Scribd
Upload
129 views8 pages

Website Scanner-Https WWW - Demoblaze.com-20250506-2145

The website vulnerability scanner report for demoblaze.com indicates a medium overall risk level with several vulnerabilities identified, including missing security headers and outdated software components. Key findings include the absence of security headers like Referrer-Policy, Strict-Transport-Security, and Content-Security-Policy, which could lead to information leakage and XSS attacks. Recommendations include upgrading software versions and implementing necessary security headers to mitigate risks.

Uploaded by

rajat sabat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
129 views8 pages

Website Scanner-Https WWW - Demoblaze.com-20250506-2145

The website vulnerability scanner report for demoblaze.com indicates a medium overall risk level with several vulnerabilities identified, including missing security headers and outdated software components. Key findings include the absence of security headers like Referrer-Policy, Strict-Transport-Security, and Content-Security-Policy, which could lead to information leakage and XSS attacks. Recommendations include upgrading software versions and implementing necessary security headers to mitigate risks.

Uploaded by

rajat sabat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Website Vulnerability Scanner Report

 https://www.demoblaze.com/

The Light Website Scanner didn't check for critical issues like SQLi, XSS, Command Injection, XXE, etc. Upgrade to run Deep scans with 40+ tests and detect more
vulnerabilities.

Summary

Overall risk level: Risk ratings: Scan information:


Medium Critical: 0 Start time: May 06, 2025 / 23:56:09 UTC+0530
High: 0 Finish time: May 07, 2025 / 00:06:51 UTC+0530
Medium: 1 Scan duration: 10 min, 42 sec

Low: 6 Tests performed: 50/50

Info: 43 Scan status: Finished

Findings

 Vulnerabilities found for server-side software UNCONFIRMED 


port 443/tcp

Risk
CVSS CVE Summary Affected software
Level

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. More details at:
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
 4.3 CVE-2019-11358 Jquery 3.2.1
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://nvd.nist.gov/vuln/detail/CVE-2019-11358

passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(),
 4.3 CVE-2020-11023 and others) may execute untrusted code. More details at: Jquery 3.2.1
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

Regex in its jQuery.htmlPrefilter sometimes may introduce XSS. More details at:
 4.3 CVE-2020-11022 Jquery 3.2.1
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

 Details

Risk description:
The risk is that an attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to attack the system.

Recommendation:
In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.

Classification:
CWE : CWE-1026
OWASP Top 10 - 2017 : A9 - Using Components with Known Vulnerabilities
OWASP Top 10 - 2021 : A6 - Vulnerable and Outdated Components

 Missing security header: Referrer-Policy CONFIRMED


port 443/tcp

URL Evidence

Response headers do not include the Referrer-Policy HTTP security header as well as the <meta> tag with name 'referrer' is not present in the response.
https://www.demoblaze.com/
Request / Response

 Details

Risk description:
The risk is that if a user visits a web page (e.g. "http://example.com/pricing/") and clicks on a link from that page going to e.g. "https://www.google.com", the browser will send to Google the full originating URL in the
Referer header, assuming the Referrer-Policy header is not set. The originating URL could be considered sensitive information and it could be used for user tracking.

Recommendation:
The Referrer-Policy header should be configured on the server side to avoid user tracking and inadvertent information leakage. The value no-referrer of this header instructs the browser to omit the Referer header
entirely.

References:
https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Missing security header: Strict-Transport-Security CONFIRMED


port 443/tcp

URL Evidence

Response headers do not include the HTTP Strict-Transport-Security header


https://www.demoblaze.com/
Request / Response

 Details

Risk description:
The risk is that lack of this header permits an attacker to force a victim user to initiate a clear-text HTTP connection to the server, thus opening the possibility to eavesdrop on the network traffic and extract sensitive
information (e.g. session cookies).

Recommendation:
The Strict-Transport-Security HTTP header should be sent with each HTTPS response. The syntax is as follows:

Strict-Transport-Security: max-age=<seconds>[; includeSubDomains]

The parameter max-age gives the time frame for requirement of HTTPS in seconds and should be chosen quite high, e.g. several months. A value below 7776000 is considered as too low by this scanner check.

1/8
The flag includeSubDomains defines that the policy applies also for sub domains of the sender of the response.

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Missing security header: Content-Security-Policy CONFIRMED


port 443/tcp

URL Evidence

Response does not include the HTTP Content-Security-Policy security header or meta tag
https://www.demoblaze.com/
Request / Response

 Details

Risk description:
The risk is that if the target application is vulnerable to XSS, lack of this header makes it easily exploitable by attackers.

Recommendation:
Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the application.

