dradis-burp 3.12.0 → 3.17.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.github/issue_template.md +16 -0
- data/.github/pull_request_template.md +36 -0
- data/CHANGELOG.md +27 -7
- data/dradis-burp.gemspec +1 -1
- data/lib/burp/html/issue.rb +157 -0
- data/lib/burp/issue.rb +1 -118
- data/lib/burp/xml/issue.rb +127 -0
- data/lib/dradis-burp.rb +2 -0
- data/lib/dradis/plugins/burp.rb +2 -1
- data/lib/dradis/plugins/burp/engine.rb +13 -2
- data/lib/dradis/plugins/burp/field_processor.rb +6 -2
- data/lib/dradis/plugins/burp/gem_version.rb +1 -1
- data/lib/dradis/plugins/burp/html/importer.rb +144 -0
- data/lib/dradis/plugins/burp/xml/importer.rb +144 -0
- data/lib/tasks/thorfile.rb +12 -3
- data/spec/burp_upload_spec.rb +110 -6
- data/spec/fixtures/files/burp.html +229 -0
- data/spec/fixtures/files/burp_issue_severity.xml +118 -0
- data/templates/evidence.fields +1 -1
- data/templates/html_evidence.fields +13 -0
- data/templates/html_evidence.sample +36 -0
- data/templates/html_evidence.template +50 -0
- data/templates/issue.fields +4 -3
- data/templates/issue.template +4 -0
- metadata +20 -9
- data/lib/dradis/plugins/burp/importer.rb +0 -138
@@ -0,0 +1,229 @@
|
|
1
|
+
<html><head><title>Burp Scanner Report HTML</title>
|
2
|
+
<meta http-equiv="Content-Security-Policy" content="default-src 'none';img-src 'self' data:;style-src 'unsafe-inline'" />
|
3
|
+
<style type="text/css">
|
4
|
+
body { background: #dedede; font-family: 'Droid sans', Helvetica, Arial, sans-serif; color: #404042; -webkit-font-smoothing: antialiased; }
|
5
|
+
#container { width: 930px; padding: 0 15px; margin: 20px auto; background-color: #ffffff; }
|
6
|
+
table { font-family: Arial, sans-serif; }
|
7
|
+
a:link, a:visited { color: #ff6633; text-decoration: none; transform: 0.3s; }
|
8
|
+
a:hover, a:active { color: #e24920; text-decoration: underline; }
|
9
|
+
h1 { font-size: 1.6em; line-height: 1.4em; font-weight: normal; color: #404042; }
|
10
|
+
h2 { font-size: 1.3em; line-height: 1.2em; padding: 0; margin: 0.8em 0 0.3em 0; font-weight: normal; color: #404042;}
|
11
|
+
h4 { font-size: 1.0em; line-height: 1.2em; padding: 0; margin: 0.8em 0 0.3em 0; font-weight: bold; color: #404042;}
|
12
|
+
.rule { height: 0px; border-top: 1px solid #404042; padding: 0; margin: 20px -15px 0 -15px; }
|
13
|
+
.title { color: #ffffff; background: #ff6633; margin: 0 -15px 10px -15px; overflow: hidden; }
|
14
|
+
.title h1 { color: #ffffff; padding: 10px 15px; margin: 0; font-size: 1.8em; }
|
15
|
+
.title img { float: right; display: inline; padding: 1px; }
|
16
|
+
.heading { background: #404042; margin: 0 -15px 10px -15px; padding: 0; display: inline-block; overflow: hidden; }
|
17
|
+
.heading img { float: right; display: inline; margin: 8px 10px 0 10px; padding: 0; }
|
18
|
+
.code { font-family: 'Courier New', Courier, monospace; }
|
19
|
+
table.overview_table { border: 2px solid #e6e6e6; margin: 0; padding: 5px;}
|
20
|
+
table.overview_table td.info { padding: 5px; background: #dedede; text-align: right; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
|
21
|
+
table.overview_table td.info_end { padding: 5px; background: #dedede; text-align: right; border-top: 2px solid #ffffff; }
|
22
|
+
table.overview_table td.colour_holder { padding: 0px; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
|
23
|
+
table.overview_table td.colour_holder_end { padding: 0px; border-top: 2px solid #ffffff; }
|
24
|
+
table.overview_table td.label { padding: 5px; font-weight: bold; }
|
25
|
+
table.summary_table td { padding: 5px; background: #dedede; text-align: left; border-top: 2px solid #ffffff; border-right: 2px solid #ffffff; }
|
26
|
+
table.summary_table td.icon { background: #404042; }
|
27
|
+
.colour_block { padding: 5px; text-align: right; display: block; font-weight: bold; }
|
28
|
+
.high_certain { border: 2px solid #f00; background: #f00; }
|
29
|
+
.high_firm { border: 2px solid #f66; background: #f66; }
|
30
|
+
.high_tentative { border: 2px solid #fcc; background: #fcc; }
|
31
|
+
.medium_certain { border: 2px solid #f90; background: #f90; }
|
32
|
+
.medium_firm { border: 2px solid #ffc266; background: #ffc266; }
|
33
|
+
.medium_tentative { border: 2px solid #ffebcc; background: #ffebcc; }
|
34
|
+
.low_certain { border: 2px solid #fe0; background: #fe0; }
|
35
|
+
.low_firm { border: 2px solid #fff566; background: #fff566; }
|
36
|
+
.low_tentative { border: 2px solid #fffccc; background: #fffccc; }
|
37
|
+
.info_certain { border: 2px solid #ababab; background: #ababab; }
|
38
|
+
.info_firm { border: 2px solid #cdcdcd; background: #cdcdcd; }
|
39
|
+
.info_tentative { border: 2px solid #eee; background: #eee; }
|
40
|
+
.row_total { border: 1px solid #dedede; background: #fff; }
|
41
|
+
.grad_mark { padding: 4px; border-left: 1px solid #404042; display: inline-block; }
|
42
|
+
.bar { margin-top: 3px; }
|
43
|
+
.TOCH0 { font-size: 1.0em; font-weight: bold; word-wrap: break-word; }
|
44
|
+
.TOCH1 { font-size: 0.8em; text-indent: -20px; padding-left: 50px; margin: 0; word-wrap: break-word; }
|
45
|
+
.TOCH2 { font-size: 0.8em; text-indent: -20px; padding-left: 70px; margin: 0; word-wrap: break-word; }
|
46
|
+
.BODH0 { font-size: 1.6em; line-height: 1.2em; font-weight: normal; padding: 10px 15px; margin: 0 -15px 10px -15px; display: inline-block; color: #ffffff; background-color: #ff6633; width: 100%; word-wrap: break-word; }
|
47
|
+
.BODH0 a:link, .BODH0 a:visited, .BODH0 a:hover, .BODH0 a:active { color: #ffffff; text-decoration: none; }
|
48
|
+
.BODH1 { font-size: 1.3em; line-height: 1.2em; font-weight: normal; padding: 13px 15px; margin: 0 -15px 0 -15px; display: inline-block; width: 100%; word-wrap: break-word; }
|
49
|
+
.BODH1 a:link, .BODH1 a:visited, .BODH1 a:hover, .BODH1 a:active { color: #404042; text-decoration: none; }
|
50
|
+
.BODH2 { font-size: 1.0em; font-weight: bold; line-height: 2.0em; width: 100%; word-wrap: break-word; }
|
51
|
+
.PREVNEXT { font-size: 0.7em; font-weight: bold; color: #ffffff; padding: 3px 10px; border-radius: 10px;}
|
52
|
+
.PREVNEXT:link, .PREVNEXT:visited { color: #ff6633 !important; background: #ffffff !important; border: 1px solid #ff6633 !important; text-decoration: none; }
|
53
|
+
.PREVNEXT:hover, .PREVNEXT:active { color: #fff !important; background: #e24920 !important; border: 1px solid #e24920 !important; text-decoration: none; }
|
54
|
+
.TEXT { font-size: 0.8em; padding: 0; margin: 0; word-wrap: break-word; }
|
55
|
+
TD { font-size: 0.8em; }
|
56
|
+
.HIGHLIGHT { background-color: #fcf446; }
|
57
|
+
.rr_div { border: 2px solid #ff6633; width: 916px; word-wrap: break-word; -ms-word-wrap: break-word; margin: 0.8em 0; padding: 5px; font-size: 0.8em; max-height: 300px; overflow-y: auto; }
|
58
|
+
|
