List of risks
Risk Name |
Description |
---|---|
tempScriptDownload | It is possible to download temporary script files, which may expose the application logic and other sensitive information such as usernames and passwords. |
sourceCodeDisclosure | It is possible to retrieve the source code of server-side scripts, which may expose the application logic and other sensitive information such as usernames and passwords. |
pathDisclosure | It is possible to retrieve the absolute path of the web server installation, which may help an attacker to develop further attacks and to gain information about the file system structure of the web application. |
directoryListing | It is possible to view and download the contents of certain web application virtual directories, which may contain restricted files. |
envVariablesExposure | It is possible to expose server environment variables, which may help an attacker to develop further attacks against the web application. |
anyFileDownload | It is possible to view the contents of any file (e.g. databases, user information or configuration files) on the web server (under the permission restrictions of the web server user). |
userImpersonation | It is possible to steal customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user. |
remoteCommandExecution | It is possible to execute remote commands on the web server. This usually means complete compromise of the server and its contents. |
cacheFilesDownload | It is possible to view the contents of cache files, which may contain sensitive information regarding the web application. |
debugErrorInformation | It is possible to gather sensitive debugging information. |
eShoplifting | It is possible to steal goods or services (eShoplifting). |
denialOfService | It is possible to prevent the web application from serving other users (denial of service). |
privilegeEscalation | It is possible to escalate user privileges and gain administrative permissions over the web application. |
genericWorstCase | It is possible to undermine application logic. |
configurationFile Downloadable |
It is possible to download or view the contents of a configuration file, which may contain vital information such as usernames and passwords. |
sensitiveInformation | It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations. |
genericWorstCaseJavaScript™ | It is possible to exploit JavaScript™; the extent of the risk depends on the context of the page modified at the client side. |
genericWorstCaseJSCookie | It is possible to exploit JSCookie code; the extent of the risk depends on the context and role of the cookies that are created at the client side. |
emailSpoofing | It is possible to send emails through your web application, using spoofed email addresses. |
siteDefacement | It is possible to upload, modify or delete web pages, scripts and files on the web server. |
databaseManipulations | It is possible to view, modify or delete database entries and tables (SQL Injection). |
authBypass | It is possible to bypass the web application's authentication mechanism. |
siteStructureRevealed | It is possible to retrieve information about the site's file system structure, which may help the attacker to map the website. |
publisherInformation Revealed |
It is possible to retrieve sensitive FrontPage publishing information. |
dataResourceDownload | It is possible to access information stored in a sensitive data resource. |
sensitiveNotOverSSL | It is possible to steal sensitive data such as credit card numbers, social security numbers etc. that are sent unencrypted. |
loginNotOverSSL | It is possible to steal user login information such as usernames and password that are sent unencrypted. |
unsecureCookieInSSL | It is possible to steal user and session information (cookies) that was sent during an encrypted session. |
sessionCookieNotRAM | It is possible to steal session information (cookies) that was kept on disk as permanent cookies. |
phishing | It is possible to persuade a naive user to supply sensitive information such as username, password, credit card number, social security number etc. |
cachePoisoning | It is possible to deface the site content through web-cache poisoning. |
attackFacilitation | It is possible for an attacker to use the web server to attack other sites, which increases his or her anonymity. |
maliciousContent | n/a |
clientCodeExecution | It is possible to execute arbitrary code on the Web application's clients. |
siteImpersonation | Using additional attack vectors, it is possible for a malicious attacker to impersonate this site. |