Rapport mymusicplease.fr

on

  • 889 views

 

Statistics

Views

Total Views
889
Slideshare-icon Views on SlideShare
889
Embed Views
0

Actions

Likes
0
Downloads
1
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Rapport mymusicplease.fr Rapport mymusicplease.fr Document Transcript

    • Acunetix Website Audit 13 May, 2012Detailed Scan Report Generated by Acunetix WVS Reporter (v7.0 Build 20100921)
    • Scan of http://mymusicplease.fr:80/Scan detailsScan informationStarttime 13/05/2012 16:36:48Finish time 13/05/2012 17:24:09Scan time 47 minutes, 21 secondsProfile DefaultServer informationResponsive TrueServer banner ApacheServer OS UnknownServer technologies PHPThreat levelAlerts distributionTotal alerts found 47 High 14 Medium 15 Low 5 Informational 13Knowledge baseList of open TCP portsAcunetix Website Audit 2
    • FTP server runningWhois lookupAlerts summary Blind SQL InjectionAffects Variations/vote.php 2Acunetix Website Audit 3
    • Cross Site ScriptingAffects Variations/connexion.php 1/menu.php 1/modifierParoles.php 1/titrePlusArtiste.php 1 SQL injectionAffects Variations/vote.php 8 Application error messageAffects Variations/mail.php 3/rechercheDynamique.php 1/vote.php 8 Backup filesAffects Variations/lecteur2.php 1/modifierParoles2.php 1/search/r2.php 1 Apache mod_negotiation filename bruteforcingAffects VariationsWeb Server 1 Possible sensitive directoriesAffects Variations/ckeditor/_source 1 Possible sensitive filesAffects Variations/php.ini 1 Session Cookie without HttpOnly flag setAffects Variations/ 1 Session Cookie without Secure flag setAffects Variations/ 1 Broken linksAffects Variations/aide.php 1/aideP.php 1/aidePR.php 1/p.php 1/test/js/fade.js 1/u.php 1/valeurP.php 1/valeurP2.php 1Acunetix Website Audit 4
    • Password type input with autocomplete enabledAffects Variations/connexion.php 1/connexion.php (0b86d1cf27f0ccfd92cafb5c754d93b4) 1/connexion.php (8b27e453fa0a1c704996c9881a28b722) 1/inscription.php 2Acunetix Website Audit 5
    • Alert details Blind SQL InjectionSeverity HighType ValidationReported by module Scripting (Blind_Sql_Injection.script)DescriptionImpactRecommendationAffected items/vote.phpDetailsRequestGET /vote.php?id=%24%7binjecthere%7d&valeur=1&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:53 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=194Connection: Keep-AliveContent-Type: text/htmlContent-Length: 139/vote.phpDetailsAcunetix Website Audit 6
    • RequestGET /vote.php?id=131&valeur=%24%7binjecthere%7d&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:45:07 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=182Connection: Keep-AliveContent-Type: text/htmlContent-Length: 139 Cross Site ScriptingSeverity HighType ValidationReported by module Scripting (XSS.script)DescriptionImpactRecommendationAffected items/connexion.phpDetailsRequestPOST /connexion.php HTTP/1.1Content-Length: 79Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)connexion=submit&mdp=&pseudo=%22%20onmouseover%3dprompt%28951355%29%20bad%3d%22ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:37:50 GMTAcunetix Website Audit 7
    • Server: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheContent-Length: 1215Keep-Alive: timeout=2, max=174Connection: Keep-Alive/menu.phpDetailsRequestGET/menu.php?Annuler=&id=%22%20onmouseover%3dprompt%28963662%29%20bad%3d%22&playlistChoisie=&Valider=submit HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:37:38 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=167Connection: Keep-AliveContent-Type: text/htmlContent-Length: 1600/modifierParoles.phpDetailsRequestGET /modifierParoles.php?afficher=1&chemin=%22%20onmouseover%3dprompt%28996511%29%20bad%3d%22HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:45:49 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=191Connection: Keep-AliveContent-Type: text/htmlContent-Length: 1248Acunetix Website Audit 8
    • /titrePlusArtiste.phpDetailsRequestGET /titrePlusArtiste.php?msg=1%3cScRiPt%20%3eprompt%28924661%29%3c%2fScRiPt%3e HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:42:57 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=189Connection: Keep-AliveContent-Type: text/htmlContent-Length: 405 SQL injectionSeverity HighType ValidationReported by module Scripting (Sql_Injection.script)DescriptionImpactRecommendationAffected itemsAcunetix Website Audit 9
    • /vote.phpDetailsRequestGET /vote.php?id=%24%7binjecthere%7d&valeur=3&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:55 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheContent-Length: 272Keep-Alive: timeout=2, max=186Connection: Keep-AliveContent-Type: text/html/vote.phpDetailsRequestGET /vote.php?id=%24%7binjecthere%7d&valeur=2&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:56 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=189Connection: Keep-AliveContent-Type: text/htmlContent-Length: 272/vote.phpDetailsRequestGET /vote.php?id=%24%7binjecthere%7d&valeur=4&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAcunetix Website Audit 10