59
|
+
div.scan_issue_false_positive_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAQaSURBVFhHxZdNbBNXEIDHa8d/guCUJDLCoEKiHkJVELQKRYpAQhyqCjiBOICExA24kAOIA4WcCiKppR4bbqWoDQeCkBCQVkFABOGnEIJDI2IEQQHZwbjYsfy33sfM88T2uv5Zi6R80Whn5u3MvJ19L34LRvH5fFZVVb8TQnRrmvYnyiuUGEoK5S36R1B+RdkdiUQaOezjSSQSrZj0Fy5iCJpUJpP5I5VKreU0tUNPjElOUDLOWzMYq+HlJxQHpzVGLBZbgrFDMsscgLl82MmVnL4y1DYMeMOxcwbmfIeXdi5TGrzh8/koXkCQ1hSX00PvHIvf5RvnE9otuTVh4iv4Y/6uBZYFP7BpCJfFBUktCXEtzp7SWE1WcJqdYFWs0sYHPWk2m4+SLidAbdn5z87xgfCAUi1ZIWfbzsKD6APwvvKypzI2xQYbFm2ArhVdmQ5XxyqTyTQuB3C7naHepLW0WDO8RsBfkJOR6Ih4MvNEytjMmBgIDYh9Y/vk2JXQFQoTM+qM2OPbo4s7PHFY3Pr3lhTvpFcsvrE4N+YcdIqLwYtnZHGMt2FLYjITsm1kmy5RKQbDg3KMJjVLz8seXRzdU8i10DXd+K7RXVTTpuDTf4+tcMrZIB67h7XyeGwe2NG8A+rN9ewBsCt21kqz5bMt0OJoYQvgReKFk2oruBg2s88wrY5W6PuyD5bZl7EHoMnaxFp5KG4WmjDVVrAN37LPEFPJKbgXucdWbUzEJ1gD2Niwkd7vWgXbn+9LCWibFdL7uhf2Pt3LlnGuhq6CP+6XeoOlAfYv3Q9Yu82Cdv5FIk11+lYee35M7mFCExqcD54HxaRIuxqPoo8gkArA0Psh6J7slj7Kf2n1JWi2NpNZXzUTBeOKhv7pfjgXOAfP4s94pDo9kz2w9fFWeXVb3XDQcxBG20ehvb7gJwHfQwIlx/Hnx3XbJZgM8kiWA+MHRNudNrby9AX6dHHF27AMCVqEYzwXQ6y0G/tVNQLWfkiL8Dbbhuhc3gm+dh9bHwfW/pvWwPWsmaV41c8z15VAIHAZlVzVSCbCWm1EVH1csV2CJNVW3G43nWx/ZydMp6ZZy5LQEqxVprhz1SZANam23IaKovyICyJDOv2nK2Q4MgyqUNkqz/3ofday0P+Acq+Tlj8e8U+TnjuQuG+6b6RFuiOUDrEnT52pDg4tPwSnWk6xJ88R/xHoneqFsBpmTx4T/m1v3A4XvrrAniz49F78HegkPTeBdYPrGvvX91/GU8s37NLhUByw0LKQrTxRNVrxRESnIVediy3JY5T1uAP+G4Sd+XSH0lnwWP71fEwCc75Lp9ObuExl8H7qxFx/mHzB6Y3xST/NCqF3hgn+/4/TYmY/zzHxz1iAPs+nqBAKPWUYL6M49hvqNXyeA3wAUPUS+7uslXoAAAAASUVORK5CYII=)}
|
60
|
+
div.scan_issue_high_certain_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAL3SURBVFhHvZfPaxNBFMdfN8ZQLTlEghEKFSNWExApFfEmeBL/gOKp9/4F8ebNW/8A7wW9F9RTe6iUerCkND21lzaiBi0YEUyjGb9v9226m7xNZrbiBx47MzvzvvPj7ezMBFnSIDo/S/QwAzNEd1CELBVgWVgbjj7iuQN7+4PoTZ7oK9Jn5xfRdQi+6MEhnmbIKhVjlpYCKxT8MtQ9+UP06oRoTty4wyOGk2fsbEg0kzFmYcGYtTUTo1qN1UPbHp7LsElxa8dPoito/C7qrG/T08YcHoriAPxOaQNfDczkNXE/Gp42NPikOfKNR5lELqe3gcHnMZ73REYHFa6OFGcrl0VtgFZLrx+3FseUyMXhNYf4e6VR3HiUGhwPWv1hq8P6MeHJk24S1fAp3ZVsMp0OUbMpmQgHB5IYy20M9Kmkgw7wtCBR80tsODqSRIQG5tASDLQWLoXfAewkLG7/qWijtZ8B7kBWNMnDeuRQ8MR/Y4s22v19SdjBmqztYbN5jMwFKbfjbDHgw5qs7fHeLmX2DIpxhzg4HWFtXoL7krdncAkcAjAKtOc8TEVZ8va02/Fl2NuThBvQrvBXgD9nCqKjTjkDIN/fiJz5BzPAcAfco4eJfnbaxmRHh4MwXffDGRiMBwegvc1BuCl5N8JP0XEDigLtD7wE60HWEZ72lRWixUUpSMX6xGeii5eJviGTC8r+G50vRJe8Ek5g+D2+lEI3JvH/KmMb4V+LI6zJ2n4GwTCLgt94ageIYSuVjFldNabbDQ4ju7vGzMzodRWDVg+fXtUXD8GP4blWWbWtrUA4Sr2u11UMWssiewr2MrsjGZ98k8jn9TZxix3JYuDF+EPpqA4Ui3qbU0s+lIbgWD4/thMplgA+j7tED0RmNGjAM6FfTNg4CDc2RBmMCUL44ovJDXFvB8dE4tUstKmp4J6Qzarv0Tbd1SwKrxkcJF9OFeNOo/NWl1Nsx3bwjPD1HA0e8UECRbdgRdg55L9DuAnbwd7+2v56TvQXGcdZcmkc3RsAAAAASUVORK5CYII=)}
|
61
|
+
div.scan_issue_high_firm_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAALmSURBVFhHpZdNaxNRFIYnCTGokI2WIqQgtrWQQhfFIpZCA67EX2Bx199QcOHCnRvpQrpyZRGh/gcX3UjBhSI2brooVKyJmEoDgUy+ru87c4ZMJjcz904eOM25X+e9n9N7HVOq1eqVXq/3SCn1ajAYfIT9hLVgHdhf5H+DvYM9bTabN6XZ9LTb7QUEfSMi4xwfK7W351uj4WWxU/1+/0On01mVMPZwxAjygsG8qGG6XaUODpSqVJRynKGxMyHQdoCfXdhVCWtGq9W6hbafvChRzs6UKpVGhQNjmQbEqmIm70j4eDhtaPBb2o7DUerEae22VBoHMS/wc19k9KDC7VhxcnKiF5+ZkQqx/OGeErlRuOYQ/ywVJ8NR6jqwuSkVEuFpGd8T3HB+uQG6PbC9LYXJQOulyDpZ/uG0ZDKZ516OCaWSOCHKZXGSgdYO+rFE3+tAPp9/hswcfSMWNMuoy5sAtbDcO/Sz6EkBGU+8ElN0o52fF8cMalI7i/V4jMQ1yTdjbk6cEBYzQKhJ7Wwul3soeeZER8t0oSAJc6jNJXggaXOWl8URomlDoL2axVTYLR4pFkdPguX6B0C7zFOAaCkIjzrlDICidwxTEZ4Bi29AFHbA9V1LwtOu+zCZ4XIT/pCEHcFR5H7QHUsDoP2Vm/BI0nYEM5ByAxJof+ESHPpJSxYXHWdry3H29yUjFYeZWq12fXZ2toGE/ZdkOtx6vX7D8/BJfIv1sKfZ9C8orisZ5lDTEydIL+G/U88vMuD8XKmNjeFdoFxW6vRUCpOB1sB13dGPBy8JUp7M2troZYS2siKFyUBrV2SHGF/JePONigd2eSmVYtFfyQgKki+lcR2o16XSRCZfSgNwLb+X2IkUS4CYF91utyIy8aA+Z0L/MCHchOvrQ/GETYhYfJjclfBmxD7NAhKOIdqme5qF4ZohwOTHqQZ2Gp2f7nEaJXieI/BrCPB5/otCMI7yH36+o+w9fIvnueP8BxSS9SUfeqeFAAAAAElFTkSuQmCC)}
|
62
|
+
div.scan_issue_high_tentative_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOISURBVFhHvZfPS1RRFMfv+KMxE1MMJHARTaXkLpDEhS5CsEUbQxFxE/0BEkgLEYo2maSL0I0EBhoULsKFIpLoJoUEJWICsUWQ0Uxm0jBjM+PMnL7n3TPOvN6bH2+EPnDm3Xd/nO+5d+69716VL16v91QsFrtJRE8TicRb2FdYCBaF/UT+B9g0rC8QCJyTZjlxyTMj4XD4ktvtvg/HnS6Xq0b9+aPU6qpSGxtKBYO6UkWFUlevKtXertTZswp1j2BvEPAjtPXqSg7hHsfj8YfcQzgjCgaJ7t0jqqoiUtCws/Jyov5+osNDowm3hY8nSJ4Wt/kRCoXOo/E7wwuzv090+bK9qJ21tBwHwcCXFyN5UdxnJxqNXkOD79JWMzdnL5TNeCTSgM9feFwXGXtQ4YJFnHnwIOW4tZVoeJhoZESLeDxm4aS53XrkzPzgOSVyZvg/h/h7qWjmxg3tdHJSMtI4wnzr6bEGwLa4KJVM8GqxzgmecLr8H8Jh3ZumJsmwYW/PPoBpXpVWoPVYZDU8LOh9TMrNrKxoZ1NTkpGBujprAGtrUmhGtOpF3uj9c11kw/Y20fi4XobZqKw0i1dXZ23DmoY40m5EFNLZBbKwYBZnGxiQQntE062wW3XqrALhXjY0mMV5zzg4kAqZYW3Upgn9WiC9vVbx3V0pzMmEwlBsyotzRkfN4s3NTsT5b1hHK/qtXx0yP09UXJwS7+rKPVGt/OYAnOPzpT5KLpfeGeNxKXRGYQHcvavFS0uJXr2SzMLgALDVOYQ/uxwA9/xkhIvw88nYEJxQUqKfd+7oZ4FAe6sIp5x1ec+ftjZJnAxobxbhifOVQ4aGlPJ4lNrdlYyCWXX5fL4ztbW1+3hx67z/RsTv99cYKXwYXhhT4j/CmoY4g/d6+UTmZmuLqKND7wO87c7OSkH+QCsRiUQaRV7DhwQpz4zfbz0V80a0vCwV8gNaYyKbIuuRLAmfC9LFk9bXJxXywnQk41Vg0NjYGMWy6EahT7KsZJr1gYAkcrKHob8NHdxuNMcBMCj4gm/0rYxB8M3HjpYWSWQGPg/gu7usrOyzZGUGlfl4nrqYpDM4qP/35PDzMT3tEmIHfPHF5Iq4zw/L1SydnR2imRmipaWsX0G05ZU1BnN2NUuHT8xwMAlnfAPOCw4awb+2LLWTkLyew/EzCPD1/BsLwRLQPMDjI8peIu3geq7UX+xyemrcb22vAAAAAElFTkSuQmCC)}
|
63
|
+
div.scan_issue_info_certain_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAMwSURBVFhHvZdPaBNBFMYna/7poRBrSoQeihFbkpsXT4VeRTwF2hw85Oyth4DgQU8tRisijQevYlDBk+hJaHOQQoWKkUhKpQiJaFFSCESbkGT83uS122ST7myq+cHLvn0z+763O7OTHaFLPp/3NhqNy1LKe61W6y2sCKvC6rBfiH+EPYFdq1QqZ/iy47O3t3ceSR+ziBZUVLPZfF6r1aKcxjl0x0hym5Jx3gMQl6lUSk5NTcnR0VE5Pz8vUSi3mnAhd+Ce5LR6VKvVs7j4XTuNlYWFBYluHZZMJrnVCnLlUeA59LOnXq9fxAXf+dqeBINBSwHj4+Pc2hvkLONwCX07MPioQIcJt9v92uVyhTikDcabvd4gZwCHVzSn2pE2BwXQmKOAFzriGHP2TBKJBHtHEvT5fC+hY50TNOHQoMX+JAyHwzIQCPSdhP3A9YssK1z0Q4/F6/UWcPcnVPQ/QzVAKwrbVEPg8XhuDEucIC1MyqTyUY0PVkbwlGodEtD8Dc3TBsbjynHEi8WiWFpaEnNzcxzRgzSVNipJ4/x6O9yfcrkscrmcKJVKSrRQKIj19XV1JLAOqLhDHgmMxQaKsCWdTlsWn8MWiUS4pz7QXjPwKMJIYMv09LRYXl4WeP0ExDhqMjY2xp4+0I7QZHBMJpOxPIGZmRludUbHUqwLlmv2TEZGRthzBhVw9CKuCZZY9hxRM/AUPvOJNoPebTfQ/kCTcI3Ptel1t4MUBe0NGoLV9unxGHAIVo2dnZ03cBzNgwHFuqmRthEKhejL9hkHtfgXc4A0SVu9hoZhLGJCNFWLBnZfP3bQ+49P/LvkqwIwGTYRUwEd8N3P3mBA6wGGMU/+wUKEP5VbaHjPp45xUFQOT/wm+2YB0Wi0jicxiyJ+cKgvvcQ0h+Un+sWg84fPzQIINHzF2Fy1K2J7e5s9k62tLfZ6g5y7yD3r9/u/cKg/6DyBWdqxMVlZWZHxeFzGYjGJt8DyZ0Q2OTkp8WEis9ksX9UGuWhjcgF99Onemtl9Dxw26svCDRzuw5xtzQ5DX8xIMPzNaTf723MkfggB2p5/IyFYC5q7OHxC21P4DrbnQvwF214N3RLEYxoAAAAASUVORK5CYII=)}
|
64
|
+
