Generated on Fri, 3 May 2024 16:52:11

ZAP Version: 2.14.0

ZAP is supported by the Crash Override Open Source Fellowship

Summary of Alerts

Risk Level Number of Alerts
High
2
Medium
7
Low
6
Informational
7

Passing Rules

Name Rule Type Threshold Strength
Directory Browsing Active MEDIUM MEDIUM
CRLF Injection Active MEDIUM MEDIUM
Path Traversal Active MEDIUM MEDIUM
Remote File Inclusion Active MEDIUM MEDIUM
Parameter Tampering Active MEDIUM MEDIUM
Server Side Include Active MEDIUM MEDIUM
GET for POST Active MEDIUM MEDIUM
Cross Site Scripting (Reflected) Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) Active MEDIUM MEDIUM
Script Active Scan Rules Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) - Prime Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) - Spider Active MEDIUM MEDIUM
SQL Injection - MySQL Active MEDIUM MEDIUM
SQL Injection - Hypersonic SQL Active MEDIUM MEDIUM
SQL Injection - Oracle Active MEDIUM MEDIUM
SQL Injection - PostgreSQL Active MEDIUM MEDIUM
SQL Injection - SQLite Active MEDIUM MEDIUM
Cross Site Scripting (DOM Based) Active MEDIUM MEDIUM
SQL Injection - MsSQL Active MEDIUM MEDIUM
ELMAH Information Leak Active MEDIUM MEDIUM
Trace.axd Information Leak Active MEDIUM MEDIUM
XSLT Injection Active MEDIUM MEDIUM
.htaccess Information Leak Active MEDIUM MEDIUM
.env Information Leak Active MEDIUM MEDIUM
Server Side Code Injection Active MEDIUM MEDIUM
XPath Injection Active MEDIUM MEDIUM
Remote OS Command Injection Active MEDIUM MEDIUM
XML External Entity Attack Active MEDIUM MEDIUM
Generic Padding Oracle Active MEDIUM MEDIUM
Spring Actuator Information Leak Active MEDIUM MEDIUM
SOAP Action Spoofing Active MEDIUM MEDIUM
Log4Shell Active MEDIUM MEDIUM
SOAP XML Injection Active MEDIUM MEDIUM
Spring4Shell Active MEDIUM MEDIUM
Heartbleed OpenSSL Vulnerability Active MEDIUM MEDIUM
Buffer Overflow Active MEDIUM MEDIUM
Source Code Disclosure - CVE-2012-1823 Active MEDIUM MEDIUM
Format String Error Active MEDIUM MEDIUM
Server Side Template Injection Active MEDIUM MEDIUM
Remote Code Execution - CVE-2012-1823 Active MEDIUM MEDIUM
External Redirect Active MEDIUM MEDIUM
Server Side Template Injection (Blind) Active MEDIUM MEDIUM
Source Code Disclosure - /WEB-INF Folder Active MEDIUM MEDIUM
Verification Request Identified Passive MEDIUM -
Insecure JSF ViewState Passive MEDIUM -
Charset Mismatch Passive MEDIUM -
Cookie No HttpOnly Flag Passive MEDIUM -
Cookie Without Secure Flag Passive MEDIUM -
Content-Type Header Missing Passive MEDIUM -
Information Disclosure - Debug Error Messages Passive MEDIUM -
Information Disclosure - Sensitive Information in URL Passive MEDIUM -
Information Disclosure - Sensitive Information in HTTP Referrer Header Passive MEDIUM -
Open Redirect Passive MEDIUM -
Cookie Poisoning Passive MEDIUM -
User Controllable Charset Passive MEDIUM -
WSDL File Detection Passive MEDIUM -
User Controllable HTML Element Attribute (Potential XSS) Passive MEDIUM -
Loosely Scoped Cookie Passive MEDIUM -
Viewstate Passive MEDIUM -
Directory Browsing Passive MEDIUM -
Heartbleed OpenSSL Vulnerability (Indicative) Passive MEDIUM -
HTTP Server Response Header Passive MEDIUM -
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Passive MEDIUM -
X-Backend-Server Header Information Leak Passive MEDIUM -
Secure Pages Include Mixed Content Passive MEDIUM -
HTTP to HTTPS Insecure Transition in Form Post Passive MEDIUM -
HTTPS to HTTP Insecure Transition in Form Post Passive MEDIUM -
User Controllable JavaScript Event (XSS) Passive MEDIUM -
Big Redirect Detected (Potential Sensitive Information Leak) Passive MEDIUM -
X-ChromeLogger-Data (XCOLD) Header Information Leak Passive MEDIUM -
Cookie without SameSite Attribute Passive MEDIUM -
X-Debug-Token Information Leak Passive MEDIUM -
Username Hash Found Passive MEDIUM -
X-AspNet-Version Response Header Passive MEDIUM -
PII Disclosure Passive MEDIUM -
Script Passive Scan Rules Passive MEDIUM -
Stats Passive Scan Rule Passive MEDIUM -
Absence of Anti-CSRF Tokens Passive MEDIUM -
Hash Disclosure Passive MEDIUM -
Weak Authentication Method Passive MEDIUM -
Reverse Tabnabbing Passive MEDIUM -