    • Accept-Encoding: gzip,deflateResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:47 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=190Connection: Keep-AliveContent-Type: text/htmlContent-Length: 272/vote.phpDetailsRequestGET /vote.php?id=%24%7binjecthere%7d&valeur=1&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:43 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=199Connection: Keep-AliveContent-Type: text/htmlContent-Length: 272/vote.phpDetailsRequestGET /vote.php?id=%24%7binjecthere%7d&valeur=5&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Response HTTP/1.1 200 OK Date: Sun, 13 May 2012 14:44:49 GMT Server: Apache X-Powered-By: PHP/5.4.3 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Keep-Alive: timeout=2, max=188 Connection: Keep-Alive Content-Type: text/htmlAcunetix Website Audit 11
    • /vote.phpDetailsRequestGET /vote.php?id=131&valeur=%24%7binjecthere%7d&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:45:00 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=185Connection: Keep-AliveContent-Type: text/htmlContent-Length: 274/vote.phpDetailsRequestGET /vote.php?id=131&valeur=%24%7binjecthere%7d&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:45:03 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=181Connection: Keep-AliveContent-Type: text/htmlContent-Length: 274/vote.phpDetailsRequestGET /vote.php?id=131&valeur=%24%7binjecthere%7d&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Acunetix Website Audit 12
    • Connection: Keep-aliveAccept-Encoding: gzip,deflateResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:56 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=187Connection: Keep-AliveContent-Type: text/htmlContent-Length: 274 Application error messageSeverity MediumType ValidationReported by module Scripting (Error_Message.script)DescriptionImpactRecommendationAffected items/mail.phpDetailsRequestPOST /mail.php HTTP/1.1Content-Length: 108Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)inscription=submit&mailInsc=sample@email.tst&mdp2=&mdpInsc=&nom=sajuhhbl&prenom=sajuhhbl&pseudoInsc=sajuhhblResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:38:05 GMTServer: ApacheX-Powered-By: PHP/5.4.3Content-Length: 797Keep-Alive: timeout=2, max=194Connection: Keep-AliveAcunetix Website Audit 13
    • /mail.phpDetailsRequestPOST /mail.php HTTP/1.1Content-Length: 100Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)inscription=submit&mailInsc=sample@email.tst&mdp2=&mdpInsc=&nom=&prenom=sajuhhbl&pseudoInsc=sajuhhblResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:38:05 GMTServer: ApacheX-Powered-By: PHP/5.4.3Keep-Alive: timeout=2, max=200Connection: Keep-AliveContent-Type: text/htmlContent-Length: 797/mail.phpDetailsRequestGET /mail.php HTTP/1.1referer: "");|]*{%0d%0a<%00>user-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:47:32 GMTServer: ApacheX-Powered-By: PHP/5.4.3Keep-Alive: timeout=2, max=192Connection: Keep-AliveContent-Type: text/htmlContent-Length: 797/rechercheDynamique.phpDetailsRequestAcunetix Website Audit 14
    • GET /rechercheDynamique.php?pseudo=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:42:59 GMTServer: ApacheX-Powered-By: PHP/5.4.3Keep-Alive: timeout=2, max=170Connection: Keep-AliveContent-Type: text/htmlContent-Length: 1038/vote.phpDetailsRequestGET /vote.php?id=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e&valeur=1&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:43 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheContent-Length: 290Keep-Alive: timeout=2, max=197Connection: Keep-AliveContent-Type: text/html/vote.phpDetailsRequestGET /vote.php?id=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e&valeur=3&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:56 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=186Acunetix Website Audit 15
    • Connection: Keep-AliveContent-Type: text/html/vote.phpDetailsRequestGET /vote.php?id=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e&valeur=5&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:56 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=190Connection: Keep-AliveContent-Type: text/htmlContent-Length: 290/vote.phpDetailsRequestGET /vote.php?id=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e&valeur=2&vote=oui HTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:45:07 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=182Connection: Keep-AliveContent-Type: text/htmlContent-Length: 290/vote.phpDetailsRequestGET /vote.php?id=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e&valeur=4&vote=oui HTTP/1.1Acunetix Website Audit 16
    • Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:44:49 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=194Connection: Keep-AliveContent-Type: text/htmlContent-Length: 290/vote.phpDetailsRequestGET /vote.php?id=131&valeur=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e&vote=ouiHTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:45:10 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=158Connection: Keep-AliveContent-Type: text/htmlContent-Length: 286/vote.phpDetailsRequestGET /vote.php?id=131&valeur=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e&vote=ouiHTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:45:09 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTAcunetix Website Audit 17
    • Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=178Connection: Keep-AliveContent-Type: text/html/vote.phpDetailsRequestGET /vote.php?id=131&valeur=%27%22%27%22%29%3b%7c%5d*%7b%250d%250a%3c%2500%3e&vote=ouiHTTP/1.1Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:45:09 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=173Connection: Keep-AliveContent-Type: text/htmlContent-Length: 286 Backup filesSeverity MediumType ValidationReported by module Scripting (Backup_File.script)DescriptionImpactRecommendationAffected items/lecteur2.phpDetailsRequestGET /lecteur2.php HTTP/1.1Range: bytes=0-99999Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAcunetix Website Audit 18
    • Accept-Encoding: gzip,deflateResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:38:42 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=5Connection: Keep-AliveContent-Type: text/htmlContent-Length: 8931/modifierParoles2.phpDetailsRequestGET /modifierParoles2.php HTTP/1.1Range: bytes=0-99999Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:39:05 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=53Connection: Keep-AliveContent-Type: text/htmlContent-Length: 333/search/r2.phpDetailsRequestGET /search/r2.php HTTP/1.1Range: bytes=0-99999Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:39:20 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=138Connection: Keep-AliveContent-Type: text/htmlContent-Length: 630Acunetix Website Audit 19
    • Apache mod_negotiation filename bruteforcingSeverity LowType ValidationReported by module Scripting (Apache_mod_negotiation_Filename_Bruteforcing.script)DescriptionImpactRecommendationAffected itemsWeb ServerDetailsRequestGET /index HTTP/1.1Accept: acunetix/wvsHost: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 406 Not AcceptableDate: Sun, 13 May 2012 14:36:49 GMTServer: ApacheAlternates: {"index.html" 1 {type text/html} {length 507}}, {"index.php" 1 {type x-mapp-php4}{length 2572}}Vary: negotiate,acceptTCN: listContent-Length: 411Keep-Alive: timeout=2, max=199Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1 Possible sensitive directoriesSeverity LowType ValidationReported by module Scripting (Possible_Sensitive_Directories.script)DescriptionImpactAcunetix Website Audit 20
    • RecommendationAffected items/ckeditor/_sourceDetailsRequestGET /ckeditor/_source HTTP/1.1Accept: acunetix/wvsRange: bytes=0-99999Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 301 Moved PermanentlyDate: Sun, 13 May 2012 14:38:20 GMTServer: ApacheLocation: http://mymusicplease.fr/ckeditor/_source/Content-Length: 249Keep-Alive: timeout=2, max=11Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1 Possible sensitive filesSeverity LowType ValidationReported by module Scripting (Possible_Sensitive_Files.script)DescriptionImpactRecommendationAffected items/php.iniDetailsRequestGET /php.ini HTTP/1.1Accept: acunetix/wvsRange: bytes=0-99999Cookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.fr:80Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseAcunetix Website Audit 21
    • HTTP/1.1 206 Partial ContentDate: Sun, 13 May 2012 14:37:23 GMTServer: ApacheLast-Modified: Wed, 22 Feb 2012 21:53:33 GMTETag: "4021d186-42-4b9948f138375"Accept-Ranges: bytesContent-Length: 66Content-Range: bytes 0-65/66Keep-Alive: timeout=2, max=190Connection: Keep-AliveContent-Type: text/plain Session Cookie without HttpOnly flag setSeverity LowType InformationalReported by module CrawlerDescriptionImpactRecommendationAffected items/DetailsRequestGET / HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif,image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel,application/vnd.ms-powerpoint, application/msword, */*Accept-Language: fr-FRUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: mymusicplease.frCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:37:02 GMTServer: ApacheLast-Modified: Mon, 30 Jan 2012 18:19:33 GMTETag: "401e5cd9-1fb-4b7c2e36579ce"Accept-Ranges: bytesContent-Length: 507Keep-Alive: timeout=2, max=198Connection: Keep-AliveContent-Type: text/html Session Cookie without Secure flag setSeverity LowAcunetix Website Audit 22
    • Type InformationalReported by module CrawlerDescriptionImpactRecommendationAffected items/DetailsRequestGET / HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif,image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel,application/vnd.ms-powerpoint, application/msword, */*Accept-Language: fr-FRUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: mymusicplease.frCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:37:02 GMTServer: ApacheLast-Modified: Mon, 30 Jan 2012 18:19:33 GMTETag: "401e5cd9-1fb-4b7c2e36579ce"Accept-Ranges: bytesContent-Length: 507Keep-Alive: timeout=2, max=198Connection: Keep-AliveContent-Type: text/html Broken linksSeverity InformationalType InformationalReported by module CrawlerDescriptionImpactRecommendationAffected itemsAcunetix Website Audit 23