div.scan_issue_info_firm_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOPSURBVFhHxZdNaBNREMdfkiZp0lJoiBBLDwU9Jf1AK5WGHupRpAcRe7Kn3rz3IArtTUFLRdCDB/Ei+HkScxIqPQmGRFKaJmkQqVVSTJNSGtPEJvE/L9MN+dh0k7bxB4+dmd19Mztv9n0IraysrJj29/cvFwqFB/l8/iPaD7QUWhYtjubL5XLPcP/Gzs6OnV87Ont7e2fR6VNygqsmKCgE8yqTybi4G1V0fK2CvtjpdM6ivxmdTmdkswSdC6/XK8LhsEin08Llcgm32y30ej0/UQTv/kVbgH0OfaTZXEbNAFKp1GmLxfIWL7nZVMbS0pLw+/2sFRkZGRGjo6OslYMggtlsdqK9vf0bmxTKQwZ48Dyc+9ScE8gOSyWCwSBL1aAvp8lk8iKQi2xSKAsAD/S1tbV9wAsONmmGhqUe6LMbl/dUU0VLESUAGnME8FqLcxrzSgYGBliqyymz2fwOfiysl2oAXzCHYplltS4HRbi6ukp/iejv769ZhGrgL7lnMBhukSwDoLRgjEL4egPpJw0ykIMvF1pYhmw0Gu+0yjlBvpCFGSkjGhuuv9DMZGgV8PsHgdj0iOQ69KadY9oVPp9PeDwetmgDzq2opSuUgcfQbxbN6lCxxeNxsbu7K9vW1paIxWJie3tb3u/s7BTT09NSboAnOmSAJp1zbFAlEAiIxcVF1qqx2WxiamqKNW3g4z/r4fwM63Xp6ekR4+PjYmxsTHR305xSjtVqZUk78O2kv6CrqNbHbreLoaEhMTw8LAYHB9laAtM3Sw3RpW3mqKCjo4OlEphHWGoMCiBTFI8GZjaWGiKjRyGoL2MqNPu1lcC3n4rQx7pmmvzaKsg3TURfWP8ffMICpn8D4VjqoEEym5ubHhqCBLLwko0tg3w6HI6U/A2RhbsoiPpbmmMEvgrY4t8nWQaALIRhk4ZWAF8PsTOSG0tlIgqFQrQF11SQ2Liy1BQBZPw2y6UAsM/LIhOTCCLGJlVqbUAP25Qyv3FYuQY/yhlBCYDAje8Ym4nDgqDluJJkMslSbdBnEn1P4mwQZZOk5sEED/ehvUBAytlgY2NDLC8vU/WK9fX1msNAqyQtWrRY9fb2slX2RweTq3AeYZNCWQYOoExgx3sJ4jyanCMSiYSIRCIiGo2q1gBlYW1tTT5LwDGNywL6u1DLuSZO+nCqmYPjOTp+BAd0PP9JjtDy8JnE5SvuPYfcwPFciH+oJiV1ec52uwAAAABJRU5ErkJggg==)}
|
65
|
+
div.scan_issue_info_tentative_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAANQSURBVFhHxZfPaxNBFMcna5s0thRsYn6QS0GhkJwUQfDmUaQHEXvyL/DuSUEvUkRFEfTgQbwI/jyJnjx4FJQohqSpiBgkqWnS9GfMr6br982+7JLNbtxsa/zAsG/ebN578+btTEY4JZ1Oe7e3t0+pqnpzZ2fnLdpPtCpaE62Mlmy32w8xfn5jYyPIP9s99Xr9MIw+ICd4OoKCQjBPG41Ggs0MDs0Ytq6RMc2sAXTq0tKSurCwoKZSKbVQKEidGQ7kOkQ/m+3Bw88uqtVq1O/3v/B4PCdY1QUcilKpxD2NcDgsIpEI97pBAJlmszk7Njb2nVU6Cj918OJROE/aOSdWVlZYMqhUKiz1Altxr9f7EYEcZ5VOVwB4YXpkZOQ1fmA9lT7gtyxZA5sH8HhFNaVpNPQAeM2fOXEeCARYMrDSWXDQ5/O9hJ/emkCxXMWAIzpFmMlk+hahHfA1z261IqS0YI2ymP0+qf3HUAzwlUBblEswOjp6eVjOCfKFjF2UMqKZwrOA5iPFsIDf3whkSkEk59B37RyfrVheXha5XI41zoDz/aiF05SBe+hf0NT24BygWhGtVks6JblWqwlst3Icyyji8biUB+C+BxmgTecIK2wpl8sin89zrxfscmJmZoZ7zsDk3ytwfoj7fRkfHxexWExEo1GBb5m1BtjAWHIOfMfpK5jUuv3B9iyCwaAIhUKWm46bAMBkz1ngBFpvM4riypTcirUq2iUuA2goKIQMdxzjdrZm4PsTFWGS+47ZqwDIN21EH7j/P3iHySjPIexJHQxIo1gsvqElqCALT1g5NMgn/sJV5WIiC/MoiLYcGQLwpWJrv0GyDABZWIROKoYBfN3BbpomWS/nbDZ7BQOOChKnGEuu+IKMX2LZCCCRSDSRiTkE8YtVttDJaAZrylJfSjg9z8JPjftGAAQGfsD47N+CoCPZTOdYtgM2V2F7DqfmN1ZJLC8meHka7TEC0u8GW1tb8j4Avdjc3LScMZ2SdCzToTUxMcFaaY8uJmcw9pVVOl0Z6ECZwLXrJMRbaHJq9AdkbW1NrK+v26abskDj9C4Bx1Qst2HvmJVzR9A/Zhga/uXUTOd6DsN34YCu53lyhEYXglU8PmPsEeQBrudC/AFTuKzU4nNa5gAAAABJRU5ErkJggg==)}
|
66
|
+
div.scan_issue_low_certain_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAPTSURBVFhHvZfdaxRnFMafeSe7m0Sb2mzXGGqaFgOhadESqzWCoASxojFUIWAv0uv+ASklLW3oTS960dJ7bwTBBkVsiB9IQLzQi0bTBBqwTW1oDIr5otF87uxMn3f27O5sdnZ3JkJ/sDvnnJnd57xfZ97XQED6+xBta0W7odAOB+/DQDOvtbxGeF3kI9O0xxzg5vIibjR/gtn0L0tTNoGJq2iqUvicf3zaMBCXcJaKrS2IxQ+79sqTn2GvzzEfJGHjSgr4tvEUfndvFqFoAm6L96KXor18KCLhNIaJyu0nUd34GWKvH4XBbtE8u/MerOc5PZ2I4+AHrKCvoYvfPvgmMHkZ9RUxXOLNgxLKoip3InHwLsyqBonkeDrUAHv1sXh5jFtAR+NJPBI/Szp1D5MDaDWjeOAnrlGRV33FNfb6jFgFtJgOhqcG8aH4WfIS+PsK3jKBQWVgh4QKcFKrYuVjW5yH9pp4hXAoX1MOBvSckpBLNgE95pEK9JcS16T8uxippQmxSpKoVLg81Y8q8XMJyITbJ25x2Eq/JKzlv8QqDTV2qyp8LW46gSl2C8f8KzcSgNTKlFg5vLO/HFwdPdNXWUeIm4Ay8QUz4/AHw6+1ycURscrjapno0bb68xpiXKtn3TsB8WutFWwOZNGaWltVJnGCGVVLPBAvMwcyaE2trdj97RILzEYx1y+xBIuhtRW7ok38wGwcgjAT0Au1WxW7Ypf4gXFYdLzDELb7M1C7Ra+CmrQbDm+rN9sDpCZbiMJieXog+WJcrPCwPCP87CHe0utXmIKgtRW/N5V+Zg7ol1CRV3B5HIzoSXhP3FBkJl7Al5Av1H6gh+C2+KFILf2B5ekLWBj9VCLh0drG6Hlsiddiji+jmMT/F/T4z80jrvZ0Y4n+xXQ4HIa5FWY1y4iRv2UMyEWt7S5DI4XvWJW4iQ2GitYhvv8G6j96jrojE0gcGuE2rVHulodaTsrG99p2E3ijEw/ZJW4gCNv2nEMscUw8bplfeRe1H/wiXgAM/JjZrmcL0b37+IaZ/SpuUVQ0wS35CfFyRGp2p4ejDNQYc5bxpbi5BLr6sJ600GU7eCqh0Biq7DyeWbVxxntGyCvFb3+MScdGR6kk9NZ7bfaWeDmSi2OwSpRktnyB/9vV1Im8wpGXgObNTgxbFto4J+5KqICF37qZxJB4FOfLaH74lHi+jK8lcaCho7Dm+J6MNCWPZoJehipWx3fBP2xiUqI53JVl4Cc95qGOZl7KHU794LMvfzjdSOZ4TvO43kjw+g5/naBaBe1/+XlM4THGrgc/ngP/AaoMYrity1oNAAAAAElFTkSuQmCC)}
|
67
|
+
div.scan_issue_low_firm_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOzSURBVFhHrZfPaxNREMc3m82vGhPbUow/CoKlwVaLVIvWi2gPIlIQxNLe/Cd60aInD6KI4E08eBFUFAQVepDSgxTE2kohhZZS1KIGUtsmbZLuZpP1O5vpJmm22d3UDzx2Znb3zex7896+cQk2icVi3mg02qdpWp/L5TqJFoXchFsetBTkn7B9gzyWyWRGQ6HQMr23azY3N9vy+fwTVVWXcdW2N3ltRltffKw3VUnpNjyroL2UZbmTu3EOfTE6u0udlTvUHeQy2sbScy0xcV779V4wWi4br3wO7+ZyuXtLS0sB7rYK0ylIp9MHfD7fawzpOTYZqBuzwsrni0JBSbClxP5LGcEl+lgrUSgUZhFQv9/vX2STgchXA0VRuuF8ysw5oRVkU+cuKWTqnBBFsUOSpEn0fYZNBhUBZLPZI3j4A5xH2FQFOTJD9LawZA76bHS73e8op9ikYwRAc+7xeF7Vck64/YdZqsTdcJSlmrTAx5vynDACaG9vvwnnPazuCA2zaBLEToGZ0BWJRG6zXAyAhgXOR3SLDcycScEOlqyBr2H4jJKsB4AEGYHRTbIdzIbbvadiamtCvuBzmGQxmUw2wTCo37GJ2dc6GQFmCLunTwwGg9ehmK+fHXAHWlkqQitDspeEBvjoBizLKzQFXUWTfbZPgc0VUAWmoY8C6C2q9tk+3A5WQAWYgm4KwHH4Iu16ZRtSvSOAaeigAMy3NgvKnUp76/7phfRlWA/l01DHCjCgAOSi6IzyrK83B4BMAcwWZWdsbTyUC7tIwmkKYKqoOmMrB+pNQAJJOEUBfCmqzpAa2gT/wSEh3PWMLc7BCIy7aCvGbvgbuqPd8D8gJxKJZjEcDq8gkhdsdERBXRfU9AJOSQpb7EM+8VtO62dC+jViW4zRX0q/a0Fe/iOsTQ8KudVPuk7LsLFnFMl4SNetgHM6tJ7A0S+m7wM4LM7Bdl+/a4PVr1cN5wQdVJMzN1izBr4ekXOS9QCI+fn5O7hhmZDkTE1OslZC+TuGKUmxVpOZeDx+i+VSAJ2dnXSGH0AQcTY5BydmCxLwca21tTXLeikAIhAIfMcZvr9WEDTfUvg0ayW8zRdqnozR5yr6HsB0L7BJpyIAwuv1TiLKXrwwwaYqGk+9FTz7SmUDBRU+/pS1aqgwQZV0FificTZZw6XZA7RNKrPMWk5e0+TUHEq1rOl9OFXxMQ9rlWaWWBWnZo1qQjRbxanj8hziZTT6/x5Do0mXsH8kMcw/cKXy/KP98lwQ/gEfuhb/OCSbIgAAAABJRU5ErkJggg==)}
|
68
|
+
div.scan_issue_low_tentative_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAASISURBVFhHvZdNaB1VFMfPzPtMXj6aD0xbixabkthAxUJpmoVCg+AHdaG0unDjQhcuXIjR2laNushCaUFddVPBjyIV3BQtEkgWkmBbUmxJSI0Wpc0jL0lf0pe85M3kzRv/587JPOd9JPNepT+4zDln7tz/mZk7d84lv4yPj4ez2ewztm1/lsvlBtFuoaXRTLR5xH9H+xrtlVQq1SqXbYomx7JkMpn2SCTyDgZ+QdO0FttaJePOMK3dvUx2dln10YJ1FKzbQ5HWp0gPNRL6rqH9iIQ/xrXjqlMZyibAd9zZ2XkcotxCtpWm1I33aeXWWQgvSi8vWqCWah96jRo6BmDXrCdyWtf1foyxKt08lEwgnU5vq6mp+QEX9bCfM5M0P9JN2fSUOr8Z4aYeajkwqJJgkMSEaZqHo9HoTRX4D7ocXdBxH8TH1sUZc+FX3+KMuTCCp/WeeLhLTdsTDoevIJEDEnLxPAF02Ik2igu2Skix9Ec/LU19pOxw8xMUfeBZWDpZxjRlEhfIWvlLnfOgR2hrb5z0cLMEFHOGYfTgSfwpfh5+55jNl5BAEfOjvfb0BbLT/5yRSJ5cbs1Ojr2szhe2zOxF6eWBvxbn3QD3FciE2y+ui50zyMArCDXuVxOsEE0LUmPXF+J5scw5sTzsxY1+ILaTAH9qED+pIgWYC6OYhQbFHn5DIsXo4VbSozvEyxOs3SWWF2j14Sl0sK0SCIVCxxAMsF1IILodd/gl1Ww/IpHS2NmUWA5aqIlCDXvF88JaeAp9ykYmEbQkgrXqbBVk5n6m5CWemHnqHnmbGh79VLxioLkCzWbdsqzn7kVcLVATb4nnEIztprr2E+KVhjVZWw8EAr0Sq4rFa69TdnlSPEe8pXsIS/IWiZSHtXU8ioPiV8zyzVO0Gv9OPMylpm4lHog+KJGNgfY+ngN3YTc4If9kZn+i5JXn+R0oP7rtCDU9dhbLb0z5PklxArY4vrGMBM0Od8pPSaP6zgFMuj6816KVfVMqvwIs3TjhiGshanr8HNXvercqcYavMhzTP6vxc+pY3/EJ1oeXlF0lBk/CCXH8g+WXie14VR2rBdpXdXyPWGsrI9LypFj3BrTH+BUMO65/6tpPUgDrvJW5LZGqGdZmZmZibW1td+BEnNh9w0gkEi3KwpL4FX+O9xPWVOIM/A78nbLOqY0xF6/a8789bccvbrETQ7vtlfh5OeMfaOVQGXWxtluSIaMBVK/HxC1JzpylxFBHQVWsYfkdxMQ8JP7mQP80/gPqD+auHpOTkx8iucvilmQ1fr5ESW6rUr0CruFG3V+lm0BXV5eJz+IokpiRUBHlZn1hMbIBXJS+CB13j+BZP3Hib+xmDpdLgnc+peB9wGZgzAWMfbSwIvYkwHD9jkQO4oIRCblEWg9hDTgOK1/Nc5ke2/mmeKXBWLwx6Ubp53/N4TIdE7MfE8bEAB7Wlqfs9O1vUHb/ghltSbQY+bJOoblleMVwxYwBzmAw3gH7gpNG8t+vf2r/C+vbcwz8OQR4ez7NQmg5aC7gcB3nvoVdwfac6F9oIodwSlO0xgAAAABJRU5ErkJggg==)}
|
69
|
+
