILf2B5ekLWBj9VCLh0drG6Hlsiddiji+jmMT/F/T4z80jrvZ0Y4n+xXQ4HIa5FWY1y4iRv2UMyEWt7S5DI4XvWJW4iQ2GitYhvv8G6j96jrojE0gcGuE2rVHulodaTsrG99p2E3ijEw/ZJW4gCNv2nEMscUw8bplfeRe1H/wiXgAM/JjZrmcL0b37+IaZ/SpuUVQ0wS35CfFyRGp2p4ejDNQYc5bxpbi5BLr6sJ600GU7eCqh0Biq7DyeWbVxxntGyCvFb3+MScdGR6kk9NZ7bfaWeDmSi2OwSpRktnyB/9vV1Im8wpGXgObNTgxbFto4J+5KqICF37qZxJB4FOfLaH74lHi+jK8lcaCho7Dm+J6MNCWPZoJehipWx3fBP2xiUqI53JVl4Cc95qGOZl7KHU794LMvfzjdSOZ4TvO43kjw+g5/naBaBe1/+XlM4THGrgc/ngP/AaoMYrity1oNAAAAAElFTkSuQmCC)}
67
+ div.scan_issue_low_firm_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOzSURBVFhHrZfPaxNREMc3m82vGhPbUow/CoKlwVaLVIvWi2gPIlIQxNLe/Cd60aInD6KI4E08eBFUFAQVepDSgxTE2kohhZZS1KIGUtsmbZLuZpP1O5vpJmm22d3UDzx2Znb3zex7896+cQk2icVi3mg02qdpWp/L5TqJFoXchFsetBTkn7B9gzyWyWRGQ6HQMr23azY3N9vy+fwTVVWXcdW2N3ltRltffKw3VUnpNjyroL2UZbmTu3EOfTE6u0udlTvUHeQy2sbScy0xcV779V4wWi4br3wO7+ZyuXtLS0sB7rYK0ylIp9MHfD7fawzpOTYZqBuzwsrni0JBSbClxP5LGcEl+lgrUSgUZhFQv9/vX2STgchXA0VRuuF8ysw5oRVkU+cuKWTqnBBFsUOSpEn0fYZNBhUBZLPZI3j4A5xH2FQFOTJD9LawZA76bHS73e8op9ikYwRAc+7xeF7Vck64/YdZqsTdcJSlmrTAx5vynDACaG9vvwnnPazuCA2zaBLEToGZ0BWJRG6zXAyAhgXOR3SLDcycScEOlqyBr2H4jJKsB4AEGYHRTbIdzIbbvadiamtCvuBzmGQxmUw2wTCo37GJ2dc6GQFmCLunTwwGg9ehmK+fHXAHWlkqQitDspeEBvjoBizLKzQFXUWTfbZPgc0VUAWmoY8C6C2q9tk+3A5WQAWYgm4KwHH4Iu16ZRtSvSOAaeigAMy3NgvKnUp76/7phfRlWA/l01DHCjCgAOSi6IzyrK83B4BMAcwWZWdsbTyUC7tIwmkKYKqoOmMrB+pNQAJJOEUBfCmqzpAa2gT/wSEh3PWMLc7BCIy7aCvGbvgbuqPd8D8gJxKJZjEcDq8gkhdsdERBXRfU9AJOSQpb7EM+8VtO62dC+jViW4zRX0q/a0Fe/iOsTQ8KudVPuk7LsLFnFMl4SNetgHM6tJ7A0S+m7wM4LM7Bdl+/a4PVr1cN5wQdVJMzN1izBr4ekXOS9QCI+fn5O7hhmZDkTE1OslZC+TuGKUmxVpOZeDx+i+VSAJ2dnXSGH0AQcTY5BydmCxLwca21tTXLeikAIhAIfMcZvr9WEDTfUvg0ayW8zRdqnozR5yr6HsB0L7BJpyIAwuv1TiLKXrwwwaYqGk+9FTz7SmUDBRU+/pS1aqgwQZV0FificTZZw6XZA7RNKrPMWk5e0+TUHEq1rOl9OFXxMQ9rlWaWWBWnZo1qQjRbxanj8hziZTT6/x5Do0mXsH8kMcw/cKXy/KP98lwQ/gEfuhb/OCSbIgAAAABJRU5ErkJggg==)}
68
+ div.scan_issue_low_tentative_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAASISURBVFhHvZdNaB1VFMfPzPtMXj6aD0xbixabkthAxUJpmoVCg+AHdaG0unDjQhcuXIjR2laNushCaUFddVPBjyIV3BQtEkgWkmBbUmxJSI0Wpc0jL0lf0pe85M3kzRv/587JPOd9JPNepT+4zDln7tz/mZk7d84lv4yPj4ez2ewztm1/lsvlBtFuoaXRTLR5xH9H+xrtlVQq1SqXbYomx7JkMpn2SCTyDgZ+QdO0FttaJePOMK3dvUx2dln10YJ1FKzbQ5HWp0gPNRL6rqH9iIQ/xrXjqlMZyibAd9zZ2XkcotxCtpWm1I33aeXWWQgvSi8vWqCWah96jRo6BmDXrCdyWtf1foyxKt08lEwgnU5vq6mp+QEX9bCfM5M0P9JN2fSUOr8Z4aYeajkwqJJgkMSEaZqHo9HoTRX4D7ocXdBxH8TH1sUZc+FX3+KMuTCCp/WeeLhLTdsTDoevIJEDEnLxPAF02Ik2igu2Skix9Ec/LU19pOxw8xMUfeBZWDpZxjRlEhfIWvlLnfOgR2hrb5z0cLMEFHOGYfTgSfwpfh5+55jNl5BAEfOjvfb0BbLT/5yRSJ5cbs1Ojr2szhe2zOxF6eWBvxbn3QD3FciE2y+ui50zyMArCDXuVxOsEE0LUmPXF+J5scw5sTzsxY1+ILaTAH9qED+pIgWYC6OYhQbFHn5DIsXo4VbSozvEyxOs3SWWF2j14Sl0sK0SCIVCxxAMsF1IILodd/gl1Ww/IpHS2NmUWA5aqIlCDXvF88JaeAp9ykYmEbQkgrXqbBVk5n6m5CWemHnqHnmbGh79VLxioLkCzWbdsqzn7kVcLVATb4nnEIztprr2E+KVhjVZWw8EAr0Sq4rFa69TdnlSPEe8pXsIS/IWiZSHtXU8ioPiV8zyzVO0Gv9OPMylpm4lHog+KJGNgfY+ngN3YTc4If9kZn+i5JXn+R0oP7rtCDU9dhbLb0z5PklxArY4vrGMBM0Od8pPSaP6zgFMuj6816KVfVMqvwIs3TjhiGshanr8HNXvercqcYavMhzTP6vxc+pY3/EJ1oeXlF0lBk/CCXH8g+WXie14VR2rBdpXdXyPWGsrI9LypFj3BrTH+BUMO65/6tpPUgDrvJW5LZGqGdZmZmZibW1td+BEnNh9w0gkEi3KwpL4FX+O9xPWVOIM/A78nbLOqY0xF6/a8789bccvbrETQ7vtlfh5OeMfaOVQGXWxtluSIaMBVK/HxC1JzpylxFBHQVWsYfkdxMQ8JP7mQP80/gPqD+auHpOTkx8iucvilmQ1fr5ESW6rUr0CruFG3V+lm0BXV5eJz+IokpiRUBHlZn1hMbIBXJS+CB13j+BZP3Hib+xmDpdLgnc+peB9wGZgzAWMfbSwIvYkwHD9jkQO4oIRCblEWg9hDTgOK1/Nc5ke2/mmeKXBWLwx6Ubp53/N4TIdE7MfE8bEAB7Wlqfs9O1vUHb/ghltSbQY+bJOoblleMVwxYwBzmAw3gH7gpNG8t+vf2r/C+vbcwz8OQR4ez7NQmg5aC7gcB3nvoVdwfac6F9oIodwSlO0xgAAAABJRU5ErkJggg==)}
69
+ div.scan_issue_medium_certain_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOxSURBVFhHvZffaxxVFMe/92azm8aQaEOaFJW2WIkmEqQQNUJByJNIFNoaqD74UAoiCAq2hDStL/2RYsQ8+C9ExFalFVHfRFChLQlEEqK0ImkCsbHRJMT82N2M3zN7dnd2dzZ7JwE/kMw9Z3b3e+6Zc8/ca+DIxKuItz6O7iqLbs/gabpa4WE3r9X8W+IPzfI6DoPvlv/Ft/Uf4i/aFakYwFofDiZiOO0BR4xBo7rzNLUBB17IjH/5FFhdgOchyc9/md7E5fhFjGZuhlM2AJnxE63o5wf6KSyzzGOqgPZjQOebeXHh46eAexNqQAJhsjCMFZwxH2FV3QWEBrDSj727LK5S+Hl15al/BDj5E9DwqDoCDNG3NKNGHmZjciOJnppB/K6uHFavOTb6cYjio6HiQk1DuLiwMq+DQjjLtngMt7yzeFZdOQoC8PqwP2bxNcVb1FVKak0HRYh4el2NUvibDzEVX0lNqcsnF4A8c68an20pLiyWptgn8OzLYtDEgv7cexe71JMPQAuuU83yyCzDgli4o4MKGHRs1uKcWpkAJC0UH/A9Lizd1UEAlwwozPIpb4B9hPgBVMfQRyfXliNhs3XNABGtTeCUjK33NhKc/XH/jiths124rQM3RFO0bboBLzGiWvW7sZMaUERTtG2VQbf63CkWu097iyVYDtG2bJddarszX/QIim1HqH3IMhWPqe3O+lLhY4iY/izUbpNVUJ8xIxKcdYQlWER9rhFFJpiBe5M6iI5lf45ePUJw2YU1JheobeVVqWY0shlYYz2EvIJdoPaYFOHPakcjW3gRG1AQao9abOJ7taOx8Bt3gCPAF2+oYxtQ28y9hweaa3CfvTGh7v8HPv8/19BoW4awwhcDd5PbIF4H7GYbsYVbRhdEU7T9Zch/l9iV0v4dF+q4ZznxA1/gy8A7rIG3xoAH9+nNyshmNZXEBzL2AzDn8atnMg4nXr8G7DusBtnTDrx2XY3KsPqHE5fhd69cI5qawvu8cVPN8siu+OFn1AjQ0gEkHJqqh3HLbbpa+QDar2DDJNHL9MypKzqxCnXsYX49haPBM0IuAMEM4o+Uh54tg5CmM3tDjQBz42W35QJ/8+8U0MuzQUHjKAhAiF/ALZNCF7/A00cZRl4Bpn9Ug8jL6JOX1SjFP5ik8Vz1+dKew51ROFsezbLIMqxrBv6Z5rpKqjOPVDu/H/1oFqTi4TQECu/8cFpM9nhuLF6UjQRdTzK3TbzGaC9SdIai49bgG/fjOfAfeU8viaUaLdcAAAAASUVORK5CYII=)}
