ZAP Full Scan Report

[github-actions]

• Site: https://testphp.vulnweb.com
  New Alerts

  • HTTP Only Site [10106] total: 1:
    • http://testphp.vulnweb.com/cart.php

• Site: http://testphp.vulnweb.com
  New Alerts

  • X-Frame-Options Header Not Set [10020] total: 11:
    • http://testphp.vulnweb.com
    • http://testphp.vulnweb.com/index.php
    • http://testphp.vulnweb.com/login.php
    • http://testphp.vulnweb.com/artists.php
    • http://testphp.vulnweb.com/disclaimer.php
    • ..
  • SQL Injection - MySQL [40019] total: 7:
    • http://testphp.vulnweb.com/artists.php?artist=3
    • http://testphp.vulnweb.com/listproducts.php?artist=3
    • http://testphp.vulnweb.com/userinfo.php
    • http://testphp.vulnweb.com/search.php?test=query
    • http://testphp.vulnweb.com/secured/newuser.php
    • ..
  • User Agent Fuzzer [10104] total: 20:
    • http://testphp.vulnweb.com/AJAX
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1
    • http://testphp.vulnweb.com/userinfo.php
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1
    • http://testphp.vulnweb.com/sitemap.xml
    • ..
  • SQL Injection [40018] total: 7:
    • http://testphp.vulnweb.com/listproducts.php?cat=4+AND+1%3D1+--+
    • http://testphp.vulnweb.com/listproducts.php?artist=3+AND+1%3D1+--+
    • http://testphp.vulnweb.com/userinfo.php
    • http://testphp.vulnweb.com/artists.php?artist=5-2
    • http://testphp.vulnweb.com/userinfo.php
    • ..
  • Information Disclosure - Suspicious Comments [10027] total: 1:
    • http://testphp.vulnweb.com/AJAX/index.php
  • Charset Mismatch (Header Versus Meta Content-Type Charset) [90011] total: 11:
    • http://testphp.vulnweb.com/login.php
    • http://testphp.vulnweb.com/disclaimer.php
    • http://testphp.vulnweb.com/cart.php
    • http://testphp.vulnweb.com/guestbook.php
    • http://testphp.vulnweb.com
    • ..
  • Server Leaks Version Information via "Server" HTTP Response Header Field [10036] total: 11:
    • http://testphp.vulnweb.com/categories.php
    • http://testphp.vulnweb.com/AJAX/index.php
    • http://testphp.vulnweb.com
    • http://testphp.vulnweb.com/guestbook.php
    • http://testphp.vulnweb.com/robots.txt
    • ..
  • Apache Range Header DoS (CVE-2011-3192) [10053] total: 8:
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/images/2.jpg
    • http://testphp.vulnweb.com/secured/style.css
    • http://testphp.vulnweb.com/AJAX/styles.css
    • http://testphp.vulnweb.com/images/logo.gif
    • http://testphp.vulnweb.com/images/remark.gif
    • ..
  • Anti-CSRF Tokens Check [20012] total: 20:
    • http://testphp.vulnweb.com/
    • http://testphp.vulnweb.com/hpp/?pp=12
    • http://testphp.vulnweb.com/guestbook.php
    • http://testphp.vulnweb.com/product.php?pic=6
    • http://testphp.vulnweb.com/guestbook.php
    • ..
  • Reverse Tabnabbing [10108] total: 1:
    • http://testphp.vulnweb.com/disclaimer.php
  • Modern Web Application [10109] total: 9:
    • http://testphp.vulnweb.com/artists.php?artist=3
    • http://testphp.vulnweb.com/listproducts.php?artist=1
    • http://testphp.vulnweb.com/listproducts.php?artist=2
    • http://testphp.vulnweb.com/listproducts.php?cat=2
    • http://testphp.vulnweb.com/artists.php
    • ..
  • Cross Site Scripting (Reflected) [40012] total: 14:
    • http://testphp.vulnweb.com/search.php?test=query
    • http://testphp.vulnweb.com/secured/newuser.php
    • http://testphp.vulnweb.com/guestbook.php
    • http://testphp.vulnweb.com/hpp/?pp=javascript%3Aalert%281%29%3B
    • http://testphp.vulnweb.com/hpp/params.php?p=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&pp=12
    • ..
  • X-Content-Type-Options Header Missing [10021] total: 11:
    • http://testphp.vulnweb.com/disclaimer.php
    • http://testphp.vulnweb.com/cart.php
    • http://testphp.vulnweb.com
    • http://testphp.vulnweb.com/categories.php
    • http://testphp.vulnweb.com/guestbook.php
    • ..
  • Absence of Anti-CSRF Tokens [10202] total: 11:
    • http://testphp.vulnweb.com/categories.php
    • http://testphp.vulnweb.com/guestbook.php
    • http://testphp.vulnweb.com/login.php
    • http://testphp.vulnweb.com
    • http://testphp.vulnweb.com/guestbook.php
    • ..
  • XSLT Injection [90017] total: 2:
    • http://testphp.vulnweb.com/showimage.php?file=%3Cxsl%3Avalue-of+select%3D%22document%28%27http%3A%2F%2Ftestphp.vulnweb.com%3A22%27%29%22%2F%3E&size=160
    • http://testphp.vulnweb.com/showimage.php?file=%3Cxsl%3Avalue-of+select%3D%22document%28%27http%3A%2F%2Ftestphp.vulnweb.com%3A22%27%29%22%2F%3E
  • Trace.axd Information Leak [40029] total: 6:
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/web-camera-a4tech/2/trace.axd
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/trace.axd
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/trace.axd
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/trace.axd
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/trace.axd
    • ..
  • Backup File Disclosure [10095] total: 14:
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-3%20-%20Copy%20(2).html
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-1backup.html
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-2%20-%20Copy%20(3).html
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/RateProduct-2%20-%20Copy%20(2).html
    • http://testphp.vulnweb.com/index.zip
    • ..
  • Content Security Policy (CSP) Header Not Set [10038] total: 11:
    • http://testphp.vulnweb.com
    • http://testphp.vulnweb.com/index.php
    • http://testphp.vulnweb.com/categories.php
    • http://testphp.vulnweb.com/
    • http://testphp.vulnweb.com/AJAX/index.php
    • ..
  • Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] total: 11:
    • http://testphp.vulnweb.com/guestbook.php
    • http://testphp.vulnweb.com/disclaimer.php
    • http://testphp.vulnweb.com/AJAX/index.php
    • http://testphp.vulnweb.com/categories.php
    • http://testphp.vulnweb.com/
    • ..
  • .htaccess Information Leak [40032] total: 7:
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/.htaccess
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/.htaccess
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/.htaccess
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/.htaccess
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/.htaccess
    • ..
  • User Controllable HTML Element Attribute (Potential XSS) [10031] total: 3:
    • http://testphp.vulnweb.com/guestbook.php
    • http://testphp.vulnweb.com/search.php?test=query
    • http://testphp.vulnweb.com/search.php?test=query
  • .env Information Leak [40034] total: 6:
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-1/.env
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-3/.env
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/color-printer/3/.env
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/Details/network-attached-storage-dlink/1/.env
    • http://testphp.vulnweb.com/Mod_Rewrite_Shop/BuyProduct-2/.env
    • ..
  • Cross-Domain Misconfiguration - Adobe - Read [20016] total: 1:
    • http://testphp.vulnweb.com/crossdomain.xml
  • Remote File Inclusion [7] total: 2:
    • http://testphp.vulnweb.com/showimage.php?file=http%3A%2F%2Fwww.google.com%2F&size=160
    • http://testphp.vulnweb.com/showimage.php?file=http%3A%2F%2Fwww.google.com%2F
  • Cross Site Scripting (Reflected) [40012] total: 2:
    • http://testphp.vulnweb.com/showimage.php?file=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E
    • http://testphp.vulnweb.com/showimage.php?file=%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&size=160
  • GET for POST [10058] total: 1:
    • http://testphp.vulnweb.com/cart.php
  • Source Code Disclosure - File Inclusion [43] total: 2:
    • http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12
    • http://testphp.vulnweb.com/hpp/params.php?p=valid&pp=12

View the following link to download the report.
RunnerID:479400957