div.scan_issue_medium_certain_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAOxSURBVFhHvZffaxxVFMe/92azm8aQaEOaFJW2WIkmEqQQNUJByJNIFNoaqD74UAoiCAq2hDStL/2RYsQ8+C9ExFalFVHfRFChLQlEEqK0ImkCsbHRJMT82N2M3zN7dnd2dzZ7JwE/kMw9Z3b3e+6Zc8/ca+DIxKuItz6O7iqLbs/gabpa4WE3r9X8W+IPzfI6DoPvlv/Ft/Uf4i/aFakYwFofDiZiOO0BR4xBo7rzNLUBB17IjH/5FFhdgOchyc9/md7E5fhFjGZuhlM2AJnxE63o5wf6KSyzzGOqgPZjQOebeXHh46eAexNqQAJhsjCMFZwxH2FV3QWEBrDSj727LK5S+Hl15al/BDj5E9DwqDoCDNG3NKNGHmZjciOJnppB/K6uHFavOTb6cYjio6HiQk1DuLiwMq+DQjjLtngMt7yzeFZdOQoC8PqwP2bxNcVb1FVKak0HRYh4el2NUvibDzEVX0lNqcsnF4A8c68an20pLiyWptgn8OzLYtDEgv7cexe71JMPQAuuU83yyCzDgli4o4MKGHRs1uKcWpkAJC0UH/A9Lizd1UEAlwwozPIpb4B9hPgBVMfQRyfXliNhs3XNABGtTeCUjK33NhKc/XH/jiths124rQM3RFO0bboBLzGiWvW7sZMaUERTtG2VQbf63CkWu097iyVYDtG2bJddarszX/QIim1HqH3IMhWPqe3O+lLhY4iY/izUbpNVUJ8xIxKcdYQlWER9rhFFJpiBe5M6iI5lf45ePUJw2YU1JheobeVVqWY0shlYYz2EvIJdoPaYFOHPakcjW3gRG1AQao9abOJ7taOx8Bt3gCPAF2+oYxtQ28y9hweaa3CfvTGh7v8HPv8/19BoW4awwhcDd5PbIF4H7GYbsYVbRhdEU7T9Zch/l9iV0v4dF+q4ZznxA1/gy8A7rIG3xoAH9+nNyshmNZXEBzL2AzDn8atnMg4nXr8G7DusBtnTDrx2XY3KsPqHE5fhd69cI5qawvu8cVPN8siu+OFn1AjQ0gEkHJqqh3HLbbpa+QDar2DDJNHL9MypKzqxCnXsYX49haPBM0IuAMEM4o+Uh54tg5CmM3tDjQBz42W35QJ/8+8U0MuzQUHjKAhAiF/ALZNCF7/A00cZRl4Bpn9Ug8jL6JOX1SjFP5ik8Vz1+dKew51ROFsezbLIMqxrBv6Z5rpKqjOPVDu/H/1oFqTi4TQECu/8cFpM9nhuLF6UjQRdTzK3TbzGaC9SdIai49bgG/fjOfAfeU8viaUaLdcAAAAASUVORK5CYII=)}
|
70
|
+
div.scan_issue_medium_firm_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAN0SURBVFhHpZfbaxNBFMYnmzQXCy1tTavUgqLS0qAPBdH6pPgkUhSFgkXoX1EQL9VXUUTEJ8GiiIWKCiK+iEIfRAWl4iWlohRRiklrKcRGs7mt39k92WyS2exu8oNh55zdne/sXM7OCLfE4/FgPp8/rGnalWKx+BzlJ0oaJYvyG/4PKHdRTqVSqY38WvNkMpkdaPQmi9SS/Kxpb24YRV3XXRRUoVCYUVU1xs14h74YjVykxvRWreQy+N5pTbt1QNPOi3JZX+YHDDiQS6hGuNkafHytIJ1Ob45EIg98Pt9+dpVZjgsxdVCIvyvssDCZESIQYqMMApjPZrMj4XB4kV0mCl9N8OAQxOek4kRelYuH2qTiBNoaDAaD7xDIXnaZVASAB7YGAoGneGETu2ohIRmtUa7IQZsduDyhOWV4DMwAaMwRwP264kR7H1eq6Kho145oKBR6aJ0TZgADAwNnIL6HTXuom9u2sGGhXeKTsxuTc5LrRgDULRA/p3vcIAuge5ArzkBrAr3QT3U9gJaWltNw+qnuik5Jd8t8NpAWemGC6goiCcFxUr/jFtnXdm7nijtIk7QVJIojMDaw3x2yieihBwjSJG3F7/cfYp97qr+WbJscUA/SpiEYZts90aoUX227BNpDCrrC2+ARYSQj60rwOP4loD1Iq8AmtTlg/eruhn96bWYi8ow18XjIAdVQAPi7NIC122WJyR0qTcJ5NrxRWor0c7L7PzgA7fc0CV+z7Y1SDzQ4AQloz9EQzBqmR7p24rcyJsTxO+xoiFlfIpFo7enpWYXhPZM0h5pMJrv0GlLibYyHdzIpTVv9qml5lR3uIU3S1veEsPtR4hgTd3/EP7+EmBkV4sdLw45iGY4/w2roNWwHKIBcLrcLm5O4ngcg/AW+y/pdN0wfLYsTK1hIj8bZcAZa10ic6mYiWlhYuIAbb9m0h3bFS5LHFl9gZ5Nioy4fFUU5y/VyALFYLIueGEUQCXZ5p4BteX1WcFg5AZ1/bJcDIHDjO45fI3WDoLzfK9k6bsNZobWbjVrQ5hraHsXZ4Bu7dCoCIGj/jkCG8cIrdtUy9liIPsuxgSbhsSk2akFbdDDZh62f+5xT92hWwmEZ4t08LldRbI9mjjgeTiVQ0Ai+ucNpNaXjORq+DgE6ni+REEoRmmu4fMK9e6h7OJ4L8R8qPqbiZvrQ7QAAAABJRU5ErkJggg==)}
|
71
|
+
div.scan_issue_medium_tentative_rpt{width: 32px; height: 32px; background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAARXSURBVFhHvZdbbBRlFMf/M+3udsFUpJrKxSsQWjby0HhpFWkiICiBxBu+eONBHnyQxIgiXiAQA1ECij6YvkhEBILGRKMYU5UHgomaotQljSUEU9AWKMiGle6yu+P/zHc67G3Y2cXwS77Md87MfP8z893Oh6DE4/FwJpN5wHGcjblcrptlgCXJkmY5Rf9vLNtYnkgkEtfqaxWx9OrLyMjI1Egk8hIbftiyrCZcOA8c3Qsc/xlInTMPRa4CrpsBTJkHNFwNPnuB5XMGvJbvxs1D5fENQL64paVlFUWlhJBOAt+/DvR8yKj+0aeKCI0Bbn8WmLue9ehoIJtt217DNhh5KWUDSCaTE6LR6Kd86W7Xcf400NUODPe7ZkVu4GvPdLtBCAziUDqdXtTQ0HDEdeRh69WDD7ZRvMcTF/7cF1xcGNgPdL+iBr/SsmaEw+FfGMhd6vIoCIAP3FxfX/8VX7heXYa/e7RCbpoNzNsA3P8W0LEcGD9FbxTx0wfmzyls8xpevpQxZTwGrwukz1tbW/fxwTvUdZGtc4Ej3wGLu0wf55PLAJ89CfTuVEceT30DTJ2vhsdBlnbquGPC+wM64ErFMynTBZN4q1hcsOuBhe+pUUTypFYKmMlp+4bWTQDyWyj+muspZuBHIMsg7nxOHWUYw2nfOFmNPHy6h1or2N3Tpe4GEAqFVtJZJ/USGifyC98HYo+pw4dUQitKlF3ePFONQkSLf2GFW2ckEZbTdHIS10j/HmDbg2oo97wIzH9bjVKo+S81x9vZbHbhZYnLArXnBTWUpmlA56tqlEc0Rduuq6ubo77a+GIZcKpPDSLiS3/gkjxOHf6Its1f0aF29ezfxEn1iRpkMldLEW+cpI5LQ+02GQNnWW80rir442tg+2K2kjW2DNKHuE+Exxo7GAkJwFEjOOeGgC0tZlOyuJbJ5jOLg9oqWdkrUv0bQjcHmIjbIeDRHcC9L9ckLshbXGWqpJeiwpx1wG2Pm3ptpGQQHlIjOLL8Cm1LzbVGqH3A5nzkWlslt3Rq5fKgdo90AfOrKunktiHr/Nlj6qiZvdbg4ODY5ubmYRoR47tipIaGhprcGpfErTIdrySi6YoLtKdzd8qYWxX464DjfLTAcd4c5zjvTHOc33frjeBQK5dKpWKi7WVEjGg9s9eVapYneQJ4l9t4flYsC9HTTEBvvU8dlaH+Zu4D7g7mrR59fX2rGRyT/UsQ312akstCKql6cA7yQ72t0gsgFoulOS2WMIhBdZXiN+qLkxF/TvLXP0Id74xQsH7yxlGeZhb5BiEnn3LceDGD94NtnmHbS3g2OKwul4IABMnfGUgHX2ByX4T08+xVpt9HkTS9/Xk1ysO25GDSztQv+JojaToH5hoOmDQbKGS433F+/dhxDn/LIZ1VZyk6szaxmCNSLUjGzAa62JicgAMhQTP4XaNT7X9h9HjOhrdQQI7nx0WIJUfNM7z08t521qs4ngP/AVBE/q1Wmrg8AAAAAElFTkSuQmCC)}
|
72
|
+
|
73
|
+
|
74
|
+
@media print {
|
75
|
+
body { width: 100%; color: #000000; position: relative; }
|
76
|
+
#container { width: 98%; padding: 0; margin: 0; }
|
77
|
+
h1 { color: #000000; }
|
78
|
+
h2 { color: #000000;}
|
79
|
+
.rule { margin: 20px 0 0 0; }
|
80
|
+
.title { color: #000000; margin: 0 0 10px 0; padding: 10px 0; }
|
81
|
+
.title h1 { color: #000000; }
|
82
|
+
.title img { margin: -3px 0; }
|
83
|
+
.heading { margin: 0 0 10px 0; }
|
84
|
+
.BODH0 { color: #000000; }
|
85
|
+
.BODH1 { color: #000000; }
|
86
|
+
.PREVNEXT { visibility: hidden; display: none; }
|
87
|
+
.rr_div { width: 98%; margin: 0.8em auto; max-height: none !important; overflow: hidden; }
|
88
|
+
}
|
89
|
+
|
90
|
+
</style>
|
91
|
+
</head>
|
92
|
+
<body>
|
93
|
+
<div id="container">
|
94
|
+
<div class="title"><img src="data:image/png;base64,R0lGODlhuAA6ANUAAHl8f9LT1P+ymaWnqf+MZldbX/T09GJmaenp6oSHit3e35udn4+SlP/ZzG5xdLy9v8fIyf9wQP/18rCytP/i2f+Wc/+DWf/Pv/95Tf+pjf/Fsv/s5f+ggP+zmf+8pf+fgP/Gs/+8pv+pjP/s5kxQVP9mM////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5BAAAAAAALAAAAAC4ADoAAAb/QJNwSCwaj8ikcslsOp/QqHRKrVqv2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b7/h81RCYMBwkAhEEAhcbThYliouLBA1EiRlJFSUCQpSMjBEch0MNmZkEGkYGCwckqAUJDwZDCSQLSQskDEKADAgFqLu8vAu6vbwFCFZ8AwmnvQKZgxkaFEmgoKNCigTRikIR0prUJsvcjRJDEMDBtK27SeomqAAB5/HyuwFUyPOB4dYXRvqL0CasYStRzZ+iR98UDSLAkCGjCkIU9HIAiNeEdqjWZcQIwEACACABJOtVYJa7kCgTtJqCDxW4RR0CMrJUZJGRDYlKcCh4DYlN/5kEjTTIiUEIOJpEJHBY9AhAKlZCDDxI9gAjCY1XORqBRwJAEa5eu7TMxyhmJqRDfha5oJDnwIJBjVD4l7ASEgKKKkhEpeCIgr5WsQpxt5UwEbBexr5UZHZmv2xHfgr0CVmtEUyWjiJhWyIC4iXsjrAzfJi0kM9cFDPCIEHC2cdxa1Yu0TPy7NhFNGumXIJrAiahjYzuWph4aeOpW76MQEFCzkVo4R7ZIJn2W6BJPtndbbvE3mGgN4reaPp0edRbVHdu/hw67CMZ8rrlLR2JbkXRidhMdgAwkuBFDBfWcQOah1x6yh1kAl6g5AedABBCuJSCMtX2HnZIYFZXfkJwFv+BCVyhMoBg/5F3oIEFgoiKAwG06CIWqoUgm3szhiPJfN3VJxdTG94lnwnl7OKAf0QAWKSJKap4YojB1GKFag0RAAJQ+MEWzk44XrjIOEU0sE0JRfVYhFKLeIOAU7uMGKB4wiFZXIpM9pJkFOrBRKVdM0YY4XM3TpbjneHwU5c/FhgxgTlDHpnVeFmVpyScqaAEUj1PJliWCR2E0EADGDgIWRETlnCIn1oa5M1i3FjAZRFn8qJmYCU2euKjXzkKo6WLfLApNB/gqd+nRTAoCakzwiUNBhl0YpQ+oixx6C5OGjmEgG/WOuut+KAqnwhVFnsEZ9cQ+2tQlmESJhHcSdH/KioXSTuYm9ZCeu0VdS6iKgg0jvuWuGndRgR13Q6R7hQMoHIArIy+myR6tIqFq0IjzJVvv7jpq0ih9GEosEKrimlFMnst2qasC59nK70PlxDTlwFTjATARW35rSJhWmaCBF/euKyvVaAZIjFGIEBtvEQ7nG0mjU2sYxEayJcTh5hgabMJHiyi7MBSGABMAGg6WYRJYTnKMMNZ1KvynZ5WfDMGinhANV1ENE3h1Cawbd3OHAZN5BAepWLCA7tURQTgqAgutsnzVno0IwT06tiMm0begAZ2RzCOBHZX0oAEDWByt8ZEaFcCQlgbAYHBC0BQTx8jqVkRLQEoAEHBBk87/+vYK7qoO6VUHPP6OdouMogACI2rj6AmUMAyKKq6fASDGJdexAAtea2AOcEU4N/hS+JTwEpW9PGHMpoQYogS/kSAvBAUtLdIBR1/iYTEQUlPhEfYC/OqEOvKCbTC1TrOPHinhQA8YAEA0EAFiNexJWQgShD0QAOHcAEONCQDxRuCBwigMyNs0G3JYwhAmhCAY4QkARMAXxFmFxIGEFAIH9lfVD4CAVZJ6oa/0YMOd8jDHvrwh0AMohCnYAAV8m+IQ0QgSFZhgjOFZAH+GQBIGNAKBUgKARCQFJD4MyID0I4ECUCAFSPyEQDU8G9eOxP4BnBGIZgRiWIAgAMGIEUSDP8AHiEpAHhewYBfOEBFC6DjAAxAPUGOqAAOeMADEvAb6i0gAAhU3VVycYA6VoV6goMHpQxAgj9OS4Zw5AIAXiVHTfKPBBMQ2kVU9AB4TE9kpiQCSGplAgZ8D4YHo94BWhFLwv3PjqEEwyiHQL1YmqCS8PjlHUVmAuoRQWgdIULB2qgiE8xSCM4cgC5GFEsGHKAknwzmF4YJQxaRgFKqdOUn4RFINVFvikIAXAHaaABAqMQ81hyQK6UIgGHEsiTeDKc4uyBHOjrlkbQYgClIgAB1DmaZIcFmVwCQQxMowJ5rJME8q3nNakpRaC48J5BIIDuSPnSgBD3AE/nQyVOwqJr102olM515BOp5MiKAkGQ+h7BPr8yimCb4hRDA2Q5QotQK5OSpSA9wMBWB75wOlWgSjOnGd1yloxO4ihRNoDVd1OObIClAU4F5VC0k1TyrAyY8BCe0Fs2UmUTIKpEMcIAEuBIZKzFFM8OS1XNKhAF0LFhfyFpWLJxVRZTqZyscUABFfpOlrxTkBCSiUqf88RUgOYVOT2fGWcRiq0I4RR9IAL4DxKIrhjRiYZ9wWIkALRd9saLB+hJVE/TVbxNYqUUZsMQaXi+ewFhAKyZQ0WQuoKLNrEVlQ/K/1Tr3udCNrnSnS93qWve62M2udrfL3e5697tjCAIAOw==" width="184" height="58"><h1>Burp Scanner Report HTML</h1></div>
