CodePress/pentest_results.txt

🔒 CodePress CMS Penetration Test
Target: http://localhost:8080
Date: wo 26 nov 2025 17:07:29 CET
========================================

1. XSS VULNERABILITY TESTS
----------------------------
[SAFE] XSS in page parameter - Attack blocked
[SAFE] XSS in search parameter - Attack blocked
[SAFE] XSS in lang parameter - Attack blocked
[SAFE] XSS with HTML entities - Attack blocked
[SAFE] XSS with SVG - Attack blocked
[SAFE] XSS with IMG tag - Attack blocked

2. PATH TRAVERSAL TESTS
------------------------
[SAFE] Path traversal - basic - Attack blocked
[SAFE] Path traversal - URL encoded - Attack blocked
[SAFE] Path traversal - double encoding - Attack blocked
[SAFE] Path traversal - backslash - Attack blocked
[SAFE] Path traversal - mixed separators - Attack blocked
[SAFE] Path traversal - config access - Attack blocked

3. PHP CODE INJECTION TESTS
----------------------------
[SAFE] PHP wrapper - base64 - Attack blocked
[SAFE] Data URI PHP execution - Attack blocked
[SAFE] Expect wrapper - Attack blocked

4. NULL BYTE INJECTION TESTS
-----------------------------
[SAFE] Null byte in page - Attack blocked
[UNKNOWN] Null byte bypass extension - Unexpected response

5. COMMAND INJECTION TESTS
---------------------------
[SAFE] Command injection in search - Attack blocked
[SAFE] Command injection with backticks - Attack blocked
[SAFE] Command injection with pipe - Attack blocked

6. TEMPLATE INJECTION TESTS
----------------------------
[SAFE] Mustache SSTI - basic - Attack blocked
[SAFE] Mustache SSTI - complex - Attack blocked

7. HTTP HEADER INJECTION TESTS
-------------------------------
[SAFE] CRLF injection - Header injection blocked

8. INFORMATION DISCLOSURE TESTS
--------------------------------
[SAFE] PHP version hidden
[SAFE] Directory listing - Attack blocked
[SAFE] Config file access - Attack blocked
[SAFE] Composer dependencies - Attack blocked

9. SECURITY HEADERS CHECK
--------------------------
[MISSING] X-Frame-Options header
[MISSING] Content-Security-Policy header
[MISSING] X-Content-Type-Options header

10. DOS VULNERABILITY TESTS
---------------------------
[SAFE] Large parameter DOS - Rejected with 000

PENETRATION TEST SUMMARY
=========================

Total tests: 30
Vulnerabilities found: 3
Safe tests: 27