- Unrestricted File Upload(s) leading to code execution
- Broken Authentication & Session Management
- SQL Injection
- Cross site scripting
- Unencrypted Login request
- Insecure Direct object reference
- Cross Site Request Forgery
- Cookie Replay Attack
- MySQL `root` credentials in DB error
- Reversible & plain-text credential persistence
- Authentication Bypass Using SQL Injection - Microsoft Windows MHTML Cross-Site Scripting - DOM Based Cross-Site Scripting - Link Injection - Phishing through frames - Broken Access Control - Weak Authentication Token - Session Identifier Not Updated - Missing Page-Level Access Control - Missing Cross Frame Scripting - Software Version Information Disclosure - Database error pattern found - Cookie without HttpOnly flag - HTML5 cross origin resource - Autocomplete HTML Attribute Not Disabled for Password Field - Flash parameter AllowScriptAccess was set to always - Application Test Script Detected - Email Address in Hidden Parameter - Potential File Upload - Application Error - Client-Side (JavaScript) Cookie References - HTML Comments Sensitive Information Disclosure
- Broken Authentication & Session Management
- SQL Injection
- Cross site scripting
- Unencrypted Login request
- Insecure Direct object reference
- Cross Site Request Forgery
- Cookie Replay Attack
- MySQL `root` credentials in DB error
- Reversible & plain-text credential persistence
- Authentication Bypass Using SQL Injection - Microsoft Windows MHTML Cross-Site Scripting - DOM Based Cross-Site Scripting - Link Injection - Phishing through frames - Broken Access Control - Weak Authentication Token - Session Identifier Not Updated - Missing Page-Level Access Control - Missing Cross Frame Scripting - Software Version Information Disclosure - Database error pattern found - Cookie without HttpOnly flag - HTML5 cross origin resource - Autocomplete HTML Attribute Not Disabled for Password Field - Flash parameter AllowScriptAccess was set to always - Application Test Script Detected - Email Address in Hidden Parameter - Potential File Upload - Application Error - Client-Side (JavaScript) Cookie References - HTML Comments Sensitive Information Disclosure