Sites

https://clients1.google.com

HTTP Response Code Number of Responses
200 OK
1

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

https://update.googleapis.com

HTTP Response Code Number of Responses
200 OK
2

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

https://optimizationguide-pa.googleapis.com

HTTP Response Code Number of Responses
200 OK
10

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

https://content-autofill.googleapis.com

HTTP Response Code Number of Responses
200 OK
12

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

https://accounts.google.com

HTTP Response Code Number of Responses
200 OK
1

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

https://cdnjs.cloudflare.com

HTTP Response Code Number of Responses
200 OK
205

No Authentication Statistics Found

Parameter Name Type Flags Times Used # Values

http://localhost:3000

Authentication Statistics Number of Responses
!reports.report.stats.auth.sessiontoken.authentication.token!
1
!reports.report.stats.auth.sessiontoken.token!
15
Parameter Name Type Flags Times Used # Values
cookieconsent_status
Cookie
689
1
language
Cookie
1443
1
token
Cookie
30
1
welcomebanner_status
Cookie
341
1
EIO
URL
374
1
name
URL
87
1
q
URL
68
1
sid
URL
285
70
t
URL
304
300
transport
URL
374
2
Accept-Ranges
Header
854
1
Access-Control-Allow-Origin
Header
1946
2
Cache-Control
Header
854
1
Connection
Header
2016
2
Content-Length
Header
952
51
Content-Security-Policy
Header
2
1
Content-Type
Header
985
15
Date
Header
1946
77
ETag
Header
1639
43
Feature-Policy
Header
1661
1
Keep-Alive
Header
1946
1
Last-Modified
Header
854
3
Location
Header
2
2
Sec-WebSocket-Accept
Header
70
70
Upgrade
Header
70
1
Vary
Header
816
2
X-Content-Type-Options
Header
1661
1
X-Frame-Options
Header
1661
1
X-Recruiting
Header
1661
1
content-length
Header
33
4

Alert Detail

High
Cloud Metadata Potentially Exposed
Description
The Cloud Metadata Attack attempts to abuse a misconfigured NGINX server in order to access the instance metadata maintained by cloud service providers such as AWS, GCP and Azure.