70
+ div.scan_issue_medium_firm_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAN0SURBVFhHpZfbaxNBFMYnmzQXCy1tTavUgqLS0qAPBdH6pPgkUhSFgkXoX1EQL9VXUUTEJ8GiiIWKCiK+iEIfRAWl4iWlohRRiklrKcRGs7mt39k92WyS2exu8oNh55zdne/sXM7OCLfE4/FgPp8/rGnalWKx+BzlJ0oaJYvyG/4PKHdRTqVSqY38WvNkMpkdaPQmi9SS/Kxpb24YRV3XXRRUoVCYUVU1xs14h74YjVykxvRWreQy+N5pTbt1QNPOi3JZX+YHDDiQS6hGuNkafHytIJ1Ob45EIg98Pt9+dpVZjgsxdVCIvyvssDCZESIQYqMMApjPZrMj4XB4kV0mCl9N8OAQxOek4kRelYuH2qTiBNoaDAaD7xDIXnaZVASAB7YGAoGneGETu2ohIRmtUa7IQZsduDyhOWV4DMwAaMwRwP264kR7H1eq6Kho145oKBR6aJ0TZgADAwNnIL6HTXuom9u2sGGhXeKTsxuTc5LrRgDULRA/p3vcIAuge5ArzkBrAr3QT3U9gJaWltNw+qnuik5Jd8t8NpAWemGC6goiCcFxUr/jFtnXdm7nijtIk7QVJIojMDaw3x2yieihBwjSJG3F7/cfYp97qr+WbJscUA/SpiEYZts90aoUX227BNpDCrrC2+ARYSQj60rwOP4loD1Iq8AmtTlg/eruhn96bWYi8ow18XjIAdVQAPi7NIC122WJyR0qTcJ5NrxRWor0c7L7PzgA7fc0CV+z7Y1SDzQ4AQloz9EQzBqmR7p24rcyJsTxO+xoiFlfIpFo7enpWYXhPZM0h5pMJrv0GlLibYyHdzIpTVv9qml5lR3uIU3S1veEsPtR4hgTd3/EP7+EmBkV4sdLw45iGY4/w2roNWwHKIBcLrcLm5O4ngcg/AW+y/pdN0wfLYsTK1hIj8bZcAZa10ic6mYiWlhYuIAbb9m0h3bFS5LHFl9gZ5Nioy4fFUU5y/VyALFYLIueGEUQCXZ5p4BteX1WcFg5AZ1/bJcDIHDjO45fI3WDoLzfK9k6bsNZobWbjVrQ5hraHsXZ4Bu7dCoCIGj/jkCG8cIrdtUy9liIPsuxgSbhsSk2akFbdDDZh62f+5xT92hWwmEZ4t08LldRbI9mjjgeTiVQ0Ai+ucNpNaXjORq+DgE6ni+REEoRmmu4fMK9e6h7OJ4L8R8qPqbiZvrQ7QAAAABJRU5ErkJggg==)}
71
+ div.scan_issue_medium_tentative_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAARXSURBVFhHvZdbbBRlFMf/M+3udsFUpJrKxSsQWjby0HhpFWkiICiBxBu+eONBHnyQxIgiXiAQA1ECij6YvkhEBILGRKMYU5UHgomaotQljSUEU9AWKMiGle6yu+P/zHc67G3Y2cXwS77Md87MfP8z893Oh6DE4/FwJpN5wHGcjblcrptlgCXJkmY5Rf9vLNtYnkgkEtfqaxWx9OrLyMjI1Egk8hIbftiyrCZcOA8c3Qsc/xlInTMPRa4CrpsBTJkHNFwNPnuB5XMGvJbvxs1D5fENQL64paVlFUWlhJBOAt+/DvR8yKj+0aeKCI0Bbn8WmLue9ehoIJtt217DNhh5KWUDSCaTE6LR6Kd86W7Xcf400NUODPe7ZkVu4GvPdLtBCAziUDqdXtTQ0HDEdeRh69WDD7ZRvMcTF/7cF1xcGNgPdL+iBr/SsmaEw+FfGMhd6vIoCIAP3FxfX/8VX7heXYa/e7RCbpoNzNsA3P8W0LEcGD9FbxTx0wfmzyls8xpevpQxZTwGrwukz1tbW/fxwTvUdZGtc4Ej3wGLu0wf55PLAJ89CfTuVEceT30DTJ2vhsdBlnbquGPC+wM64ErFMynTBZN4q1hcsOuBhe+pUUTypFYKmMlp+4bWTQDyWyj+muspZuBHIMsg7nxOHWUYw2nfOFmNPHy6h1or2N3Tpe4GEAqFVtJZJ/USGifyC98HYo+pw4dUQitKlF3ePFONQkSLf2GFW2ckEZbTdHIS10j/HmDbg2oo97wIzH9bjVKo+S81x9vZbHbhZYnLArXnBTWUpmlA56tqlEc0Rduuq6ubo77a+GIZcKpPDSLiS3/gkjxOHf6Its1f0aF29ezfxEn1iRpkMldLEW+cpI5LQ+02GQNnWW80rir442tg+2K2kjW2DNKHuE+Exxo7GAkJwFEjOOeGgC0tZlOyuJbJ5jOLg9oqWdkrUv0bQjcHmIjbIeDRHcC9L9ckLshbXGWqpJeiwpx1wG2Pm3ptpGQQHlIjOLL8Cm1LzbVGqH3A5nzkWlslt3Rq5fKgdo90AfOrKunktiHr/Nlj6qiZvdbg4ODY5ubmYRoR47tipIaGhprcGpfErTIdrySi6YoLtKdzd8qYWxX464DjfLTAcd4c5zjvTHOc33frjeBQK5dKpWKi7WVEjGg9s9eVapYneQJ4l9t4flYsC9HTTEBvvU8dlaH+Zu4D7g7mrR59fX2rGRyT/UsQ312akstCKql6cA7yQ72t0gsgFoulOS2WMIhBdZXiN+qLkxF/TvLXP0Id74xQsH7yxlGeZhb5BiEnn3LceDGD94NtnmHbS3g2OKwul4IABMnfGUgHX2ByX4T08+xVpt9HkTS9/Xk1ysO25GDSztQv+JojaToH5hoOmDQbKGS433F+/dhxDn/LIZ1VZyk6szaxmCNSLUjGzAa62JicgAMhQTP4XaNT7X9h9HjOhrdQQI7nx0WIJUfNM7z08t521qs4ngP/AVBE/q1Wmrg8AAAAAElFTkSuQmCC)}
72
+
73
+
74
+ @media print {
75
+ body { width: 100%; color: #000000; position: relative; }
76
+ #container { width: 98%; padding: 0; margin: 0; }
77
+ h1 { color: #000000; }
78
+ h2 { color: #000000;}
79
+ .rule { margin: 20px 0 0 0; }
80
+ .title { color: #000000; margin: 0 0 10px 0; padding: 10px 0; }
81
+ .title h1 { color: #000000; }
82
+ .title img { margin: -3px 0; }
83
+ .heading { margin: 0 0 10px 0; }
84
+ .BODH0 { color: #000000; }
85
+ .BODH1 { color: #000000; }
86
+ .PREVNEXT { visibility: hidden; display: none; }
87
+ .rr_div { width: 98%; margin: 0.8em auto; max-height: none !important; overflow: hidden; }
88
+ }
89
+
90
+ </style>
91
+ </head>
92
+ <body>
93
+ <div id="container">
94