References:
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Missing security header: X-Content-Type-Options CONFIRMED


port 443/tcp

URL Evidence

Response headers do not include the X-Content-Type-Options HTTP security header


https://www.demoblaze.com/
Request / Response

 Details

Risk description:
The risk is that lack of this header could make possible attacks such as Cross-Site Scripting or phishing in Internet Explorer browsers.

Recommendation:
We recommend setting the X-Content-Type-Options header such as X-Content-Type-Options: nosniff .

References:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

Classification:
CWE : CWE-693
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Password Submitted in URL UNCONFIRMED 


port 443/tcp

URL Method Parameters Evidence

The following form sends inputs of type password plainly in


the URL:
<form>
<div class="form-group">
<label class="form-control-label" for="sign-username"
>
Username:
</label>
<input class="form-control" id="sign-username" type="
text"/>
</div>
<div class="form-group">
<label class="form-control-label" for="sign-password"
Headers: >
https://www.demoblaze.com/ GET User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Password:
Chrome/108.0.0.0 Safari/537.36 </label>
<input class="form-control" id="sign-password" type="
password"/>
</div>
<div class="form-group">
<label class="form-control-label" id="errors" style="
color:red">
</label>
</div>
</form>

Request / Response

2/8
The following form sends inputs of type password plainly in
the URL:
<form>
<div class="form-group">
<label class="form-control-label" for="sign-username"
>
Username:
</label>
<input class="form-control" id="sign-username" type="
text"/>
</div>
<div class="form-group">
<label class="form-control-label" for="sign-password"
>
Password:
</label>
<input class="form-control" id="sign-password" type="
password"/>
</div>
<div class="form-group">
<label class="form-control-label" id="errors" style="
Headers: color:red">
https://www.demoblaze.com/cart.html GET User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) </label>
Chrome/108.0.0.0 Safari/537.36 </div>
</form>

Request / Response

The following form sends inputs of type password plainly in


the URL:
<form>
<div class="form-group">
<label class="form-control-label" for="log-name">
Username:
</label>
<input class="form-control" id="loginusername" type="
text"/>
</div>
<div class="form-group">
<label class="form-control-label" for="log-pass">
Headers: Password:
https://www.demoblaze.com/index.html GET User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) </label>
Chrome/108.0.0.0 Safari/537.36 <input class="form-control" id="loginpassword" type="
password"/>
</div>
<div class="form-group">
<label class="form-control-label" for="log-pass" id="
errorl">
</label>
</div>
</form>

Request / Response

 Details

Risk description:
Passwords submitted in URLs have a higher chance of being leaked. The main reason is that URLs can be leaked in browser cross-site requests via the Referer header. Additionally, URLs are usually stored in all kinds of
logs. If any access or error logs of the server were publicly accessible, an attacker could also harvest password from it.

Recommendation:
You should submit passwords using POST rather than GET. This way sensitive data won't be shared to other locations via URLs.

References:
https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns

Classification:
OWASP Top 10 - 2021 : A4 - Insecure Design

 Server software and technology found UNCONFIRMED 


port 443/tcp

Software / Version Category

Google Cloud IaaS

Google Cloud Trace Performance

Bootstrap UI frameworks

google-frontend-httpserver Miscellaneous

jQuery JavaScript libraries

 Details

Risk description:
The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation:
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.

References:
https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server.html

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

Screenshot:

3/8
Figure 1. Website Screenshot

 Login Interface Found CONFIRMED


port 443/tcp

URL Evidence

<input class="form-control" id="sign-username" type="text"/>


<input class="form-control" id="sign-password" type="password"/>
<button class="btn btn-primary" onclick="logIn()" type="button">Log in</button>
https://www.demoblaze.com/

Request / Response

 Details

Risk description:
The risk is that an attacker could use this interface to mount brute force attacks against known passwords and usernames combinations leaked throughout the web.

Recommendation:
Ensure each interface is not bypassable using common knowledge of the application or leaked credentials using occasional password audits.

References:
https://pentest-tools.com/network-vulnerability-scanning/password-auditor
http://capec.mitre.org/data/definitions/16.html

Screenshot:

Figure 2. Login Interface

 Security.txt file is missing CONFIRMED


port 443/tcp

URL

Missing: https://www.demoblaze.com/.well-known/security.txt

 Details

Risk description:
There is no particular risk in not having a security.txt file for your server. However, this file is important because it offers a designated channel for reporting vulnerabilities and security issues.

Recommendation:
We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.

