Affected Items PDF

Acunetix Website Audit
7 June, 2016
Affected Items
Generated by Acunetix WVS Reporter (v10.0 Build 20150707)
Scan of http://192.168.1.3:80/
Scan details
Scan information
Start time
Finish time
Scan time
Profile
6/6/2016 5:59:47 PM
6/7/2016 9:07:29 AM
15 hours, 7 minutes
Default
Server information
Responsive
Server banner
Server OS
Server technologies
True
Microsoft-IIS/8.5
Windows
ASP.NET
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A
malicious user can exploit these vulnerabilities and compromise the backend database
and/or deface your website.
Alerts distribution
Total alerts found
227
High
Medium
188
Low
14
Informational
24
Affected items
/
Alert group
Severity
Description
Recommendations
Alert variants
Details
Microsoft IIS tilde directory enumeration

High
It is possible to detect short names of files and directories which have an 8.3 file naming scheme
equivalent in Windows by using some vectors in several versions of Microsoft IIS. For instance, it is
possible to detect all short-names of ".aspx" files as they have 4 letters in their extensions. This
can be a major issue especially for the .Net websites which are vulnerable to direct URL access as
an attacker can find important files and folders that they are not normally visible.
Consult the "Prevention Technique(s)" section from Soroush Dalili's paper on this subject. A link to
this paper is listed in the Web references section below.
No details are available.
OPTIONS //*~1*/a.aspx?aspxerrorpath=/ HTTP/1.1

(line truncated)
...p1B6fl3w1HuKBWpmtDDauU0_weIIyOCvMwqpQLC_8QjvuJVTUCXh5aG1-ajaVaMA7-gNWy5cJzSbJopRnbTTQ
3GZqyhzGZBza-oQDQawNvYSU-jLVbpS68bJwg5LzoOD0jQmyHeeF1-sJGpi1biByeNwOsiAyVspyZK6WbEahtbm8
_EComER7Ju_YO5clRIBbWTBOJhtbFpK9wyRrRbi3kDUCuqyw33D0Fszlp0lt31LfRng3L7YdnyxZglTpU7ljoT52
H6DiS9bjtWnzcDq2uIc-fZjl5IN557E2pNyBh4Nnk-WDBbnn_lJY99-cWBJpJBj_QRY8zjVdK9YoQKRDJhn2whwX
NHNP-A8k42Mjn; _culture=en-us; currentNavLi=link246;
ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed%
22%3A-1%7D
Host: 192.168.1.3
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Recommendations
Alert variants
Details
HTML form without CSRF protection

Medium
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as
CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are
transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details
for more information about the affected HTML form.
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
Form name: <empty>
Form action: http://192.168.1.3/home/setculture
Form method: POST
Form inputs:
- culture [Radio]
GET / HTTP/1.1
Referer: http://192.168.1.3/Account/Login?ReturnUrl=/
(line truncated)
...oDOFcOoz3AqF1-FalpZl_SWT3FLPPFZnoSbp18e1eYm1KELqI461aOEgqSW6dGrMxiPzyXvsJTCYRPmcK8UVa
DLK9eY6ahO3BxsGKaSFM8xhBx5rkacvc_Q9QTBR7w9Zk-VKXHuUesCpxmp4JUxJiru9csM3VTSLnOfpqvFzuKapU
4p6wFA2rhu3vCxLOfbXRG7TpAA4HfRsl1lY5N6FYVtiGxufwAdQzR1Na9waQPHyCJ0vB-K1ztjbD8Mr5hMCQZYGs
VCO6m0Kj7gJlcpi7PcRTIimTgtPY10gCXI-4mVvnG6G77BMrygTpTY6k1QsbDLfJxNrHa3VLCK1zIIkqKB09is5Q
myIBBDRS9lLKZ9cs-w5Rz1cXsW4YCd4FhDbqy2wThl2u70vvPsCm_CCMrip0WHswFbpNS437EcivGC8ST1qhMZhY
qvgpbyzQFOVR2O74ktxWQ0ij_U4Hpb0znFvV8aKDQgDv3FKMNCv6WROL-age7fl
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Host: 192.168.1.3
Parameter
/
Alert group
Severity
Description
Recommendations
Alert variants
Details
Internal server error

Medium
This page contains an error/warning message that may disclose sensitive information. The
message can also contain the location of the file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
Review the source code for this script.
Path Fragment input / was set to
Error message found: Internal Server Error
GET //appaybleinvoices HTTP/1.1

Referer: http://192.168.1.3:80/
(line truncated)
...5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnAVBpgUWs07VAAg57U2A-ePmNuZAEnIgAEnw
ZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayzrGCTNEXe9QDzjZDnJ4usa-RYZfscchlzB7
F39AJ4dOnwb8beVrES8-eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BBomYolVYqqy8qjhOEwEtRpsgtft6k8q_Udo
MLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1oko_ADvYHSMyfwI85Bg75Mo78OboIVY3P0mSc0k9xVMgCXfc1B-9ZjkCJa
QxH5kjh0ASBHu; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
GET //accountstransactions/details/1098 HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
...lg_W4JZUZLzFcZ16WR4m2WqXMTcN_bT4OKJRROQLdc4IhjGMku4kEZkTCyWmgfq7UnaM3s0TNT2n1WyIGz9rW
LUel-3jOAJo4kifE9gh3sYw97zF0LcxBgK3eOVWqys5NnaR0495W2zh3lSrDMS16cGJxR3VIbiOqXOqyq-tJTf9h
iRt7gpfomAvLLP0u_WoyVDyrpPIS0hEIwLs1_tGq9qYcTLtokWrLUSGW0jjvsPBLdWtdUlZ2eVXoSV81FBLJdPXq
n1WEivbQKSlT4Q-36uvnJn2fJJ3Dx8uPcdI0GeefZD8oCrKtU1yhNmfBmL0aeqEosUMW6fLQo4lZ9KCiYACy3oVg
yPEkzbLNgBmcc; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
GET /account/delete/ HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
...M459u83vSh3ll15h8px9ed6YnSsSQTUVEvaFeAMSKPHzgicAs0N3_3cEuQ5VoyGfnfI63BHPtmvtA_GnS4zEj
Vb23G9kkkQTYbWUlbyHY9dNV542vXzCwapDDvOVzMy0v2U02NoFxkE2cFqslIHLppw7VJ8vMPL_b5YjjWti3c2lf
Na8KndAuqz2ApC4zSfNWLsvhEru_3a7bdVHv0ENvb29o9v56H8bbWZ3qVBd4Ti8Y2Z81Mgjm_aQO5MZmKZavTg7r
Q9QZvSi_7DWOOPDlO6WjKaGcgjg-1DOgvkxEOw9ev8Vupshw8yF9srEqWqKjwFK3KsxEaOQ8_viGeejIwAvqFnzb
uh_awwEJERBep; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Recommendations
Alert variants
Details
ASP.NET version disclosure

Low
The HTTP responses returned by this web application include anheader named X-AspNet-Version.
The value of this header is used by Visual Studio to determine which version of ASP.NET is in use.
It is not necessary for production sites and should be disabled.
Apply the following changes to the web.config file to prevent ASP.NET version disclosure:
<System.Web>
<httpRuntime enableVersionHeader="false" />
</System.Web>
Version information found: 4.0.30319
GET /|~.aspx HTTP/1.1

Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Recommendations
Alert variants
Details
Cookie without HttpOnly flag set

Low
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it
instructs the browser that the cookie can only be accessed by the server and not by client-side
scripts. This is an important security protection for session cookies.
If possible, you should set the HTTPOnly flag for this cookie.
Cookie name: "currentNavLi"
Cookie domain: "192.168.1.3"
GET / HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Cookie name: "_culture"
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Cookie name: "ace_settings"
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Recommendations
Alert variants
Details
Cookie without Secure flag set

Low
This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it
instructs the browser that the cookie can only be accessed over secure SSL channels. This is an
important security protection for session cookies.
If possible, you should set the Secure flag for this cookie.
Cookie name: "awwce-MyCookieName-2016-erp"
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Cookie name: "ace_settings"
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Cookie name: "__RequestVerificationToken"
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Cookie name: "currentNavLi"
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Cookie name: "_culture"
GET / HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Recommendations
Alert variants
Details
Microsoft IIS version disclosure

Informational
The HTTP responses returned by this web application include a header named Server. The value
of this header includes the version of Microsoft IIS server.
Microsoft IIS should be configured to remove unwanted HTTP response headers from the
response. Consult web references for more information.
Version information found: Microsoft-IIS/8.5
GET /|~.aspx HTTP/1.1

Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/account
Form method: POST
Form inputs:
- SearchString [Text]
GET /account HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: *****
Acunetix-Aspect-Queries: filelist;aspectalerts
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Form name: <empty>
Form action: http://192.168.1.3/account
Form method: POST
Form inputs:
- SearchString [Text]

Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Email address found

Informational
One or more email addresses have been found on this page. The majority of spam comes from
email addresses harvested off the internet. The spam-bots (also known as email harvesters and
email extractors) are programs that scour the internet looking for email addresses on any website
they come across. Spambot programs look for strings like myname@mydomain.com and then
record any addresses found.
Check references for details on how to solve this problem.
Recommendations
Alert variants
Details
Pattern found: info@awwwce.com
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/delete/enanu
Parameter
__RequestVerificationToken
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input __RequestVerificationToken was set to
POST /account/delete/enanu HTTP/1.1

Content-Length: 27
Content-Type: application/x-www-form-urlencoded
Referer: http://192.168.1.3:80/
(line truncated)
...B3PK0n0jy6yP-3kgxKpRlkXJfIhVqvf_wSm8o-r39cF_lC_YaQ1mf9C9tcNkjoN4zp3OrY7QkPqMlYvJav9pZ
uCJ8cTRgA8X78VUEt2D8wxWEALrMZFgJy-PvCZipcD5vL3utff6Yl_gW5KBkvKXP_EK7tRRW3xl_yny11QOpLrty
uYTuUqDanVzm9VpvEebzTCf0puobKYSn-O3g0l3wp8Xli1Jws4BmUx4Ih3_G6kZak0nXnTDrUCExFGG94NxJrYHa
mXQCIi_EUzjPb3p69TItm9bC3Evv8eRi_W2f8KRp0rbneGGB7s_Hx9VI8e1MUrSosoie6Vrxbo-tFumxx3Gzyw-s
SAFULWFIPaKGC; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
__RequestVerificationToken=
/account/delete/endalamaw
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

POST /account/delete/endalamaw HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/delete/zelalem
Parameter
Alert group
Severity
Description
Recommendations

Medium
10
Alert variants
Details

POST /account/delete/zelalem HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Email address found

Informational
Recommendations
Alert variants
Details
GET /account/delete/zelalem HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/account
(line truncated)
...UISHYb75Myuir1JzwsC0FNA9nM7TBOL8DKPCwlySYeLOgcxJ-uYkTktkPKFhAh4lOppFWGZpMQ5S9OE-KF8x5
zdY-A9dOkPP4NmkX071rFmHJATnasgOGDugGN5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnA
VBpgUWs07VAAg57U2A-ePmNuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayz
rGCTNEXe9QDzjZDnJ4usa-RYZfscchlzB7F39AJ4dOnwb8beVrES8-eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BB
omYolVYqqy8qjhOEwEtRpsgtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1oko_ADvYHSMyfwI85Bg75Mo7
8OboIVY3P0mSc0k9xVMgCXfc1B-9ZjkCJaQxH5kjh0ASBHu; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/edit/enanu
Parameter
Alert group
Severity
Description
Recommendations

Medium
11
Alert variants
Details

POST /account/edit/enanu HTTP/1.1
Content-Length: 99
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=Mesfin&UserName=Enanu&__RequestVerific
ationToken=
Parameter
Email
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input Email was set to

Content-Length: 232
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=&FirstName=Enanu&LastName=Mesfin&UserName=Enanu&__RequestVerificationToken=FAG9Cdc
aBEOXNRYXPdl2FZp4blYlAllK7ownc_P3zecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih
3XxaZbI_-5s3vrxCwftq3P83diyQ13hEM-xw6k3oWyJJmHMO9S71ZLQ2
Parameter
FirstName
Alert group
Severity

Medium
12
Description
Recommendations
Alert variants
Details
URL encoded POST input FirstName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

Content-Length: 287
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&LastName=M
esfin&UserName=Enanu&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7ownc_P3
zecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEM
-xw6k3oWyJJmHMO9S71ZLQ2
Parameter
LastName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input LastName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
13

Content-Length: 286
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
&UserName=Enanu&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7ownc_P3z
ecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEMxw6k3oWyJJmHMO9S71ZLQ2
Parameter
UserName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input UserName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

Content-Length: 287
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=Mesfin&UserName=12345'"\'\");|]*%00{%0
d%0a<%00>%bf%27'&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7ownc_P3
zecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEM
-xw6k3oWyJJmHMO9S71ZLQ2
/account/edit/endalamaw
Parameter
FirstName
Alert group
Severity
Application error message

Medium
14
Description
Recommendations
Alert variants
Details
URL encoded POST input FirstName was set to S0FyZnY3SmVZ

POST /account/edit/endalamaw HTTP/1.1
Content-Length: 260
(line truncated)
...cnBcB0mBDXweyHq8QSx91oMDsyM-jFrIkS6l04jSNkCMTXHF-gnxV5NvJgpGeh2Xg9ZNzWcMxoh0o8wu9kqGK
pnZa9WGi8KPYlt7KlLzoSSRwp3jkQLWEIzoqEJar8jDgRaHSDtxtO6XGU_2aXFNEsvbEZMBBROmHuYrJBbwCDn-S
xc51B05xsHkshOnLMtusF-eKvP39OskgurwoWfmT2WWYhKf6ig0odnIxCxz46b6Asp4HpXiOpUhadws6_L0v-ia7
GWIkYcFCioSrrDXhOz5Xd8RiF0RkzASVeZOzgyUwn7E2qMwirbXu8h9qVMnsVosck80Q0wkN10UE6uqVAsUPSQRb
GrDZTQG2en1Gw; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=S0FyZnY3SmVZ&LastName=worku&UserName=Endalamaw&__Requ
estVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaL
eSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
Parameter
UserName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input UserName was set to SXNCTGFobUE3

Content-Length: 260
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=worku&UserName=SXNCTGFobUE3&__Requ
estVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaL
eSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
Parameter
Alert group
15
Severity
Description
Recommendations
Alert variants
Details
Medium

Content-Length: 106
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=worku&UserName=Endalamaw&__Request
VerificationToken=
Parameter
Email
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input Email was set to

Content-Length: 239
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=&FirstName=endalamaw&LastName=worku&UserName=Endalamaw&__RequestVerificationToken=
As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo
3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
16
Parameter
FirstName
Alert group
Severity
Description

Medium
Recommendations
Alert variants
Details
URL encoded POST input FirstName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

Content-Length: 290
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&LastName=w
orku&UserName=Endalamaw&__RequestVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQj
E0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1Yrv
aAJhHKy6QszJBYvo4FvZgwYiA2
Parameter
LastName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input LastName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
17

Content-Length: 294
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&UserName=Endalamaw&__RequestVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6i
WmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
Parameter
UserName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input UserName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

Content-Length: 290
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=worku&UserName=12345'"\'\");|]*%00
{%0d%0a<%00>%bf%27'&__RequestVerificationToken=As4c8-HE76KuLt6d_oQBFSYuNbE24OC6iWmQj
E0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_2ZfiAVRLLoQbGiDKD2bUHQ-1Yrv
aAJhHKy6QszJBYvo4FvZgwYiA2
/account/edit/zelalem
Parameter
LastName
Alert group
Severity

Medium
18
Description
Recommendations
Alert variants
Details
URL encoded POST input LastName was set to cWhxWmZCaW1R

POST /account/edit/zelalem HTTP/1.1
Content-Length: 259
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Email=info%40awwwce.com&FirstName=Zelalem&LastName=cWhxWmZCaW1R&UserName=zelalem&__Reque
stVerificationToken=4YYOqtabI3kC3wWcZ6AqiXvvT2lQewWko82j20pEbXIXQWP7r_k69SusTjwYWLKRVQW9
7dtHOFx_OhjyUcAOUik-6IcFeRxOwEd2OrtJvF08gkRrTffEidVNnACwkCRSSyEs_eL-cyPSgRmTx2LEUA2
Alert group
Severity
Description
Email address found

Informational
Recommendations
Alert variants
Details
GET /account/edit/zelalem HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/login
Parameter
Password
Alert group
19
Severity
Description
Recommendations
Alert variants
Details
Medium
URL encoded POST input Password was set to S0NYNWRvajhK

POST /account/login?ReturnUrl=/ HTTP/1.1
Content-Length: 173
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=S0NYNWRvajhK&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvS
Kp1id3_Fif9J_0ntZlXEP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