All of these providers provide metadata via an internal unroutable IP address '169.254.169.254' - this can be exposed by incorrectly configured NGINX servers and accessed by using this IP address in the Host header field.
URL http://localhost:3000/latest/meta-data/
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 556 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?EIO=4&transport=polling&t=Oy-qIrV
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 568 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?EIO=4&transport=polling&t=Oy-qIsi&sid=5cC22cXjPnGwQSu3AAKZ
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 593 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?EIO=4&transport=polling&t=Oy-ukjC
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 1,354 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?EIO=4&transport=polling&t=Oy-ukmB&sid=GOS7U2yR94gA7yNmAAAC
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 1,379 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?name=Score%20Board
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 562 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?q=
Method GET
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 2,125 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/
Method POST
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 679 bytes.
Request Body - size: 51 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?EIO=4&transport=polling&t=Oy-n2dt&sid=yn9UCvlQawB5ReBLAAB-
Method POST
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 727 bytes.
Request Body - size: 1 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?EIO=4&transport=polling&t=Oy-qIsh&sid=5cC22cXjPnGwQSu3AAKZ
Method POST
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 685 bytes.
Request Body - size: 2 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/latest/meta-data/?EIO=4&transport=polling&t=Oy-ukkd&sid=GOS7U2yR94gA7yNmAAAC
Method POST
Parameter
Attack 169.254.169.254
Evidence
Request Header - size: 1,471 bytes.
Request Body - size: 2 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
Instances 11
Solution
Do not trust any user data in NGINX configs. In this case it is probably the use of the $host variable which is set from the 'Host' header and can be controlled by an attacker.
Reference https://www.nginx.com/blog/trust-no-one-perils-of-trusting-user-input/
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id
WASC Id
Plugin Id 90034
High
SQL Injection - SQLite
Description
SQL injection may be possible.
URL http://localhost:3000/rest/products/search?q=%27%28
Method GET
Parameter q
Attack '(
Evidence SQLITE_ERROR
Request Header - size: 567 bytes.
Request Body - size: 0 bytes.
Response Header - size: 362 bytes.
Response Body - size: 309 bytes.
URL http://localhost:3000/rest/user/login
Method POST
Parameter email
Attack '
Evidence SQLITE_ERROR
Request Header - size: 676 bytes.
Request Body - size: 35 bytes.
Response Header - size: 363 bytes.
Response Body - size: 1,250 bytes.
URL http://localhost:3000/api/Challenges/?name=Score%20Board
Method GET
Parameter name
Attack case randomblob(1000000) when not null then 1 else 1 end
Evidence The query time is controllable using parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [265] milliseconds, parameter value [case randomblob(10000000) when not null then 1 else 1 end ], which caused the request to take [696] milliseconds, when the original unmodified query with value [Score Board] took [91] milliseconds.
Request Header - size: 607 bytes.
Request Body - size: 0 bytes.
Response Header - size: 384 bytes.
Response Body - size: 30 bytes.
URL http://localhost:3000/rest/user/login
Method POST
Parameter email
Attack case randomblob(100000000) when not null then 1 else 1 end
Evidence The query time is controllable using parameter value [case randomblob(100000000) when not null then 1 else 1 end ], which caused the request to take [122] milliseconds, parameter value [case randomblob(1000000000) when not null then 1 else 1 end ], which caused the request to take [1,534] milliseconds, when the original unmodified query with value [admin@juice-sh.op] took [99] milliseconds.
Request Header - size: 676 bytes.
Request Body - size: 93 bytes.
Response Header - size: 387 bytes.
Response Body - size: 26 bytes.
Instances 4
Solution
Do not trust client side input, even if there is client side validation in place.

In general, type check all data on the server side.

If the application uses JDBC, use PreparedStatement or CallableStatement, with parameters passed by '?'

If the application uses ASP, use ADO Command Objects with strong type checking and parameterized queries.

If database Stored Procedures can be used, use them.

Do *not* concatenate strings into queries in the stored procedure, or use 'exec', 'exec immediate', or equivalent functionality!

Do not create dynamic SQL queries using simple string concatenation.

Escape all data received from the client.

Apply an 'allow list' of allowed characters, or a 'deny list' of disallowed characters in user input.

Apply the principle of least privilege by using the least privileged database user possible.

In particular, avoid using the 'sa' or 'db-owner' database users. This does not eliminate SQL injection, but minimizes its impact.

