This report holds the results of the Web Penetration Testing performed on uKnowva web application by the SecIQ security team. The details about each task and our findings have been consolidated for this Executive Summary.
Executive Summary :
- The uKnowva web application was identified to have no open vulnerabilities.
Findings Summary:
Sr.No |
Category Name |
Vulnerability Name |
Instances |
Status |
Severity |
1 |
Injection/ Vulnerable Outdated Components |
SQL Injection Via Vulnerable Plugin |
Nil |
Closed |
Critical |
2 |
Broken Access Control |
Insecure Direct Object Reference |
9 |
Closed |
High |
3 |
Lack of Resources and Rate Limiting |
Login Brute force |
1 |
Closed |
High |
4 |
Injection |
Open Redirection |
1 |
Closed |
High |
5 |
Broken Access Control/ Injection |
Parameter Pollution |
2 |
Closed |
High |
6 |
Injection |
Stored Cross Site Scripting |
10 |
Closed |
High |
7 |
Identification and Authentication Failures |
Cookie Reusability |
1 |
Closed |
Medium |
8 |
Injection |
Cross site Scripting via File Upload |
9 |
Closed |
Medium |
9 |
Lack of Resources and Rate Limiting |
Email Flooding |
1 |
Closed |
Medium |
10 |
Security Misconfiguration |
.Git Folder Exposure |
1 |
Closed |
Medium |
11 |
Security Misconfiguration/ Broken Access Control |
Information Exposure Via Log file |
3 |
Closed |
Medium |
12 |
Injection |
Reflected Cross Site Scripting |
2 |
Closed |
Medium |
13 |
Security Misconfiguration |
Cacheable HTTPS response |
2 |
Closed |
Low |
14 |
Security Misconfiguration |
Clickjacking |
1 |
Closed |
Low |
15 |
Security Misconfiguration |
Cookie Set without HTTP Only Flag |
1 |
Closed |
Low |
16 |
Security Misconfiguration |
HTTP Trace Method is Enabled |
1 |
Closed |
Low |
17 |
Security Misconfiguration |
Session Token in URL |
3 |
Closed |
Low |
18 |
Security Misconfiguration |
Vulnerable JavaScript Dependency |
1 |
Closed |
Low |
In case you face any problems, then please write to This email address is being protected from spambots. You need JavaScript enabled to view it. , our awesome support team will surely help you!