Computer Generations

Acunetix Website Audit
7 June, 2016
Developer Report
Generated by Acunetix WVS Reporter (v10.0 Build 20150707)
Scan of http://192.168.1.3:80/
Scan details
Scan information
Start time
Finish time
Scan time
Profile
Server information
Responsive
Server banner
Server OS
Server technologies
6/6/2016 5:59:47 PM
6/7/2016 9:07:29 AM
15 hours, 7 minutes
Default
True
Microsoft-IIS/8.5
Windows
ASP.NET
Threat level
Acunetix Threat Level 3
One or more high-severity type vulnerabilities have been discovered by the scanner. A malicious user
can exploit these vulnerabilities and compromise the backend database and/or deface your website.
Alerts distribution
Total alerts found
High
Medium
227
1
188
Low
14
Informational
24
Knowledge base
List of file extensions
File extensions can provide information on what technologies are being used on this website.
List of file extensions detected:
- css => 14 file(s)
- js => 34 file(s)
Top 10 response times
The files listed below had the slowest response times measured during the crawling process. The average response time for this site
was 54.78 ms. These files could be targetted in denial of service attacks.
1. /projectmanagement/projectestimationnames, response time 5710 ms
GET /projectmanagement/projectestimationnames HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer: http://192.168.1.3/
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts
Cookie: __RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uELYgh-lzhQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; awwce-MyCookieName-2016erp=cpz7wQaqqFuFXgInUE2X0DQiZBwaY6QB9TuAr-UWqZdWCUHraYBu4Uu9LFJxPI1
a8sSncnfnFAQh4rayeiLfgzce_JNEz2i4TXUgMzATS4VwrIgwvOf9XCA7_fXtx5_dyJZnZzTJohB3yQgC8DH06iPp4EslLRBhafLR2ebwLeDnclJf1bD6YT3ismDzLLCseAy_mn4UY0HBLIsxdLzSF2dif29kjjcQ3YZeINwI7uipnG33haBYCLqERlRziSnQuqzbWXv1ZbyPEur44SYPE81LHkxqGcKHsLv9nXBdkIFDZHSDgv-9FDjFxgUEvkquR5nlSbOnpVzfBW680WoLh4Pqm8IAJZGgsyuMYzgOGVfTmRZcBooJgR-YLlGASFlMcQgXNDtyyHqx63rqN1s4wFFHhvDTdlqkV_Xx11vXZc7P29p67LMkS0isrn_WyfqYDe_U3WdVLnDT-BfCGdFX5ziKm2oEktka2yk84pcVEmb9ES75mFs8E8klXooRbuSAOnOR9SsafGdDsbtxaQfGugiqtmo8ooC67X8QzLy-q4HV4sYMNUbFd75kad-d9Vs6Q8zr62.
/hr/disciplinaymeasuretypes, response time 5101 ms
GET /hr/disciplinaymeasuretypes HTTP/1.1
Pragma: no-cache
Cookie: __RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uELYgh-lzhQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; awwce-MyCookieName-2016erp=go5N6LdR1vsxhYrxHG0MnanXqJKFtJhSVnJ3dQMciA_jxh8Mu_PGYR5WG9uiTUL7RKsl98t5vTAewBEbaCcGY4QwA36K
mHHVcI1V77L_4JfINqGnQyBQazIhPggaLGMqtkuEBDoBqZKNJOdn9XYVW5g5Oi3AMTN0H51sL4OGouOH4oVMmwoF2w2l
WJJKyjr-1_IxvGOv7Xta38lvuRGAaME9LGqdf5t2gcvnHqeGemtzEJqIg42QRGfLT8pJMkqUXAxwawoE4eVGHXz8M7gQwZinbHKhlTER07TH2HcPRRVj-PDYdc8nuP2AgxSw18asrmTZ4U8To7AY4UGyCPgfVHGa1isSYb0JJLy1atzZuGXglQm9ZYHVMVhD1ZNL9ccKkZaO8j_65hTpO80S1K3StXnCSK
48E_VO4D7PaLhxkWkYdNi8AoeL75urlONyOWJD6yvHLgk_PMXsQbzf_Do9xgZd0kes3Qic5lCLMzCnKyZW925duHP88NLinZ
hq92TFLvfuaWlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOimg6xnAvenl2Y_VRyTHDIUXCj2eSxH5AETY7P_rcvZGH1TvE8UISHYb75Myuir1JzwsC0FNA9nM7T3. /fleetmanagement/fleetequipmentregistrations, response
time 3868 ms
GET /fleetmanagement/fleetequipmentregistrations HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie: __RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uELYgh-lzhQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; awwce-MyCookieName-2016erp=cpz7wQaqqFuFXgInUE2X0DQiZBwaY6QB9TuAr-UWqZdWCUHraYBu4Uu9LFJxPI1a8sSncnfnFAQh4rayeiLfgzce_JNEz2i4TXUgMzATS4VwrIgwvOf9XCA7_fXtx5_dyJZnZzTJohB3yQgC8DH06iPp4EslLRBhafLR2ebwLeDnclJf1bD6YT3ismDzLLCseAy_mn4UY0HBLIsxdLzSF2dif29kjjcQ3YZeINwI7uipnG33haBYCLqERlRziSnQuqzbWXv1ZbyPEur44SYPE81LHkxqGcKHsLv9nXBdkIFDZHSDgv-9FDjFxgUEvkquR5nlSbOnpVzfBW680WoLh4Pqm8IAJZGgsyuMYzgOGVfTmRZcBooJgR-YLlGASFlMcQgXNDtyyHqx63rqN1s4wFFHhvDTdlqkV_Xx11vXZc7P29p67LMkS0isrn_WyfqYDe_U3WdVLnDT-BfCGdFX5ziKm2oEktka2yk84pcVEmb9ES75mFs8E8klXooRbuSAOnOR9SsafGdDsbtxaQfGugiqtmo8ooC67X8QzLy-q4HV4sYMNUbFd75kad-d9Vs6Q84.
/hr/disciplinaymeasuretypes/edit/8, response time 3760 ms
GET /hr/disciplinaymeasuretypes/edit/8 HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/hr/disciplinaymeasureranks/details/2
hq92TFLvfuaWlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOimg6x5. /hr/disciplinaymeasuretypes/details/8, response time 3635 ms
GET /hr/disciplinaymeasuretypes/details/8 HTTP/1.1
Pragma: no-cache
hq92TFLvfuaWlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOim6. /hr/disciplinaymeasuretypes/details/12, response time 3182 ms
Pragma: no-cache
hq92TFLvfuaWlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOi7. /hr/disciplinaymeasuretypes/details/10, response time 3182 ms
Pragma: no-cache
hq92TFLvfuaWlaBAHtoBvAiVHYirSrhOUU2rlJGLSOzSnOi8. /payroll/payrollreports/monthlyincometaxreport, response time 1295
ms
GET /payroll/payrollreports/monthlyincometaxreport HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie: __RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uELYgh-lzhQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; awwce-MyCookieName-2016erp=cpz7wQaqqFuFXgInUE2X0DQiZBwaY6QB9TuAr-UWqZdWCUHraYBu4Uu9LFJxPI1a8sSncnfnFAQh4rayeiLfgzce_JNEz2i4TXUgMzATS4VwrIgwvOf9XCA7_fXtx5_dyJZnZzTJoh
List of client scripts

These files contain Javascript code referenced from the website.

- /content/ace/js/jquery.2.1.1.min.js
- /content/ace/js/ace-extra.min.js
- /content/ace/js/bootstrap.min.js
- /content/ace/js/jquery-ui.custom.min.js
- /content/ace/js/jquery.ui.touch-punch.min.js
- /content/ace/js/jquery.easypiechart.min.js
- /content/ace/js/jquery.sparkline.min.js
- /content/ace/js/jquery.flot.min.js
- /content/ace/js/jquery.flot.pie.min.js
- /content/ace/js/jquery.flot.resize.min.js
- /content/ace/js/ace-elements.min.js
- /content/ace/js/ace.min.js
- /content/jqury-ui/jquery-ui.js
- /content/jstree/jstree.min.js
- /scripts/etp/jquery.plugin.js
- /scripts/etp/jquery.calendars.js
- /scripts/etp/jquery.calendars.plus.js
- /scripts/etp/jquery.calendars.picker.js
- /scripts/etp/jquery.calendars.ethiopian.js
- /scripts/etp/jquery.calendars.ethiopian-am.js
- /scripts/kendo/2016.1.112/jquery.min.js
- /scripts/kendo/2016.1.112/jszip.min.js
- /scripts/kendo/2016.1.112/kendo.all.min.js
- /scripts/kendo/2016.1.112/kendo.aspnetmvc.min.js
- /scripts/kendo.modernizr.custom.js
- /scripts/jquery.unobtrusive-ajax.js
- /scripts/jquery.validate.min.js
- /scripts/jquery.validate.unobtrusive.js
- /scripts/js.cookie.js
- /scripts/matrixscript.js
- /scripts/matrixscript1.js
- /scripts/matrixcommon.js
- /scripts/selector.js
- /scripts/jquery-1.10.2.min.js
List of files with inputs
These files have at least one input (GET or POST).

- / - 11 inputs
- /account - 3 inputs
- /account/login - 3 inputs
- /account/logoff - 1 inputs
- /account/delete/zelalem - 1 inputs
- /account/delete/enanu - 1 inputs
- /account/delete/endalamaw - 1 inputs
- /account/edit/zelalem - 1 inputs
- /account/edit/enanu - 1 inputs
- /account/edit/endalamaw - 1 inputs
- /account/usergroups/zelalem - 1 inputs
- /account/usergroups/endalamaw - 1 inputs
- /account/usergroups/enanu - 1 inputs
- /account/register - 1 inputs
- /home/setculture - 1 inputs
- /hr/upload - 1 inputs
- /hr/empbscappraisalperiods/edit/5 - 1 inputs
- /hr/empbscappraisalperiods/delete/2 - 1 inputs
- /hr/empbscappraisalperiods/create - 1 inputs
- /hr/disciplinaymeasureranks/edit/3 - 1 inputs
- /hr/disciplinaymeasureranks/edit/2 - 1 inputs
- /hr/disciplinaymeasureranks/delete/3 - 1 inputs
- /hr/disciplinaymeasureranks/delete/2 - 1 inputs
- /hr/certificatesandletters - 1 inputs
- /hr/disciplinaymeasuretypes/edit/9 - 1 inputs
- /hr/disciplinaymeasuretypes/delete/9 - 1 inputs
- /inventory/reportinventory/issueitem - 1 inputs
- /inventory/reportinventory/transferitem - 1 inputs
- /inventory/reportinventory/stockbalance - 1 inputs
- /inventory/reportinventory/goodsreceive - 1 inputs
- /inventory/reportinventory/adjustmentitem - 1 inputs
- /inventory/reportinventory/storereturnitem - 1 inputs
- /inventory/reportinventory/purchasereturnitem - 1 inputs
- /inventory/reportinventory/storerequisitionitem - 1 inputs
- /inventory/reportinventory/issueitemexcel - 1 inputs
- /inventory/reportinventory/issueitemprint - 1 inputs
- /inventory/reportinventory/transferitemprint - 1 inputs
- /inventory/reportinventory/transferitemexcel - 1 inputs
- /inventory/reportinventory/stockbalanceprint - 1 inputs
- /inventory/reportinventory/stockbalanceexcel - 1 inputs
- /inventory/reportinventory/goodsreceiveprint - 1 inputs
- /inventory/reportinventory/goodsreceiveexcel - 1 inputs
- /inventory/reportinventory/storereturnitemexcel - 1 inputs
- /inventory/reportinventory/storereturnitemprint - 1 inputs
- /inventory/reportinventory/adjustmentitemprint - 1 inputs
- /inventory/reportinventory/adjustmentitemexcel - 1 inputs
- /inventory/reportinventory/purchasereturnitemprint - 1 inputs
- /inventory/reportinventory/purchasereturnitemexcel - 1 inputs
- /inventory/reportinventory/storerequisitionitemprint - 1 inputs
- /inventory/reportinventory/storerequisitionitemexcel - 1 inputs
- /finance/bankaccounts/edit/14 - 1 inputs
- /finance/bankaccounts/delete/6 - 1 inputs
- /finance/budgetallocationandusage - 1 inputs
- /finance/budgetallocationandusage/budgetallocationandusageexcel - 1 inputs
- /finance/budgetallocationandusage/budgetallocationandusageprint - 1 inputs
- /finance/budgetagainstpreviousyear - 1 inputs
- /finance/budgetagainstpreviou
List of external hosts

These hosts were linked from this website but they were not scanned because they are not listed in the list of hosts allowed.
(Configuration-> Scan Settings ->Scanning Options-> List of hosts allowed).
- fonts.gstatic.com
List of email addresses
List of all email addresses found on this host.
- info@awwwce.com
Alerts summary
Microsoft IIS tilde directory enumeration
Classification
Base Score: 5.0
CVSS
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
CWE-20
CWE
Affected items
/
Variations
1
Application error message

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/account/edit/endalamaw
/account/edit/zelalem
/account/login
/account/usergroups/endalamaw
/finance/bankaccounts/edit/10
/hr/disciplinaymeasureranks/edit/2
/hr/disciplinaymeasuretypes/edit/10
/hr/empbscappraisalperiods/edit/1
Variations
2
1
1
1
2
3
3
2
3
3
4
3
3
4
4
3
1
1
1
1
1
1
1
2
1
1
1
1
Error message on page

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/finance/json/description
/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
/hr/disciplinaymeasuretypes
/procurement/reportprocurement
/procurement/reportprocurement/getlotdetails
/upload
Variations
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
HTML form without CSRF protection

Classification
Base Score: 2.6
CVSS
- Access Complexity: High
- Confidentiality Impact: None
- Integrity Impact: Partial
CWE-352
CWE
Affected items
/
/account
/finance/accountstransactions
/finance/budgetagainstpreviousyear
/finance/budgetallocationandusage
/finance/json/fromaccountcode
/finance/reportfinance/accountanalysis
/finance/reportfinance/accountanalysisbysegment
/finance/reportfinance/aragingbyinvoice
/finance/reportfinance/cashflow
/finance/reportfinance/chartofaccount
/finance/reportfinance/customerlist
/finance/reportfinance/incomestatement
/finance/reportfinance/incomestatementbyproject
Variations
1
2
1
1
1
1
1
1
1
1
1
1
1
1
/finance/reportfinance/supplierlist
/finance/reportfinance/trialbalance
/hr/certificatesandletters
/hr/upload
/inventory/reportinventory/issueitem
/inventory/reportinventory/stockbalance
/payroll/payrollreports/bonusincometaxreport
/payroll/payrollreports/monthlypensionreport
/payroll/payrollreports/reportbycontributiontypelist
1
1
1
1
1
1
1
1
1
10
Internal server error

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/
/account/delete/enanu
/account/delete/endalamaw
/account/delete/zelalem
/account/edit/enanu
/account/login
/account/logoff
/account/register
/account/usergroups/enanu
/finance/budgetallocationandusage/
/finance/budgetallocationandusage/budgetallocationandusageexcel
/finance/budgetallocationandusage/budgetallocationandusageprint
Variations
3
1
1
1
5
5
5
1
1
17
1
1
1
/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
/home/setculture
/hr/disciplinaymeasuretypes/delete/10
/hr/empbscappraisalperiods/create
1
5
5
5
1
1
1
1
1
1
8
8
8
2
11
User credentials are sent in clear text

Classification
Base Score: 5.0
CVSS
CWE-310
CWE
Affected items
/account/login
/account/login (943495a8bf6f8beb8b22c44cf845bd3f)
/account/register
ASP.NET version disclosure

Classification
Base Score: 0.0
CVSS
Variations
1
1
1
CWE-200
CWE
Affected items
/
Variations
1
Cookie without HttpOnly flag set

Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/
Variations
3
Cookie without Secure flag set

Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/
Variations
5
12
File upload
Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/hr/upload
Login page password-guessing attack

Classification
Base Score: 5.0
CVSS
CWE

CWE-307
Variations
1
Affected items
/account/login
Variations
1
OPTIONS method is enabled

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
Web Server
Variations
1
Slow response time

Classification
Base Score: 5.0
CVSS
- Availability Impact: Partial
CWE-400
CWE
Affected items
/projectmanagement/projectestimationnames
Variations
1
1
13
Broken links
Classification
Base Score: 0.0
CVSS
CWE-16
CWE
Affected items
/content/kendo/2016.1.112/%23clip
/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
Email address found

Classification
Variations
1
1
CVSS
Base Score: 5.0

CWE-200
CWE
Affected items
/account
Variations
1
1
1
Microsoft IIS version disclosure