+ <div class="title"><img src="data:image/png;base64,R0lGODlhuAA6ANUAAHl8f9LT1P+ymaWnqf+MZldbX/T09GJmaenp6oSHit3e35udn4+SlP/ZzG5xdLy9v8fIyf9wQP/18rCytP/i2f+Wc/+DWf/Pv/95Tf+pjf/Fsv/s5f+ggP+zmf+8pf+fgP/Gs/+8pv+pjP/s5kxQVP9mM////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAAAAAAALAAAAAC4ADoAAAb/QJNwSCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b7/h81RCYMBwkAhEEAhcbThYliouLBA1EiRlJFSUCQpSMjBEch0MNmZkEGkYGCwckqAUJDwZDCSQLSQskDEKADAgFqLu8vAu6vbwFCFZ8AwmnvQKZgxkaFEmgoKNCigTRikIR0prUJsvcjRJDEMDBtK27SeomqAAB5/HyuwFUyPOB4dYXRvqL0CasYStRzZ+iR98UDSLAkCGjCkIU9HIAiNeEdqjWZcQIwEACACABJOtVYJa7kCgTtJqCDxW4RR0CMrJUZJGRDYlKcCh4DYlN/5kEjTTIiUEIOJpEJHBY9AhAKlZCDDxI9gAjCY1XORqBRwJAEa5eu7TMxyhmJqRDfha5oJDnwIJBjVD4l7ASEgKKKkhEpeCIgr5WsQpxt5UwEbBexr5UZHZmv2xHfgr0CVmtEUyWjiJhWyIC4iXsjrAzfJi0kM9cFDPCIEHC2cdxa1Yu0TPy7NhFNGumXIJrAiahjYzuWph4aeOpW76MQEFCzkVo4R7ZIJn2W6BJPtndbbvE3mGgN4reaPp0edRbVHdu/hw67CMZ8rrlLR2JbkXRidhMdgAwkuBFDBfWcQOah1x6yh1kAl6g5AedABBCuJSCMtX2HnZIYFZXfkJwFv+BCVyhMoBg/5F3oIEFgoiKAwG06CIWqoUgm3szhiPJfN3VJxdTG94lnwnl7OKAf0QAWKSJKap4YojB1GKFag0RAAJQ+MEWzk44XrjIOEU0sE0JRfVYhFKLeIOAU7uMGKB4wiFZXIpM9pJkFOrBRKVdM0YY4XM3TpbjneHwU5c/FhgxgTlDHpnVeFmVpyScqaAEUj1PJliWCR2E0EADGDgIWRETlnCIn1oa5M1i3FjAZRFn8qJmYCU2euKjXzkKo6WLfLApNB/gqd+nRTAoCakzwiUNBhl0YpQ+oixx6C5OGjmEgG/WOuut+KAqnwhVFnsEZ9cQ+2tQlmESJhHcSdH/KioXSTuYm9ZCeu0VdS6iKgg0jvuWuGndRgR13Q6R7hQMoHIArIy+myR6tIqFq0IjzJVvv7jpq0ih9GEosEKrimlFMnst2qasC59nK70PlxDTlwFTjATARW35rSJhWmaCBF/euKyvVaAZIjFGIEBtvEQ7nG0mjU2sYxEayJcTh5hgabMJHiyi7MBSGABMAGg6WYRJYTnKMMNZ1KvynZ5WfDMGinhANV1ENE3h1Cawbd3OHAZN5BAepWLCA7tURQTgqAgutsnzVno0IwT06tiMm0begAZ2RzCOBHZX0oAEDWByt8ZEaFcCQlgbAYHBC0BQTx8jqVkRLQEoAEHBBk87/+vYK7qoO6VUHPP6OdouMogACI2rj6AmUMAyKKq6fASDGJdexAAtea2AOcEU4N/hS+JTwEpW9PGHMpoQYogS/kSAvBAUtLdIBR1/iYTEQUlPhEfYC/OqEOvKCbTC1TrOPHinhQA8YAEA0EAFiNexJWQgShD0QAOHcAEONCQDxRuCBwigMyNs0G3JYwhAmhCAY4QkARMAXxFmFxIGEFAIH9lfVD4CAVZJ6oa/0YMOd8jDHvrwh0AMohCnYAAV8m+IQ0QgSFZhgjOFZAH+GQBIGNAKBUgKARCQFJD4MyID0I4ECUCAFSPyEQDU8G9eOxP4BnBGIZgRiWIAgAMGIEUSDP8AHiEpAHhewYBfOEBFC6DjAAxAPUGOqAAOeMADEvAb6i0gAAhU3VVycYA6VoV6goMHpQxAgj9OS4Zw5AIAXiVHTfKPBBMQ2kVU9AB4TE9kpiQCSGplAgZ8D4YHo94BWhFLwv3PjqEEwyiHQL1YmqCS8PjlHUVmAuoRQWgdIULB2qgiE8xSCM4cgC5GFEsGHKAknwzmF4YJQxaRgFKqdOUn4RFINVFvikIAXAHaaABAqMQ81hyQK6UIgGHEsiTeDKc4uyBHOjrlkbQYgClIgAB1DmaZIcFmVwCQQxMowJ5rJME8q3nNakpRaC48J5BIIDuSPnSgBD3AE/nQyVOwqJr102olM515BOp5MiKAkGQ+h7BPr8yimCb4hRDA2Q5QotQK5OSpSA9wMBWB75wOlWgSjOnGd1yloxO4ihRNoDVd1OObIClAU4F5VC0k1TyrAyY8BCe0Fs2UmUTIKpEMcIAEuBIZKzFFM8OS1XNKhAF0LFhfyFpWLJxVRZTqZyscUABFfpOlrxTkBCSiUqf88RUgOYVOT2fGWcRiq0I4RR9IAL4DxKIrhjRiYZ9wWIkALRd9saLB+hJVE/TVbxNYqUUZsMQaXi+ewFhAKyZQ0WQuoKLNrEVlQ/K/1Tr3udCNrnSnS93qWve62M2udrfL3e5697tjCAIAOw==" width="184" height="58"><h1>Burp Scanner Report HTML</h1></div>
95
+ <h1>Summary</h1>
96
+ <span class="TEXT">The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that was used to identify the issue.</span><br><br><table cellpadding="0" cellspacing="0" class="overview_table">
97
+ <tr>
98
+ <td width="70">&nbsp;</td>
99
+ <td width="90">&nbsp;</td>
100
+ <td colspan="4" height="40" align="center" class="label">Confidence</td>
101
+ </tr>
102
+ <tr>
103
+ <td width="70">&nbsp;</td>
104
+ <td width="90">&nbsp;</td>
105
+ <td width="82" height="30" class="info">Certain</td>
106
+ <td width="82" height="30" class="info">Firm</td>
107
+ <td width="82" height="30" class="info">Tentative</td>
108
+ <td width="82" height="30" class="info_end">Total</td>
109
+ </tr>
110
+ <tr>
111
+ <td rowspan="4" valign="middle" class="label">Severity</td>
112
+ <td class="info" height="30">High</td>
113
+ <td class="colour_holder"><span class="colour_block high_certain">0</span></td>
114
+ <td class="colour_holder"><span class="colour_block high_firm">0</span></td>
115
+ <td class="colour_holder"><span class="colour_block high_tentative">0</span></td>
116
+ <td class="colour_holder_end"><span class="colour_block row_total">0</span></td>
117
+ </tr>
118
+ <tr>
119
+ <td class="info" height="30">Medium</td>
120
+ <td class="colour_holder"><span class="colour_block medium_certain">0</span></td>
121
+ <td class="colour_holder"><span class="colour_block medium_firm">0</span></td>
122
+ <td class="colour_holder"><span class="colour_block medium_tentative">0</span></td>
123
+ <td class="colour_holder_end"><span class="colour_block row_total">0</span></td>
124
+ </tr>
125
+ <tr>
126
+ <td class="info" height="30">Low</td>
127
+ <td class="colour_holder"><span class="colour_block low_certain">1</span></td>
128
+ <td class="colour_holder"><span class="colour_block low_firm">0</span></td>
129
+ <td class="colour_holder"><span class="colour_block low_tentative">0</span></td>
130
+ <td class="colour_holder_end"><span class="colour_block row_total">1</span></td>
131
+ </tr>
132
+ <tr>
133
