Report for http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd (Generated on 2013-07-12 11:18:37 -0400)

Found a false positive? Report it here.

Summary

Graphs
Issues [18]

[1] Operating system command injection (Untrusted — Severity: High)

The web application allows an attacker to execute arbitrary OS commands.

In cookie input PHPSESSID using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[2] Operating system command injection (Untrusted — Severity: High)

The web application allows an attacker to execute arbitrary OS commands.

In header input Accept using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[3] Operating system command injection (Untrusted — Severity: High)

The web application allows an attacker to execute arbitrary OS commands.

In header input Accept-Charset using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[4] Operating system command injection (Untrusted — Severity: High)

The web application allows an attacker to execute arbitrary OS commands.

In header input Accept-Encoding using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[5] Operating system command injection (Untrusted — Severity: High)

The web application allows an attacker to execute arbitrary OS commands.

In header input From using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[6] Operating system command injection (Untrusted — Severity: High)

The web application allows an attacker to execute arbitrary OS commands.

In header input User-Agent using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[7] Operating system command injection (Untrusted — Severity: High)

The web application allows an attacker to execute arbitrary OS commands.

In header input Referer using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[8] Operating system command injection (Untrusted — Severity: High)

The web application allows an attacker to execute arbitrary OS commands.

In header input Pragma using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[9] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In link input Page using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[10] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In form input Page using GET at http://www.moto-plus.net/index.php.

[11] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In cookie input PHPSESSID using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[12] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In header input Accept using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[13] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In header input Accept-Charset using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[14] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In header input Accept-Encoding using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[15] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In header input From using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[16] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In header input User-Agent using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[17] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In header input Referer using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

[18] Path Traversal (Untrusted — Severity: Medium)

The web application enforces improper limitation of a pathname to a restricted directory.

In header input Pragma using GET at http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd.

Configuration

Settings

Version: 1.0dev
Revision: 0.2.8
Audit started on: Fri Jul 12 10:53:02 2013
Audit finished on: Fri Jul 12 11:16:24 2013
Runtime: 00:23:22

Runtime options

URL: http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd
User agent: Arachni/v1.0dev

Audited elements	Modules	Filters	Cookies
Links Forms Cookies Headers	rfi htaccess_limit code_injection os_cmd_injection path_traversal sqli	Exclude: N/A Include: N/A Redundant: N/A	PHPSESSID = b7aebf7d8c830f3cf57a168e44afd031

Issues

Trusted
Untrusted

Trusted issues

At the time these issues were logged there were no abnormal interferences or anomalous server behavior.
These issues are considered trusted and fairly accurate.

No trusted issues have been logged.

Untrusted

These issues are considered untrusted (and may in fact be false positives) because at the time they were identified the server was exhibiting some kind of anomalous behavior or there was third part interference (like network latency for example).
The listed issues need verification by a human.

Plugin results

Resolver
Health map

                            Resolves vulnerable hostnames to IP addresses.

Results

Hostname	IP Address
www.moto-plus.net	213.133.104.77

                            Generates a simple list of safe/unsafe URLs.

http://www.moto-plus.net/index.php
http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd

Stats

Total: 2
Safe: 0
Unsafe: 2
Issue percentage: 100%

Sitemap

URL List

1 pages

http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd