ZAP Scanning Report - TechnicallyRight.Net

Audit by: Sudo Science

Site: http://technicallyright.net

Generated on Wed, 19 Jan 2022 16:52:41

Summary of Alerts

Risk Level Number of Alerts
High
0
Medium
3
Low
4
Informational
1

Alerts

Name Risk Level Number of Instances
Directory Browsing Medium 11
Missing Anti-clickjacking Header Medium 2
Vulnerable JS Library Medium 2
Absence of Anti-CSRF Tokens Low 2
Cross-Domain JavaScript Source File Inclusion Low 8
Timestamp Disclosure - Unix Low 51
X-Content-Type-Options Header Missing Low 19
Information Disclosure - Suspicious Comments Informational 6

Alert Detail

Medium
Directory Browsing
Description
It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files, backup source files, etc. which can be accessed to read sensitive information.
URL http://technicallyright.net/css/
Method GET
Parameter
Attack http://technicallyright.net/css/
Evidence Parent Directory
URL http://technicallyright.net/img/
Method GET
Parameter
Attack http://technicallyright.net/img/
Evidence Parent Directory
URL http://technicallyright.net/js/
Method GET
Parameter
Attack http://technicallyright.net/js/
Evidence Parent Directory
URL http://technicallyright.net/vendor/
Method GET
Parameter
Attack http://technicallyright.net/vendor/
Evidence Parent Directory
URL http://technicallyright.net/vendor/bootstrap/
Method GET
Parameter
Attack http://technicallyright.net/vendor/bootstrap/
Evidence Parent Directory
URL http://technicallyright.net/vendor/bootstrap/css/
Method GET
Parameter
Attack http://technicallyright.net/vendor/bootstrap/css/
Evidence Parent Directory
URL http://technicallyright.net/vendor/bootstrap/js/
Method GET
Parameter
Attack http://technicallyright.net/vendor/bootstrap/js/
Evidence Parent Directory
URL http://technicallyright.net/vendor/font-awesome/
Method GET
Parameter
Attack http://technicallyright.net/vendor/font-awesome/
Evidence Parent Directory
URL http://technicallyright.net/vendor/font-awesome/css/
Method GET
Parameter
Attack http://technicallyright.net/vendor/font-awesome/css/
Evidence Parent Directory
URL http://technicallyright.net/vendor/font-awesome/fonts/
Method GET
Parameter
Attack http://technicallyright.net/vendor/font-awesome/fonts/
Evidence Parent Directory
URL http://technicallyright.net/vendor/jquery/
Method GET
Parameter
Attack http://technicallyright.net/vendor/jquery/
Evidence Parent Directory
Instances 11
Solution
Disable directory browsing. If this is required, make sure the listed files does not induce risks.
Reference http://httpd.apache.org/docs/mod/core.html#options
http://alamo.satlug.org/pipermail/satlug/2002-February/000053.html
CWE Id 548
WASC Id 48
Plugin Id 0
Medium
Missing Anti-clickjacking Header
Description
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
URL http://technicallyright.net
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL http://technicallyright.net/
Method GET
Parameter X-Frame-Options
Attack
Evidence
Instances 2
Solution
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
CWE Id 1021
WASC Id 15
Plugin Id 10020
Medium
Vulnerable JS Library
Description
The identified library jquery, version 1.12.4 is vulnerable.
URL http://technicallyright.net/vendor/bootstrap/js/bootstrap.min.js
Method GET
Parameter
Attack
Evidence * Bootstrap v3.3.7
URL http://technicallyright.net/vendor/jquery/jquery.min.js
Method GET
Parameter
Attack
Evidence /*! jQuery v1.12.4
Instances 2
Solution
Please upgrade to the latest version of jquery.
Reference https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
http://research.insecurelabs.org/jquery/test/
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://bugs.jquery.com/ticket/11974
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
CWE Id 829
WASC Id
Plugin Id 10003
Low
Absence of Anti-CSRF Tokens
Description
No Anti-CSRF tokens were found in a HTML submission form.

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

CSRF attacks are effective in a number of situations, including:

* The victim has an active session on the target site.

* The victim is authenticated via HTTP auth on the target site.

* The victim is on the same local network as the target site.

CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
URL http://technicallyright.net
Method GET
Parameter
Attack
Evidence <form name="sentMessage" id="contactForm" novalidate>
URL http://technicallyright.net/
Method GET
Parameter
Attack
Evidence <form name="sentMessage" id="contactForm" novalidate>
Instances 2
Solution
Phase: Architecture and Design

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, use anti-CSRF packages such as the OWASP CSRFGuard.