+ <td class="info" height="30">Information</td>
134
+ <td class="colour_holder"><span class="colour_block info_certain">0</span></td>
135
+ <td class="colour_holder"><span class="colour_block info_firm">0</span></td>
136
+ <td class="colour_holder"><span class="colour_block info_tentative">0</span></td>
137
+ <td class="colour_holder_end"><span class="colour_block row_total">0</span></td>
138
+ </tr>
139
+ </table><br>
140
+ <span class="TEXT">The chart below shows the aggregated numbers of issues identified in each category. Solid colored bars represent issues with a confidence level of Certain, and the bars fade as the confidence level falls.</span><br><br><table cellpadding="0" cellspacing="0" class="overview_table">
141
+ <tr>
142
+ <td width="70">&nbsp;</td>
143
+ <td width="90">&nbsp;</td>
144
+ <td colspan="6" height="40" align="center" class="label">Number of issues</td>
145
+ </tr>
146
+ <tr>
147
+ <td width="70">&nbsp;</td>
148
+ <td width="90">&nbsp;</td>
149
+ <td width="125"><span class="grad_mark">0</span></td>
150
+ <td width="125"><span class="grad_mark">1</span></td>
151
+ <td width="125"><span class="grad_mark">2</span></td>
152
+ <td width="125"><span class="grad_mark">3</span></td>
153
+ <td width="125"><span class="grad_mark">4</span></td>
154
+ </tr>
155
+ <tr>
156
+ <td rowspan="3" valign="middle" class="label">Severity</td>
157
+ <td class="info">High</td>
158
+ <td colspan="5" height="30">
159
+ <table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP8AAAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjY0RDFGNDAzODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjY0RDFGNDA0ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6NjREMUY0MDE4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6NjREMUY0MDI4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP9mZgAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjY0RDFGNDA3ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjY0RDFGNDA4ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6NjREMUY0MDU4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6NjREMUY0MDY4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/MzAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjg0Q0E0ODg0ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjg0Q0E0ODg1ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6NjREMUY0MDk4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6NjREMUY0MEE4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td></tr></table>
160
+ </td>
161
+ <td>&nbsp;</td>
162
+ </tr>
163
+ <tr>
164
+ <td class="info">Medium</td>
165
+ <td colspan="5" height="30">
166
+ <table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP+ZAAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjg0Q0E0ODg4ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjg0Q0E0ODg5ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6ODRDQTQ4ODY4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6ODRDQTQ4ODc4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/CZgAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjg0Q0E0ODhDODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjg0Q0E0ODhEODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6ODRDQTQ4OEE4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6ODRDQTQ4OEI4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/rzAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkI1MDMwNTM3ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkI1MDMwNTM4ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6ODRDQTQ4OEU4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjUwMzA1MzY4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td></tr></table>
167
+ </td>
168
+ <td>&nbsp;</td>
169
+ </tr>
170
+ <tr>
171
+ <td class="info">Low</td>
172
+ <td colspan="5" height="30">
173
+ <table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/uAAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkI1MDMwNTNCODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkI1MDMwNTNDODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjUwMzA1Mzk4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjUwMzA1M0E4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="125" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/1ZgAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkI1MDMwNTNGODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkI1MDMwNTQwODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjUwMzA1M0Q4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjUwMzA1M0U4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/8zAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkU2OTVBQzRBODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkU2OTVBQzRCODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6RTY5NUFDNDg4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RTY5NUFDNDk4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td></tr></table>