|
95
|
+
<h1>Summary</h1>
|
96
|
+
<span class="TEXT">The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that was used to identify the issue.</span><br><br><table cellpadding="0" cellspacing="0" class="overview_table">
|
97
|
+
<tr>
|
98
|
+
<td width="70"> </td>
|
99
|
+
<td width="90"> </td>
|
100
|
+
<td colspan="4" height="40" align="center" class="label">Confidence</td>
|
101
|
+
</tr>
|
102
|
+
<tr>
|
103
|
+
<td width="70"> </td>
|
104
|
+
<td width="90"> </td>
|
105
|
+
<td width="82" height="30" class="info">Certain</td>
|
106
|
+
<td width="82" height="30" class="info">Firm</td>
|
107
|
+
<td width="82" height="30" class="info">Tentative</td>
|
108
|
+
<td width="82" height="30" class="info_end">Total</td>
|
109
|
+
</tr>
|
110
|
+
<tr>
|
111
|
+
<td rowspan="4" valign="middle" class="label">Severity</td>
|
112
|
+
<td class="info" height="30">High</td>
|
113
|
+
<td class="colour_holder"><span class="colour_block high_certain">0</span></td>
|
114
|
+
<td class="colour_holder"><span class="colour_block high_firm">0</span></td>
|
115
|
+
<td class="colour_holder"><span class="colour_block high_tentative">0</span></td>
|
116
|
+
<td class="colour_holder_end"><span class="colour_block row_total">0</span></td>
|
117
|
+
</tr>
|
118
|
+
<tr>
|
119
|
+
<td class="info" height="30">Medium</td>
|
120
|
+
<td class="colour_holder"><span class="colour_block medium_certain">0</span></td>
|
121
|
+
<td class="colour_holder"><span class="colour_block medium_firm">0</span></td>
|
122
|
+
<td class="colour_holder"><span class="colour_block medium_tentative">0</span></td>
|
123
|
+
<td class="colour_holder_end"><span class="colour_block row_total">0</span></td>
|
124
|
+
</tr>
|
125
|
+
<tr>
|
126
|
+
<td class="info" height="30">Low</td>
|
127
|
+
<td class="colour_holder"><span class="colour_block low_certain">1</span></td>
|
128
|
+
<td class="colour_holder"><span class="colour_block low_firm">0</span></td>
|
129
|
+
<td class="colour_holder"><span class="colour_block low_tentative">0</span></td>
|
130
|
+
<td class="colour_holder_end"><span class="colour_block row_total">1</span></td>
|
131
|
+
</tr>
|
132
|
+
<tr>
|
133
|
+
<td class="info" height="30">Information</td>
|
134
|
+
<td class="colour_holder"><span class="colour_block info_certain">0</span></td>
|
135
|
+
<td class="colour_holder"><span class="colour_block info_firm">0</span></td>
|
136
|
+
<td class="colour_holder"><span class="colour_block info_tentative">0</span></td>
|
137
|
+
<td class="colour_holder_end"><span class="colour_block row_total">0</span></td>
|
138
|
+
</tr>
|
139
|
+
</table><br>
|
140
|
+
<span class="TEXT">The chart below shows the aggregated numbers of issues identified in each category. Solid colored bars represent issues with a confidence level of Certain, and the bars fade as the confidence level falls.</span><br><br><table cellpadding="0" cellspacing="0" class="overview_table">
|
141
|
+
<tr>
|
142
|
+
<td width="70"> </td>
|
143
|
+
<td width="90"> </td>
|
144
|
+
<td colspan="6" height="40" align="center" class="label">Number of issues</td>
|
145
|
+
</tr>
|
146
|
+
<tr>
|
147
|
+
<td width="70"> </td>
|
148
|
+
<td width="90"> </td>
|
149
|
+
<td width="125"><span class="grad_mark">0</span></td>
|
150
|
+
<td width="125"><span class="grad_mark">1</span></td>
|
151
|
+
<td width="125"><span class="grad_mark">2</span></td>
|
152
|
+
<td width="125"><span class="grad_mark">3</span></td>
|
153
|
+
<td width="125"><span class="grad_mark">4</span></td>
|
154
|
+
</tr>
|
155
|
+
<tr>
|
156
|
+
<td rowspan="3" valign="middle" class="label">Severity</td>
|
157
|
+
<td class="info">High</td>
|
158
|
+
<td colspan="5" height="30">
|
159
|
+
<table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP8AAAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjY0RDFGNDAzODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjY0RDFGNDA0ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6NjREMUY0MDE4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6NjREMUY0MDI4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP9mZgAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjY0RDFGNDA3ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjY0RDFGNDA4ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6NjREMUY0MDU4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6NjREMUY0MDY4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/MzAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjg0Q0E0ODg0ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjg0Q0E0ODg1ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6NjREMUY0MDk4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6NjREMUY0MEE4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td></tr></table>
|
160
|
+
</td>
|
161
|
+
<td> </td>
|
162
|
+
</tr>
|
163
|
+
<tr>
|
164
|
+
<td class="info">Medium</td>
|
165
|
+
<td colspan="5" height="30">
|
166
|
+
<table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP+ZAAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjg0Q0E0ODg4ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjg0Q0E0ODg5ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6ODRDQTQ4ODY4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6ODRDQTQ4ODc4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/CZgAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOjg0Q0E0ODhDODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOjg0Q0E0ODhEODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6ODRDQTQ4OEE4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6ODRDQTQ4OEI4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/rzAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkI1MDMwNTM3ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkI1MDMwNTM4ODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6ODRDQTQ4OEU4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjUwMzA1MzY4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td></tr></table>