POST /account/login HTTP/1.1
Content-Length: 71
Referer: http://192.168.1.3:80/
(line truncated)
...RBDQdv0mbjXmSgSSpkVwfWC9RwYR43hNjfGxzdPMhg5Ysdz_0gcFwBTS4GteKd_mx9DRXdaeO-kyuU6r5KHt8
O1ibCO-0M9rVBFbODB2jFCfH5qld0c-LDHch_EwkoX3PaKlxf9DoMtgG4ASOH-cnX-wdEX7nYFUdKFxyxW6G2K9s
RhQigZKEp2H4SbVciAYk6QM0EFN8chZYn4ECOJhPgXeujeahL0-kh6nHNcWJLoRTz9EKWBtM3pSx08zoQcWNAqIS
xqJ0m86Rm-xid-uO3ujIXQCLmErb0r83yGVGDOogOrQO0Dqo-tCD6sTbTOKjn_lloKMZSAiSS_ufHdeX9DAi-Td9
DyrasfuQyVXnh; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=g00dPa%24%24w0rD&UserName=sxdgcsyd&__RequestVerificationToken=
Details
20

Content-Length: 62
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=Password1&UserName=tester&__RequestVerificationToken=
Parameter
Password
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input Password was set to

Content-Length: 161
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1id3_Fif9J
_0ntZlXEP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
Parameter
ReturnUrl
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded GET input ReturnUrl was set to

POST /account/login?ReturnUrl= HTTP/1.1
Content-Length: 170
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=Password1&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1
id3_Fif9J_0ntZlXEP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
Parameter
UserName
21
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input UserName was set to

Content-Length: 164
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=Password1&UserName=&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1id3_Fi
f9J_0ntZlXEP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
Alert group
Severity
Description
Recommendations
Alert variants
Details
User credentials are sent in clear text

Medium
User credentials are transmitted over an unencrypted channel. This information should always be
transferred via an encrypted channel (HTTPS) to avoid being intercepted by malicious users.
Because user credentials are considered sensitive information, should always be transferred to the
server over an encrypted connection (HTTPS).
Form name: <empty>
Form action: http://192.168.1.3/account/login
Form method: POST
Form inputs:
- __RequestVerificationToken [Hidden]
- UserName [Text]
- Password [Password]
GET /account/login HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Login page password-guessing attack

Low
22
Description
Recommendations
A common threat web developers face is a password-guessing attack known as a brute force
attack. A brute-force attack is an attempt to discover a password by systematically trying every
possible combination of letters, numbers, and symbols until you discover the one correct
combination that works.
This login page doesn't have any protection against password-guessing attacks (brute force
attacks). It's recommended to implement some type of account lockout after a defined number of
incorrect password attempts. Consult Web references for more information about fixing this
problem.
It's recommended to implement some type of account lockout after a defined number of incorrect
password attempts.
Alert variants
Details
The scanner tested 10 invalid credentials and no account lockout was detected.
Content-Length: 214
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=4PBptj6n&UserName=lwir1kAu&__RequestVerificationToken=_uDCtrunIm4qmJUlyN2TRxSyz
o-QQxlXf5sXQAyMB2-eXDGfp16Nf_78l91wFgoGrZYn74Qbtyv7bL8oCsPGV4Ooi1fJmVyukcPReECkScFY3B8QgqLyo-iz7aR0cpBrYCJ8gTzo1B_pGQQIzt8hg2
Alert group
Severity
Description
Recommendations
Password type input with auto-complete enabled

Informational
When a new name and password is entered in a form and the form is submitted, the browser asks
if the password should be saved.Thereafter when the form is displayed, the name and password
are filled in automatically or are completed as the name is entered. An attacker with local access
could obtain the cleartext password from the browser cache.
The password auto-complete should be disabled in sensitive applications.
To disable auto-complete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
Alert variants
Details
Password type input named Password from unnamed form with action /Account/Login has
autocomplete enabled.
GET /account/login HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/login (1f2dc0e26bedda9d5aebd00f748cb9d1)
Alert group
Severity

Informational
23
Description
Recommendations
Alert variants
Details
Password type input named Password from unnamed form with action
/Account/Login?ReturnUrl=%2Froles has autocomplete enabled.
GET /account/login?ReturnUrl=/roles HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/roles
(line truncated)
...xnsdSs-WJm2vPKGIEmtDE-XKwOk-XSFJ6DEW7R4pXv9V2r3EIVZ3a06CubQeDQlBX7aznpeHIoMPjDcyQ1vJx
IR7On9Rqe1JKB4AgCTtqV-SnoA7rw7m0I2YOzR9Q3AQ0bjb_EkD5sVyU3DJoFfFYq5D5p17_XV2k5QyskPeo28J3
TxOFsvi2qKkKUjtz8oUqiSQ4JlMY8a2Ug80Fb9YUsdGQGORe42CwrMcRc068gs-XxlgDyxj1Gm-2s33eQPQFw12d
olvrBc6yDvykD_uF6sOtGPXCLiFNrjwTp5dTP8mJcWchnJMenky-fIiTvP_Hm_uDO6r33O6F73-mdKSJxCmOQLgp
YyNiZmTKgbDKXRnKTaMUOLYKzs0DAbk7NYarkSqqYc2plWuSJ7MJOnMI2IFiNNUsnLpGW03V8hv7XZn0eociDXiO
luNjnMHKM-JryeCxYTaqrb8Sg8wDvkmMpkAfMJvuhuSwCL8; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/login (8f687fa47b22a02f27a3174aed84ccc0)
Alert group
Severity
Description
Recommendations

Informational
Alert variants
Details
/Account/Login?ReturnUrl=%2Fhr%2Fallowances has autocomplete enabled.
GET /account/login?ReturnUrl=/hr/allowances HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/hr/allowances
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
24
/account/login (943495a8bf6f8beb8b22c44cf845bd3f)
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/account/login
Form method: POST
Form inputs:
- UserName [Text]
Pragma: no-cache
Referer: http://192.168.1.3/account/login
Content-Length: 222
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Password=g00dPa%24%24w0rD&UserName=glpscbtu&__RequestVerificationToken=p-Ya6dj2VyJop_m5E
xsk2R3Ct821rXO6ASuxLaEOUjpM5gT_fIl_HaWhg9uZ5bW-QMQx9ae7oZvshfI_q25E-Qwm9FCmr4VYF3L34UBZb
UxQndssCSydRmQ7cPytqX1_vGWfaK0vsHo4sjtmZlPu1w2
/account/login (d4c7aaa78ab87dfcc2f6d60cf3c9605e)
Alert group
Severity
Description
Recommendations
Alert variants
Details

Informational
/Account/Login?ReturnUrl=%2F has autocomplete enabled.
25
GET /Account/Login?ReturnUrl=/ HTTP/1.1

Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/login (f679e9569fc981ca88e5e9c01ef99b87)
Alert group
Severity
Description
Recommendations

Informational
Alert variants
Details
/Account/Login?ReturnUrl=%2Fhr%2Fcosigns has autocomplete enabled.
GET /account/login?ReturnUrl=/hr/cosigns HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/hr/cosigns
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/logoff
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details
Medium
26
POST /account/logoff HTTP/1.1

Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
...iDg8hb0NHslbwF2_YVhNn_1YHMf0CY7uXyqdZ_cX7AZsnXrvE6o7XHzqHQE2Z5I9OAPUTzd1I_Qp7uytzBpt7
5Ez0-QBI6jfUohCNvCCWY0zeu0A1VcGzIpnn3U0Haa_iHN_asl2UI0rDzRpggMT3mfMeHrDDz2b9hZzJ7HxYaEwS
Xmn5ZDZ_MC81uY6YoiB43uCpphufDDpbyW8rIrUrblDlGuZVO7k8qdZC7_XdMOVAH4c8nUIHYDGrTiRE-Qwek6mu
gQbM8KLMPHmBnjRvWXOC_uEBNqFLt0yLJANbO50pnBKmVtGELqIfF32huLwFxnjzqwanybjWY6zeJnkOe830Qb9r
OU3WVqb0cbopO; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/register
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details
Medium

POST /account/register HTTP/1.1
Content-Length: 166
Referer: http://192.168.1.3:80/
(line truncated)
...RBDQdv0mbjXmSgSSpkVwfWC9RwYR43hNjfGxzdPMhg5Ysdz_0gcFwBTS4GteKd_mx9DRXdaeO-kyuU6r5KHt8
O1ibCO-0M9rVBFbODB2jFCfH5qld0c-LDHch_EwkoX3PaKlxf9DoMtgG4ASOH-cnX-wdEX7nYFUdKFxyxW6G2K9s
RhQigZKEp2H4SbVciAYk6QM0EFN8chZYn4ECOJhPgXeujeahL0-kh6nHNcWJLoRTz9EKWBtM3pSx08zoQcWNAqIS
xqJ0m86Rm-xid-uO3ujIXQCLmErb0r83yGVGDOogOrQO0Dqo-tCD6sTbTOKjn_lloKMZSAiSS_ufHdeX9DAi-Td9
DyrasfuQyVXnh; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ConfirmPassword=g00dPa%24%24w0rD&Email=sample%40email.tst&FirstName=btwpdekw&LastName=bt
wpdekw&Password=g00dPa%24%24w0rD&UserName=btwpdekw&__RequestVerificationToken=
Alert group
Severity
Description
Recommendations

Medium
Alert variants
27
Details
Form name: <empty>

Form action: http://192.168.1.3/account/register
Form method: POST
Form inputs:
- UserName [Text]
- ConfirmPassword [Password]
- LastName [Text]
- FirstName [Text]
- Email [Text]
GET /account/register HTTP/1.1
Pragma: no-cache
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Recommendations
Alert variants
Details

Informational
Password type input named Password from unnamed form with action /Account/Register has
autocomplete enabled.
28

Pragma: no-cache
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Password type input named ConfirmPassword from unnamed form with action /Account/Register
has autocomplete enabled.
Pragma: no-cache
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/account/usergroups/enanu
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
POST (multipart) input __RequestVerificationToken was set to

POST /account/usergroups/enanu HTTP/1.1
Content-Length: 1960
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_RAUJOURFRB
Referer: http://192.168.1.3:80/
(line truncated)
...0WBH55ZC00EeRfbzXiwBivu6ArdjVOFwr8lDdiP2tMC1jplF-9TI8zQ3h-6GF0uN2yUenoMjxVQIqxvBhx-El
6SilcMGC072lS2hnYOG-UKvHvw3GbzjsPvrABu-Q40naiplhYVlDOelf1OLkZQTcvjXQ1NlkXBhMYbtmrXY_iumC
_7T8GFIoY7PJ59WgjM-LeQ3rMz5Q61-FcOMIfjF9XrU-_sD0sOgsZCHwmWOMMzASxIhy9TDTcbIZU-C1muzXIBq
29
XwF2g1elPPTFmU52vjD83PT41gWMJauef1e7KjdtlWrCM29OxOOPyAn2XRcNl8b56U1wQqCL3u91rNumArzqW7hT
fIOF6WB5-4bnKw; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_RAUJOURFRB
Content-Disposition: form-data; name="Groups[0].GroupId"
1
Content-Disposition: form-data; name="Groups[0].Selected"
false
4
5
false
6
true
7
true
8
true
9
true
10
30
true
11
true
Content-Disposition: form-data; name="UserName"
Enanu
Content-Disposition: form-data; name="__RequestVerificationToken"
-------AcunetixBoundary_RAUJOURFRB-Parameter
Groups[0].GroupId
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
POST (multipart) input Groups[0].GroupId was set to 1

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_VEJPINKYXH
Referer: http://192.168.1.3:80/
(line truncated)
...Lu9oqJmnPHBFavIacie1xFtX1g8MmPCIAcinTl3koAYBSCb_bjlhVlSyWg4rcDXzJzEPICJoukYjWngZ6ykWu
z6c4giemFeWbArlAQEsfswhgQX7oxuMGQjO_MgNdraqhXI9zRxyx34RWdTOJ-oKtUUWHw--BfbJPe_QWW2hQfXtw
PO84jcxsib7bt2_4Jrd5zVmi8vnz1YPo3OUBcM3Bgzq8Gj5w2WhT9Qb2Pde7T1S8kxo_9kFjsPPnmWeZv9Ce3CBh
H6_wArZshAnUsx4tNxkx16f10fmmQfs78kqGwx2Rt3J08oh2GwK6ep23iy0TLCa4jFTnp_ElkTG8Yx9VS1T01UfB
P2pBBs8Vvd_m_; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_VEJPINKYXH
Content-Disposition: form-data; name="Groups[0].GroupId[]"
1
false
4
31
5
false
6
true
7
true
8
true
9
true
10
true
11
true
Enanu
id4F7HKEp-2NoCOhw57NBlpZvNECOZtalrV62dIubpxQ0QMVYmeiX6EMxWyNt0yCsbwdxWaUR1huDrpuOu6CGNC0
aauRQWG4ksGXIuIGS4ZIezE8zze5i4rCulTLJ7xkD1pvhHfanh2M4bbr0At7QQ2
-------AcunetixBoundary_VEJPINKYXH-Parameter
Groups[1].GroupId
Alert group
32
Severity
Description
Recommendations
Alert variants
Details
Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_FGDQVSWTNK
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_FGDQVSWTNK
1
false
4
5
false
6
true
7
true
33
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_FGDQVSWTNK-Parameter
Groups[2].GroupId
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_CGJAHGVTBE
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
34
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_CGJAHGVTBE
1
false
4
5
false
6
true
7
true
8
true
9
true
10
true
35
11
true
Enanu
-------AcunetixBoundary_CGJAHGVTBE-Parameter
Groups[3].GroupId
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_ISPFJXUXSR
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_ISPFJXUXSR
1
false
4
5
36
false
6
true
7
true
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_ISPFJXUXSR-Parameter
Groups[3].Selected
Alert group
Severity

Medium
37
Description
Recommendations
Alert variants
Details
POST (multipart) input Groups[3].Selected was set to

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_IWDXKLYMHS
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_IWDXKLYMHS
1
false
4
5
false
6
7
true
8
38
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_IWDXKLYMHS-Parameter
Groups[4].GroupId
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_DNVDDGLXSV
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
39
-------AcunetixBoundary_DNVDDGLXSV
1
false
4
5
false
6
true
7
true
8
true
9
true
10
true
11
40
true
Enanu
-------AcunetixBoundary_DNVDDGLXSV-Parameter
Groups[4].Selected
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_RJHNRTUOGK
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_RJHNRTUOGK
1
false
4
5
false
6
41
true
7
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_RJHNRTUOGK-Parameter
Groups[5].GroupId
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MVVBBEOTBY
Referer: http://192.168.1.3:80/
42
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_MVVBBEOTBY
1
false
4
5
false
6
true
7
true
8
true
9
true
43
10
true
11
true
Enanu
-------AcunetixBoundary_MVVBBEOTBY-Parameter
Groups[5].Selected
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_EKYISYPALU
Referer: http://192.168.1.3:80/
(line truncated)
_7T8GFIoY7PJ59WgjM-LeQ3rMz5Q61-FcOMIfjF9XrU-_sD0sOgsZCHwmWOMMzASxIhy9TDTcbIZU-C1muzXIBqX
wF2g1elPPTFmU52vjD83PT41gWMJauef1e7KjdtlWrCM29OxOOPyAn2XRcNl8b56U1wQqCL3u91rNumArzqW7hTf
IOF6WB5-4bnKw; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_EKYISYPALU
1
false
44

4
5
false
6
true
7
true
8
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_EKYISYPALU-Parameter
Groups[6].GroupId
45
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_OHUOPLUDVW
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_OHUOPLUDVW
1
false
4
5
false
6
true
7
true
46
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_OHUOPLUDVW-Parameter
Groups[6].Selected
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_SYTJYGTPBW
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
47
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_SYTJYGTPBW
1
false
4
5
false
6
true
7
true
8
true
9
10
true
11
48
true
Enanu
-------AcunetixBoundary_SYTJYGTPBW-Parameter
Groups[7].GroupId
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_WXCBGWKKYI
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_WXCBGWKKYI
1
false
4
5
false
49

6
true
7
true
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_WXCBGWKKYI-Parameter
Groups[7].Selected
Alert group
Severity
Description
Recommendations

Medium
50
Alert variants
Details

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MMEWNHJWYL
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_MMEWNHJWYL
1
false
4
5
false
6
true
7
true
8
true
51
9
true
10
11
true
Enanu
-------AcunetixBoundary_MMEWNHJWYL-Parameter
Groups[8].GroupId
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_QAWAULLAVY
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_QAWAULLAVY
1
52

false
4
5
false
6
true
7
true
8
true
9
true
10
true
11
true
Enanu
53
-------AcunetixBoundary_QAWAULLAVY-Parameter
Groups[8].Selected
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MPVYSDWOXV
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_MPVYSDWOXV
1
false
4
5
false
6
true
54

7
true
8
true
9
true
10
true
11
Enanu
-------AcunetixBoundary_MPVYSDWOXV-Parameter
UserName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
POST (multipart) input UserName was set to

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_KSYNUQKWLN
Referer: http://192.168.1.3:80/
(line truncated)
wF2g1elPPTFmU52vjD83PT41gWMJauef1e7KjdtlWrCM29OxOOPyAn2XRcNl8b56U1wQqCL3u91rNumArzqW7hT
55
fIOF6WB5-4bnKw; _culture=en-us; currentNavLi=link246;

22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_KSYNUQKWLN
1
false
4
5
false
6
true
7
true
8
true
9
true
10
56

true
11
true
-------AcunetixBoundary_KSYNUQKWLN-/account/usergroups/endalamaw
Parameter
UserName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
POST (multipart) input UserName was set to RmN2c1RsckFS

POST /account/usergroups/endalamaw HTTP/1.1
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_DWREWXOHXT
(line truncated)
...FvmPG24a-w-brBQvVb4hF5AV-MfDPO1NZ3anCIwlVZEXBONCN7eUcONo4M8M3JKcHu2zwHlwukIbuZKsHMO1W
4sXv9k3KHu8rJOPzEsvi35ECZ7RFKFBZg16PhKjeYGbARPzfvDLkOZIgSMxYvIl3QVVqVnmPbjvjFdUUWw3aNxmi
M8CXHwvc_fe1LEXLjYcr7kJR-w81P7gvXCpJBulFDNyvyt8tDdQnJAcdDf4sd8Kkn6S8LXF7v1AHMhjSHmGUJyOG
fn3_oTSyKNSbM_UDOqIsAnj54auNBphOn0QyW8jBdnag7ruZxSAfrMtCD6-xxZeQUc8J_zFnCwfdeWJorQZYRsDQ
A8_4Tc9_R8G38; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_DWREWXOHXT
1
true
4
57

true
5
true
6
true
7
true
8
true
9
true
10
true
11
true
RmN2c1RsckFS
5kcpYlqIXEhLtMQ3CUHxvFcy_lH2nYm14H5e-TfjTBWt92R-3-RTuUtXIhQ8RjuCBwVJ56fmdWVKzmr50VbA8Vt
58
wQPBgCaWefS24PKZL5ANOW3BmbgLmGpHm8iANuuR-7jymWN_ildjlN9jsa1PjTg2
-------AcunetixBoundary_DWREWXOHXT-/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
Alert group
Severity
Description
Possible username or password disclosure

Informational
A username and/or password was found in this file. This information could be sensitive.

