Remove media menu option and verify route handling
This commit is contained in:
72
docs/pentest_results.txt
Normal file
72
docs/pentest_results.txt
Normal file
@@ -0,0 +1,72 @@
|
||||
🔒 CodePress CMS Penetration Test
|
||||
Target: http://localhost:8080
|
||||
Date: wo 26 nov 2025 22:16:29 CET
|
||||
========================================
|
||||
|
||||
1. XSS VULNERABILITY TESTS
|
||||
----------------------------
|
||||
[SAFE] XSS in page parameter - Attack blocked
|
||||
[SAFE] XSS in search parameter - Attack blocked
|
||||
[SAFE] XSS in lang parameter - Attack blocked
|
||||
[SAFE] XSS with HTML entities - Attack blocked
|
||||
[SAFE] XSS with SVG - Attack blocked
|
||||
[SAFE] XSS with IMG tag - Attack blocked
|
||||
|
||||
2. PATH TRAVERSAL TESTS
|
||||
------------------------
|
||||
[SAFE] Path traversal - basic - Attack blocked
|
||||
[SAFE] Path traversal - URL encoded - Attack blocked
|
||||
[SAFE] Path traversal - double encoding - Attack blocked
|
||||
[SAFE] Path traversal - backslash - Attack blocked
|
||||
[SAFE] Path traversal - mixed separators - Attack blocked
|
||||
[SAFE] Path traversal - config access - Attack blocked
|
||||
|
||||
3. PHP CODE INJECTION TESTS
|
||||
----------------------------
|
||||
[SAFE] PHP wrapper - base64 - Attack blocked
|
||||
[SAFE] Data URI PHP execution - Attack blocked
|
||||
[SAFE] Expect wrapper - Attack blocked
|
||||
|
||||
4. NULL BYTE INJECTION TESTS
|
||||
-----------------------------
|
||||
[SAFE] Null byte in page - Attack blocked
|
||||
[SAFE] Null byte bypass extension - Pattern not found
|
||||
|
||||
5. COMMAND INJECTION TESTS
|
||||
---------------------------
|
||||
[SAFE] Command injection in search - Attack blocked
|
||||
[SAFE] Command injection with backticks - Attack blocked
|
||||
[SAFE] Command injection with pipe - Attack blocked
|
||||
|
||||
6. TEMPLATE INJECTION TESTS
|
||||
----------------------------
|
||||
[SAFE] Mustache SSTI - basic - Attack blocked
|
||||
[SAFE] Mustache SSTI - complex - Attack blocked
|
||||
|
||||
7. HTTP HEADER INJECTION TESTS
|
||||
-------------------------------
|
||||
[SAFE] CRLF injection - Header injection blocked
|
||||
|
||||
8. INFORMATION DISCLOSURE TESTS
|
||||
--------------------------------
|
||||
[SAFE] PHP version hidden
|
||||
[SAFE] Directory listing - Attack blocked
|
||||
[SAFE] Config file access - Attack blocked
|
||||
[SAFE] Composer dependencies - Attack blocked
|
||||
|
||||
9. SECURITY HEADERS CHECK
|
||||
--------------------------
|
||||
[PRESENT] X-Frame-Options header
|
||||
[PRESENT] Content-Security-Policy header
|
||||
[PRESENT] X-Content-Type-Options header
|
||||
|
||||
10. DOS VULNERABILITY TESTS
|
||||
---------------------------
|
||||
[SAFE] Large parameter DOS - Server handled large parameter gracefully (200)
|
||||
|
||||
PENETRATION TEST SUMMARY
|
||||
=========================
|
||||
|
||||
Total tests: 31
|
||||
Vulnerabilities found: 0
|
||||
Safe tests: 31
|
||||
Reference in New Issue
Block a user