|
167
|
+
</td>
|
168
|
+
<td> </td>
|
169
|
+
</tr>
|
170
|
+
<tr>
|
171
|
+
<td class="info">Low</td>
|
172
|
+
<td colspan="5" height="30">
|
173
|
+
<table cellpadding="0" cellspacing="0"><tr><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/uAAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkI1MDMwNTNCODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkI1MDMwNTNDODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjUwMzA1Mzk4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjUwMzA1M0E4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="125" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/1ZgAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkI1MDMwNTNGODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkI1MDMwNTQwODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6QjUwMzA1M0Q4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6QjUwMzA1M0U4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td><td><img class="bar" src="data:image/png;base64,R0lGODlhAQABAIAAAP/8zAAAACH/C1hNUCBEYXRhWE1QPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4gPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iQWRvYmUgWE1QIENvcmUgNS4zLWMwMTEgNjYuMTQ1NjYxLCAyMDEyLzAyLzA2LTE0OjU2OjI3ICAgICAgICAiPiA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPiA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIiB4bWxuczp4bXA9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC8iIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIiB4bWxuczpzdFJlZj0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL3NUeXBlL1Jlc291cmNlUmVmIyIgeG1wOkNyZWF0b3JUb29sPSJBZG9iZSBQaG90b3Nob3AgQ1M2IChNYWNpbnRvc2gpIiB4bXBNTTpJbnN0YW5jZUlEPSJ4bXAuaWlkOkU2OTVBQzRBODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIiB4bXBNTTpEb2N1bWVudElEPSJ4bXAuZGlkOkU2OTVBQzRCODk3QjExRTJCMkY1QUI4QUUwNzNBMzFDIj4gPHhtcE1NOkRlcml2ZWRGcm9tIHN0UmVmOmluc3RhbmNlSUQ9InhtcC5paWQ6RTY5NUFDNDg4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiIHN0UmVmOmRvY3VtZW50SUQ9InhtcC5kaWQ6RTY5NUFDNDk4OTdCMTFFMkIyRjVBQjhBRTA3M0EzMUMiLz4gPC9yZGY6RGVzY3JpcHRpb24+IDwvcmRmOlJERj4gPC94OnhtcG1ldGE+IDw/eHBhY2tldCBlbmQ9InIiPz4B//79/Pv6+fj39vX08/Lx8O/u7ezr6uno5+bl5OPi4eDf3t3c29rZ2NfW1dTT0tHQz87NzMvKycjHxsXEw8LBwL++vby7urm4t7a1tLOysbCvrq2sq6qpqKempaSjoqGgn56dnJuamZiXlpWUk5KRkI+OjYyLiomIh4aFhIOCgYB/fn18e3p5eHd2dXRzcnFwb25tbGtqaWhnZmVkY2JhYF9eXVxbWllYV1ZVVFNSUVBPTk1MS0pJSEdGRURDQkFAPz49PDs6OTg3NjU0MzIxMC8uLSwrKikoJyYlJCMiISAfHh0cGxoZGBcWFRQTEhEQDw4NDAsKCQgHBgUEAwIBAAAh+QQAAAAAACwAAAAAAQABAAACAkQBADs=" width="0" height="16"></td></tr></table>
|
174
|
+
</td>
|
175
|
+
<td> </td>
|
176
|
+
</tr>
|
177
|
+
</table>
|
178
|
+
|
179
|
+
<div class="rule"></div>
|
180
|
+
<h1>Contents</h1>
|
181
|
+
<p class="TOCH0"><a href="#1">1. Strict transport security not enforced</a></p>
|
182
|
+
<br><div class="rule"></div>
|
183
|
+
<span class="BODH0" id="1">1. <a href="https://portswigger.net/knowledgebase/issues/details/01000300_stricttransportsecuritynotenforced">Strict transport security not enforced</a></span>
|
184
|
+
<br>
|
185
|
+
<h2>Summary</h2>
|
186
|
+
<table cellpadding="0" cellspacing="0" class="summary_table">
|
187
|
+
<tr>
|
188
|
+
<td rowspan="4" class="icon" valign="top" align="center"><div class='scan_issue_low_certain_rpt'></div></td>
|
189
|
+
<td>Severity: </td>
|
190
|
+
<td><b>Low</b></td>
|
191
|
+
</tr>
|
192
|
+
<tr>
|
193
|
+
<td>Confidence: </td>
|
194
|
+
<td><b>Certain</b></td>
|
195
|
+
</tr>
|
196
|
+
<tr>
|
197
|
+
<td>Host: </td>
|
198
|
+
<td><b>https://github.com/dradis/dradis-burp</b></td>
|
199
|
+
</tr>
|
200
|
+
<tr>
|
201
|
+
<td>Path: </td>
|
202
|
+
<td><b>/</b></td>
|
203
|
+
</tr>
|
204
|
+
</table>
|
205
|
+
<h2>Issue description</h2>
|
206
|
+
<span class="TEXT"><p> The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a platform for attacks against its users. This attack is performed by rewriting HTTPS links as HTTP, so that if a targeted user follows a link to the site from an HTTP page, their browser never attempts to use an encrypted connection. The sslstrip tool automates this process. </p>
|
207
|
+
<p>
|
208
|
+
To exploit this vulnerability, an attacker must be suitably positioned to intercept and modify the victim's network traffic.This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi, or a corporate or home network that is shared with a compromised computer. Common defenses such as switched networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure could also perform this attack. Note that an advanced adversary could potentially target any connection made over the Internet's core infrastructure. </p></span>
|
209
|
+
<h2>Issue remediation</h2>
|
210
|
+
<span class="TEXT"><p>The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.</p>
|
211
|
+
<p>Note that because HSTS is a "trust on first use" (TOFU) protocol, a user who has never accessed the application will never have seen the HSTS header, and will therefore still be vulnerable to SSL stripping attacks. To mitigate this risk, you can optionally add the 'preload' flag to the HSTS header, and submit the domain for review by browser vendors.</p></span>
|
212
|
+
<h2>References</h2>
|
213
|
+
<span class="TEXT"><ul>
|
214
|
+
<li><a href="https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security">HTTP Strict Transport Security</a></li>
|
215
|
+
<li><a href="http://www.thoughtcrime.org/software/sslstrip/">sslstrip</a></li>
|
216
|
+
<li><a href="https://hstspreload.appspot.com/">HSTS Preload Form</a></li>
|
217
|
+
</ul></span>
|
218
|
+
<h2>Vulnerability classifications</h2><span class="TEXT"><ul>
|
219
|
+
<li><a href="https://cwe.mitre.org/data/definitions/523.html">CWE-523: Unprotected Transport of Credentials</a></li>
|
220
|
+
</ul></span>
|
221
|
+
<h2>Request</h2>
|
222
|
+
<div class="rr_div"><span>GET / HTTP/1.1<br>Host: github.com/dradis/dradis-burp<br>User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:66.0) Gecko/20100101 Firefox/66.0<br>Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en,es-ES;q=0.8,es;q=0.5,en-US;q=0.3<br>Accept-Encoding: gzip, deflate<br>Connection: close<br>Cookie: hpage=1; AMCV_2387401053DB208C0A490D4C%40AdobeOrg=-1891778711%7CMCIDTS%7C17970%7CMCMID%7C21612935572021633722025223033275851039%7CMCAAMLH-1553169173%7C6%7CMCAAMB-1553169173%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1552571573s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C2.4.0; uid=W9g/8Fux09NcLDHUBLt6Ag==#b4a7fa78e6c4983b02b41f0c993c2043; uid_ns=W9g/8Fux09NcLDHUBLt6Ag==; dtm_dds=3/14/2019%7C; s_lv=1538401711844; asaleatorio=v6|NO; _cb_ls=1; _cb=CHsEZNVjLgK9Eh3g; _chartbeat2=.1538380775140.1552564528405.0000000000000001.DULUU_5XcVyr-M7oTDU5YBMxsZ0.2; __gads=ID=06fd97433187c959:T=1538380762:S=ALNI_MZNHKQ5IoHIQX9fc91pDzlf7PDN4g; pbsconsent=BOU8kdHOU8kdHABABAENBq-AAAAht7_______9______9uz_Gv_v_f__33e8__9v_l_7_-___u_-33d4-_1vX99yfm1-7ftr3tp_86ues2_Xur_959_-njE; _v__chartbeat3=ChrB4_B73EobCceMDU; kppid=W9g/8Fux09NcLDHUBLt6Ag==; assegmento=v14|#feminismo; asnumdisplays=v14|1; aslastdisplay=v14|1552564374379; _fbp=fb.1.1552564376436.938848531; hst=1552520446_153124; cto_lwid=a6243aac-07e7-4c94-b258-b67ada2611d6; cto_idcpy=fec01c29-01e9-4fa7-b32d-b9ca0b82f535<br>Upgrade-Insecure-Requests: 1<br><br></span></div>