4/8
References:
https://securitytxt.org/

Classification:
OWASP Top 10 - 2017 : A6 - Security Misconfiguration
OWASP Top 10 - 2021 : A5 - Security Misconfiguration

 Email Address Exposure UNCONFIRMED 


port 443/tcp

URL Method Parameters Evidence

Email Address:
Headers: [email protected]
https://www.demoblaze.com/ GET
User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
Request / Response

 Details

Risk description:
The risk is that exposed email addresses within the application could be accessed by unauthorized parties. This could lead to privacy violations, spam, phishing attacks, or other forms of misuse.

Recommendation:
Compartmentalize the application to have 'safe' areas where trust boundaries can be unambiguously drawn. Do not allow email addresses to go outside of the trust boundary, and always be careful when interfacing with a
compartment outside of the safe area.

References:
https://owasp.org/Top10/A04_2021-Insecure_Design/

Classification:
CWE : CWE-200
OWASP Top 10 - 2017 : A6: Security Misconfiguration
OWASP Top 10 - 2021 : A4: Insecure Design

 Spider results

URL Method Page Title Page Size Status Code

https://www.demoblaze.com/ GET STORE 19.16 KB 200

https://www.demoblaze.com/cart.html GET STORE 23.75 KB 200

https://www.demoblaze.com/css GET 404 Not Found 280 B 404

https://www.demoblaze.com/css/ GET 404 Not Found 281 B 404

https://www.demoblaze.com/imgs GET 404 Not Found 281 B 404

https://www.demoblaze.com/imgs/ GET 404 Not Found 282 B 404

https://www.demoblaze.com/index.html GET STORE 19.16 KB 200

https://www.demoblaze.com/js GET 404 Not Found 279 B 404

https://www.demoblaze.com/js/ GET 404 Not Found 280 B 404

https://www.demoblaze.com/node_modules GET 404 Not Found 289 B 404

https://www.demoblaze.com/node_modules/ GET 404 Not Found 290 B 404

https://www.demoblaze.com/node_modules/bootstrap GET 404 Not Found 299 B 404

https://www.demoblaze.com/node_modules/bootstrap-sweetalert GET 404 Not Found 310 B 404

https://www.demoblaze.com/node_modules/bootstrap-sweetalert/ GET 404 Not Found 311 B 404

https://www.demoblaze.com/node_modules/bootstrap-sweetalert/dist GET 404 Not Found 315 B 404

https://www.demoblaze.com/node_modules/bootstrap-sweetalert/dist/ GET 404 Not Found 316 B 404

https://www.demoblaze.com/node_modules/bootstrap/ GET 404 Not Found 300 B 404

https://www.demoblaze.com/node_modules/bootstrap/dist GET 404 Not Found 304 B 404

https://www.demoblaze.com/node_modules/bootstrap/dist/ GET 404 Not Found 305 B 404

https://www.demoblaze.com/node_modules/bootstrap/dist/css GET 404 Not Found 308 B 404

https://www.demoblaze.com/node_modules/bootstrap/dist/css/ GET 404 Not Found 309 B 404

https://www.demoblaze.com/node_modules/bootstrap/dist/js GET 404 Not Found 307 B 404

https://www.demoblaze.com/node_modules/bootstrap/dist/js/ GET 404 Not Found 308 B 404

https://www.demoblaze.com/node_modules/jquery GET 404 Not Found 296 B 404

https://www.demoblaze.com/node_modules/jquery/ GET 404 Not Found 297 B 404

https://www.demoblaze.com/node_modules/jquery/dist GET 404 Not Found 301 B 404

https://www.demoblaze.com/node_modules/jquery/dist/ GET 404 Not Found 302 B 404

https://www.demoblaze.com/node_modules/tether GET 404 Not Found 296 B 404

https://www.demoblaze.com/node_modules/tether/ GET 404 Not Found 297 B 404

https://www.demoblaze.com/node_modules/tether/dist GET 404 Not Found 301 B 404

https://www.demoblaze.com/node_modules/tether/dist/ GET 404 Not Found 302 B 404

https://www.demoblaze.com/node_modules/tether/dist/js GET 404 Not Found 304 B 404

https://www.demoblaze.com/node_modules/tether/dist/js/ GET 404 Not Found 305 B 404

https://www.demoblaze.com/node_modules/video.js/ GET 404 Not Found 299 B 404

https://www.demoblaze.com/node_modules/video.js/dist GET 404 Not Found 303 B 404

https://www.demoblaze.com/node_modules/video.js/dist/ GET 404 Not Found 304 B 404

https://www.demoblaze.com/node_modules/videojs-contrib-hls GET 404 Not Found 309 B 404

5/8
https://www.demoblaze.com/node_modules/videojs-contrib-hls/ GET 404 Not Found 310 B 404

https://www.demoblaze.com/node_modules/videojs-contrib-hls/dist GET 404 Not Found 314 B 404

https://www.demoblaze.com/node_modules/videojs-contrib-hls/dist/ GET 404 Not Found 315 B 404

 Details

Risk description:
The table contains all the unique pages the scanner found. The duplicated URLs are not available here as scanning those is considered unnecessary

Recommendation:
We recommend to advanced users to make sure the scan properly detected most of the URLs in the application.

