Vulnerability Scan Result
22/tcp | ssh | OpenSSH 8.2p1 |
80/tcp | http | nginx |
443/tcp | https | nginx |
6000/tcp | http | nginx |
6001/tcp | http | nginx |
Software / Version | Category |
---|---|
Alpine.js 3.12.0 | JavaScript frameworks |
Bunny | CDN |
Axios | JavaScript libraries |
core-js 3.27.1 | JavaScript libraries |
Google Analytics GA4 | Analytics |
Livewire | Web frameworks, Miscellaneous |
Laravel | Web frameworks |
Matomo Analytics | Analytics |
Open Graph | Miscellaneous |
PHP 8.1.29 | Programming languages |
SweetAlert2 11 | JavaScript libraries |
PWA | Miscellaneous |
Webpack | Miscellaneous |
AMP | JavaScript frameworks |
Google AdSense | Advertising |
Google Tag Manager | Tag managers |
jsDelivr | CDN |
Lodash 4.17.21 | JavaScript libraries |
HSTS | Security |
RSS | Miscellaneous |
Web Application Vulnerabilities
Evidence
Risk Level | CVSS | CVE | Summary | Affected software |
---|---|---|---|---|
9.8 | CVE-2024-11236 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. | php 8.1.29 | |
4.8 | CVE-2024-11234 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | php 8.1.29 | |
4.8 | CVE-2024-11233 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas. | php 8.1.29 |
Vulnerability description
We noticed known vulnerabilities in the target application based on the server responses. They are usually related to outdated systems and expose the affected applications to the risk of unauthorized access to confidential data and possibly denial of service attacks. Depending on the system distribution the affected software can be patched but displays the same version, requiring manual checking.
Recommendation
In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.
Classification
CWE | CWE-1026 |
OWASP Top 10 - 2017 | A9 - Using Components with Known Vulnerabilities |
OWASP Top 10 - 2021 | A6 - Vulnerable and Outdated Components |
Evidence
URL | Evidence |
---|---|
https://speedthings.beststore.discount/ | Response does not include the HTTP Content-Security-Policy security header or meta tag |
Vulnerability description
We noticed that the target application lacks the Content-Security-Policy (CSP) header in its HTTP responses. The CSP header is a security measure that instructs web browsers to enforce specific security rules, effectively preventing the exploitation of Cross-Site Scripting (XSS) vulnerabilities.
Recommendation
Configure the Content-Security-Header to be sent with each HTTP response in order to apply the specific policies needed by the application.
Classification
CWE | CWE-693 |
OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Evidence
Software / Version | Category |
---|---|
Alpine.js 3.12.0 | JavaScript frameworks |
Bunny | CDN |
Axios | JavaScript libraries |
core-js 3.27.1 | JavaScript libraries |
Google Analytics GA4 | Analytics |
Livewire | Web frameworks, Miscellaneous |
Laravel | Web frameworks |
Matomo Analytics | Analytics |
Open Graph | Miscellaneous |
PHP 8.1.29 | Programming languages |
SweetAlert2 11 | JavaScript libraries |
PWA | Miscellaneous |
Webpack | Miscellaneous |
AMP | JavaScript frameworks |
Google AdSense | Advertising |
Google Tag Manager | Tag managers |
jsDelivr | CDN |
Lodash 4.17.21 | JavaScript libraries |
HSTS | Security |
RSS | Miscellaneous |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.
Classification
OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Evidence
Vulnerability description
We found the robots.txt on the target server. This file instructs web crawlers what URLs and endpoints of the web application they can visit and crawl. Website administrators often misuse this file while attempting to hide some web pages from the users.
Recommendation
We recommend you to manually review the entries from robots.txt and remove the ones which lead to sensitive locations in the website (ex. administration panels, configuration files, etc).
Classification
OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Vulnerability description
Website is accessible.
Vulnerability description
We have noticed that the server is missing the security.txt file, which is considered a good practice for web security. It provides a standardized way for security researchers and the public to report security vulnerabilities or concerns by outlining the preferred method of contact and reporting procedures.
Recommendation
We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.