174
+ </td>
175
+ <td>&nbsp;</td>
176
+ </tr>
177
+ </table>
178
+
179
+ <div class="rule"></div>
180
+ <h1>Contents</h1>
181
+ <p class="TOCH0"><a href="#1">1.&nbsp;Strict transport security not enforced</a></p>
182
+ <br><div class="rule"></div>
183
+ <span class="BODH0" id="1">1.&nbsp;<a href="https://portswigger.net/knowledgebase/issues/details/01000300_stricttransportsecuritynotenforced">Strict transport security not enforced</a></span>
184
+ <br>
185
+ <h2>Summary</h2>
186
+ <table cellpadding="0" cellspacing="0" class="summary_table">
187
+ <tr>
188
+ <td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_low_certain_rpt'></div></td>
189
+ <td>Severity:&nbsp;&nbsp;</td>
190
+ <td><b>Low</b></td>
191
+ </tr>
192
+ <tr>
193
+ <td>Confidence:&nbsp;&nbsp;</td>
194
+ <td><b>Certain</b></td>
195
+ </tr>
196
+ <tr>
197
+ <td>Host:&nbsp;&nbsp;</td>
198
+ <td><b>https://github.com/dradis/dradis-burp</b></td>
199
+ </tr>
200
+ <tr>
201
+ <td>Path:&nbsp;&nbsp;</td>
202
+ <td><b>/</b></td>
203
+ </tr>
204
+ </table>
205
+ <h2>Issue description</h2>
206
+ <span class="TEXT"><p> The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against its users. This attack is performed by rewriting HTTPS links as HTTP, so that if a targeted user follows a link to the site from an HTTP page, their browser never attempts to use an encrypted connection. The sslstrip tool automates this process. </p>
207
+ <p>
208
+ To exploit this vulnerability, an attacker must be suitably positioned to intercept and modify the victim's network traffic.This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. </p></span>
209
+ <h2>Issue remediation</h2>
210
+ <span class="TEXT"><p>The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.</p>
211
+ <p>Note that because HSTS is a &quot;trust on first use&quot; (TOFU) protocol, a user who has never accessed the application will never have seen the HSTS header, and will therefore still be vulnerable to SSL stripping attacks. To mitigate this risk, you can optionally add the 'preload' flag to the HSTS header, and submit the domain for review by browser vendors.</p></span>
212
+ <h2>References</h2>
213
+ <span class="TEXT"><ul>
214
+ <li><a href="https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security">HTTP Strict Transport Security</a></li>
215
+ <li><a href="http://www.thoughtcrime.org/software/sslstrip/">sslstrip</a></li>
216
+ <li><a href="https://hstspreload.appspot.com/">HSTS Preload Form</a></li>
217
+ </ul></span>
218
+ <h2>Vulnerability classifications</h2><span class="TEXT"><ul>
219
+ <li><a href="https://cwe.mitre.org/data/definitions/523.html">CWE-523: Unprotected Transport of Credentials</a></li>
220
+ </ul></span>
221
+ <h2>Request</h2>
222
+ <div class="rr_div"><span>GET / HTTP/1.1<br>Host: github.com/dradis/dradis-burp<br>User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:66.0) Gecko/20100101 Firefox/66.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en,es-ES;q=0.8,es;q=0.5,en-US;q=0.3<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Cookie: hpage=1; AMCV_2387401053DB208C0A490D4C%40AdobeOrg=-1891778711%7CMCIDTS%7C17970%7CMCMID%7C21612935572021633722025223033275851039%7CMCAAMLH-1553169173%7C6%7CMCAAMB-1553169173%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1552571573s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.4.0; uid=W9g/8Fux09NcLDHUBLt6Ag==#b4a7fa78e6c4983b02b41f0c993c2043; uid_ns=W9g/8Fux09NcLDHUBLt6Ag==; dtm_dds=3/14/2019%7C; s_lv=1538401711844; asaleatorio=v6|NO; _cb_ls=1; _cb=CHsEZNVjLgK9Eh3g; _chartbeat2=.1538380775140.1552564528405.0000000000000001.DULUU_5XcVyr-M7oTDU5YBMxsZ0.2; __gads=ID=06fd97433187c959:T=1538380762:S=ALNI_MZNHKQ5IoHIQX9fc91pDzlf7PDN4g; pbsconsent=BOU8kdHOU8kdHABABAENBq-AAAAht7_______9______9uz_Gv_v_f__33e8__9v_l_7_-___u_-33d4-_1vX99yfm1-7ftr3tp_86ues2_Xur_959_-njE; _v__chartbeat3=ChrB4_B73EobCceMDU; kppid=W9g/8Fux09NcLDHUBLt6Ag==; assegmento=v14|#feminismo; asnumdisplays=v14|1; aslastdisplay=v14|1552564374379; _fbp=fb.1.1552564376436.938848531; hst=1552520446_153124; cto_lwid=a6243aac-07e7-4c94-b258-b67ada2611d6; cto_idcpy=fec01c29-01e9-4fa7-b32d-b9ca0b82f535<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