References:
All the URLs the scanner found, including duplicates (available for 90 days after the scan date)

 Website is accessible.

 Nothing was found for client access policies.

 Nothing was found for robots.txt file.

 Nothing was found for outdated JavaScript libraries.

 Nothing was found for use of untrusted certificates.

 Nothing was found for enabled HTTP debug methods.

 Nothing was found for administration consoles.

 Nothing was found for information disclosure.

 Nothing was found for software identification.

 Nothing was found for sensitive files.

 Nothing was found for interesting files.

 Nothing was found for enabled HTTP OPTIONS method.

 Nothing was found for secure communication.

 Nothing was found for directory listing.

 Nothing was found for passwords submitted unencrypted.

 Nothing was found for error messages.

 Nothing was found for debug messages.

 Nothing was found for code comments.

 Nothing was found for missing HTTP header - Feature.

 Nothing was found for Insecure Direct Object Reference.

 Nothing was found for domain too loose set for cookies.

 Nothing was found for mixed content between HTTP and HTTPS.

 Nothing was found for cross domain file inclusion.

 Nothing was found for internal error code.

6/8
 Nothing was found for HttpOnly flag of cookie.

 Nothing was found for Secure flag of cookie.

 Nothing was found for secure password submission.

 Nothing was found for sensitive data.

 Nothing was found for Server Side Request Forgery.

 Nothing was found for Open Redirect.

 Nothing was found for Exposed Backup Files.

 Nothing was found for unsafe HTTP header Content Security Policy.

 Nothing was found for OpenAPI files.

 Nothing was found for file upload.

 Nothing was found for SQL statement in request parameter.

 Nothing was found for password returned in later response.

 Nothing was found for Path Disclosure.

 Nothing was found for Session Token in URL.

 Nothing was found for API endpoints.

Scan coverage information

List of tests performed (50/50)


 Starting the scan...
 Checking for login interfaces...
 Checking for missing HTTP header - Referrer...
 Checking for missing HTTP header - Strict-Transport-Security...
 Checking for missing HTTP header - Content Security Policy...
 Checking for missing HTTP header - X-Content-Type-Options...
 Checking for emails...
 Checking for passwords submitted in URLs...
 Spidering target...
 Checking for website technologies...
 Checking for vulnerabilities of server-side software...
 Checking for client access policies...
 Checking for robots.txt file...
 Checking for absence of the security.txt file...
 Checking for outdated JavaScript libraries...
 Checking for use of untrusted certificates...
 Checking for enabled HTTP debug methods...
 Checking for administration consoles...
 Checking for information disclosure... (this might take a few hours)
 Checking for software identification...
 Checking for sensitive files...
 Checking for interesting files... (this might take a few hours)
 Checking for enabled HTTP OPTIONS method...
 Checking for secure communication...
 Checking for directory listing...
 Checking for passwords submitted unencrypted...
 Checking for error messages...
 Checking for debug messages...
 Checking for code comments...
 Checking for missing HTTP header - Feature...
 Checking for Insecure Direct Object Reference...
 Checking for domain too loose set for cookies...
 Checking for mixed content between HTTP and HTTPS...
 Checking for cross domain file inclusion...
 Checking for internal error code...
 Checking for HttpOnly flag of cookie...
 Checking for Secure flag of cookie...
 Checking for secure password submission...
 Checking for sensitive data...
 Checking for Server Side Request Forgery...
 Checking for Open Redirect...
 Checking for Exposed Backup Files...
 Checking for unsafe HTTP header Content Security Policy...
 Checking for OpenAPI files...
 Checking for file upload...
 Checking for SQL statement in request parameter...
 Checking for password returned in later response...
 Checking for Path Disclosure...
 Checking for Session Token in URL...
 Checking for API endpoints...

7/8
Scan parameters
target: https://www.demoblaze.com/
scan_type: Light
authentication: False

Scan stats
Unique Injection Points Detected: 3
URLs spidered: 47
Total number of HTTP requests: 15019
Average time until a response was
1ms
received:
Total number of HTTP request errors: 282

8/8

You might also like