    • /aide.phpDetailsRequestGET /aide.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/plan.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 404 Not FoundDate: Sun, 13 May 2012 14:36:50 GMTServer: ApacheContent-Length: 823Keep-Alive: timeout=2, max=195Connection: Keep-AliveContent-Type: text/html/aideP.phpDetailsRequestGET /aideP.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/plan.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 404 Not FoundDate: Sun, 13 May 2012 14:36:50 GMTServer: ApacheContent-Length: 823Keep-Alive: timeout=2, max=191Connection: Keep-AliveContent-Type: text/html/aidePR.phpDetailsRequestGET /aidePR.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/plan.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 404 Not FoundAcunetix Website Audit 24
    • Date: Sun, 13 May 2012 14:36:50 GMTServer: ApacheContent-Length: 823Keep-Alive: timeout=2, max=191Connection: Keep-Alive/p.phpDetailsRequestGET /p.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/plan.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 404 Not FoundDate: Sun, 13 May 2012 14:36:50 GMTServer: ApacheContent-Length: 823Keep-Alive: timeout=2, max=190Connection: Keep-AliveContent-Type: text/html/test/js/fade.jsDetailsRequestGET /test/js/fade.js HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/envoyer.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 404 Not FoundDate: Sun, 13 May 2012 14:36:51 GMTServer: ApacheContent-Length: 823Keep-Alive: timeout=2, max=189Connection: Keep-AliveContent-Type: text/html/u.phpDetailsRequestGET /u.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/plan.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Acunetix Website Audit 25
    • Host: mymusicplease.frConnection: Keep-aliveResponseHTTP/1.1 404 Not FoundDate: Sun, 13 May 2012 14:36:50 GMTServer: ApacheContent-Length: 823Keep-Alive: timeout=2, max=191Connection: Keep-AliveContent-Type: text/html/valeurP.phpDetailsRequestGET /valeurP.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/plan.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 404 Not FoundDate: Sun, 13 May 2012 14:36:50 GMTServer: ApacheContent-Length: 823Keep-Alive: timeout=2, max=189Connection: Keep-AliveContent-Type: text/html/valeurP2.phpDetailsRequestGET /valeurP2.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/plan.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 404 Not FoundDate: Sun, 13 May 2012 14:36:50 GMTServer: ApacheContent-Length: 823Keep-Alive: timeout=2, max=192Connection: Keep-AliveContent-Type: text/html Password type input with autocomplete enabledSeverity InformationalType InformationalReported by module CrawlerAcunetix Website Audit 26
    • DescriptionImpactRecommendationAffected items/connexion.phpDetailsRequestGET /connexion.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/accueil.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:36:49 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=197Connection: Keep-AliveContent-Type: text/htmlContent-Length: 1181/connexion.php (0b86d1cf27f0ccfd92cafb5c754d93b4)DetailsRequestPOST /connexion.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/connexion.phpContent-Length: 37Content-Type: application/x-www-form-urlencodedCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)connexion=submit&mdp=&pseudo=ayupvokiResponseHTTP/1.1 200 OKAcunetix Website Audit 27
    • Date: Sun, 13 May 2012 14:36:50 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=194Connection: Keep-AliveContent-Type: text/html/connexion.php (8b27e453fa0a1c704996c9881a28b722)DetailsRequestGET /connexion.php?e=e HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/accueil.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:36:49 GMTServer: ApacheX-Powered-By: PHP/5.4.3Expires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheKeep-Alive: timeout=2, max=196Connection: Keep-AliveContent-Type: text/htmlContent-Length: 1249/inscription.phpDetailsRequestGET /inscription.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/accueil.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:36:49 GMTServer: ApacheX-Powered-By: PHP/5.4.3Content-Length: 4638Keep-Alive: timeout=2, max=196Connection: Keep-AliveContent-Type: text/html/inscription.phpDetailsAcunetix Website Audit 28
    • RequestGET /inscription.php HTTP/1.1Pragma: no-cacheAcunetix-Aspect: enabledAcunetix-Aspect-Password: *****Acunetix-Aspect-Queries: filelist;aspectalertsReferer: http://mymusicplease.fr/accueil.phpCookie: PHPSESSID=97885a753032e5edeba8aa8209128e18Host: mymusicplease.frConnection: Keep-aliveUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)ResponseHTTP/1.1 200 OKDate: Sun, 13 May 2012 14:36:49 GMTServer: ApacheX-Powered-By: PHP/5.4.3Content-Length: 4638Keep-Alive: timeout=2, max=196Connection: Keep-AliveContent-Type: text/htmlAcunetix Website Audit 29