Files
CodePress/docs/pentest_results.txt

73 lines
2.2 KiB
Plaintext

🔒 CodePress CMS Penetration Test
Target: http://localhost:8080
Date: wo 26 nov 2025 22:16:29 CET
========================================
1. XSS VULNERABILITY TESTS
----------------------------
[SAFE] XSS in page parameter - Attack blocked
[SAFE] XSS in search parameter - Attack blocked
[SAFE] XSS in lang parameter - Attack blocked
[SAFE] XSS with HTML entities - Attack blocked
[SAFE] XSS with SVG - Attack blocked
[SAFE] XSS with IMG tag - Attack blocked
2. PATH TRAVERSAL TESTS
------------------------
[SAFE] Path traversal - basic - Attack blocked
[SAFE] Path traversal - URL encoded - Attack blocked
[SAFE] Path traversal - double encoding - Attack blocked
[SAFE] Path traversal - backslash - Attack blocked
[SAFE] Path traversal - mixed separators - Attack blocked
[SAFE] Path traversal - config access - Attack blocked
3. PHP CODE INJECTION TESTS
----------------------------
[SAFE] PHP wrapper - base64 - Attack blocked
[SAFE] Data URI PHP execution - Attack blocked
[SAFE] Expect wrapper - Attack blocked
4. NULL BYTE INJECTION TESTS
-----------------------------
[SAFE] Null byte in page - Attack blocked
[SAFE] Null byte bypass extension - Pattern not found
5. COMMAND INJECTION TESTS
---------------------------
[SAFE] Command injection in search - Attack blocked
[SAFE] Command injection with backticks - Attack blocked
[SAFE] Command injection with pipe - Attack blocked
6. TEMPLATE INJECTION TESTS
----------------------------
[SAFE] Mustache SSTI - basic - Attack blocked
[SAFE] Mustache SSTI - complex - Attack blocked
7. HTTP HEADER INJECTION TESTS
-------------------------------
[SAFE] CRLF injection - Header injection blocked
8. INFORMATION DISCLOSURE TESTS
--------------------------------
[SAFE] PHP version hidden
[SAFE] Directory listing - Attack blocked
[SAFE] Config file access - Attack blocked
[SAFE] Composer dependencies - Attack blocked
9. SECURITY HEADERS CHECK
--------------------------
[PRESENT] X-Frame-Options header
[PRESENT] Content-Security-Policy header
[PRESENT] X-Content-Type-Options header
10. DOS VULNERABILITY TESTS
---------------------------
[SAFE] Large parameter DOS - Server handled large parameter gracefully (200)
PENETRATION TEST SUMMARY
=========================
Total tests: 31
Vulnerabilities found: 0
Safe tests: 31