CodePress/pentest_results.txt

🔒 CodePress CMS Penetration Test
Target: http://localhost:8080
Date: wo 26 nov 2025 22:16:29 CET
========================================

1. XSS VULNERABILITY TESTS
----------------------------
[SAFE] XSS in page parameter - Attack blocked
[SAFE] XSS in search parameter - Attack blocked
[SAFE] XSS in lang parameter - Attack blocked
[SAFE] XSS with HTML entities - Attack blocked
[SAFE] XSS with SVG - Attack blocked
[SAFE] XSS with IMG tag - Attack blocked

2. PATH TRAVERSAL TESTS
------------------------
[SAFE] Path traversal - basic - Attack blocked
[SAFE] Path traversal - URL encoded - Attack blocked
[SAFE] Path traversal - double encoding - Attack blocked
[SAFE] Path traversal - backslash - Attack blocked
[SAFE] Path traversal - mixed separators - Attack blocked
[SAFE] Path traversal - config access - Attack blocked

3. PHP CODE INJECTION TESTS
----------------------------
[SAFE] PHP wrapper - base64 - Attack blocked
[SAFE] Data URI PHP execution - Attack blocked
[SAFE] Expect wrapper - Attack blocked

4. NULL BYTE INJECTION TESTS
-----------------------------
[SAFE] Null byte in page - Attack blocked
[SAFE] Null byte bypass extension - Pattern not found

5. COMMAND INJECTION TESTS
---------------------------
[SAFE] Command injection in search - Attack blocked
[SAFE] Command injection with backticks - Attack blocked
[SAFE] Command injection with pipe - Attack blocked

6. TEMPLATE INJECTION TESTS
----------------------------
[SAFE] Mustache SSTI - basic - Attack blocked
[SAFE] Mustache SSTI - complex - Attack blocked

7. HTTP HEADER INJECTION TESTS
-------------------------------
[SAFE] CRLF injection - Header injection blocked

8. INFORMATION DISCLOSURE TESTS
--------------------------------
[SAFE] PHP version hidden
[SAFE] Directory listing - Attack blocked
[SAFE] Config file access - Attack blocked
[SAFE] Composer dependencies - Attack blocked

9. SECURITY HEADERS CHECK
--------------------------
[PRESENT] X-Frame-Options header
[PRESENT] Content-Security-Policy header
[PRESENT] X-Content-Type-Options header

10. DOS VULNERABILITY TESTS
---------------------------
[SAFE] Large parameter DOS - Server handled large parameter gracefully (200)

PENETRATION TEST SUMMARY
=========================

Total tests: 31
Vulnerabilities found: 0
Safe tests: 31