Classification
OWASP Top 10 - 2017 | A6 - Security Misconfiguration |
OWASP Top 10 - 2021 | A5 - Security Misconfiguration |
Infrastructure Vulnerabilities
Evidence
Risk level | CVSS | CVE | Summary | Exploit |
---|---|---|---|---|
9.8 | CVE-2024-11236 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. | N/A | |
4.8 | CVE-2024-11234 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | N/A | |
4.8 | CVE-2024-11233 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas. | N/A |
Vulnerability description
Vulnerabilities found for PHP 8.1.29
Recommendation
We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.
Evidence
Risk level | CVSS | CVE | Summary | Exploit |
---|---|---|---|---|
9.8 | CVE-2024-11236 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. | N/A | |
4.8 | CVE-2024-11234 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | N/A | |
4.8 | CVE-2024-11233 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas. | N/A |
Vulnerability description
Vulnerabilities found for PHP 8.1.29
Recommendation
We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.
Starting Nmap ( https://nmap.org ) at 2025-01-21 09:42 EET
Nmap scan report for speedthings.beststore.discount (143.244.38.136)
Host is up (0.0015s latency).
rDNS record for 143.244.38.136: 143-244-38-136.bunnyinfra.net
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 (protocol 2.0)
| ssh-auth-methods:
| Supported authentication methods:
| publickey
|_ password
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.79 seconds
Vulnerability description
We found that the SSH service with username/password authentication is publicly accessible. Network administrators often use remote administration protocols to control devices like switches, routers, and other essential systems. However, allowing these services to be accessible via the Internet can increase security risks, creating potential opportunities for attacks on the organization.
Recommendation
We recommend turning off SSH with username/password authentication access over the Internet and instead using a Virtual Private Network (VPN) that mandates two-factor authentication (2FA). If the SSH service is essential for business purposes, we recommend limiting access only from designated IP addresses using a firewall. Furthermore, it is advisable to utilize SSH Public Key Authentication since it employs a key pair to verify the identity of a user or process.
Evidence
Domain Queried | DNS Record Type | Description | Value |
---|---|---|---|
speedthings.beststore.discount | A | IPv4 address | 143.244.38.136 |
Recommendation
We recommend reviewing all DNS records associated with the domain and identifying and removing unused or obsolete records.
Vulnerability description
OS detection couldn't determine the operating system.
Evidence
Software / Version | Category |
---|---|
PHP 8.1.29 | Programming languages |
Laravel | Web frameworks |
Alpine.js 3.12.0 | JavaScript frameworks |
Google Tag Manager | Tag managers |
Google AdSense | Advertising |
Google Analytics GA4 | Analytics |
Matomo Analytics | Analytics |
Lodash 4.17.21 | JavaScript libraries |
core-js 3.27.1 | JavaScript libraries |
Axios | JavaScript libraries |
SweetAlert2 11 | JavaScript libraries |
jsDelivr | CDN |
HSTS | Security |
Bunny | CDN |
Webpack | Miscellaneous |
Livewire | Web frameworks, Miscellaneous |
RSS | Miscellaneous |
PWA | Miscellaneous |
Open Graph | Miscellaneous |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.
Evidence
Software / Version | Category |
---|---|
PHP 8.1.29 | Programming languages |
Laravel | Web frameworks |
Alpine.js | JavaScript frameworks |
Google Tag Manager | Tag managers |
Google AdSense | Advertising |
Google Analytics GA4 | Analytics |
SweetAlert2 11 | JavaScript libraries |
jsDelivr | CDN |
HSTS | Security |
Bunny | CDN |
Livewire | Web frameworks, Miscellaneous |
RSS | Miscellaneous |
PWA | Miscellaneous |
Matomo Analytics | Analytics |
Lodash 4.17.21 | JavaScript libraries |
core-js 3.27.1 | JavaScript libraries |
Axios | JavaScript libraries |
Webpack | Miscellaneous |
Open Graph | Miscellaneous |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.
Evidence
Software / Version | Category |
---|---|
Nginx | Web servers, Reverse proxies |
Bunny | CDN |
Bunny Fonts | Font scripts |
Vulnerability description
We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.
Recommendation
We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.