Recommendations Remove this file from your website or change its permissions to remove access.
Alert variants
Details
Pattern found: pass:before
GET /content/ace/font-awesome/4.2.0/css/font-awesome.min.css HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/account/login
Cookie:
__RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uE
LYgh-lz-hQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/content/kendo/2016.1.112/%23clip
Alert group
Severity
Description
Recommendations
Alert variants
Details
Broken links
Informational
A broken link refers to any link that should take you to a document, image or webpage, that actually
results in an error. This page was linked from the website but it is inaccessible.
Remove the links to this file or make it accessible.
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file
(marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.
GET /content/kendo/2016.1.112/%23clip HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/content/kendo/2016.1.112/kendo.mobile.all.min.css
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/accountstransactions
Alert group
Severity

Medium
59
Description
Recommendations
Alert variants
Details

Form name: <empty>
Form action: http://192.168.1.3/finance/accountstransactions
Form method: POST
Form inputs:
- CategoryNames [Select]
- Period [Select]
- Source [Text]
- JournalReferences [Text]
- EffectiveDates [Text]
GET /finance/accountstransactions HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
Alert group
Severity
Description
Recommendations
Alert variants
Details
Broken links
Informational
A broken link refers to any link that should take you to a document, image or webpage, that actually
results in an error. This page was linked from the website but it is inaccessible.
Remove the links to this file or make it accessible.
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file
(marked as "Not Found") > select Referrers Tab from the bottom of the Information pane.
60
GET /finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0 HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/finance/accountstransactions/details/1684
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/bankaccounts/edit/10
Parameter
AccountName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input AccountName was set to

RGVPR1d0cnB6bVVMSzNVaGlEbUJuY2ZGVTljNklWRVZPTDdDQk5Y
POST /finance/bankaccounts/edit/10 HTTP/1.1
Content-Length: 507
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...Code=11140-1-00-CB0025&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-H
ead%20Office-No%20cost%20value-CBE%20Shimbiti%20branch%20Act.No.1000138176499&AccountNam
e=RGVPR1d0cnB6bVVMSzNVaGlEbUJuY2ZGVTljNklWRVZPTDdDQk5Y&AccountNumber=1000138176499&Accou
ntUse=4111111111111111&BankAccountID=10&BankAdress=Bahirdar&BankBranch=Shimbet&BankName=
CBE&Status=true&__RequestVerificationToken=RYv8AQpeT6Z3MBcwqqsvQ7sRSWl_FFKJOa5WdP-z0eLrW
cGK6NreLTLMq8y4JB_M3unm9P4nLqdDMSOrDia0VE9iMvhjk8qC5inMaFI4cbI1
Parameter
BankAdress
Alert group
Severity

Medium
61
Description
Recommendations
Alert variants
Details
URL encoded POST input BankAdress was set to SzZWQlQ2UUE=

Content-Length: 500
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AccountCode=11140-1-00-CB0025&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Ba
nk-Head%20Office-No%20cost%20value-CBE%20Shimbiti%20branch%20Act.No.1000138176499&Accoun
tName=CBE%20shimbet%20Branch%20Working%20Fund&AccountNumber=1000138176499&AccountUse=411
1111111111111&BankAccountID=10&BankAdress=SzZWQlQ2UUE%3d&BankBranch=Shimbet&BankName=CBE
&Status=true&__RequestVerificationToken=RYv8AQpeT6Z3MBcwqqsvQ7sRSWl_FFKJOa5WdP-z0eLrWcGK
6NreLTLMq8y4JB_M3unm9P4nLqdDMSOrDia0VE9iMvhjk8qC5inMaFI4cbI1
Parameter
AccountName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
NEc3UzNNZnJYcm9uR05mNUVYWmJ4OHNsYkt3M2VaZ2JxWkVEM1BhNWxnMjRnRDlWYXNB
ckdOTlJVNG9GeElEbTFpOA==
62

Content-Length: 608
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of%20Ethiopia%20WE/AM/CON/OF
FICE%20West%20amhara&AccountName=NEc3UzNNZnJYcm9uR05mNUVYWmJ4OHNsYkt3M2VaZ2JxWkVEM1BhNWx
nMjRnRDlWYXNBckdOTlJVNG9GeElEbTFpOA%3d%3d&AccountNumber=1000067107237&AccountUse=4111111
111111111&BankAccountID=11&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=
CBE&Status=true&__RequestVerificationToken=shFKwe07pO3NvIMWhIH0yRZVUMTVR-g86pVO1C_Xdhktc
yHf4lNChuFH11MGJIAy0StwTL4ufn-QYKEgbnFEj3Dt0jzp2IQ6MtS5xSX9wSU1
Parameter
BankAdress
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to R0FkcU5ZUW0=

Content-Length: 585
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...0Bank-Head%20Office-No%20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of%20
Ethiopia%20WE/AM/CON/OFFICE%20West%20amhara&AccountName=Comercial%20bank%20of%20Ethiopia
%20WE/AM/CON/OFFICE%20West%20amhara&AccountNumber=1000067107237&AccountUse=4111111111111
111&BankAccountID=11&BankAdress=R0FkcU5ZUW0%3d&BankBranch=Bahirdar%20%20Branch&BankName=
Parameter
BankBranch
Alert group
63
Severity
Description
Recommendations
Alert variants
Details
Medium
URL encoded POST input BankBranch was set to WTRPOEFYemg2aW1ibkhTaUI1R3g=

Content-Length: 589
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...k-Head%20Office-No%20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of%20Ethi
opia%20WE/AM/CON/OFFICE%20West%20amhara&AccountName=Comercial%20bank%20of%20Ethiopia%20W
E/AM/CON/OFFICE%20West%20amhara&AccountNumber=1000067107237&AccountUse=4111111111111111&
BankAccountID=11&BankAdress=Bahirdar&BankBranch=WTRPOEFYemg2aW1ibkhTaUI1R3g%3d&BankName=
Parameter
AccountName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
dldaS09GSmZyYjdKUFJReG1LZngzbDEwa0NuU08zR0VacEFBWW9LY0lEMQ==
64

Content-Length: 524
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...B0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%2
0cost%20value-Cash%20at%20Bank%20-%20CBE%20Equipment&AccountName=dldaS09GSmZyYjdKUFJReG1
LZngzbDEwa0NuU08zR0VacEFBWW9LY0lEMQ%3d%3d&AccountNumber=1000067107644&AccountUse=4111111
CBE&Status=true&__RequestVerificationToken=I0IHEL2KWPoXoSs1XL1pMokqHePWMJxGZRXJWNeBp2Ds8
BY1kc42SCFOYQ0EqTGHMMKzyr9_8-iLFr1p0cAG21JSQLyprh7sQ3slgRAoSDc1
Parameter
BankAdress
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to dkNJeHZHYU0=

Content-Length: 509
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...de=11140-1-00-CB0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Hea
d%20Office-No%20cost%20value-Cash%20at%20Bank%20-%20CBE%20Equipment&AccountName=Equipmen
t%20Administrative%20Working%20Fund&AccountNumber=1000067107644&AccountUse=4111111111111
111&BankAccountID=12&BankAdress=dkNJeHZHYU0%3d&BankBranch=Bahirdar%20%20Branch&BankName=
Parameter
BankBranch
Alert group
65
Severity
Description
Recommendations
Alert variants
Details
Medium
URL encoded POST input BankBranch was set to RnVRbE00ZGxxb3lRTHF2S1JGZjM=

Content-Length: 513
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...1140-1-00-CB0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20
Office-No%20cost%20value-Cash%20at%20Bank%20-%20CBE%20Equipment&AccountName=Equipment%20
Administrative%20Working%20Fund&AccountNumber=1000067107644&AccountUse=4111111111111111&
BankAccountID=12&BankAdress=Bahirdar&BankBranch=RnVRbE00ZGxxb3lRTHF2S1JGZjM%3d&BankName=
Parameter
BankAdress
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to SFRxMUZCNllZ
66

Content-Length: 499
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20PUB%20751%20Comb.&AccountName=CBE%20North%20
East%20branch%20(combolcha)%20Working%20Fund&AccountNumber=1000022322714&AccountUse=4111
111111111111&BankAccountID=13&BankAdress=SFRxMUZCNllZ&BankBranch=combolcha&BankName=CBE&
Status=true&__RequestVerificationToken=w9vTpqvzc4JHCA0h60XZh8eDcfPBt8PM8fR9kGuX7HWdy8XwU
7oSkEl7s0foDNIa1n0-Bb9MdX2ypAriXWQNOhFWJNW57Din2adeovnlZoY1
Parameter
BankBranch
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankBranch was set to a3paOUNoOFBX

Content-Length: 499
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20PUB%20751%20Comb.&AccountName=CBE%20North%20
East%20branch%20(combolcha)%20Working%20Fund&AccountNumber=1000022322714&AccountUse=4111
111111111111&BankAccountID=13&BankAdress=combolcha&BankBranch=a3paOUNoOFBX&BankName=CBE&
Status=true&__RequestVerificationToken=w9vTpqvzc4JHCA0h60XZh8eDcfPBt8PM8fR9kGuX7HWdy8XwU
7oSkEl7s0foDNIa1n0-Bb9MdX2ypAriXWQNOhFWJNW57Din2adeovnlZoY1
Parameter
Alert group
Severity
Medium
67
Description
Recommendations
Alert variants
Details

MlpBc3RPSzltc3JycDdZOUpIS0NEMVh1TjZuMFRoVXZwVUs1MHF3SFNRcFJzeFlDME13WXJF
WXBsSWt1bFI5eDhYSFg0MWZscHZvWnV2Wms2YzN1SXg4ZllienZta0NYMlZqSEc3U2V6RTNr
Content-Length: 491
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20JAWIE&AccountName=Tana%20Belese%20Jawi%20Branch%20
Working%20Fund&AccountNumber=72s001000011&AccountUse=4111111111111111&BankAccountID=14&B
ankAdress=Jawi&BankBranch=Jawi&BankName=CBE&Status=true&__RequestVerificationToken=MlpBc
3RPSzltc3JycDdZOUpIS0NEMVh1TjZuMFRoVXZwVUs1MHF3SFNRcFJzeFlDME13WXJFWXBsSWt1bFI5eDhYSFg0M
WZscHZvWnV2Wms2YzN1SXg4ZllienZta0NYMlZqSEc3U2V6RTNr
Parameter
AccountName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
UlhSZ2ZUdlNnbXJnZ25pdXhvWVNrMHRuQWZXWEQwT2NSNVRGbXcxa2hoWFRjVg==
68

Content-Length: 477
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20JAWIE&AccountName=UlhSZ2ZUdlNnbXJnZ25pdXhvWVNrMHRu
QWZXWEQwT2NSNVRGbXcxa2hoWFRjVg%3d%3d&AccountNumber=72s001000011&AccountUse=4111111111111
111&BankAccountID=14&BankAdress=Jawi&BankBranch=Jawi&BankName=CBE&Status=true&__RequestV
erificationToken=AhpO61V4FqntCkH0fVjelEAf0wdJVIZVEBksqVy0TWSadMWzCgWf67jvI2U0TH64MBKWMtJ
nJuMDWSyX6OkbXIAIUWib2bkbCl4Sdf0C3Ak1
Parameter
AccountNumber
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input AccountNumber was set to dWFoTkEyRm1XSEpD

Content-Length: 459
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20JAWIE&AccountName=Tana%20Belese%20Jawi%20Branch%20
Working%20Fund&AccountNumber=dWFoTkEyRm1XSEpD&AccountUse=4111111111111111&BankAccountID=
14&BankAdress=Jawi&BankBranch=Jawi&BankName=CBE&Status=true&__RequestVerificationToken=A
hpO61V4FqntCkH0fVjelEAf0wdJVIZVEBksqVy0TWSadMWzCgWf67jvI2U0TH64MBKWMtJnJuMDWSyX6OkbXIAIU
Wib2bkbCl4Sdf0C3Ak1
Parameter
BankAdress
Alert group
Severity
Medium
69
Description
Recommendations
Alert variants
Details
URL encoded POST input BankAdress was set to VVZCU3V3dHdi

Content-Length: 527
(line truncated)
...twr3VSr3Ljq2b7xef3Mot0Zd_s0KpKrUcg4MTSm2Qeaxj0HOsBOdwvu9e2EdaetEibPl2vGiMm4rLQ0r3LLFP
jhxnLrk9F6o29vqTaklFxUr_QImSozn0JtA1cj_01VOI7wm25r3KY3eI1_vVROouvLh2qopX5wy3BLjRbQy-hJ6L
v7pJ1l3uB96ddkaDjV1qe0Gnw_n4eSbVqMnDe-e2y-1OBE4Z2ZqGSZswicF3iSRKaDWZDMqgGCEiIepva_Hkgrws
VyUlak-mQoCGfY_mhG2d7hNRsabXDuirpBnWE4mL6S_OEdbEg46u6Eg_B33IDSz1VysDiEhDHgDeE7TJ-ZwCSXG7
neGpgotdyWsJD; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...19&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20co
st%20value-%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20
Branch%20(Combolcha)%20Working%20Fund&AccountNumber=2062111070072012&AccountUse=41111111
11111111&BankAccountID=15&BankAdress=VVZCU3V3dHdi&BankBranch=combolcha&BankName=Abay%20b
ank&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnm
-HkvS3QE31RA-ca6y4kncPRZTUKDs0GzhW62UI2BsOiKzWqI9ZMZ3gVQpkOqAk1
Parameter
BankBranch
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankBranch was set to TjVGS1dyZFJ3
70

Content-Length: 527
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...19&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20co
st%20value-%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20
Branch%20(Combolcha)%20Working%20Fund&AccountNumber=2062111070072012&AccountUse=41111111
11111111&BankAccountID=15&BankAdress=combolcha&BankBranch=TjVGS1dyZFJ3&BankName=Abay%20b
ank&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnm
Parameter
BankName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankName was set to T0h6T3JCNU9hajE=

Content-Length: 531
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...ccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%2
0value-%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20Bran
ch%20(Combolcha)%20Working%20Fund&AccountNumber=2062111070072012&AccountUse=411111111111
1111&BankAccountID=15&BankAdress=combolcha&BankBranch=combolcha&BankName=T0h6T3JCNU9hajE
%3d&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnm
Parameter
AccountName
71
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Q3A0a3dvN25mdFlNRjhsUFA3NW5zc084TXZGbzdWMHBKQ2Y2QUxHWHA5MEJRTGQzWWNn
UEpUS2tsMFZwOGozRUlsOE9TYVhJbA==
Content-Length: 570
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...esc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY%20BANK%20WE/AM/CON/OFFIC
E&AccountName=Q3A0a3dvN25mdFlNRjhsUFA3NW5zc084TXZGbzdWMHBKQ2Y2QUxHWHA5MEJRTGQzWWNnUEpUS2
tsMFZwOGozRUlsOE9TYVhJbA%3d%3d&AccountNumber=2012111007394028&AccountUse=411111111111111
1&BankAccountID=16&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20b
ank&Status=true&__RequestVerificationToken=tVdFhHTflp5UdfE6DfPc9eQ5dfLMclXqPGj05AsfFvk1Y
oV_sGxbRx6xIxXWfpXmpGZ03lB4qnk2vMKHDHmLWqFw21VW13nzM7tJOiOd-0g1
Parameter
BankAdress
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to QjMzUlZoYWU=
72

Content-Length: 545
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY
%20BANK%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%2
0Branch%20Working%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&Bank
AccountID=16&BankAdress=QjMzUlZoYWU%3d&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20b
Parameter
BankBranch
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankBranch was set to dnZ6MFRIbmNkMHMwM1VFdVZTY1c=