223
+ <h2>Response</h2>
224
+ <div class="rr_div"><span>HTTP/1.1 200 OK<br>Server: nginx/1.3.5 epet/0.8.0.2<br>Content-Type: text/html; charset=UTF-8<br>Cache-Control: max-age=10<br>Content-Length: 361046<br>Vary: Accept-Encoding<br>Date: Thu, 02 May 2019 09:39:41 GMT<br>Connection: close<br>Set-Cookie: eptz=ES; path=/; domain=.github.com/dradis/dradis-burp<br>Set-Cookie: ak_bmsc=B2AE61FE579F4E9ADD81AF3E8BA2B9495C7AF27CEB620000DDBACA5C8327AB7C~plqa0dlFUk69S2EZU8MlTQI/GS+BP8NBdEoTcsdaugLA/WMoI2CFXYV1uhfrS8b/TJW4wY7jK+J88eP76x5h46tZrxSTfqGTFH0kzRnxB8ek5KcCAGpVsC9tqQ78yHBbup5wJzfFSrwvAcEHsnhioKB5D2/2nOLmiyfGPpFemjhnoORzbaV8bWK+4xyD9uo61YxWMEm3cMF06MMDmW/hjj0Sh8qZ28XlWmUtt3G0iMTE4=; expires=Thu, 02 May 2019 11:39:41 GMT; max-age=7200; path=/; domain=.github.com/dradis/dradis-burp; HttpOnly<br><br>&lt;!DOCTYPE html&gt;<br>&lt;html lang="es"&gt;<br>&lt;head&gt;<br>&lt;meta charset="utf-8"&gt;<br>&lt;meta http-equiv="X-UA-Compatible" content="IE=edge"&gt;<br>&lt;meta name="format-detection" content="address=no,email=no,telephone=no"&gt;<br>&lt;meta nam<br><b>...[SNIP]...</b><br></span></div>
225
+ <div class="rule"></div>
226
+ <span class="TEXT"><br>Report generated by Burp Suite <a href="https://portswigger.net/vulnerability-scanner/">web vulnerability scanner</a> v2.0.20beta, at Thu May 02 10:52:22 WEST 2019.<br><br></span>
227
+ </div>
228
+ </body>
229
+ </html>
@@ -5,4 +5,4 @@ issue.severity
5
5
  issue.confidence
6
6
  issue.request
7
7
  issue.response
8
- issue.detail
8
+ issue.detail
@@ -0,0 +1,13 @@
1
+ issue.host
2
+ issue.path
3
+ issue.location
4
+ issue.severity
5
+ issue.confidence
6
+ issue.request
7
+ issue.request_1
8
+ issue.request_2
9
+ issue.request_3
10
+ issue.response
11
+ issue.response_1
12
+ issue.response_2
13
+ issue.response_3
@@ -0,0 +1,36 @@
1
+ <span class="BODH1" id="2.1">2.1.&nbsp;http://mdsec.net/addressbook/32/Default.aspx [Address parameter]</span>
2
+ <br><a class="PREVNEXT" href="#2.2">Next</a>
3
+ <br>
4
+ <h2>Summary</h2>
5
+ <table cellpadding="0" cellspacing="0" class="summary_table">
6
+ <tr>
7
+ <td rowspan="4" class="icon" valign="top" align="center"><img width="32" height="32" src="images/scan_issue_high_certain_rpt.png"></td>
8
+ <td>Severity:&nbsp;&nbsp;</td>
9
+ <td><b>High</b></td>
10
+ </tr>
11
+ <tr>
12
+ <td>Confidence:&nbsp;&nbsp;</td>
13
+ <td><b>Certain</b></td>
14
+ </tr>
15
+ <tr>
16
+ <td>Host:&nbsp;&nbsp;</td>
17
+ <td><b>http://mdsec.net</b></td>
18
+ </tr>
19
+ <tr>
20
+ <td>Path:&nbsp;&nbsp;</td>
21
+ <td><b>/addressbook/32/Default<wbr>.aspx</b></td>
22
+ </tr>
23
+ </table>
24
+ <h2>Issue detail</h2>
25
+ <span class="TEXT">The <b>Address</b> parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.<br><br>The database appears to be Microsoft SQL Server.</span>
26
+ <h2>Remediation detail</h2>
27
+ <span class="TEXT">The application should handle errors gracefully and prevent SQL error messages from being returned in responses. </span>
28
+ <h2>Request 1</h2>
29
+ <div class="rr_div"><span>POST /addressbook/32/Default<wbr>.aspx HTTP/1.1<br>Host: mdsec.net<br>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0<br>Accept: text/html,application<wbr>/xhtml+xml,application<wbr>/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en-US,en;q=0.5<br>Accept-Encoding: gzip, deflate<br>Referer: http://mdsec.net<wbr>/addressbook/32/<br>Connection: keep-alive<br>Content-Type: application/x-www-form<wbr>-urlencoded<br>Content-Length: 116<br><br>__VIEWSTATE=%2FwEPDw<wbr>UKMTI0NzE5MjI0MGRkoX<wbr>v4BXfugQRsGddxJO96PBvk5rI<wbr>%3D&amp;Name=&amp;Email=&amp;Phone=<wbr>&amp;Search=Search&amp;Address=<span class="HIGHLIGHT">'</span>&amp;Age=</span></div>
30
+ <h2>Response 1</h2>
31
+ <div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Wed, 10 Apr 2013 12:40:58 GMT<br>Server: Microsoft-IIS/6.0<br>MicrosoftOfficeWebServer: 5.0_Pub<br>X-Powered-By: ASP.NET<br>X-AspNet-Version: 2.0.50727<br>Cache-Control: private<br>Content-Type: text/html; charset=utf-8<br>Content-Length: 2642<br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR<wbr>/xhtml1/DTD/xhtml1<wbr>-transitional.dtd"&gt;<br>&lt;html xmlns="http://www.w3.org<wbr>/1999/xhtml" &gt;<br>&lt;head&gt;<br>&lt;title&gt;Contacts&lt;/title&gt;<br><b>...[SNIP]...</b><br>&lt;b&gt;Error: <span class="HIGHLIGHT">Unclosed quotation mark</span> after the character string ''.<br><span class="HIGHLIGHT">Incorrect syntax near</span> ''.&lt;/b&gt;<br><b>...[SNIP]...</b><br></span></div>
