Professional Documents
Culture Documents
Developer Report
Scan of http://116.66.206.28:80/
Scan details
Scan information Starttime Finish time Scan time Profile Server information Responsive Server banner Server OS Server technologies
Threat level Acunetix Threat Level 1 One or more low-severity type vulnerabilities have been discovered by the scanner.
Knowledge base
List of file extensions File extensions can provide information on what technologies are being used on this website. List of file extensions detected: - txt => 1 file(s) - php => 3 file(s) - css => 2 file(s) - js => 1 file(s) - ttf => 1 file(s) - eot => 2 file(s) - woff => 2 file(s) - svg => 1 file(s)
List of client scripts These files contain Javascript code referenced from the website. - /theme/new/js/common.js - /theme/new/js/dhtmlxcommonpro.min.js
List of external hosts These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts allowed.(Settings->Scanners settings->Scanner->List of hosts allowed). - simpadu-pnpm.bappenas.go.id - ajax.googleapis.com - fonts.googleapis.com
Alerts summary
Possible sensitive directories Affects /data/admin /data/error /data/statistics /data/upload /lib/tiny_mce/plugins/save TRACK method is enabled Affects Web Server Broken links Affects /a /desinventar/dashboard /theme/new/font/lato300.eot /theme/new/font/lato300.svg /theme/new/font/lato300.ttf /theme/new/font/lato300.woff /theme/new/font/lato400.eot /theme/new/font/lato400.svg /theme/new/font/lato400.ttf /theme/new/font/lato400.woff /theme/new/font/lato700.svg /theme/new/font/lato700.ttf /theme/new/js/dhtmlxcommonpro.min.js Files listed in robots.txt but not linked Affects /ajax.php /thumb.php Variation s 1 1 Variation s 1 1 1 1 1 1 1 1 1 1 1 1 1 Variation s 1 Variation s 1 1 1 1 1
Alert details
Possible sensitive directories
Severity Low Type Validation Reported by module Scripting (Possible_Sensitive_Directories.script) Description A possible sensitive directory has been found. This directory is not directly linked from the website.This check looks for common sensitive resources like backup directories, database dumps, administration pages, temporary directories. Each one of these directories could help an attacker to learn more about his target. Impact This directory may expose sensitive information that could help a malicious user to prepare more advanced attacks. Recommendation Restrict access to this directory or remove it from the website. References Web Server Security and Database Server Security Affected items /data/admin Details No details are available. Request headers GET /data/admin HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) /data/error Details No details are available. Request headers GET /data/error HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) /data/statistics Details No details are available. Request headers GET /data/statistics HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Acunetix Website Audit 4
Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) /data/upload Details No details are available. Request headers GET /data/upload HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) /lib/tiny_mce/plugins/save Details No details are available. Request headers GET /lib/tiny_mce/plugins/save HTTP/1.1 Accept: acunetix/wvs Range: bytes=0-99999 Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Broken links
Severity Informational Type Informational Reported by module Crawler Description A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error. This page was linked from the website but it is inaccessible. Impact Problems navigating the site. Recommendation Remove the links to this file or make it accessible.
Affected items /a Details No details are available. Request headers GET /a HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/event.php Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /desinventar/dashboard Details No details are available. Request headers GET /desinventar/dashboard HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/ Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato300.eot Details No details are available. Request headers GET /theme/new/font/lato300.eot HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix Website Audit
Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato300.svg Details No details are available. Request headers GET /theme/new/font/lato300.svg HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato300.ttf Details No details are available. Request headers GET /theme/new/font/lato300.ttf HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato300.woff Details No details are available. Request headers GET /theme/new/font/lato300.woff HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato400.eot Details No details are available. Acunetix Website Audit 8
Request headers GET /theme/new/font/lato400.eot HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato400.svg Details No details are available. Request headers GET /theme/new/font/lato400.svg HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato400.ttf Details No details are available. Request headers GET /theme/new/font/lato400.ttf HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato400.woff Details No details are available. Request headers GET /theme/new/font/lato400.woff HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* Acunetix Website Audit 9
/theme/new/font/lato700.svg Details No details are available. Request headers GET /theme/new/font/lato700.svg HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/font/lato700.ttf Details No details are available. Request headers GET /theme/new/font/lato700.ttf HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/theme/new/css/style.css Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /theme/new/js/dhtmlxcommonpro.min.js Details No details are available. Request headers GET /theme/new/js/dhtmlxcommonpro.min.js HTTP/1.1 Pragma: no-cache Referer: http://116.66.206.28/event.php Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */*
10
Affected items /ajax.php Details No details are available. Request headers GET /ajax.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */* /thumb.php Details No details are available. Request headers GET /thumb.php HTTP/1.1 Pragma: no-cache Acunetix-Aspect: enabled Acunetix-Aspect-Password: ***** Acunetix-Aspect-Queries: filelist;aspectalerts Cookie: PHPSESSID=1robrms9tjfod16d5053t8ggb5od39ca; dashboard=20140117 Host: 116.66.206.28 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0) Accept: */*
11
12
URL: http://116.66.206.28/data/files/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/data/photo/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/css/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/css/style.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/css/dhtmlxgrid.css No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/active/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/active/btns_default/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/active/btns_disabled/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/active/btns_over_pressed/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/active/btns_over_default/ No vulnerabilities has been identified for this URL No input(s) found for this URL Acunetix Website Audit 13
URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/inactive/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/inactive/btns_default/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/inactive/btns_disabled/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/inactive/btns_over_default/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxwins_dhx_black/inactive/btns_over_pressed/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/dhtmlx/dhxtoolbar_dhx_black/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/img/icons/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/js/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/js/common.js No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/js/dhtmlxcommonpro.min.js Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato700.svg Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/simpadu.eot No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato700.ttf Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato400.svg Vulnerabilities has been identified for this URL No input(s) found for this URL Acunetix Website Audit 14
URL: http://116.66.206.28/theme/new/font/lato400.ttf Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato700.eot No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato400.eot Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato300.svg Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato300.ttf Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato300.eot Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato300.woff Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato400.woff Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/lato700.woff No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/theme/new/font/simpadu.woff No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/a Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/plugins/ Vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/plugins/save/ No vulnerabilities has been identified for this URL No input(s) found for this URL Acunetix Website Audit 15
URL: http://116.66.206.28/lib/tiny_mce/plugins/example/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/plugins/example/js/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/plugins/example/img/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/plugins/media/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/plugins/media/js/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/plugins/media/img/ No vulnerabilities has been identified for this URL No input(s) found for this URL URL: http://116.66.206.28/lib/tiny_mce/themes/ No vulnerabilities has been identified for this URL No input(s) found for this URL
16