Content-Length: 549
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY%20B
ANK%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%20Bra
nch%20Working%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&BankAcco
untID=16&BankAdress=Bahirdar&BankBranch=dnZ6MFRIbmNkMHMwM1VFdVZTY1c%3d&BankName=Abay%20b
Parameter
BankName
Alert group
73
Severity
Description
Recommendations
Alert variants
Details
Medium
URL encoded POST input BankName was set to QUNiRGhSTzhUWHY=

Content-Length: 546
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY%
20BANK%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%20
Branch%20Working%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&BankA
ccountID=16&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=QUNiRGhSTzhUWHY
%3d&Status=true&__RequestVerificationToken=tVdFhHTflp5UdfE6DfPc9eQ5dfLMclXqPGj05AsfFvk1Y
Parameter
AccountName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
cTE2RDlqV1MzcEJkNXRtMzZCbmdBeWxkcmRLYUVOdklaSGw1WkVpdGR1eEZWdWRITmJ0W
TlKM1lReWZyY1M=
74

Content-Length: 573
(line truncated)
...VFTKFOM1N73Fig93JYCIMG1iVT5XfCxGp5lK_R1O9MDTAAcUuJO3xNoqMmoOu-PLIWysxuylQ6DajueMLRp5a
uYn2MyO67cPl04nIMqwhf0fzDVmZfHgxFbVXJpHvMqwL0qLW_1C8A8_lYMoVpfQepSwQlo-PskO-5euWiLGZgHXJ
GSsHWWUumFLU2ahA1WObgRS4_C1t6ee-v2C2ruwIfzSVjTdK1s8zWBIkwFq_PTyOmPH7sijAYYq-R8DUYse8Y11e
tDJ3WIozbe4ZfbbYjNkZuHusTCjFNfuGtjDIqEjYum8Gae2fbF_zFVCvEQFZQCt-Zbn5Nol-9k2zHsITQGPo-nmX
JdFaCs-2ju0Z2; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20Adeyi%20abeba
%20branch%20Act.No.1000135939858&AccountName=cTE2RDlqV1MzcEJkNXRtMzZCbmdBeWxkcmRLYUVOdkl
aSGw1WkVpdGR1eEZWdWRITmJ0WTlKM1lReWZyY1M%3d&AccountNumber=1000135939858&AccountUse=41111
11111111111&BankAccountID=17&BankAdress=Addis%20Ababa&BankBranch=Adeyi%20Ababa&BankName=
CBE&Status=true&__RequestVerificationToken=fo3vA2qramHnQudSeC2VvD-1z-Gc5OeY7IQYy8gQBaWnS
YGRyKIYDO6GtvasiW6ci2TFNLM_kuQNUZn5YUxGXTW9awLycEC8d8rYnD3b0IA1
Parameter
BankAdress
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to OGZiN1NSSmNlTVJ5eA==

Content-Length: 560
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...1&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20
Adeyi%20abeba%20branch%20Act.No.1000135939858&AccountName=CBE%20Addis%20ababa%20Adeyi%20
abeba%20branch%20Working%20Funds&AccountNumber=1000135939858&AccountUse=4111111111111111
&BankAccountID=17&BankAdress=OGZiN1NSSmNlTVJ5eA%3d%3d&BankBranch=Adeyi%20Ababa&BankName=
Parameter
BankBranch
Alert group
75
Severity
Description
Recommendations
Alert variants
Details
Medium
URL encoded POST input BankBranch was set to Vm9CbG9TeHlLbzRycA==

Content-Length: 560
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...1&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20
Adeyi%20abeba%20branch%20Act.No.1000135939858&AccountName=CBE%20Addis%20ababa%20Adeyi%20
abeba%20branch%20Working%20Funds&AccountNumber=1000135939858&AccountUse=4111111111111111
&BankAccountID=17&BankAdress=Addis%20Ababa&BankBranch=Vm9CbG9TeHlLbzRycA%3d%3d&BankName=
Parameter
AccountName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
dWVvV2R6TzlXRm9RbWUzZUZBRzl3aVBibW5TTGR0QldXbnQyb2VmYmVWbDYwUUpjMmFrQ
1cxR1l5Y0NPQ3hXZ2hrVExBMDlCbVRodA==
76

Content-Length: 588
(line truncated)
...-3qXSD0Q_VHN-nxXMePCuntZqQl2b64Y5BlVpGRTYkIJJPfgmJ7v-Y-aQvG8NMZHxJghToB5YokDwLy0-elBY
tY9XJ8Wny6hqzyw2Lc9462pZurtU1sK9mhzbsLwn1ONBbuIglmq-syXvDrhisQuczj5NR1zY6UbHDShTfQNVEWEV
T6wgtDS3SxsdX0LnjH9EP17BFyEHocfJFQ9FfoFJfCvYfr1MIK7qyOP8TkXwWLoLyjIFenifgqUEM-IZ0YkQp83I
V66-iLaklavyzeO0fOYkPFe17RyYhfpagOlhBFWKuD2QQxHw925garPcvrJbh4OCLNBnb6qIKxSFgcRT09bdhvyr
eTl7JNhTyysYX; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...nk-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%20Expenditure%20Act.No.1000
092795218&AccountName=dWVvV2R6TzlXRm9RbWUzZUZBRzl3aVBibW5TTGR0QldXbnQyb2VmYmVWbDYwUUpjMm
FrQ1cxR1l5Y0NPQ3hXZ2hrVExBMDlCbVRodA%3d%3d&AccountNumber=1000092795218&AccountUse=411111
CBE&Status=true&__RequestVerificationToken=l_KdTDXdUdnfPR_ekuVMn8b32M2k_dqUlF6soSpJ9slqd
pgrmO7gbn5ixJYn93xI78MJGALVy_ulniw2I6BE1_5l7S4zpLjdtwZlgC6iHEw1
Parameter
BankAdress
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to Z08wdWFmdEU=

Content-Length: 562
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%2
0Expenditure%20Act.No.1000092795218&AccountName=Working%20%20Fund%20bank%20account%20%5b
%20Yewechi%20Hisab%20Mankesakesha%5d&AccountNumber=1000092795218&AccountUse=411111111111
1111&BankAccountID=6&BankAdress=Z08wdWFmdEU%3d&BankBranch=Bahirdar%20%20Branch&BankName=
Parameter
BankBranch
Alert group
77
Severity
Description
Recommendations
Alert variants
Details
Medium
URL encoded POST input BankBranch was set to cHV3SFd2bjlMaGZCN2xMM2dYYjE=

Content-Length: 566
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...untDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%20Exp
enditure%20Act.No.1000092795218&AccountName=Working%20%20Fund%20bank%20account%20%5b%20Y
ewechi%20Hisab%20Mankesakesha%5d&AccountNumber=1000092795218&AccountUse=4111111111111111
&BankAccountID=6&BankAdress=Bahirdar&BankBranch=cHV3SFd2bjlMaGZCN2xMM2dYYjE%3d&BankName=
Parameter
AccountName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
YVJsN25lV1hscXMzWTBtZWFXczRUV2g2dGFBZg==
78

Content-Length: 534
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...untControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20va
lue-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=YVJsN25lV1hsc
XMzWTBtZWFXczRUV2g2dGFBZg%3d%3d&AccountNumber=2012111000109021&AccountUse=41111111111111
11&BankAccountID=7&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20B
ank&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrK
HSMoKiMj70n3WF7izYNa_RZrI6B7jA7zcoDuVq252NFcav-fmGDaBCk8AjQUIY1
Parameter
BankAdress
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to eHhub2FaaFc=

Content-Length: 524
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...B0009&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%2
0cost%20value-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=Aba
y%20Bank%20working%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&Ban
kAccountID=7&BankAdress=eHhub2FaaFc%3d&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20B
Parameter
BankBranch
Alert group
79
Severity
Description
Recommendations
Alert variants
Details
Medium
URL encoded POST input BankBranch was set to aXZ1V2hkZDR5a1Vqb051dHFsOEQ=

Content-Length: 528
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...9&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cos
t%20value-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=Abay%20
Bank%20working%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&BankAcc
ountID=7&BankAdress=Bahirdar&BankBranch=aXZ1V2hkZDR5a1Vqb051dHFsOEQ%3d&BankName=Abay%20B
Parameter
BankName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankName was set to cnU3UWhyWU9BU0Q=
80

Content-Length: 525
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...0009&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20
cost%20value-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=Abay
%20Bank%20working%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&Bank
AccountID=7&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=cnU3UWhyWU9BU0Q
%3d&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrK
Parameter
AccountName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

UEdTNG1UTWpocFlWR2tIUmttUGtFYnU0eXNPSW40MnJkRkZBOW10ZHJRM1dPdllHaWU=
Content-Length: 556
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...11111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%20bank%20A
/A%20Main%20br.Act.No.1022111000109012&AccountName=UEdTNG1UTWpocFlWR2tIUmttUGtFYnU0eXNPS
W40MnJkRkZBOW10ZHJRM1dPdllHaWU%3d&AccountNumber=1022111000109012&AccountUse=411111111111
1111&BankAccountID=8&BankAdress=Addis%20Ababa&BankBranch=Addis%20Ababa&BankName=Abay%20b
ank&Status=true&__RequestVerificationToken=l3JU9kWYJKu6EpPVCjdrdzrny4_c4LxD8nrKOLEVpWj_3
ptYouSlmtBJczM9lWn2_9sPfTFtp51xIRDBmgV9TR01p_RwjnOrX7Dtls-shFA1
Parameter
BankAdress
81
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to UkRDOUc1clZLSFlXOA==

Content-Length: 547
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...11111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%2
0bank%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20Offi
ce%20%20working%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&BankAc
countID=8&BankAdress=UkRDOUc1clZLSFlXOA%3d%3d&BankBranch=Addis%20Ababa&BankName=Abay%20b
Parameter
BankBranch
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankBranch was set to eUZKSHlTcFhRS1c4NQ==
82

Content-Length: 547
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...11111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%2
0bank%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20Offi
ce%20%20working%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&BankAc
countID=8&BankAdress=Addis%20Ababa&BankBranch=eUZKSHlTcFhRS1c4NQ%3d%3d&BankName=Abay%20b
Parameter
BankName
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankName was set to ckVGbU1CUHE5QVU=

Content-Length: 543
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...l=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Ab
ay%20bank%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20
Office%20%20working%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&Ba
nkAccountID=8&BankAdress=Addis%20Ababa&BankBranch=Addis%20Ababa&BankName=ckVGbU1CUHE5QVU
%3d&Status=true&__RequestVerificationToken=l3JU9kWYJKu6EpPVCjdrdzrny4_c4LxD8nrKOLEVpWj_3
Parameter
AccountName
83
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

emNaTHVxSHR3U05Ed3IyTlRXSDBtM2RSMk8wM2dz
Content-Length: 500
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub%202977&AccountName=e
mNaTHVxSHR3U05Ed3IyTlRXSDBtM2RSMk8wM2dz&AccountNumber=1000012876177&AccountUse=411111111
1111111&BankAccountID=9&BankAdress=Bahirdar&BankBranch=Bahirdar%20%20Branch&BankName=CBE
&Status=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21OEnWTKhaUj_
e9rESH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
Parameter
BankAdress
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankAdress was set to MzZKcm1DUHM=
84

Content-Length: 496
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub%202977&AccountName=R
evenue%20and%20Working%20fund&AccountNumber=1000012876177&AccountUse=4111111111111111&Ba
nkAccountID=9&BankAdress=MzZKcm1DUHM%3d&BankBranch=Bahirdar%20%20Branch&BankName=CBE&Sta
tus=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21OEnWTKhaUj_e9rE
SH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
Parameter
BankBranch
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BankBranch was set to ZVZ2Qzg4Rk01N3JGRUNWc1dLWkE=

Content-Length: 500
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
nk-Head%20Office-No%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub%202977&AccountName=R
evenue%20and%20Working%20fund&AccountNumber=1000012876177&AccountUse=4111111111111111&Ba
nkAccountID=9&BankAdress=Bahirdar&BankBranch=ZVZ2Qzg4Rk01N3JGRUNWc1dLWkE%3d&BankName=CBE
&Status=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21OEnWTKhaUj_
e9rESH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
/finance/budgetagainstpreviousyear
Alert group
Severity

Medium
85
Description
Recommendations
Alert variants
Details

Form name: <empty>
Form action: http://192.168.1.3/finance/budgetagainstpreviousyear
Form method: POST
Form inputs:
- period [Select]
GET /finance/budgetagainstpreviousyear HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/budgetallocationandusage
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/budgetallocationandusage
Form method: POST
Form inputs:
- BudgetYear [Select]
- BudgetMonth [Select]
86
GET /finance/budgetallocationandusage HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/budgetallocationandusage/
Parameter
BudgetYear
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

POST /finance/budgetallocationandusage HTTP/1.1
Content-Length: 68
Referer: http://192.168.1.3:80/
(line truncated)
...cgfpHKf3mTxPvQhVMoeEbYIPwitXutryiR7TgIECWncOX4Iwt9O3Ukf0nS6192tTze32YzdrONn9GSUt3bbDR
ZL2YOTYQ8Tj4g3M6BNCDJZmW0jXdQtC_Qud1aoaas4CUdk4q6Blr_Y6ZxVRc8envb357QP7TJsj7IfwY37oGyqCm
Fq-_mA9jZVWSDm0yF94ycq_lr5P1g5AlS5xiuq401t7uwW9E-bx8lfw8dYfSpm3sijtoc-C1B-vYvELp-lgB_kSx
l6pzcnS28DP0GI4SEUNUbGUzbzCI5jtP8qKoe3abuGR9FpXsJL0JviyH34dbcU4yDd0rp5SSl6CSSo8DWk5QRBes
d5YZ0X4xXf7gZ; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
BudgetMonth=NA&BudgetYear=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
/finance/budgetallocationandusage/budgetallocationandusageexcel
Parameter
BudgetYear
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded GET input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
87
GET
/finance/budgetallocationandusage/budgetallocationandusageexcel?BudgetMonth=NA&BudgetYea
r=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27' HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/budgetallocationandusage/budgetallocationandusageprint
Parameter
BudgetYear
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded GET input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
GET
/finance/budgetallocationandusage/budgetallocationandusageprint?BudgetMonth=NA&BudgetYea
r=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27' HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/json/bankaccounts (6e57e52fb25f1aa27d063b6c42189ce6)
Alert group
Severity
Possible CSRF (Cross-site request forgery)

Informational
88
Description
Recommendations
Manual confirmation is required for this alert.

This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery
(CSRF/XSRF) is a class of attack that affects web based applications with a predictable structure
for invocation. An attacker tricks the user into performing an action of the attackers choosing by
directing the victim's actions on the target application with a link or other content.
The attack works by including a link or script in a page that accesses a site to which the user is
known (or is supposed) to have authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then
victim's browser's attempt to load the image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click
Attack.
Insert custom random tokens into every form and URL that will not be automatically submitted by
the browser. Check References for detailed information on protecting against this vulnerability.
Alert variants
Details
POST /finance/json/bankaccounts HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/json/bankaccounts
Content-Length: 71
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Accounts=1001160141&CostCenter=1&Location=1&SubAccount=4111111111111111
/finance/json/description
Alert group
Severity
Description
Recommendations
Alert variants
Details
Error message on page

Medium
Pattern found: Internal Server Error
89
GET /finance/json/description HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/finance/bankaccounts/edit/16
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
id
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input id was set to

POST /finance/json/description HTTP/1.1
Content-Length: 3
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
id=
/finance/json/description (c002f292f84915c9792f54c0abc710d4)
Alert group
Severity

Informational
90
Description
Recommendations

Attack.
Alert variants
Details
POST /finance/json/description HTTP/1.1
Accept: */*
Referer: http://192.168.1.3/finance/bankaccounts/edit/16
Origin: http://192.168.1.3
X-Requested-With: XMLHttpRequest
Chrome/41.0.2228.0 Safari/537.21
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 20
(line truncated)
22%3A-1%7D
Accept-Language: en-US,*
Host: 192.168.1.3
Pragma: no-cache
id=11140-1-00-CB0022
/finance/json/fromaccountcode
Alert group
Severity
Description
Recommendations
Alert variants

Medium
91
Details
Form name: <empty>

Form action: http://192.168.1.3/finance/json/fromaccountcode
Form method: POST
Form inputs:
- Accounts [Select]
- Location [Select]
- CostCenter [Select]
- SubAccount [Select]
GET /finance/json/fromaccountcode HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/json/fromaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Alert group
Severity
Description
Recommendations
Alert variants
Details

Informational
Attack.
92
POST /finance/json/fromaccountcode HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/finance/json/fromaccountcode
Content-Length: 71
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/json/toaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Alert group
Severity
Description
Recommendations
Alert variants
Details