32
+ <h2>Request 2</h2>
33
+ <div class="rr_div"><span>POST /addressbook/32/Default<wbr>.aspx HTTP/1.1<br>Host: mdsec.net<br>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0<br>Accept: text/html,application<wbr>/xhtml+xml,application<wbr>/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en-US,en;q=0.5<br>Accept-Encoding: gzip, deflate<br>Referer: http://mdsec.net<wbr>/addressbook/32/<br>Connection: keep-alive<br>Content-Type: application/x-www-form<wbr>-urlencoded<br>Content-Length: 116<br><br>__VIEWSTATE=%2FwEPDw<wbr>UKMTI0NzE5MjI0MGRkoX<wbr>v4BXfugQRsGddxJO96PBvk5rI<wbr>%3D&amp;Name=&amp;Email=&amp;Phone=<wbr>&amp;Search=Search&amp;Address=<span class="HIGHLIGHT">''</span>&amp;Age=</span></div>
34
+ <h2>Response 2</h2>
35
+ <div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Wed, 10 Apr 2013 12:40:58 GMT<br>Server: Microsoft-IIS/6.0<br>MicrosoftOfficeWebServer: 5.0_Pub<br>X-Powered-By: ASP.NET<br>X-AspNet-Version: 2.0.50727<br>Cache-Control: private<br>Content-Type: text/html; charset=utf-8<br>Content-Length: 2721<br><br>&lt;!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR<wbr>/xhtml1/DTD/xhtml1<wbr>-transitional.dtd"&gt;<br>&lt;html xmlns="http://www.w3.org<wbr>/1999/xhtml" &gt;<br>&lt;head&gt;<br>&lt;title&gt;Contacts&lt;/title&gt;<br><b>...[SNIP]...</b><br></span></div>
36
+ <div class="rule"></div>
@@ -0,0 +1,50 @@
1
+ #[Host]#
2
+ %issue.host%
3
+
4
+
5
+ #[Path]#
6
+ %issue.path%
7
+
8
+
9
+ #[Location]#
10
+ %issue.location%
11
+
12
+
13
+ #[Severity]#
14
+ %issue.severity%
15
+
16
+
17
+ #[Confidence]#
18
+ %issue.confidence%
19
+
20
+
21
+ #[Request]#
22
+ bc.. %issue.request%
23
+
24
+
25
+ #[Response]#
26
+ bc.. %issue.response%
27
+
28
+
29
+ #[Request 1]#
30
+ bc.. %issue.request_1%
31
+
32
+
33
+ #[Response 1]#
34
+ bc.. %issue.response_1%
35
+
36
+
37
+ #[Request 2]#
38
+ bc.. %issue.request_2%
39
+
40
+
41
+ #[Response 2]#
42
+ bc.. %issue.response_2%
43
+
44
+
45
+ #[Request 3]#
46
+ bc.. %issue.request_3%
47
+
48
+
49
+ #[Response 3]#
50
+ bc.. %issue.response_3%
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dradis-burp
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.12.0
4
+ version: 3.13.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Martin
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-01 00:00:00.000000000 Z
11
+ date: 2019-06-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dradis-plugins
@@ -42,16 +42,16 @@ dependencies:
42
42
  name: bundler
43
43
  requirement: !ruby/object:Gem::Requirement
44
44
  requirements:
45
- - - "~>"
45
+ - - ">="
46
46
  - !ruby/object:Gem::Version
47
- version: '1.6'
47
+ version: '0'
48
48
  type: :development
49
49
  prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
- - - "~>"
52
+ - - ">="
53
53
  - !ruby/object:Gem::Version
54
- version: '1.6'
54
+ version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
56
  name: rake
57
57
  requirement: !ruby/object:Gem::Requirement
@@ -111,16 +111,20 @@ files:
111
111
  - README.md
112
112
  - Rakefile
113
113
  - dradis-burp.gemspec
114
+ - lib/burp/html/issue.rb
114
115
  - lib/burp/issue.rb
116
+ - lib/burp/xml/issue.rb
115
117
  - lib/dradis-burp.rb
116
118
  - lib/dradis/plugins/burp.rb
117
119
  - lib/dradis/plugins/burp/engine.rb
118
120
  - lib/dradis/plugins/burp/field_processor.rb
119
121
  - lib/dradis/plugins/burp/gem_version.rb
120
- - lib/dradis/plugins/burp/importer.rb
122
+ - lib/dradis/plugins/burp/html/importer.rb
121
123
  - lib/dradis/plugins/burp/version.rb
124
+ - lib/dradis/plugins/burp/xml/importer.rb
122
125
  - lib/tasks/thorfile.rb
123
126
  - spec/burp_upload_spec.rb
127
+ - spec/fixtures/files/burp.html
124
128
  - spec/fixtures/files/burp.xml
125
129
  - spec/fixtures/files/invalid-utf-issue.xml
126
130
  - spec/fixtures/files/without-base64.xml
@@ -128,6 +132,9 @@ files:
128
132
  - templates/evidence.fields
129
133
  - templates/evidence.sample
130
134
  - templates/evidence.template
135
+ - templates/html_evidence.fields
136
+ - templates/html_evidence.sample
137
+ - templates/html_evidence.template
131
138
  - templates/issue.fields
132
139
  - templates/issue.sample
133
140
  - templates/issue.template
@@ -157,6 +164,7 @@ specification_version: 4
157
164
  summary: Burp Scanner upload plugin for the Dradis Framework.
