Penetration testing of https://ris.ucll.be/
It looks like the host is running on Azure since the ports are open by default 1221 and 8172. This is also indicated by the fingerprint Microsoft Azure Web App
. The Python webserver being used is Gunicorn, it is a Unix based server, so the host system is most likely Linux, not Mac.
80/tcp open http 443/tcp open https 1221/tcp open sweetware-apps 4022/tcp open dnox 4024/tcp open tnp1-port 8172/tcp open unknown
Port 1221 has existing exploits, but only for windows machines
It is worth noting that there might be some issues with Gunicorn
Scanning gunicorn with a python dependency vulnerability scanner safety resulted in:
Tested 5 dependencies for known security issues using default Safety CLI policies
0 security issues found, 0 fixes suggested
(27 vulnerabilities were ignored due to project policy)
Looking for nested directions yielded no results.
Using ZAP produced several warnings on the website. Paths under: /auth/login auth/register auth/request-reset-password /robots.txt /sitemap.xml
are all missing a content security policy, this may expose the website to a XSS vulnerability. While the login screen is likely to not pose any threat to the website, I cannot be sure about the structure of the inner website, but if there are warnings here, there might be similar issues elsewhere.
It also found a missing anti click-jacking header in /auth/login auth/register auth/request-reset-password
Checking for SQL injections with the --dbs flag to only enumerate table names, SQL Map cannot find any injectable fields.
Found paths: /Sources/ /code/ /data/ /profile/ report/ /user
All of these require a login to access.
Returned nothing, the website is safe against problems that come from errors generated by SQL queries.
Returned nothing, tested various SQL injections.
Website is not vulnerable to remote code execution.
Not vulnerable
A Python vulnerability was detected, but the website is not running Netsweeper so it is not vulnerable.
Python code injection, the target appears to be vulnerable. but the required ports 9666 and 8000 are closed, so the session was not created.
Port 80/443 vulnerability failed
They fail to bind to ports. I cannot test this further, as that would cause instability.
Failed to connect to the targeturi.
Disconnected by the website
Fails to bind
Fails to bind
Not running Aerohive
Not running cacti
Not using Symantec
Failed to upload file
Failed to access the URL
The target is not vulnerable.
The target is not vulnerable.
The target is not vulnerable
Does not run Ivanti