Informational
Attack.
93
POST /finance/json/toaccountcode HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/finance/json/toaccountcode
Content-Length: 71
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/accountanalysis
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/accountanalysis
Form method: POST
Form inputs:
- Category [Select]
- dt1 [Text]
- dt2 [Text]
GET /finance/reportfinance/accountanalysis HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/accountanalysisbysegment
94
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
Form method: POST
Form inputs:
- acctFrom [Text]
- acctTo [Text]
- dt1 [Text]
- dt2 [Text]
GET /finance/reportfinance/accountanalysisbysegment HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
...a9ypgKQo4IresNGJH8_NRq5DiOP6Y2m0iecgt7NNnDylKHT5lRR2DVFqh0m54hGM42pc9D6jtqf6weLnqyI1F
MOC8-ah4KDIlxepuRhlSRKtGCkCyEY9yCpwdjJHsMAc4OyDw_KHB1Oafa_HTDW_reknckNNMEJDM1jv25SeOaqIG
lDrfsB-9APFBAe_oaYr6X9gCgenPqWwsWFCpqbczhPQvN_4Q62s33235rE9Z1dS_FEd_cTjmyCiVfqxLbhsknhbN
m-5sMfEWq7ch-z_sh2zHcKGWBAkmZvpV-oOlc_RJu3vxFauBfPDIe6ZDCdRsr1XeCJYJOVcoXFDkqprTihRJVUjY
Zz4U6J48ONLzDUMM-FCRr1qO39a8QQQG6FupR97RmNacgEkCW6Ez5c8kA3lDBOcfIF57aEgfbToZQTlEuoQCBtZg
FD3uri91RhvgQGcpjmXnPnAX48B7YLISvvBhQT8K7gzbUXh; _culture=en-us
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/aragingbyinvoice
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/aragingbyinvoice
Form method: POST
Form inputs:
- agetype [Select]
95
GET /finance/reportfinance/aragingbyinvoice HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/cashflow
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/cashflow
Form method: POST
Form inputs:
- branchCode [Select]
- dt2 [Text]
GET /finance/reportfinance/cashflow HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/chartofaccount
Alert group
Severity

Medium
96
Description
Recommendations
Alert variants
Details

Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/chartofaccount
Form method: POST
Form inputs:
- Account [Select]
- AccountType [Select]
GET /finance/reportfinance/chartofaccount HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/customerlist
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/customerlist
Form method: POST
Form inputs:
- custype [Select]
97
GET /finance/reportfinance/customerlist HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/incomestatement
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/incomestatement
Form method: POST
Form inputs:
- branchCode [Select]
- dt1 [Text]
- dt2 [Text]
GET /finance/reportfinance/incomestatement HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/incomestatementbyproject
Alert group
Severity

Medium
98
Description
Recommendations
Alert variants
Details

Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/incomestatementbyproject
Form method: POST
Form inputs:
- costcenterCode [Select]
- dt1 [Text]
- dt2 [Text]
GET /finance/reportfinance/incomestatementbyproject HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/supplierlist
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/supplierlist
Form method: POST
Form inputs:
- supplierType [Select]
- businessType [Select]
99
GET /finance/reportfinance/supplierlist HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/finance/reportfinance/trialbalance
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/trialbalance
Form method: POST
Form inputs:
- Branch [Select]
- dt1 [Text]
GET /finance/reportfinance/trialbalance HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
Alert group
Severity
Description
Recommendations
Alert variants

Medium
100
Details
GET /fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
Alert group
Severity
Description

Medium
Recommendations
Alert variants
Details
GET
/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
101
GET /fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Parameter
filter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input filter was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
POST
HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&group=&page=1&pageSize=10&sort=
Parameter
group
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input group was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
102
POST
HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=&group=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&page=1&pageSize=10&sort=
Parameter
page
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input page was set to
POST
HTTP/1.1
Content-Length: 38
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=&group=&page=&pageSize=10&sort=
Parameter
pageSize
Alert group
Severity
Description
Recommendations

Medium
103
Alert variants
Details
URL encoded POST input pageSize was set to

POST
HTTP/1.1
Content-Length: 37
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=&group=&page=1&pageSize=&sort=
Parameter
sort
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input sort was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
POST
HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
filter=&group=&page=1&pageSize=10&sort=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
(11e076bff3d87afafd26c723d1fdc6a3)
Alert group
Severity

Informational
104
Description
Recommendations

Attack.
Alert variants
Details
POST
HTTP/1.1
Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 39
(line truncated)
...A9nM7TBOL8DKPCwlySYeLOgcxJ-uYkTktkPKFhAh4lOppFWGZpMQ5S9OE-KF8x5zdY-A9dOkPP4NmkX071rFm
HJATnasgOGDugGN5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnAVBpgUWs07VAAg57U2A-ePm
NuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayzrGCTNEXe9QDzjZDnJ4usaRYZfscchlzB7F39AJ4dOnwb8beVrES8-eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BBomYolVYqqy8qjhOEwEtRps
gtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1oko_ADvYHSMyfwI85Bg75Mo78OboIVY3P0mSc0k9xVMgCX
fc1B-9ZjkCJaQxH5kjh0ASBHu; _culture=en-us; currentNavLi=link300
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=
(65ba3a10b77a6c16224ffc9314b599f2)
Alert group
Severity
Description
Recommendations

Informational
Attack.
Alert variants
105
Details
POST
HTTP/1.1
Accept: */*
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 66
(line truncated)
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=Manufacturer~isnotempty~'e'
(b585c40490c5c63ee711d1bbe6e3a118)
Alert group
Severity
Description
Recommendations
Alert variants
Details

Informational
Attack.
106
POST
HTTP/1.1
Accept: */*
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 57
(line truncated)
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=Description~eq~'e'
/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Alert group
Severity
Description

Medium
Recommendations Review the source code for this script.
Alert variants
Details
GET /fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
Alert group
Severity
Description
Recommendations
Alert variants

Medium
107
Details
GET /fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Alert group
Severity
Description

Medium
Recommendations
Alert variants
Details
GET /fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
filter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
108
POST /fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read HTTP/1.1

Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
group
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
page
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
109

Content-Length: 38
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
pageSize
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 37
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
sort
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
110

Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
(11e076bff3d87afafd26c723d1fdc6a3)
Alert group
Severity
Description
Recommendations
Alert variants
Details

Informational
Attack.
111

Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 39
(line truncated)
Host: 192.168.1.3
Pragma: no-cache
/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
Alert group
Severity
Description

Medium
Alert variants
Details
GET /fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
112
GET /fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Alert group
Severity
Description

Medium
Alert variants
Details
GET /fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
113
GET /fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
filter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

POST /fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
group
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
114

Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
page
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 38
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
pageSize
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
115

Content-Length: 37
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
sort
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read (11e076bff3d87afafd26c723d1fdc6a3)
Alert group
Severity

Informational
116
Description
Recommendations

Attack.
Alert variants
Details
Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
Origin: http://192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Content-Length: 39
(line truncated)
Host: 192.168.1.3
Pragma: no-cache
/home/setculture
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details
Referer
Medium
HTTP Header input Referer was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
117
GET /home/setculture HTTP/1.1

Referer: 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
Chrome/41.0.2228.0 Safari/537.21
(line truncated)
...ko0xiMvFeQzjacUn1O6g3Xl1mWhg22l627J3nelrcROLeijhjRk9PemXcPG9lF_JhbKm3yUh-pEzJIbVTHFYv
kg1UYZaLCTd7WXlMQzJ8fiMn1NlbnSlZX9lVep3Z48RuiKGmSOyLMktaslgXisrr9S_iEEdno62dfAmWrL3Ilv7v
UGTtj_IeU9hNY4ey0a19GHtsnoGNjs6PJzOazyNsK7Bhk_DhOfSTcl8ne2fe71J3e4GIbdKiQMjTVkUE81n3mMRw
38qiucTteXpqG7rnns9IhthXvVyHZSHYK68awHdzG6UV34kBQ0vuSzQ0uke41s1OoHmKT1g_kTnoN8lWrMyyN8aK
v8NKTtpeDsGUs; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Accept: */*
Alert group
Severity
Description
Possible internal IP address disclosure

Informational
A string matching an internal IPv4 address was found on this page. This may disclose information
about the IP addressing scheme of the internal network. This information can be used to conduct
further attacks.

Recommendations Prevent this information from being displayed to the user.
Alert variants
Details
Pattern found: 192.168.1.3
GET /home/setculture HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/hr/certificatesandletters
Alert group
Severity
Description
Recommendations
Alert variants

Medium
118
Details
Form name: <empty>

Form action: http://192.168.1.3/hr/certificatesandletters
Form method: POST
Form inputs:
- choice [Select]
- EmpID [Text]
- EmpFullName [Text]
GET /hr/certificatesandletters HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/hr/disciplinaymeasureranks/edit/2
Parameter
DisciplinayMeasureRank
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input DisciplinayMeasureRank was set to

NmhPT1ZpWWtySnNaSUJQbWRCaEZtdkM1dFdM
POST /hr/disciplinaymeasureranks/edit/2 HTTP/1.1
Content-Length: 274
(line truncated)
...ZUE5WbAMAfPp8ge9nZRHawRIWHDYsTYEhKV8rsaTRJyA25JcixKeag7oHcs0mJ1oj3_ZeWOXUE32mZZZDGfLR
dJ2ctP97FPEVUTeD3Zx_2orZJ-7PcgQSE1JBN8edH_uAHqn1lJ81RXKtUuvKSt0lE6Z7G34rN98-43W1ed9LGkXi
R3nhXtqS9orr2ncCFm54SFvx22n4VaPnsVtDPV7EULu0OUNk5_6MEvV7ZahWWyHvyhi3QNWTA3vB-vhqDqpWGxSi
unVAlFthYfWqT1WRfQC7ZnKEgX0oZ-AwZAfKhLc8Hu40zlV6CheuCc11yM2wR174alIX_L-HqnQCvb8ciKNwuGbv
N7tGpFctOODIG; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:11:51%20PM&DisciplinayMeasureRank=NmhPT1ZpWWtySn
NaSUJQbWRCaEZtdkM1dFdM&DisciplinayMeasureRanksID=2&__RequestVerificationToken=0ZDr5Y-yDR
zQmQWez_pEon7EeRC1N08k1VEqWfK47jxRtCSzo5r7DTImVoOAkk3dlLSJ7fYeEIipwC3d5lRAcYTcyeZGocLaWO
Hx6LfHn7g1
119
/hr/disciplinaymeasureranks/edit/3
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input DisciplinayMeasureRank was set to

SFdUVEo5Y3ZpTkJEd1hiQzBYQnQ5c3BoZG1W
POST /hr/disciplinaymeasureranks/edit/3 HTTP/1.1
Content-Length: 274
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:12:12%20PM&DisciplinayMeasureRank=SFdUVEo5Y3ZpTk
JEd1hiQzBYQnQ5c3BoZG1W&DisciplinayMeasureRanksID=3&__RequestVerificationToken=iPJOsoRPU9
nyzoGjozqIcvxU5NU6l3EV8bkU8RpkyBR6ZfvTQv9KZhoIuR4AIcHY_qn83XKt6b-xWfnSI07quqgL_5lxLeyhuz
qnGoMgvx81
/hr/disciplinaymeasuretypes
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
120
GET /hr/disciplinaymeasuretypes HTTP/1.1

Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Recommendations
Alert variants
Details
Slow response time

Low
This page had a slow response time. This type of files can be targeted in denial of service attacks.
An attacker can request this page repeatedly from multiple computers until the server becomes
overloaded.
Investigate if it's possible to reduce the response time for this page.
The response time for this page was 5101 ms while the average response time for this site is 54.78
ms
GET /hr/disciplinaymeasuretypes HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/hr/disciplinaymeasuretypes/delete/10
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
121
POST /hr/disciplinaymeasuretypes/delete/10 HTTP/1.1

Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
Alert group
Severity
Description
Recommendations

Medium
122
Alert variants
Details

Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Parameter
Alert group
Severity

Medium
123
Description
Recommendations
Alert variants
Details

Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/hr/disciplinaymeasuretypes/edit/10
Parameter
Measure
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input Measure was set to
UFNTMkFoRmJhc0RGaHljSmhjV241S2RJbzlxWFhKeFF3Z0xGZkFkbGFWbTI2dXJReVVpOHJiM
3lDVXZSaGRITjYwSlQ5MnNkMGx0eU10Y3BFTUwzcm91bFY1Z3J6VVZINWZKc0lEVDBnRE9pW
mRSZ001Wlh1TUI5M3V0MExxVm56ZTlsV0FVWXZrVVYwdXpjREhLaVZEVVhiQ2Rq
124
POST /hr/disciplinaymeasuretypes/edit/10 HTTP/1.1

Content-Length: 552
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...isciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=10&ExpireYear=3.00&Measure=UFNTM
kFoRmJhc0RGaHljSmhjV241S2RJbzlxWFhKeFF3Z0xGZkFkbGFWbTI2dXJReVVpOHJiM3lDVXZSaGRITjYwSlQ5M
nNkMGx0eU10Y3BFTUwzcm91bFY1Z3J6VVZINWZKc0lEVDBnRE9pWmRSZ001Wlh1TUI5M3V0MExxVm56ZTlsV0FVW
XZrVVYwdXpjREhLaVZEVVhiQ2Rq&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=
C5Q-RFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEj
VMFy5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 349
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=3&Disciplin
ayMeasureTypesID=10&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8
a%95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1
%89%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=
Parameter
CreatedBy
Alert group
Severity

Medium
125
Description
Recommendations
Alert variants
Details
URL encoded POST input CreatedBy was set to

Content-Length: 495
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=3&DisciplinayMea
sureTypesID=10&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%
e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%89%8
5%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5Q-RFDC
ogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5ilh
omiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Parameter
CreatedOn
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input CreatedOn was set to
126

Content-Length: 476
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=10&Expi
reYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b%8
8%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%89%85%e1%8c%a3%e1%89%b5
&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5Q-RFDCogqsKM2pGpKGcirHZFz
X2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5ilhomiM3cNoyuOkhIIHK72
Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Parameter
DisciplinayMeasureRanksID
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input DisciplinayMeasureRanksID was set to

Content-Length: 499
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=&Disciplina
yMeasureTypesID=10&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a
%95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%
89%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5QRFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy
5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Parameter
DisciplinayMeasureTypesID
Alert group
127
Severity
Description
Recommendations
Alert variants
Details
Medium
URL encoded POST input DisciplinayMeasureTypesID was set to

Content-Length: 498
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%
95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%8
9%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5Q-R
FDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5
ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Parameter
ExpireYear
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input ExpireYear was set to
128

Content-Length: 496
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=10&ExpireYear=&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95
%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%89%
85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5Q-RFD
CogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5il
homiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Parameter
Measure
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 344
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=10&ExpireYear=3.00&Measure=&PercentageEffectOnPromotion=8.00&__RequestV
erificationToken=C5Q-RFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcD
L22_Ptqg89W5lJHEjVMFy5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Parameter
PercentageEffectOnPromotion
Alert group
Severity

Medium
129
Description
Recommendations
Alert variants
Details
URL encoded POST input PercentageEffectOnPromotion was set to

Content-Length: 496
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=10&ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8
a%95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1
%89%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromotion=&__RequestVerificationToken=C5Q-RFD
CogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pN-BV1CAxcDL22_Ptqg89W5lJHEjVMFy5il
homiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Parameter
Measure
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
SEtjb3VjbVhVN2RyZkw5dmVFekxiV3cwY1BGcW5FMnN2NnlUWXpoTmloaTRaTmpVYjNpQ0F2N
1ZmTTAyU0w4MlFEODNpQUV0MDdWT2dWSWRGSEZJN0hVM3RkVzZCa3FQd0lmQTJCN1h5
RWNlVkFVZ1RJMzBpcWNET2E3SXBtUDllM1dS
130

Content-Length: 520
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...tedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=
11&ExpireYear=0.00&Measure=SEtjb3VjbVhVN2RyZkw5dmVFekxiV3cwY1BGcW5FMnN2NnlUWXpoTmloaTRaT
mpVYjNpQ0F2N1ZmTTAyU0w4MlFEODNpQUV0MDdWT2dWSWRGSEZJN0hVM3RkVzZCa3FQd0lmQTJCN1h5RWNlVkFVZ
1RJMzBpcWNET2E3SXBtUDllM1dS&PercentageEffectOnPromotion=9.00&__RequestVerificationToken=
XPo4JqV7wpdXHlY2E0-0t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSe
nw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 325
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=11&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%8
8%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5
&PercentageEffectOnPromotion=9.00&__RequestVerificationToken=
Parameter
CreatedBy
Alert group
Severity

Medium
131
Description
Recommendations
Alert variants
Details

Content-Length: 471
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=&CreatedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=3&DisciplinayMea
sureTypesID=11&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%
e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&Perc
entageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUjq
Ty3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1
EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Parameter
CreatedOn
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
132

Content-Length: 452
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=11&Expi
reYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e
1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&PercentageEffectOnPromo
tion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUjqTy3nnYpv_ougyK9yhvj
hAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIR
R-sRuRL8kJg2
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 475
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=&Disciplina
yMeasureTypesID=11&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88
%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&
PercentageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6
DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7
VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Parameter
Alert group
133
Severity
Description
Recommendations
Alert variants
Details
Medium

Content-Length: 474
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%
9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&P
ercentageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6D
UjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7V
oX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Parameter
ExpireYear
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
134

Content-Length: 472
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=11&ExpireYear=&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b
%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&Per
centageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUj
qTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX
1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Parameter
Measure
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 344
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=11&ExpireYear=0.00&Measure=&PercentageEffectOnPromotion=9.00&__RequestV
erificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39s
wzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Parameter
Alert group
Severity