158
165
  test_files:
159
166
  - spec/burp_upload_spec.rb
167
+ - spec/fixtures/files/burp.html
160
168
  - spec/fixtures/files/burp.xml
161
169
  - spec/fixtures/files/invalid-utf-issue.xml
162
170
  - spec/fixtures/files/without-base64.xml
@@ -1,138 +0,0 @@
1
- module Dradis::Plugins::Burp
2
- class Importer < Dradis::Plugins::Upload::Importer
3
-
4
- # The framework will call this function if the user selects this plugin from
5
- # the dropdown list and uploads a file.
6
- # @returns true if the operation was successful, false otherwise
7
- def import(params = {})
8
- file_content = File.read(params[:file])
9
-
10
- if file_content =~ /base64="false"/
11
- error = "Burp input contains HTTP request / response data that hasn't been Base64-encoded.\n"
12
- error << 'Please re-export your scanner results making sure the Base-64 encode option is selected.'
13
-
14
- logger.fatal{ error }
15
- content_service.create_note text: error
16
- return false
17
- end
18
-
19
- logger.info { 'Parsing Burp Scanner output file...' }
20
- doc = Nokogiri::XML(file_content)
21
- logger.info { 'Done.' }
22
-
23
- if doc.root.name != 'issues'
24
- error = "Document doesn't seem to be in the Burp Scanner XML format."
25
- logger.fatal { error }
26
- content_service.create_note text: error
27
- return false
28
- end
29
-
30
- # This will be filled in by the Processor while iterating over the issues
31
- @hosts = []
32
- @affected_host = nil
33
- @issue_text = nil
34
- @evidence_text = nil
35
-
36
- doc.xpath('issues/issue').each do |xml_issue|
37
- process_issue(xml_issue)
38
- end
39
-
40
- logger.info { 'Burp Scanner results successfully imported' }
41
- true
42
- end
43
-
44
- private
45
-
46
- # Creates the Nodes/properties
47
- def process_issue(xml_issue)
48
- host_label = xml_issue.at('host')['ip']
49
- host_label = xml_issue.at('host').text if host_label.empty?
50
- affected_host = content_service.create_node(label: host_label, type: :host)
51
- logger.info { "\taffects: #{host_label}" }
52
-
53
- unless @hosts.include?(affected_host.label)
54
- @hosts << affected_host.label
55
- url = xml_issue.at('host').text
56
- affected_host.set_property(:hostname, url)
57
- affected_host.save
58
- end
59
-
60
- # Burp extensions don't follow the "unique type for every Issue" logic
61
- # so we have to deal with them separately
62
- if xml_issue.at('type').text.to_str == '134217728'
63
- process_extension_issues(affected_host, xml_issue)
64
- else
65
- process_burp_issues(affected_host, xml_issue)
66
- end
67
- end
68
-
69
- # If the Issues come from the Burp app, use the type as the plugin_ic
70
- def process_burp_issues(affected_host, xml_issue)
71
- issue_name = xml_issue.at('name').text
72
- issue_type = xml_issue.at('type').text.to_i
73
-
74
- logger.info { "Adding #{issue_name} (#{issue_type})" }
75
-
76
- create_issue(
77
- affected_host: affected_host,
78
- id: issue_type,
79
- xml_issue: xml_issue
80
- )
81
- end
82
-
83
- # If the Issues come from a Burp extension (type = 134217728), then
84
- # use the name (spaces removed) as the plugin_id
85
- def process_extension_issues(affected_host, xml_issue)
86
- ext_name = xml_issue.at('name').text
87
- ext_name = ext_name.gsub!(" ", "")
88
-
89
- logger.info { "Adding #{ext_name}" }
90
-
91
- create_issue(
92
- affected_host: affected_host,
93
- id: ext_name,
94
- xml_issue: xml_issue
95
- )
96
- end
97
-
98
- def create_issue(affected_host:, id:, xml_issue:)
99
- issue_text =
100
- template_service.process_template(
101
- template: 'issue',
102
- data: xml_issue
103
- )
104
-
105
- if issue_text.include?(::Burp::INVALID_UTF_REPLACE)
106
- logger.info do
107
- "\tdetected invalid UTF-8 bytes in your issue. " \
108
- "Replacing them with '#{::Burp::INVALID_UTF_REPLACE}'."
109
- end
110
- end
111
-
112
- issue = content_service.create_issue(text: issue_text, id: id)
113
-
114
- logger.info do
115
- "\tadding evidence for this instance to #{affected_host.label}."
116
- end
117
-
118
- evidence_text =
119
- template_service.process_template(
120
- template: 'evidence',
121
- data: xml_issue
122
- )
123
-
124
- if evidence_text.include?(::Burp::INVALID_UTF_REPLACE)
125
- logger.info do
126
- "\tdetected invalid UTF-8 bytes in your evidence. " \
127
- "Replacing them with '#{::Burp::INVALID_UTF_REPLACE}'."
128
- end
129
- end
130
-
131
- content_service.create_evidence(
132
- issue: issue,
133
- node: affected_host,
134
- content: evidence_text
135
- )
136
- end
137
- end
138
- end