Phase: Implementation

Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

Phase: Architecture and Design

Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

Note that this can be bypassed using XSS.

Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

Note that this can be bypassed using XSS.

Use the ESAPI Session Management control.

This control includes a component for CSRF.

Do not use the GET method for any request that triggers a state change.

Phase: Implementation

Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
Reference http://projects.webappsec.org/Cross-Site-Request-Forgery
http://cwe.mitre.org/data/definitions/352.html
CWE Id 352
WASC Id 9
Plugin Id 10202
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL http://technicallyright.net
Method GET
Parameter http://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js
Attack
Evidence <script src="http://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js"></script>
URL http://technicallyright.net
Method GET
Parameter https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
Attack
Evidence <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
URL http://technicallyright.net
Method GET
Parameter https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js
Attack
Evidence <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
URL http://technicallyright.net
Method GET
Parameter https://www.google.com/recaptcha/api.js?render=_reCAPTCHA_site_key
Attack
Evidence <script src="https://www.google.com/recaptcha/api.js?render=_reCAPTCHA_site_key"></script>
URL http://technicallyright.net/
Method GET
Parameter http://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js
Attack
Evidence <script src="http://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js"></script>
URL http://technicallyright.net/
Method GET
Parameter https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
Attack
Evidence <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
URL http://technicallyright.net/
Method GET
Parameter https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js
Attack
Evidence <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
URL http://technicallyright.net/
Method GET
Parameter https://www.google.com/recaptcha/api.js?render=_reCAPTCHA_site_key
Attack
Evidence <script src="https://www.google.com/recaptcha/api.js?render=_reCAPTCHA_site_key"></script>
Instances 8
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server - Unix
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000000009
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000000035
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000000058
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000229685
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000230157
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000230184
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000230208
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000430653
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000431131
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000431158
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000431182
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000442959
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000443438
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000443465
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000443489
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000510808
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000511286
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000515329
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000515407
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000515570
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000519460
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000519538
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000519702
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000523895
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000523973
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000524137
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000528030
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000528108
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000528272
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000529700
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000530597
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000530634
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000530653
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000531632
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000532132
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000532170
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000532190
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000532580
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000532612
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000532651
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000532671
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000533061
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000533089
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000533127
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000533147
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000533227
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter
Attack
Evidence 0000533276
URL http://technicallyright.net/vendor/bootstrap/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence 33333333
URL http://technicallyright.net/vendor/bootstrap/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence 42857143
URL http://technicallyright.net/vendor/bootstrap/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence 66666667
URL http://technicallyright.net/vendor/bootstrap/css/bootstrap.min.css
Method GET
Parameter
Attack
Evidence 80000000
Instances 51
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference http://projects.webappsec.org/w/page/13246936/Information%20Leakage
CWE Id 200
WASC Id 13
Plugin Id 10096
Low
X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL http://technicallyright.net
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/css/freelancer.min.css
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/img/hacker-anonymous-256x256.jpg
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/img/jackoftradeapps.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/img/jmmussells.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/img/penski.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/img/RoseHillRehab.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/img/sergis1.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/img/whonet.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/js/contact_me.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/js/freelancer.min.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/js/jqBootstrapValidation.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/PetersRobertF-CV-2022.pdf
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/vendor/bootstrap/css/bootstrap.min.css
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/vendor/bootstrap/js/bootstrap.min.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/vendor/font-awesome/css/font-awesome.min.css
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/vendor/font-awesome/fonts/fontawesome-webfont.woff2?v=4.6.3
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL http://technicallyright.net/vendor/jquery/jquery.min.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
Instances 19
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://owasp.org/www-community/Security_Headers
CWE Id 693
WASC Id 15
Plugin Id 10021
Informational
Information Disclosure - Suspicious Comments
Description
The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
URL http://technicallyright.net/js/contact_me.js
Method GET
Parameter
Attack
Evidence from
URL http://technicallyright.net/js/contact_me.js
Method GET
Parameter
Attack
Evidence later
URL http://technicallyright.net/js/jqBootstrapValidation.js
Method GET
Parameter
Attack
Evidence from
URL http://technicallyright.net/js/jqBootstrapValidation.js
Method GET
Parameter
Attack
Evidence select
URL http://technicallyright.net/vendor/jquery/jquery.min.js
Method GET
Parameter
Attack
Evidence db
URL http://technicallyright.net/vendor/jquery/jquery.min.js
Method GET
Parameter
Attack
Evidence select
Instances 6
Solution
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10027