Medium
135
Description
Recommendations
Alert variants
Details

Content-Length: 472
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=11&ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%8
8%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5
&PercentageEffectOnPromotion=&__RequestVerificationToken=XPo4JqV7wpdXHlY2E0-0t08CqBP6DUj
qTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ6-0MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX
1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Parameter
Measure
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
ZlZ6MGpUTGw1ZVg4OWxTN25ZNTE2Z0xUNkNmSFlzb1B0d2h5UXo1dGk2YmZvYU1QWml4Qk
ZRMTE2bkJPeXpQN2Fod2FOTUM4N3Vyb01QQ3ZvQjR6c0VxNDhzOGpUMUZzOWViRHU4Z0wx
YTVZdFlxbFJQMElqWlFMOENrVUd3VFBVSlRoYzlBYUJnV2xFNkdrdFBIUm5Ddm05Y2ZsTFhPNz
NpRktNWnc4SnFrSDAzYU42bUZBSURFVTk1eGVSUVQ3b1ZWdEh3dlVFbWp2Yjk1clhpQmtrMm
9vQmMy
136

Content-Length: 637
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...GpUTGw1ZVg4OWxTN25ZNTE2Z0xUNkNmSFlzb1B0d2h5UXo1dGk2YmZvYU1QWml4QkZRMTE2bkJPeXpQN2Fod2
FOTUM4N3Vyb01QQ3ZvQjR6c0VxNDhzOGpUMUZzOWViRHU4Z0wxYTVZdFlxbFJQMElqWlFMOENrVUd3VFBVSlRoYz
lBYUJnV2xFNkdrdFBIUm5Ddm05Y2ZsTFhPNzNpRktNWnc4SnFrSDAzYU42bUZBSURFVTk1eGVSUVQ3b1ZWdEh3dl
VFbWp2Yjk1clhpQmtrMm9vQmMy&PercentageEffectOnPromotion=10.00&__RequestVerificationToken=
VGp-WRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkYNetKhWQwI8sRBdZ-HY
IdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 413
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%83%e1%88%8d%20%e1%88%9b%e1%8
8%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%e1%8a%93%20%e1%88%9d%e1%8a%95%e1%88%9d
%20%e1%88%aa%e1%8a%a8%e1%88%ad%e1%8b%b5%20%e1%8b%a8%e1%88%8c%e1%88%88%e1%89%a0%e1%89%b5&
PercentageEffectOnPromotion=10.00&__RequestVerificationToken=
Parameter
CreatedBy
Alert group
Severity

Medium
137
Description
Recommendations
Alert variants
Details

Content-Length: 559
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...asureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%8
3%e1%88%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%e1%8a%93%20
%e1%88%9d%e1%8a%95%e1%88%9d%20%e1%88%aa%e1%8a%a8%e1%88%ad%e1%8b%b5%20%e1%8b%a8%e1%88%8c%
e1%88%88%e1%89%a0%e1%89%b5&PercentageEffectOnPromotion=10.00&__RequestVerificationToken=
Parameter
CreatedOn
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
138

Content-Length: 540
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...asureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%8
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 563
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...easureRanksID=&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%8
Parameter
139
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 562
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...MeasureRanksID=3&DisciplinayMeasureTypesID=&ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%8
Parameter
ExpireYear
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
140

Content-Length: 560
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...ayMeasureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=&Measure=%e1%8b%a8%e1%89%8
Parameter
Measure
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

Content-Length: 345
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ayMeasureTypesID=12&ExpireYear=0.00&Measure=&PercentageEffectOnPromotion=10.00&__Request
VerificationToken=VGp-WRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkY
NetKhWQwI8sRBdZ-HYIdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Parameter
Alert group
Severity

Medium
141
Description
Recommendations
Alert variants
Details

Content-Length: 559
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...nayMeasureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b%a8%e1
%89%83%e1%88%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%e1%8a%
93%20%e1%88%9d%e1%8a%95%e1%88%9d%20%e1%88%aa%e1%8a%a8%e1%88%ad%e1%8b%b5%20%e1%8b%a8%e1%8
8%8c%e1%88%88%e1%89%a0%e1%89%b5&PercentageEffectOnPromotion=&__RequestVerificationToken=
Parameter
Measure
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
cU9rM2xIMHNycnA5VDlrNG9YU05zTWcxaVhIcTd5QUlpVGlyNUtzVlF4OHNtRXZidzZOdllERXVxM
VZaSHdDaXNXelo3WHFKVWk0eUg3MGZBcVduVkc0amQya0xQZ3Q4b0YyeVhrNmNhM01ZUk5
kdVJxS0xIZWhFcGhQWlhsdU1RZGZTR3J0
142

Content-Length: 523
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...On=3/15/2016%204:14:46%20PM&DisciplinayMeasureRanksID=2&DisciplinayMeasureTypesID=8&E
xpireYear=1.00&Measure=cU9rM2xIMHNycnA5VDlrNG9YU05zTWcxaVhIcTd5QUlpVGlyNUtzVlF4OHNtRXZid
zZOdllERXVxMVZaSHdDaXNXelo3WHFKVWk0eUg3MGZBcVduVkc0amQya0xQZ3Q4b0YyeVhrNmNhM01ZUk5kdVJxS
0xIZWhFcGhQWlhsdU1RZGZTR3J0&PercentageEffectOnPromotion=4.00&__RequestVerificationToken=
NLi1kWgdukA_IocakBMzSqmpMsAqECg1vYmVrTCWzM5TqbPCJG4_ZTZGKNDuZ_OzVgA6_5slWMY3WPqnbLpPqTh7
dHXMtgSLi34RUT6NsZtQqABdKQJTKv2p6HjGzSKAfhJMOW7dO9sq6-3DB8UX5A2
Parameter
Measure
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
YXJNRGkwMFJqdEtHRDR3OFJSSVpxUW5oN0ltS3hEVTRTNEt2ZXh5cndzQWpFNnlVeUJKSFpj
bzdvZnk5Q2dvcU9BNUpGS2xtdWdUNkVIeFFHTzFqZGxGa0VwT01EUmZtVzJybEdLRXJmcGNU
YnQ1RGU2SGJONXpQTEJwOGpWMjdzSWZvQWZtYWc0RmJ1Q2NYTzJta3RHVnBkTExGZ3V4
VVVMTjU4WVFOc1FPcndWc1RrbDE4d1pxYnpFTUJDaVp0SExmTzFqbFhkQk5IaDZKVHNZTnV6
amNGbTJjMWR5NWpCRDJoUlV3SG91cVZMS05PdlMxSUUy
143

Content-Length: 671
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...VTRTNEt2ZXh5cndzQWpFNnlVeUJKSFpjbzdvZnk5Q2dvcU9BNUpGS2xtdWdUNkVIeFFHTzFqZGxGa0VwT01EU
mZtVzJybEdLRXJmcGNUYnQ1RGU2SGJONXpQTEJwOGpWMjdzSWZvQWZtYWc0RmJ1Q2NYTzJta3RHVnBkTExGZ3V4V
VVMTjU4WVFOc1FPcndWc1RrbDE4d1pxYnpFTUJDaVp0SExmTzFqbFhkQk5IaDZKVHNZTnV6amNGbTJjMWR5NWpCR
DJoUlV3SG91cVZMS05PdlMxSUUy&PercentageEffectOnPromotion=6.00&__RequestVerificationToken=
IMvtHO2YPqfFxw_3DKuLdurXdBD0oKY-i2kBdSdSnvuOdwIGteyjj9uaGiRjdy80OEicUxQcj202sQDtawmnzKMQ
Jxci5622aprMl5ldBnTpTyBJAbjQ49h17TP-XwEKpnJU-IPJeWV5ql0j7mpQNw2
/hr/empbscappraisalperiods/create
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

POST /hr/empbscappraisalperiods/create HTTP/1.1
Content-Length: 127
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=1&DayFrom=17&DayTo=17&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&
YearTo=1967&__RequestVerificationToken=
Parameter
IsClosed
Alert group
Severity

Medium
144
Description
Recommendations
Alert variants
Details
URL encoded POST input IsClosed was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

POST /hr/empbscappraisalperiods/create HTTP/1.1
Content-Length: 316
Referer: http://192.168.1.3:80/
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=1&DayFrom=17&DayTo=17&IsClosed=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationToken=kabWQ9lnQEM
1-_J4j_rodreT-oOM-rDJchFohTbUPN_eibwR9F8WL4wUjwMqBnsDxgzH-GoCpFBFKE-GNwhuzameuBn8D0eB7DZ
ovslPDx2sap9R4QlA63qkXK-alGvSkyownig3N--MmqP9Vgp7kg2
/hr/empbscappraisalperiods/edit/1
Parameter
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
ZmFYM0FNYnFJTzIwckw2bnB4VXdOb0s1S0RBZ0I4MVlCR0Q0OGRldGxEZU13ZGdFM3RVS01
ZSEIxdExxRzY2Um5QRDNTWmQ0Z09iOEw1akR6WTNYUzBTT2VYcXVlTkVUZTk5UkhNUzNLZ
U12
145
POST /hr/empbscappraisalperiods/edit/1 HTTP/1.1

Content-Length: 357
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=2007%20DECEMBER&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayFrom=17
&DayTo=17&EmpBSCAppraisalPeriodID=1&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&Ye
arTo=1967&__RequestVerificationToken=ZmFYM0FNYnFJTzIwckw2bnB4VXdOb0s1S0RBZ0I4MVlCR0Q0OGR
ldGxEZU13ZGdFM3RVS01ZSEIxdExxRzY2Um5QRDNTWmQ0Z09iOEw1akR6WTNYUzBTT2VYcXVlTkVUZTk5UkhNUzN
LZU12
Parameter
AppraisalPeriod
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input AppraisalPeriod was set to dndSTGY4S3RDRklHSmd3

Content-Length: 326
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=dndSTGY4S3RDRklHSmd3&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayFr
om=17&DayTo=17&EmpBSCAppraisalPeriodID=1&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=19
67&YearTo=1967&__RequestVerificationToken=b87XbMphJ3m7DXJsiRQmBmiv2FQxeaGgKGg7C0L4DdeANo
zG4rtxvZEE8AlzRgCM6Hmagnz8VQQg5si47UduMo2WPddpilly5wWapbYPaEw1
Parameter
AppraisalPeriod
Alert group
Severity

Medium
146
Description
Recommendations
Alert variants
Details
URL encoded POST input AppraisalPeriod was set to b2ZYN2JCaGhqSWg=

Content-Length: 324
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=b2ZYN2JCaGhqSWg%3d&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayFrom
=17&DayTo=17&EmpBSCAppraisalPeriodID=2&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967
&YearTo=1967&__RequestVerificationToken=GVVD3vTAEs8jB1QBmC0SubdqaPGi-tl8yMEa-QzV1Xv8Ww1t
t_Bu9HHRl_5GBY-jRSd9fdZPa4Tc_reU5huBniTS-WppUjPo7oafUzKQGE81
Parameter
AppraisalPeriod
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
URL encoded POST input AppraisalPeriod was set to
TUdqd0dJSU5zWmt2UU1ZWjJTTk9FcXlmZWVLNGdQUmpoSzQ4eTREZlZMNmtVM3k4eTg1bTE
0WFBOeG9VUkhUUUcwd0dWbGFxb29aWjVZMjhQTmRrakpTbmNuMjJVT2piT1BrYjJk
147

Content-Length: 448
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
AppraisalPeriod=TUdqd0dJSU5zWmt2UU1ZWjJTTk9FcXlmZWVLNGdQUmpoSzQ4eTREZlZMNmtVM3k4eTg1bTE0
WFBOeG9VUkhUUUcwd0dWbGFxb29aWjVZMjhQTmRrakpTbmNuMjJVT2piT1BrYjJk&CreatedBy=sirgut&Create
dOn=5/23/2016%205:15:56%20PM&DayFrom=17&DayTo=17&EmpBSCAppraisalPeriodID=4&IsClosed=true
&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationToken=Mm8DX2wjJNy_
ShNSgKK21jGIPg7I0je8bUFSeanoJ6KFetFZUZVzFk-9XKaw-DNAA_sfesm95OVekUiAJTY1bB-wC7mgJSVntU37
a5EpN_M1
Parameter
AppraisalPeriod
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

d1Bla0I4bVdpbW1QaWphUmhqR1pQdzBVRUlCRWNQdTJsOERzdEkybENjQ3BLdU9PZldpdEd1
TVFjTE9zQjVrQTQ3MUYzb1VWUG1XdG9zSjBKNmZxTXg2dzZHZkJpbEFRSHRiclhXRmFZZlZtM
EVObnljU2Z1T1gxWm1PTTZFQUNDYmZsTWRNZGZtY0NNWDRWSmxnZjl0eVJo
Content-Length: 516
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...d1Bla0I4bVdpbW1QaWphUmhqR1pQdzBVRUlCRWNQdTJsOERzdEkybENjQ3BLdU9PZldpdEd1TVFjTE9zQjVrQ
TQ3MUYzb1VWUG1XdG9zSjBKNmZxTXg2dzZHZkJpbEFRSHRiclhXRmFZZlZtMEVObnljU2Z1T1gxWm1PTTZFQUNDY
mZsTWRNZGZtY0NNWDRWSmxnZjl0eVJo&CreatedBy=sirgut&CreatedOn=5/23/2016%205:17:18%20PM&DayF
rom=17&DayTo=17&EmpBSCAppraisalPeriodID=5&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1
967&YearTo=1967&__RequestVerificationToken=9ElV1skTkWCgQ0wZ8D1HDRq2A7BKSqHDEIhPijLArB4R1
NLJBWmoSqfpcuSgZIkOF1c9p-WfO4csplMWb0ZzYAI-FGI4dJdECQRcWhtUWbU1
148
Parameter
AppraisalPeriod
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium

dDJmdDJtd3g3ekRZRkVNemxMbzBLeW5LbGttbk5YNjkwYnhud05HT0lZbWVkS240ck9DS3FjZm
EwaE5wd1BJQjVxRmxiMThNemt1QmNYSlBjMmVKeDluMnd2N1Y0dWR6RlN3OWNCdG5pWk9jV
FpLV01Sb1B2TzRiOGJvQlJwdG9hWU0zVVZWOWF1V2lta1V1VzhFc3RHN2xr
Content-Length: 515
(line truncated)
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
(line truncated)
...=dDJmdDJtd3g3ekRZRkVNemxMbzBLeW5LbGttbk5YNjkwYnhud05HT0lZbWVkS240ck9DS3FjZmEwaE5wd1BJ
QjVxRmxiMThNemt1QmNYSlBjMmVKeDluMnd2N1Y0dWR6RlN3OWNCdG5pWk9jVFpLV01Sb1B2TzRiOGJvQlJwdG9h
WU0zVVZWOWF1V2lta1V1VzhFc3RHN2xr&CreatedBy=remrm&CreatedOn=5/26/2016%202:54:20%20PM&DayF
rom=17&DayTo=17&EmpBSCAppraisalPeriodID=6&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1
967&YearTo=1967&__RequestVerificationToken=6LemxGfUXSUerV-dhZNeqai8WUsMHpW9HXXY5t9XS8Tiz
sHq_sA7DEsZ92r_yzcJwEeAo6yTNFvyTvXgtAq7Rlm7XCXWqd2hd-MA982_-NU1
/hr/upload
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/hr/upload
Form method: POST
Form inputs:
- File [File]
149
GET /hr/upload HTTP/1.1

Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Alert group
Severity
Description
Recommendations
Alert variants
Details
File upload
Low
This page allows visitors to upload files to the server. Various web applications allow users to
upload files (such as pictures, images, sounds, ...). Uploaded files may pose a significant risk if not
handled correctly. A remote attacker could send a multipart/form-data POST request with a
specially-crafted filename or mime type and execute arbitrary code.
Restrict file types accepted for upload: check the file extension and only allow certain files to be
uploaded. Use a whitelist approach instead of a blacklist. Check for double extensions such as
.php.png. Check for files without a filename like .htaccess (on ASP.NET, check for configuration
files like web.config). Change the permissions on the upload folder so the files within it are not
executable. If possible, rename the files that are uploaded.
Form name: <empty>
Form action: http://192.168.1.3/hr/upload
Form method: POST
Form inputs:
- File [File]
GET /hr/upload HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/inventory/reportinventory/issueitem
Alert group
Severity

Medium
150
Description
Recommendations
Alert variants
Details

Form name: <empty>
Form action: http://192.168.1.3/inventory/reportinventory/issueitem
Form method: POST
Form inputs:
- dt1 [Text]
- dt2 [Text]
GET /inventory/reportinventory/issueitem HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie:
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/inventory/reportinventory/stockbalance
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/inventory/reportinventory/stockbalance
Form method: POST
Form inputs:
- category [Select]
151
GET /inventory/reportinventory/stockbalance HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/payroll/payrollreports/bonusincometaxreport
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/bonusincometaxreport
Form method: POST
Form inputs:
- fyear [Select]
GET /payroll/payrollreports/bonusincometaxreport HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/payroll/payrollreports/monthlypensionreport
Alert group
Severity

Medium
152
Description
Recommendations
Alert variants
Details

Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/monthlypensionreport
Form method: POST
Form inputs:
- period [Select]
GET /payroll/payrollreports/monthlypensionreport HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/payroll/payrollreports/reportbycontributiontypelist
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelist
Form method: POST
Form inputs:
- period [Select]
- type [Select]
- source [Select]
153
GET /payroll/payrollreports/reportbycontributiontypelist HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/procurement/reportprocurement
Alert group
Severity
Description