Grant the minimum database access that is necessary for the application.
Reference https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html
Tags OWASP_2021_A03
WSTG-v42-INPV-05
OWASP_2017_A01
CWE Id 89
WASC Id 19
Plugin Id 40018
Medium
CSP: Wildcard Directive
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://localhost:3000/assets
Method GET
Parameter Content-Security-Policy
Attack
Evidence default-src 'none'
Request Header - size: 235 bytes.
Request Body - size: 0 bytes.
Response Header - size: 416 bytes.
Response Body - size: 179 bytes.
URL http://localhost:3000/assets/public
Method GET
Parameter Content-Security-Policy
Attack
Evidence default-src 'none'
Request Header - size: 242 bytes.
Request Body - size: 0 bytes.
Response Header - size: 423 bytes.
Response Body - size: 193 bytes.
Instances 2
Solution
Ensure that your web server, application server, load balancer, etc. is properly configured to set the Content-Security-Policy header.
Reference https://www.w3.org/TR/CSP/
https://caniuse.com/#search=content+security+policy
https://content-security-policy.com/
https://github.com/HtmlUnit/htmlunit-csp
https://developers.google.com/web/fundamentals/security/csp#policy_applies_to_a_wide_variety_of_resources
Tags OWASP_2021_A05
OWASP_2017_A06
CWE Id 693
WASC Id 15
Plugin Id 10055
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL http://localhost:3000
Method GET
Parameter
Attack
Evidence
Request Header - size: 228 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/
Method GET
Parameter
Attack
Evidence
Request Header - size: 229 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/
Method GET
Parameter
Attack
Evidence
Request Header - size: 275 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 402 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 374 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 381 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 386 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 384 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 383 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 346 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 353 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 358 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 356 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 355 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 304 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 325 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 330 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 328 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 328 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 327 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 283 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 288 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/
Method GET
Parameter
Attack
Evidence
Request Header - size: 289 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 416 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 388 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 395 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 400 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 398 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 397 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 360 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 367 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 372 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 370 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 370 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 369 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/favicon_js.ico
Method GET
Parameter
Attack
Evidence
Request Header - size: 318 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 339 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 344 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 342 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 342 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 341 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/main.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 297 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/polyfills.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 302 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 300 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 300 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/public/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 299 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/runtime.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 286 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/styles.css
Method GET
Parameter
Attack
Evidence
Request Header - size: 286 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/assets/vendor.js
Method GET
Parameter
Attack
Evidence
Request Header - size: 285 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL http://localhost:3000/ftp
Method GET
Parameter
Attack
Evidence
Request Header - size: 275 bytes.
Request Body - size: 0 bytes.
Response Header - size: 338 bytes.
Response Body - size: 11,052 bytes.
URL http://localhost:3000/ftp/
Method GET
Parameter
Attack
Evidence
Request Header - size: 280 bytes.
Request Body - size: 0 bytes.
Response Header - size: 338 bytes.
Response Body - size: 11,013 bytes.
URL http://localhost:3000/ftp/.%5C..
Method GET
Parameter
Attack
Evidence
Request Header - size: 286 bytes.
Request Body - size: 0 bytes.
Response Header - size: 344 bytes.
Response Body - size: 3,335 bytes.
URL http://localhost:3000/ftp/coupons_2013.md.bak
Method GET
Parameter
Attack
Evidence
Request Header - size: 288 bytes.
Request Body - size: 0 bytes.
Response Header - size: 344 bytes.
Response Body - size: 2,076 bytes.
URL http://localhost:3000/ftp/eastere.gg
Method GET
Parameter
Attack
Evidence
Request Header - size: 279 bytes.
Request Body - size: 0 bytes.
Response Header - size: 344 bytes.
Response Body - size: 2,076 bytes.
URL http://localhost:3000/ftp/encrypt.pyc
Method GET
Parameter
Attack
Evidence
Request Header - size: 280 bytes.
Request Body - size: 0 bytes.
Response Header - size: 344 bytes.
Response Body - size: 2,076 bytes.
URL http://localhost:3000/ftp/package.json.bak
Method GET
Parameter
Attack
Evidence
Request Header - size: 285 bytes.
Request Body - size: 0 bytes.
Response Header - size: 344 bytes.
Response Body - size: 2,076 bytes.
URL http://localhost:3000/ftp/quarantine
Method GET
Parameter
Attack
Evidence
Request Header - size: 279 bytes.
Request Body - size: 0 bytes.
Response Header - size: 337 bytes.
Response Body - size: 9,584 bytes.
URL http://localhost:3000/ftp/suspicious_errors.yml
Method GET
Parameter
Attack
Evidence
Request Header - size: 290 bytes.
Request Body - size: 0 bytes.
Response Header - size: 344 bytes.
Response Body - size: 2,076 bytes.
URL http://localhost:3000/sitemap.xml
Method GET
Parameter
Attack
Evidence
Request Header - size: 240 bytes.
Request Body - size: 0 bytes.
Response Header - size: 466 bytes.
Response Body - size: 3,748 bytes.
URL https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAGE_VISIBILITY
Method GET
Parameter
Attack
Evidence
Request Header - size: 482 bytes.
Request Body - size: 0 bytes.
Response Header - size: 457 bytes.
Response Body - size: 883,094 bytes.