|
223
|
+
<h2>Response</h2>
|
224
|
+
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Server: nginx/1.3.5 epet/0.8.0.2<br>Content-Type: text/html; charset=UTF-8<br>Cache-Control: max-age=10<br>Content-Length: 361046<br>Vary: Accept-Encoding<br>Date: Thu, 02 May 2019 09:39:41 GMT<br>Connection: close<br>Set-Cookie: eptz=ES; path=/; domain=.github.com/dradis/dradis-burp<br>Set-Cookie: ak_bmsc=B2AE61FE579F4E9ADD81AF3E8BA2B9495C7AF27CEB620000DDBACA5C8327AB7C~plqa0dlFUk69S2EZU8MlTQI/GS+BP8NBdEoTcsdaugLA/WMoI2CFXYV1uhfrS8b/TJW4wY7jK+J88eP76x5h46tZrxSTfqGTFH0kzRnxB8ek5KcCAGpVsC9tqQ78yHBbup5wJzfFSrwvAcEHsnhioKB5D2/2nOLmiyfGPpFemjhnoORzbaV8bWK+4xyD9uo61YxWMEm3cMF06MMDmW/hjj0Sh8qZ28XlWmUtt3G0iMTE4=; expires=Thu, 02 May 2019 11:39:41 GMT; max-age=7200; path=/; domain=.github.com/dradis/dradis-burp; HttpOnly<br><br><!DOCTYPE html><br><html lang="es"><br><head><br><meta charset="utf-8"><br><meta http-equiv="X-UA-Compatible" content="IE=edge"><br><meta name="format-detection" content="address=no,email=no,telephone=no"><br><meta nam<br><b>...[SNIP]...</b><br></span></div>
|
225
|
+
<div class="rule"></div>
|
226
|
+
<span class="TEXT"><br>Report generated by Burp Suite <a href="https://portswigger.net/vulnerability-scanner/">web vulnerability scanner</a> v2.0.20beta, at Thu May 02 10:52:22 WEST 2019.<br><br></span>
|
227
|
+
</div>
|
228
|
+
</body>
|
229
|
+
</html>
|
@@ -0,0 +1,118 @@
|
|
1
|
+
<?xml version="1.0"?>
|
2
|
+
<!DOCTYPE issues [
|
3
|
+
<!ELEMENT issues (issue*)>
|
4
|
+
<!ATTLIST issues burpVersion CDATA "">
|
5
|
+
<!ATTLIST issues exportTime CDATA "">
|
6
|
+
<!ELEMENT issue (serialNumber, type, name, host, path, location, severity, confidence, issueBackground?, remediationBackground?, issueDetail?, remediationDetail?, requestresponse*)>
|
7
|
+
<!ELEMENT serialNumber (#PCDATA)>
|
8
|
+
<!ELEMENT type (#PCDATA)>
|
9
|
+
<!ELEMENT name (#PCDATA)>
|
10
|
+
<!ELEMENT host (#PCDATA)>
|
11
|
+
<!ATTLIST host ip CDATA "">
|
12
|
+
<!ELEMENT path (#PCDATA)>
|
13
|
+
<!ELEMENT location (#PCDATA)>
|
14
|
+
<!ELEMENT severity (#PCDATA)>
|
15
|
+
<!ELEMENT confidence (#PCDATA)>
|
16
|
+
<!ELEMENT issueBackground (#PCDATA)>
|
17
|
+
<!ELEMENT remediationBackground (#PCDATA)>
|
18
|
+
<!ELEMENT issueDetail (#PCDATA)>
|
19
|
+
<!ELEMENT remediationDetail (#PCDATA)>
|
20
|
+
<!ELEMENT requestresponse (request?, response?, responseRedirected?)>
|
21
|
+
<!ELEMENT request (#PCDATA)>
|
22
|
+
<!ATTLIST request base64 (true|false) "false">
|
23
|
+
<!ELEMENT response (#PCDATA)>
|
24
|
+
<!ATTLIST response base64 (true|false) "false">
|
25
|
+
<!ELEMENT responseRedirected (#PCDATA)>
|
26
|
+
]>
|
27
|
+
<issues burpVersion="1.5.14" exportTime="Wed Nov 10 17:26:55 EDT 2014">
|
28
|
+
<issue>
|
29
|
+
<serialNumber>1833460934674078320</serialNumber>
|
30
|
+
<type>8781630</type>
|
31
|
+
<name>Issue 1</name>
|
32
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
33
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
34
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
35
|
+
<severity>Information</severity>
|
36
|
+
<confidence>Firm</confidence>
|
37
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
38
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
39
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
40
|
+
<requestresponse>
|
41
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
42
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
43
|
+
<responseRedirected>false</responseRedirected>
|
44
|
+
</requestresponse>
|
45
|
+
</issue>
|
46
|
+
<issue>
|
47
|
+
<serialNumber>1833460934674078321</serialNumber>
|
48
|
+
<type>8781631</type>
|
49
|
+
<name>Issue 2</name>
|
50
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
51
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
52
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
53
|
+
<severity>High</severity>
|
54
|
+
<confidence>Firm</confidence>
|
55
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
56
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
57
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
58
|
+
<requestresponse>
|
59
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
60
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
61
|
+
<responseRedirected>false</responseRedirected>
|
62
|
+
</requestresponse>
|
63
|
+
</issue>
|
64
|
+
<issue>
|
65
|
+
<serialNumber>1833460934674078322</serialNumber>
|
66
|
+
<type>134217728</type>
|
67
|
+
<name>Issue 3</name>
|
68
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
69
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
70
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
71
|
+
<severity>Medium</severity>
|
72
|
+
<confidence>Firm</confidence>
|
73
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
74
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
75
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
76
|
+
<requestresponse>
|
77
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
78
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
79
|
+
<responseRedirected>false</responseRedirected>
|
80
|
+
</requestresponse>
|
81
|
+
</issue>
|
82
|
+
<issue>
|
83
|
+
<serialNumber>1833460934674078323</serialNumber>
|
84
|
+
<type>8781632</type>
|
85
|
+
<name>Issue 4</name>
|
86
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
87
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
88
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
89
|
+
<severity>High</severity>
|
90
|
+
<confidence>Firm</confidence>
|
91
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
92
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
93
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
94
|
+
<requestresponse>
|
95
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
96
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
97
|
+
<responseRedirected>false</responseRedirected>
|
98
|
+
</requestresponse>
|
99
|
+
</issue>
|
100
|
+
<issue>
|
101
|
+
<serialNumber>1833460934674078323</serialNumber>
|
102
|
+
<type>8781633</type>
|
103
|
+
<name>Issue 5</name>
|
104
|
+
<host ip="10.0.0.1">http://www.test.com</host>
|
105
|
+
<path><![CDATA[/Common/login.aspx]]></path>
|
106
|
+
<location><![CDATA[/Common/login.aspx]]></location>
|
107
|
+
<severity>Low</severity>
|
108
|
+
<confidence>Firm</confidence>
|
109
|
+
<issueBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Veniam fugiat possimus quaerat esse aspernatur cumque, fugit incidunt tempora nam ex atque, magni alias ullam illo voluptate sed consequatur reprehenderit qui.]]></issueBackground>
|
110
|
+
<remediationBackground><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Explicabo itaque unde numquam, nihil eveniet deleniti dignissimos architecto quo neque ea impedit nam autem iusto iste, esse, aut minus animi repellat.]]></remediationBackground>
|
111
|
+
<issueDetail><![CDATA[Lorem ipsum dolor sit amet, consectetur adipisicing elit. Corporis quisquam aut necessitatibus ex possimus suscipit ipsam ipsa repellendus quo nostrum! Dolores quibusdam modi impedit nihil necessitatibus dicta vitae dolorem sit!]]></issueDetail>
|
112
|
+
<requestresponse>
|
113
|
+
<request base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFByb3ZpZGVudCBpcHN1bSBjb25zZWN0ZXR1ciBxdWlkZW0gb2JjYWVjYXRpIG5hdHVzLCByZW0gYXQgcXVhcyBzaW50IHRlbXBvcmUgYXV0ZW0gdm9sdXB0YXRpYnVzLCB2ZW5pYW0gZnVnaWF0IGN1bXF1ZSBsYWJvcmlvc2FtIG5lY2Vzc2l0YXRpYnVzIG9tbmlzIHJlaWNpZW5kaXMgdW5kZSBtYWduYW0u]]></request>
|
114
|
+
<response base64="true"><![CDATA[TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2ljaW5nIGVsaXQuIFNhcGllbnRlIGZ1Z2lhdCBlYXJ1bSwgYW5pbWkgdmVybyBxdWlidXNkYW0gc2VkLCBkb2xvcnVtIGRpc3RpbmN0aW8gYWxpcXVhbSwgcmVpY2llbmRpcyBjb3Jwb3JpcyBuaWhpbCBleGNlcHR1cmkgY29uc2VjdGV0dXIgZGVsZW5pdGkgbW9sZXN0aWFzIGhhcnVtIGxhYm9yaW9zYW0gc3VudCBub3N0cnVtIG9kaW8u]]></response>
|
115
|
+
<responseRedirected>false</responseRedirected>
|
116
|
+
</requestresponse>
|
117
|
+
</issue>
|
118
|
+
</issues>
|
data/templates/evidence.fields
CHANGED
@@ -0,0 +1,36 @@
|
|
1
|
+
<span class="BODH1" id="2.1">2.1. http://mdsec.net/addressbook/32/Default.aspx [Address parameter]</span>
|
2
|
+
<br><a class="PREVNEXT" href="#2.2">Next</a>
|
3
|
+
<br>
|
4
|
+
<h2>Summary</h2>
|
5
|
+
<table cellpadding="0" cellspacing="0" class="summary_table">
|
6
|
+
<tr>
|
7
|
+
<td rowspan="4" class="icon" valign="top" align="center"><img width="32" height="32" src="images/scan_issue_high_certain_rpt.png"></td>
|
8
|
+
<td>Severity: </td>
|
9
|
+
<td><b>High</b></td>
|
10
|
+
</tr>
|
11
|
+
<tr>
|
12
|
+
<td>Confidence: </td>
|
13
|
+
<td><b>Certain</b></td>
|
14
|
+
</tr>
|
15
|
+
<tr>
|
16
|
+
<td>Host: </td>
|
17
|
+
<td><b>http://mdsec.net</b></td>
|
18
|
+
</tr>
|
19
|
+
<tr>
|
20
|
+
<td>Path: </td>
|
21
|
+
<td><b>/addressbook/32/Default<wbr>.aspx</b></td>
|
22
|
+
</tr>
|
23
|
+
</table>
|
24
|
+
<h2>Issue detail</h2>
|
25
|
+
<span class="TEXT">The <b>Address</b> parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Address parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.<br><br>The database appears to be Microsoft SQL Server.</span>
|
26
|
+
<h2>Remediation detail</h2>
|
27
|
+
<span class="TEXT">The application should handle errors gracefully and prevent SQL error messages from being returned in responses. </span>
|
28
|
+
<h2>Request 1</h2>
|
29
|
+
<div class="rr_div"><span>POST /addressbook/32/Default<wbr>.aspx HTTP/1.1<br>Host: mdsec.net<br>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0<br>Accept: text/html,application<wbr>/xhtml+xml,application<wbr>/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en-US,en;q=0.5<br>Accept-Encoding: gzip, deflate<br>Referer: http://mdsec.net<wbr>/addressbook/32/<br>Connection: keep-alive<br>Content-Type: application/x-www-form<wbr>-urlencoded<br>Content-Length: 116<br><br>__VIEWSTATE=%2FwEPDw<wbr>UKMTI0NzE5MjI0MGRkoX<wbr>v4BXfugQRsGddxJO96PBvk5rI<wbr>%3D&Name=&Email=&Phone=<wbr>&Search=Search&Address=<span class="HIGHLIGHT">'</span>&Age=</span></div>
|
30
|
+
<h2>Response 1</h2>
|
31
|
+
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Wed, 10 Apr 2013 12:40:58 GMT<br>Server: Microsoft-IIS/6.0<br>MicrosoftOfficeWebServer: 5.0_Pub<br>X-Powered-By: ASP.NET<br>X-AspNet-Version: 2.0.50727<br>Cache-Control: private<br>Content-Type: text/html; charset=utf-8<br>Content-Length: 2642<br><br><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR<wbr>/xhtml1/DTD/xhtml1<wbr>-transitional.dtd"><br><html xmlns="http://www.w3.org<wbr>/1999/xhtml" ><br><head><br><title>Contacts</title><br><b>...[SNIP]...</b><br><b>Error: <span class="HIGHLIGHT">Unclosed quotation mark</span> after the character string ''.<br><span class="HIGHLIGHT">Incorrect syntax near</span> ''.</b><br><b>...[SNIP]...</b><br></span></div>
|
32
|
+
<h2>Request 2</h2>
|
33
|
+
<div class="rr_div"><span>POST /addressbook/32/Default<wbr>.aspx HTTP/1.1<br>Host: mdsec.net<br>User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0<br>Accept: text/html,application<wbr>/xhtml+xml,application<wbr>/xml;q=0.9,*/*;q=0.8<br>Accept-Language: en-US,en;q=0.5<br>Accept-Encoding: gzip, deflate<br>Referer: http://mdsec.net<wbr>/addressbook/32/<br>Connection: keep-alive<br>Content-Type: application/x-www-form<wbr>-urlencoded<br>Content-Length: 116<br><br>__VIEWSTATE=%2FwEPDw<wbr>UKMTI0NzE5MjI0MGRkoX<wbr>v4BXfugQRsGddxJO96PBvk5rI<wbr>%3D&Name=&Email=&Phone=<wbr>&Search=Search&Address=<span class="HIGHLIGHT">''</span>&Age=</span></div>
|
34
|
+
<h2>Response 2</h2>
|
35
|
+
<div class="rr_div"><span>HTTP/1.1 200 OK<br>Date: Wed, 10 Apr 2013 12:40:58 GMT<br>Server: Microsoft-IIS/6.0<br>MicrosoftOfficeWebServer: 5.0_Pub<br>X-Powered-By: ASP.NET<br>X-AspNet-Version: 2.0.50727<br>Cache-Control: private<br>Content-Type: text/html; charset=utf-8<br>Content-Length: 2721<br><br><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR<wbr>/xhtml1/DTD/xhtml1<wbr>-transitional.dtd"><br><html xmlns="http://www.w3.org<wbr>/1999/xhtml" ><br><head><br><title>Contacts</title><br><b>...[SNIP]...</b><br></span></div>
|
36
|
+
<div class="rule"></div>
|
@@ -0,0 +1,50 @@
|
|
1
|
+
#[Host]#
|
2
|
+
%issue.host%
|
3
|
+
|
4
|
+
|
5
|
+
#[Path]#
|
6
|
+
%issue.path%
|
7
|
+
|
8
|
+
|
9
|
+
#[Location]#
|
10
|
+
%issue.location%
|
11
|
+
|
12
|
+
|
13
|
+
#[Severity]#
|
14
|
+
%issue.severity%
|
15
|
+
|
16
|
+
|
17
|
+
#[Confidence]#
|
18
|
+
%issue.confidence%
|
19
|
+
|
20
|
+
|
21
|
+
#[Request]#
|
22
|
+
bc.. %issue.request%
|
23
|
+
|
24
|
+
|
25
|
+
#[Response]#
|
26
|
+
bc.. %issue.response%
|
27
|
+
|
28
|
+
|
29
|
+
#[Request 1]#
|
30
|
+
bc.. %issue.request_1%
|
31
|
+
|
32
|
+
|
33
|
+
#[Response 1]#
|
34
|
+
bc.. %issue.response_1%
|
35
|
+
|
36
|
+
|
37
|
+
#[Request 2]#
|
38
|
+
bc.. %issue.request_2%
|
39
|
+
|
40
|
+
|
41
|
+
#[Response 2]#
|
42
|
+
bc.. %issue.response_2%
|
43
|
+
|
44
|
+
|
45
|
+
#[Request 3]#
|
46
|
+
bc.. %issue.request_3%
|
47
|
+
|
48
|
+
|
49
|
+
#[Response 3]#
|
50
|
+
bc.. %issue.response_3%
|