Medium
Recommendations
Alert variants
Details
GET /procurement/reportprocurement HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/procurement/reportprocurement/getlotdetails
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
154
GET /procurement/reportprocurement/getlotdetails HTTP/1.1

Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/projectmanagement/projectestimationnames
Alert group
Severity
Description
Recommendations
Alert variants
Details
Slow response time

Low
This page had a slow response time. This type of files can be targeted in denial of service attacks.
An attacker can request this page repeatedly from multiple computers until the server becomes
overloaded.
Investigate if it's possible to reduce the response time for this page.
The response time for this page was 5710 ms while the average response time for this site is 54.78
ms
GET /projectmanagement/projectestimationnames HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
/upload
Alert group
Severity
Description
Recommendations
Alert variants
Details

Medium
155
GET /upload HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
...p1B6fl3w1HuKBWpmtDDauU0_weIIyOCvMwqpQLC_8QjvuJVTUCXh5aG1-ajaVaMA7-gNWy5cJzSbJopRnbTTQ
3GZqyhzGZBza-oQDQawNvYSU-jLVbpS68bJwg5LzoOD0jQmyHeeF1-sJGpi1biByeNwOsiAyVspyZK6WbEahtbm8
_EComER7Ju_YO5clRIBbWTBOJhtbFpK9wyRrRbi3kDUCuqyw33D0Fszlp0lt31LfRng3L7YdnyxZglTpU7ljoT52
H6DiS9bjtWnzcDq2uIc-fZjl5IN557E2pNyBh4Nnk-WDBbnn_lJY99-cWBJpJBj_QRY8zjVdK9YoQKRDJhn2whwX
NHNP-A8k42Mjn; _culture=en-us; currentNavLi=link246;
22%3A-1%7D
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Web Server
Alert group
Severity
Description
OPTIONS method is enabled

Low
HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of
the methods that are supported by the web server, it represents a request for information about the
communication options available on the request/response chain identified by the Request-URI.
It's recommended to disable OPTIONS Method on the web server.
Recommendations
Alert variants
Details
Methods allowed: OPTIONS, TRACE, GET, HEAD, POST
OPTIONS / HTTP/1.1
Host: 192.168.1.3
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
156
Scanned items (coverage report)

URL: http://192.168.1.3/
Vulnerabilities have been identified for this URL
56 input(s) found for this URL
Input scheme 1
Input name
/
/
Input type
Path Fragment
Path Fragment
Input scheme 2
Input name
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Input scheme 3
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 4
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 5
Input name
/
Input type
Path Fragment
Input scheme 6
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 7
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
157
Input scheme 8
Input name
/
/
/
/
Input scheme 9
Input name
/
/
/
/
Input scheme 10
Input name
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 11
Input name
Host
Input type
HTTP Header
URL: http://192.168.1.3/account
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
page
SearchString
Input type
URL encoded GET
URL encoded POST
URL: http://192.168.1.3/account/login
Input scheme 1
Input name
Input type
158
ReturnUrl
URL encoded GET
Input scheme 2
Input name
ReturnUrl
Password
UserName
Input type
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 3
Input name
Password
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/logoff
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/manage
No vulnerabilities have been identified for this URL
No input(s) found for this URL
URL: http://192.168.1.3/account/delete
URL: http://192.168.1.3/account/delete/bizuneh
URL: http://192.168.1.3/account/delete/abeje
URL: http://192.168.1.3/account/delete/admin
URL: http://192.168.1.3/account/delete/abiyu
URL: http://192.168.1.3/account/delete/meaza
URL: http://192.168.1.3/account/delete/animaw
URL: http://192.168.1.3/account/delete/abrham
159
URL: http://192.168.1.3/account/delete/abeyus
URL: http://192.168.1.3/account/delete/alemnew
URL: http://192.168.1.3/account/delete/birhanu
URL: http://192.168.1.3/account/delete/zelalem
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/delete/enanu
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/delete/endalamaw
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/edit
URL: http://192.168.1.3/account/edit/admin
URL: http://192.168.1.3/account/edit/meaza
URL: http://192.168.1.3/account/edit/abeje
URL: http://192.168.1.3/account/edit/abiyu
URL: http://192.168.1.3/account/edit/animaw
160
URL: http://192.168.1.3/account/edit/abeyus
URL: http://192.168.1.3/account/edit/abrham
URL: http://192.168.1.3/account/edit/bizuneh
URL: http://192.168.1.3/account/edit/birhanu
URL: http://192.168.1.3/account/edit/alemnew
URL: http://192.168.1.3/account/edit/zelalem
Input scheme 1
Input name
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/edit/enanu
Input scheme 1
Input name
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/edit/endalamaw
Input scheme 1
Input name
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
161
URL: http://192.168.1.3/account/usergroups
URL: http://192.168.1.3/account/usergroups/bizuneh
URL: http://192.168.1.3/account/usergroups/abeje
URL: http://192.168.1.3/account/usergroups/abiyu
URL: http://192.168.1.3/account/usergroups/meaza
URL: http://192.168.1.3/account/usergroups/admin
URL: http://192.168.1.3/account/usergroups/abrham
URL: http://192.168.1.3/account/usergroups/animaw
URL: http://192.168.1.3/account/usergroups/birhanu
URL: http://192.168.1.3/account/usergroups/abeyus
URL: http://192.168.1.3/account/usergroups/alemnew
URL: http://192.168.1.3/account/usergroups/zelalem
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
162
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/usergroups/endalamaw
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/usergroups/enanu
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
163
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/userpermissions
URL: http://192.168.1.3/account/userpermissions/bizuneh
URL: http://192.168.1.3/account/userpermissions/meaza
URL: http://192.168.1.3/account/userpermissions/animaw
URL: http://192.168.1.3/account/userpermissions/birhanu
URL: http://192.168.1.3/account/userpermissions/abeje
URL: http://192.168.1.3/account/userpermissions/admin
URL: http://192.168.1.3/account/userpermissions/abeyus
URL: http://192.168.1.3/account/userpermissions/abrham
URL: http://192.168.1.3/account/userpermissions/abiyu
URL: http://192.168.1.3/account/userpermissions/alemnew
URL: http://192.168.1.3/account/userpermissions/zelalem
164
URL: http://192.168.1.3/account/userpermissions/endalamaw
URL: http://192.168.1.3/account/userpermissions/enanu
URL: http://192.168.1.3/account/register
Input scheme 1
Input name
ConfirmPassword
Email
FirstName
LastName
Password
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/content/
URL: http://192.168.1.3/content/images/
URL: http://192.168.1.3/content/ace/
URL: http://192.168.1.3/content/ace/css/
URL: http://192.168.1.3/content/ace/css/ace.min.css
URL: http://192.168.1.3/content/ace/css/ace-rtl.min.css
URL: http://192.168.1.3/content/ace/css/bootstrap.min.css
URL: http://192.168.1.3/content/ace/css/images/
URL: http://192.168.1.3/content/ace/fonts/
165
URL: http://192.168.1.3/content/ace/fonts/fonts.googleapis.com.css
URL: http://192.168.1.3/content/ace/font-awesome/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/css/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/fonts/
URL: http://192.168.1.3/content/ace/js/
URL: http://192.168.1.3/content/ace/js/jquery.2.1.1.min.js
URL: http://192.168.1.3/content/ace/js/ace-extra.min.js
URL: http://192.168.1.3/content/ace/js/bootstrap.min.js
URL: http://192.168.1.3/content/ace/js/jquery-ui.custom.min.js
URL: http://192.168.1.3/content/ace/js/jquery.ui.touch-punch.min.js
URL: http://192.168.1.3/content/ace/js/jquery.easypiechart.min.js
URL: http://192.168.1.3/content/ace/js/jquery.sparkline.min.js
URL: http://192.168.1.3/content/ace/js/jquery.flot.min.js
166
URL: http://192.168.1.3/content/ace/js/jquery.flot.pie.min.js
URL: http://192.168.1.3/content/ace/js/jquery.flot.resize.min.js
URL: http://192.168.1.3/content/ace/js/ace-elements.min.js
URL: http://192.168.1.3/content/ace/js/ace.min.js
URL: http://192.168.1.3/content/exceedstyle.css
URL: http://192.168.1.3/content/jqury-ui/
URL: http://192.168.1.3/content/jqury-ui/jquery-ui.css
URL: http://192.168.1.3/content/jqury-ui/jquery-ui.js
URL: http://192.168.1.3/content/jqury-ui/images
URL: http://192.168.1.3/content/jstree/
URL: http://192.168.1.3/content/jstree/themes/
URL: http://192.168.1.3/content/jstree/themes/default/
URL: http://192.168.1.3/content/jstree/themes/default/style.min.css
URL: http://192.168.1.3/content/jstree/jstree.min.js
URL: http://192.168.1.3/content/kendo/
167
URL: http://192.168.1.3/content/kendo/2016.1.112/
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.dataviz.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.bootstrap.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.mobile.all.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.common-bootstrap.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.dataviz.bootstrap.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/bootstrap/
URL: http://192.168.1.3/content/kendo/2016.1.112/%23clip
URL: http://192.168.1.3/content/kendo/2016.1.112/images/
URL: http://192.168.1.3/content/kendo/2016.1.112/textures/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/dejavu/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/glyphs/
URL: http://192.168.1.3/home
URL: http://192.168.1.3/home/setculture
168
Input scheme 1
Input name
culture
Input type
URL encoded POST
URL: http://192.168.1.3/home/index
URL: http://192.168.1.3/hr
URL: http://192.168.1.3/hr/cosigns
URL: http://192.168.1.3/hr/allowances
URL: http://192.168.1.3/hr/ranks
URL: http://192.168.1.3/hr/steps
URL: http://192.168.1.3/hr/discipline
URL: http://192.168.1.3/hr/leavetypes
URL: http://192.168.1.3/hr/attendance
URL: http://192.168.1.3/hr/orgcharts
URL: http://192.168.1.3/hr/assignment
URL: http://192.168.1.3/hr/orglocations
URL: http://192.168.1.3/hr/teamjobtitles
URL: http://192.168.1.3/hr/sexes
169
URL: http://192.168.1.3/hr/regions
URL: http://192.168.1.3/hr/nations
URL: http://192.168.1.3/hr/religions
URL: http://192.168.1.3/hr/fiscalyears
URL: http://192.168.1.3/hr/persontitles
URL: http://192.168.1.3/hr/nationalities
URL: http://192.168.1.3/hr/mothertongues
URL: http://192.168.1.3/hr/maritalstatus
URL: http://192.168.1.3/hr/trainingcourses
URL: http://192.168.1.3/hr/empleaveperiods
URL: http://192.168.1.3/hr/incomingletters
URL: http://192.168.1.3/hr/healthincidents
URL: http://192.168.1.3/hr/orginformations
URL: http://192.168.1.3/hr/empbscbehaviors
URL: http://192.168.1.3/hr/publicdocuments
170
URL: http://192.168.1.3/hr/salarystructures
URL: http://192.168.1.3/hr/employmentstatus
URL: http://192.168.1.3/hr/recruitmentplans
URL: http://192.168.1.3/hr/educationalfields
URL: http://192.168.1.3/hr/trainingproviders
URL: http://192.168.1.3/hr/educationallevels
URL: http://192.168.1.3/hr/outgoingletters
URL: http://192.168.1.3/hr/upload
Input scheme 1
Input name
File
Input type
POST (multipart)
URL: http://192.168.1.3/hr/upload/download
URL: http://192.168.1.3/hr/employeeprofiles
URL: http://192.168.1.3/hr/sectionjobtitles
URL: http://192.168.1.3/hr/divisionjobtitles
URL: http://192.168.1.3/hr/terminationletters
URL: http://192.168.1.3/hr/orgglobaljobtitles
171
URL: http://192.168.1.3/hr/terminationreasons
URL: http://192.168.1.3/hr/retirementlauncher
URL: http://192.168.1.3/hr/reports
URL: http://192.168.1.3/hr/reports/detailreports
URL: http://192.168.1.3/hr/reports/summaryreports
URL: http://192.168.1.3/hr/supportingdocuments
URL: http://192.168.1.3/hr/transportallowances
URL: http://192.168.1.3/hr/departmentjobtitles
URL: http://192.168.1.3/hr/trainingapplications
URL: http://192.168.1.3/hr/empbscappraisalperiods
URL: http://192.168.1.3/hr/empbscappraisalperiods/edit
URL: http://192.168.1.3/hr/empbscappraisalperiods/edit/5
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
EmpBSCAppraisalPeriodID
IsClosed
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
172
MonthFrom
MonthTo
YearFrom
YearTo
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
173
MonthFrom
MonthTo
YearFrom
YearTo
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/empbscappraisalperiods/delete
URL: http://192.168.1.3/hr/empbscappraisalperiods/delete/2
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
174
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/empbscappraisalperiods/details
URL: http://192.168.1.3/hr/empbscappraisalperiods/details/4
URL: http://192.168.1.3/hr/empbscappraisalperiods/create
Input scheme 1
Input name
AppraisalPeriod
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/retirementnotification
URL: http://192.168.1.3/hr/empleavetakenslauncher
URL: http://192.168.1.3/hr/trainingneedassesments
175
URL: http://192.168.1.3/hr/empbscperformanceplans
URL: http://192.168.1.3/hr/trainingreportbycourse
URL: http://192.168.1.3/hr/addallowancetoemployees
URL: http://192.168.1.3/hr/earlyretirementlauncher
URL: http://192.168.1.3/hr/disciplinaymeasureranks
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit/3
Input scheme 1
Input name
CreatedBy
CreatedOn
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit/2
Input scheme 1
Input name
CreatedBy
CreatedOn
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete/3
Input scheme 1
Input name
Input type
URL encoded POST
176
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete/2
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details/3
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details/2
URL: http://192.168.1.3/hr/trainingcoursetrackings
URL: http://192.168.1.3/hr/emppayrollnodaysworkeds
URL: http://192.168.1.3/hr/employeerequisitionforms
URL: http://192.168.1.3/hr/trainingreportbyemployee
URL: http://192.168.1.3/hr/outsourcecompanyprofiles
URL: http://192.168.1.3/hr/terminationotherslauncher
URL: http://192.168.1.3/hr/empannualleaveusagereport
URL: http://192.168.1.3/hr/outsourcecompanyworkeddays
URL: http://192.168.1.3/hr/applicantprobationslauncher
URL: http://192.168.1.3/hr/empbscperformanceevaluations
177
URL: http://192.168.1.3/hr/contractemployeerequisitions
URL: http://192.168.1.3/hr/disciplineemployeerecognition
URL: http://192.168.1.3/hr/empannualleavepaidincashes
URL: http://192.168.1.3/hr/annualleaveentitlementupdate
URL: http://192.168.1.3/hr/empdisciplinayrecognitiontypes
URL: http://192.168.1.3/hr/empannualleaveusagesingereport
URL: http://192.168.1.3/hr/empannualleavetransferonebyones
URL: http://192.168.1.3/hr/empterminationclearancelauncher
URL: http://192.168.1.3/hr/outsourcecompanyworkeddaysreport
URL: http://192.168.1.3/hr/recruitmentresultreportbyvacancy
URL: http://192.168.1.3/hr/certificatesandletters
Input scheme 1
Input name
choice
EmpFullName
EmpID
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/certificatesandletters/experience
URL: http://192.168.1.3/hr/certificatesandletters/certificate
178
URL: http://192.168.1.3/hr/promotionandtransferapplicantlists
URL: http://192.168.1.3/hr/empannualleaveentitlementviewmodels
URL: http://192.168.1.3/hr/disciplinaymeasuretypes
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/edit
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/edit/9
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
179
Measure
URL encoded POST

URL encoded POST
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/delete
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/delete/9
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
180
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/details
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/details/8
URL: http://192.168.1.3/roles
URL: http://192.168.1.3/groups
URL: http://192.168.1.3/inventory
URL: http://192.168.1.3/inventory/uoms
181
URL: http://192.168.1.3/inventory/items
URL: http://192.168.1.3/inventory/stores
URL: http://192.168.1.3/inventory/issues
URL: http://192.168.1.3/inventory/goodreceives
URL: http://192.168.1.3/inventory/storereturns
URL: http://192.168.1.3/inventory/itemcategories
URL: http://192.168.1.3/inventory/itemtransfers
URL: http://192.168.1.3/inventory/purchasereturns
URL: http://192.168.1.3/inventory/stockadjustments
URL: http://192.168.1.3/inventory/storerequisitions
URL: http://192.168.1.3/inventory/purchaserequisitions
URL: http://192.168.1.3/inventory/storeitemassignments
URL: http://192.168.1.3/inventory/departmentcostcenters
URL: http://192.168.1.3/inventory/reportinventory
URL: http://192.168.1.3/inventory/reportinventory/issueitem
182
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/transferitem
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/stockbalance
Input scheme 1
Input name
category
Input type
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/goodsreceive
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitem
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/storereturnitem
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitem
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
183
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitem
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/issueitemexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/issueitemprint
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/transferitemprint
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/transferitemexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/stockbalanceprint
Input scheme 1
Input name
category
Input type
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/stockbalanceexcel
Input scheme 1
Input name
category
Input type
URL encoded GET
184
URL: http://192.168.1.3/inventory/reportinventory/goodsreceiveprint
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/goodsreceiveexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storereturnitemexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storereturnitemprint
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitemprint
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitemexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitemprint
Input scheme 1
Input name
Input type
185
dt1
dt2
URL encoded GET

URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitemexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitemprint
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitemexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/storekeeperassignments
URL: http://192.168.1.3/globaluseraccesslogs
URL: http://192.168.1.3/orgbranchusermappings
URL: http://192.168.1.3/finance
URL: http://192.168.1.3/finance/glledgerposting
URL: http://192.168.1.3/finance/glrecordjournals
URL: http://192.168.1.3/finance/arinvoices
186
URL: http://192.168.1.3/finance/bankaccounts
URL: http://192.168.1.3/finance/bankaccounts/edit
URL: http://192.168.1.3/finance/bankaccounts/edit/14
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
187
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
188
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
189
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
190
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/bankaccounts/delete
URL: http://192.168.1.3/finance/bankaccounts/delete/6
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
191
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/finance/bankaccounts/details
URL: http://192.168.1.3/finance/bankaccounts/details/7
192
URL: http://192.168.1.3/finance/budgetusages
URL: http://192.168.1.3/finance/apsetupitems
URL: http://192.168.1.3/finance/budgetdefines
URL: http://192.168.1.3/finance/budgetmonthlies
URL: http://192.168.1.3/finance/arcustomertypes
193
URL: http://192.168.1.3/finance/arremitaddresses
URL: http://192.168.1.3/finance/appaybleinvoices
URL: http://192.168.1.3/finance/approcurementsuppliers
URL: http://192.168.1.3/finance/budgetallocationandusage
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/budgetallocationandusage/budgetallocationandusageexcel
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/budgetallocationandusage/budgetallocationandusageprint
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reconciliationschedules
URL: http://192.168.1.3/finance/reconcilationbankaccounts
URL: http://192.168.1.3/finance/budgetagainstpreviousyear
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/finance/budgetagainstpreviousyear/budgetyearlyprint
194
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/budgetagainstpreviousyear/budgetyearlyexcel
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reconcilationbookaccounts
URL: http://192.168.1.3/finance/arsetupreceiptbalanceaccounts
URL: http://192.168.1.3/finance/arsetupproductserviceaccounts
URL: http://192.168.1.3/finance/arcustomerprofiles
URL: http://192.168.1.3/finance/gljournalcategoriers
URL: http://192.168.1.3/finance/accountstransactions
Input scheme 1
Input name
CategoryNames
EffectiveDates
JournalReferences
Period
Source
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
page
CategoryNames
EffectiveDates
JournalReferences
Period
Source
Input type
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
195
URL: http://192.168.1.3/finance/accountstransactions/details
URL: http://192.168.1.3/finance/accountstransactions/details/1684
196
197
198
199
200
201
202
URL: http://192.168.1.3/finance/accountstransactions/details/53105-1-00-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11350-1-00-ta0003
URL: http://192.168.1.3/finance/accountstransactions/details/18000-1-00-ba0003
URL: http://192.168.1.3/finance/accountstransactions/details/11110-1-00-ch0055
URL: http://192.168.1.3/finance/accountstransactions/details/11110%20-1-00-ch0055
203
URL: http://192.168.1.3/finance/accountstransactions/details/69050%20-1-00-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11110%20%c2%a0-1-00-ch0055
URL: http://192.168.1.3/finance/accountstransactions/details/11130-1-00-rf0020
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0021
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0001
URL: http://192.168.1.3/finance/accountstransactions/details/21370-1-00-tl0002
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
URL: http://192.168.1.3/finance/accountstransactions/details/63120-1-fs-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11120-1-00-pc0006
204
URL: http://192.168.1.3/finance/accountstransactions/details/12100-1-00-in0004
URL: http://192.168.1.3/finance/accountstransactions/details/30030-1-00-3060gn
URL: http://192.168.1.3/finance/accountstransactions/details/11110-1-00-ch0045
URL: http://192.168.1.3/finance/accountstransactions/details/11320-1-00-y00125
URL: http://192.168.1.3/finance/accountstransactions/details/11499-1-00-pi0000
URL: http://192.168.1.3/finance/accountstransactions/details/11350-1-00-ta0001
URL: http://192.168.1.3/finance/accountstransactions/details/11330-1-00-s00984
URL: http://192.168.1.3/finance/arstandardcollections
URL: http://192.168.1.3/finance/glchartofaccountaccounts
205
URL: http://192.168.1.3/finance/glchartofaccountlocations
URL: http://192.168.1.3/finance/armiscelaneouscollections
URL: http://192.168.1.3/finance/glchartofaccountsubaccounts
URL: http://192.168.1.3/finance/glchartofaccountcostcenters
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly/budgetmonthlyexcel
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly/budgetmonthlyprint
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/gltaxrates
URL: http://192.168.1.3/finance/paymentterms
URL: http://192.168.1.3/finance/glfiscalyears
URL: http://192.168.1.3/finance/glcountrytypes
URL: http://192.168.1.3/finance/paymentmethods
206
URL: http://192.168.1.3/finance/glvatwithholdings
URL: http://192.168.1.3/finance/finsetupcurrencies
URL: http://192.168.1.3/finance/reportfinance
URL: http://192.168.1.3/finance/reportfinance/cashflow
Input scheme 1
Input name
branchCode
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/balancesheet
Input scheme 1
Input name
branchCode
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/supplierlist
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/customerlist
Input scheme 1
Input name
custype
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
custype
page
Input type
URL encoded GET
URL encoded GET
Input scheme 4
Input name
page
custype
Input type
URL encoded GET
URL encoded POST
207
Input scheme 5
Input name
custype
page
custype
Input type
URL encoded GET
URL encoded GET
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/trialbalance
Input scheme 1
Input name
Branch
dt1
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/chartofaccount
Input scheme 1
Input name
Account
AccountType
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/accountanalysis
Input scheme 1
Input name
Category
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/incomestatement
Input scheme 1
Input name
branchCode
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoice
Input scheme 1
Input name
agetype
Input type
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomer
Input scheme 1
Input name
agetype
Input type
URL encoded POST
208
URL: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
Input scheme 1
Input name
acctFrom
acctTo
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/incomestatementbyproject
Input scheme 1
Input name
costcenterCode
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/chartofaccountexcel
Input scheme 1
Input name
AccountType
Input type
URL encoded GET
Input scheme 2
Input name
Account
AccountType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/accountanalysisexcel
URL: http://192.168.1.3/finance/reportfinance/trialbalanceexcel
Input scheme 1
Input name
CostCenter
dt1
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/trialbalanceprint
Input scheme 1
Input name
CostCenter
dt1
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/incomestatementprint
209
Input scheme 1
Input name
dt2
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/customerlistexcel
Input scheme 1
Input name
custype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/customerlistprint
Input scheme 1
Input name
custype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/supplierlistexcel
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/supplierlistprint
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoiceprint
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoiceexcel
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomerprint
Input scheme 1
Input name
agetype
Input type
URL encoded GET
210
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomerexcel
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/accountanalysisbysegmentexcel
URL: http://192.168.1.3/finance/reportfinance/incomestatementbyprojectprint
Input scheme 1
Input name
costcenterCode
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/incomestatementbyprojectexcel
Input scheme 1
Input name
costcenterCode
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/finsetupcurrencyexchanges
URL: http://192.168.1.3/finance/finsetupcashflowconfigurations
URL: http://192.168.1.3/finance/json
URL: http://192.168.1.3/finance/json/fromaccountcode
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/json/toaccountcode
Input scheme 1
Input name
Accounts
Input type
URL encoded POST
211
CostCenter
Location
SubAccount
URL encoded POST

URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/json/description
Input scheme 1
Input name
id
Input type
URL encoded POST
URL: http://192.168.1.3/finance/json/bankaccounts
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/userprofile
URL: http://192.168.1.3/userprofile/mybranches
URL: http://192.168.1.3/payroll
URL: http://192.168.1.3/payroll/pensions
URL: http://192.168.1.3/payroll/payrollbonus
URL: http://192.168.1.3/payroll/payrollprocess
URL: http://192.168.1.3/payroll/emppayrollloans
URL: http://192.168.1.3/payroll/empcontributions
URL: http://192.168.1.3/payroll/emppayrolladavances
212
URL: http://192.168.1.3/payroll/emppayrolladditions
URL: http://192.168.1.3/payroll/empfixedcontributions
URL: http://192.168.1.3/payroll/emppayrolllabourunions
URL: http://192.168.1.3/payroll/emppayrollovertimetwoes
URL: http://192.168.1.3/payroll/emppayrollcalculatebonus
URL: http://192.168.1.3/payroll/emppayrollcreditassociations
URL: http://192.168.1.3/payroll/payrollpayslip
URL: http://192.168.1.3/payroll/payrollreports
URL: http://192.168.1.3/payroll/payrollreports/overtimehours
URL: http://192.168.1.3/payroll/payrollreports/bonusbanksliplist
URL: http://192.168.1.3/payroll/payrollreports/payrollbanksliplist
URL: http://192.168.1.3/payroll/payrollreports/detailreport
URL: http://192.168.1.3/payroll/payrollreports/summaryreport
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreport
Input scheme 1
Input name
period
Input type
URL encoded POST
213
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreport
Input scheme 1
Input name
fyear
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylist
Input scheme 1
Input name
page
Input type
URL encoded GET
URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreport
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelist
Input scheme 1
Input name
period
source
type
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreport
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreportprint
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreportexcel
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreportexcel
214
URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreportexcel
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylistexcel
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylistprint
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreportexcel
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelistprint
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelistexcel
URL: http://192.168.1.3/payroll/payrollperiods
URL: http://192.168.1.3/payroll/overtimetypetwoes
URL: http://192.168.1.3/payroll/payrollpaymentbanks
URL: http://192.168.1.3/payroll/payrollemployeeaccounts
URL: http://192.168.1.3/payroll/payrollcontributiontypes
URL: http://192.168.1.3/payroll/payrollemployeebankaccounts
URL: http://192.168.1.3/globalbranchsetups
215
URL: http://192.168.1.3/fixedasset
URL: http://192.168.1.3/fixedasset/fixedassetgroups
URL: http://192.168.1.3/fixedasset/fixedassetdepreciationsetups
URL: http://192.168.1.3/fixedasset/fixedassetclearingaccountsetups
URL: http://192.168.1.3/fixedasset/usercards
URL: http://192.168.1.3/fixedasset/fixedassetcategories
URL: http://192.168.1.3/fixedasset/fixedassetsubcategories
URL: http://192.168.1.3/fixedasset/fixedassetregistrations
URL: http://192.168.1.3/scripts/
URL: http://192.168.1.3/scripts/etp/
URL: http://192.168.1.3/scripts/etp/jquery.calendars.picker.css
URL: http://192.168.1.3/scripts/etp/jquery.plugin.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.plus.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.picker.js
216
URL: http://192.168.1.3/scripts/etp/jquery.calendars.ethiopian.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.ethiopian-am.js
URL: http://192.168.1.3/scripts/kendo/
URL: http://192.168.1.3/scripts/kendo/2016.1.112/
URL: http://192.168.1.3/scripts/kendo/2016.1.112/jquery.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/jszip.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/kendo.all.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/kendo.aspnetmvc.min.js
URL: http://192.168.1.3/scripts/kendo.modernizr.custom.js
URL: http://192.168.1.3/scripts/jquery.unobtrusive-ajax.js
URL: http://192.168.1.3/scripts/jquery.validate.min.js
URL: http://192.168.1.3/scripts/jquery.validate.unobtrusive.js
URL: http://192.168.1.3/scripts/js.cookie.js
URL: http://192.168.1.3/scripts/matrixscript.js
URL: http://192.168.1.3/scripts/matrixscript1.js
217
URL: http://192.168.1.3/scripts/matrixcommon.js
URL: http://192.168.1.3/scripts/selector.js
URL: http://192.168.1.3/scripts/jquery-1.10.2.min.js
URL: http://192.168.1.3/procurement
URL: http://192.168.1.3/procurement/tenders
URL: http://192.168.1.3/procurement/purchaseorders
URL: http://192.168.1.3/procurement/itempriceindexes
URL: http://192.168.1.3/procurement/procurementplans
URL: http://192.168.1.3/procurement/purchasefollowups
URL: http://192.168.1.3/procurement/proformapurchases
URL: http://192.168.1.3/procurement/procurementsuppliers
URL: http://192.168.1.3/procurement/procurementlcmanagements
URL: http://192.168.1.3/procurement/procurementbankguarantees
URL: http://192.168.1.3/procurement/procurementcpomanagements
URL: http://192.168.1.3/procurement/reportprocurement
218
Input scheme 1
Input name
page
Input type
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/tenderreport
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitem
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitem
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/procurement/reportprocurement/tenderdetails
URL: http://192.168.1.3/procurement/reportprocurement/tenderdetails/9
219
URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitemexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitemprint
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitemexcel
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitemprint
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/getlotdetails
URL: http://192.168.1.3/procurement/reportprocurement/getlotdetails/8
220
221
URL: http://192.168.1.3/procurement/procurementcontractmanagements
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
URL: http://192.168.1.3/procurement/procurementcontractmanagements/edit
URL: http://192.168.1.3/procurement/procurementcontractmanagements/edit/4
URL: http://192.168.1.3/procurement/procurementcontractmanagements/delete
URL: http://192.168.1.3/procurement/procurementcontractmanagements/delete/7
222
URL: http://192.168.1.3/procurement/procurementcontractmanagements/details
URL: http://192.168.1.3/procurement/procurementcontractmanagements/details/7
URL: http://192.168.1.3/procurement/procurementsuppliercategories
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
URL: http://192.168.1.3/procurement/procurementsuppliercategories/edit
URL: http://192.168.1.3/procurement/procurementsuppliercategories/edit/9
223
URL: http://192.168.1.3/procurement/procurementsuppliercategories/delete
URL: http://192.168.1.3/procurement/procurementsuppliercategories/delete/7
URL: http://192.168.1.3/procurement/procurementsuppliercategories/details
URL: http://192.168.1.3/procurement/procurementsuppliercategories/details/4
224
URL: http://192.168.1.3/procurement/procurementannualneedassesments
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
URL: http://192.168.1.3/procurement/procurementannualneedassesments/edit
URL: http://192.168.1.3/procurement/procurementannualneedassesments/edit/13
225
URL: http://192.168.1.3/procurement/procurementannualneedassesments/delete
URL: http://192.168.1.3/procurement/procurementannualneedassesments/delete/14
URL: http://192.168.1.3/procurement/procurementannualneedassesments/details
URL: http://192.168.1.3/procurement/procurementannualneedassesments/details/13
226
URL: http://192.168.1.3/globalorginformations
URL: http://192.168.1.3/fleetmanagement
URL: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
URL: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
227
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype
URL: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter
URL: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition
228
URL: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetequipmentregistrations
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer
URL:
http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard
229
URL:
http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/projectmanagement
URL: http://192.168.1.3/projectmanagement/projectestimationnames
URL: http://192.168.1.3/fonts/
URL: http://192.168.1.3/upload
230

Affected Items PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Affected Items PDF

Uploaded by

Copyright:

Available Formats

Acunetix Website Audit

Generated by Acunetix WVS Reporter (v10.0 Build 20150707)

Microsoft IIS tilde directory enumeration

Acunetix Website Audit

OPTIONS //*~1*/a.aspx?aspxerrorpath=/ HTTP/1.1

HTML form without CSRF protection

Internal server error

Acunetix Website Audit

GET //appaybleinvoices HTTP/1.1

ASP.NET version disclosure

Acunetix Website Audit

GET /|~.aspx HTTP/1.1

Cookie without HttpOnly flag set

Acunetix Website Audit

Cookie without Secure flag set

Acunetix Website Audit

Microsoft IIS version disclosure

Acunetix Website Audit

GET /|~.aspx HTTP/1.1

HTML form without CSRF protection

Acunetix Website Audit

GET /account HTTP/1.1

Email address found

Internal server error

Acunetix Website Audit

POST /account/delete/enanu HTTP/1.1

Internal server error

URL encoded POST input __RequestVerificationToken was set to

Internal server error

Acunetix Website Audit

URL encoded POST input __RequestVerificationToken was set to

Email address found

Internal server error

Acunetix Website Audit

URL encoded POST input __RequestVerificationToken was set to

Internal server error

URL encoded POST input Email was set to

Internal server error

Acunetix Website Audit

URL encoded POST input FirstName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

Internal server error

Acunetix Website Audit

POST /account/edit/enanu HTTP/1.1

Internal server error

URL encoded POST input UserName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

Application error message

Acunetix Website Audit

URL encoded POST input FirstName was set to S0FyZnY3SmVZ

Application error message

URL encoded POST input UserName was set to SXNCTGFobUE3

Internal server error

Acunetix Website Audit

URL encoded POST input __RequestVerificationToken was set to

Internal server error

URL encoded POST input Email was set to

Internal server error

URL encoded POST input FirstName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

Internal server error

Acunetix Website Audit

POST /account/edit/endalamaw HTTP/1.1

Internal server error

URL encoded POST input UserName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??

Application error message

OPTIONS //~1/a.aspx?aspxerrorpath=/ HTTP/1.1