Classification
Base Score: 0.0
CVSS
CWE-200
CWE
Affected items
/
Variations
1
14
Password type input with auto-complete enabled

Classification
Base Score: 0.0
CVSS
CWE-200
CWE
Affected items
/account/login
/account/login (1f2dc0e26bedda9d5aebd00f748cb9d1)
/account/login (8f687fa47b22a02f27a3174aed84ccc0)
/account/login (d4c7aaa78ab87dfcc2f6d60cf3c9605e)
Variations
1
1
1
1
/account/login (f679e9569fc981ca88e5e9c01ef99b87)
/account/register
1
2
Possible CSRF (Cross-site request forgery)

Affected items
/finance/json/bankaccounts (6e57e52fb25f1aa27d063b6c42189ce6)
/finance/json/description (c002f292f84915c9792f54c0abc710d4)
/finance/json/fromaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
/finance/json/toaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
(11e076bff3d87afafd26c723d1fdc6a3)
(65ba3a10b77a6c16224ffc9314b599f2)
(b585c40490c5c63ee711d1bbe6e3a118)
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read (11e076bff3d87afafd26c723d1fdc6a3)
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read (11e076bff3d87afafd26c723d1fdc6a3)
Variations
1
1
1
1
1
1
1
1
1
Possible internal IP address disclosure

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/home/setculture
Variations
1
15
Possible username or password disclosure

Classification
Base Score: 5.0
CVSS
CWE-200
CWE
Affected items
/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
Variations
1
16
Alert details
Microsoft IIS tilde directory enumeration
Severity
Type
Reported by module
Description
High
Configuration
Scripting (IIS_Tilde_Dir_Enumeration.script)
It is possible to detect short names of files and directories which have an 8.3 file naming scheme equivalent in Windows by using
some vectors in several versions of Microsoft IIS. For instance, it is possible to detect all short-names of ".aspx" files as they have 4
letters in their extensions. This can be a major issue especially for the .Net websites which are vulnerable to direct URL access as an
attacker can find important files and folders that they are not normally visible.
Impact
Possible sensitive information disclosure.
Recommendation
Consult the "Prevention Technique(s)" section from Soroush Dalili's paper on this subject. A link to this paper is listed in the Web
references section below.
References
Windows Short (8.3) Filenames - A Security Nightmare?
Microsoft IIS Shortname Scanner PoC
IIS Short File Name Disclosure is back! Is your server vulnerable?
Affected items
/
Details
No details are available.
Request headers
OPTIONS //*~1*/a.aspx?aspxerrorpath=/ HTTP/1.1
(line truncated) ...p1B6fl3w1HuKBWpmtDDauU0_weIIyOCvMwqpQLC_8QjvuJVTUCXh5aG1-ajaVaMA7gNWy5cJzSbJopRnbTTQ3GZqyhzGZBza-oQDQawNvYSU-jLVbpS68bJwg5LzoOD0jQmyHeeF1sJGpi1biByeNwOsiAyVspyZK6WbEahtbm8_EComER7Ju_YO5clRIBbWTBOJhtbFpK9wyRrRbi3kDUCuqyw33D0Fszlp0lt31LfRn
g3L7YdnyxZglTpU7ljoT52H6DiS9bjtWnzcDq2uIc-fZjl5IN557E2pNyBh4Nnk-WDBbnn_lJY99cWBJpJBj_QRY8zjVdK9YoQKRDJhn2whwXNHNP-A8k42Mjn; _culture=en-us; currentNavLi=link246; ace_settings=%7B
%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0
Safari/537.21
Accept: */*
17
Application error message

Severity
Type
Reported by module
Description
Medium
Validation
Scripting (Generic_Oracle_Padding.script)
This page contains an error/warning message that may disclose sensitive information. The message can also contain the location of the
file that produced the unhandled exception.
This may be a false positive if the error message is found in documentation pages.
Impact
The error messages may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Review the source code for this script.
References
PHP Runtime Configuration
Affected items
Details
URL encoded POST input FirstName was set to S0FyZnY3SmVZ
Error message found: Internal Server Error
Request headers
POST /account/edit/endalamaw HTTP/1.1
Content-Length: 260
Content-Type: application/x-www-form-urlencoded
(line truncated) ...cnBcB0mBDXweyHq8QSx91oMDsyM-jFrIkS6l04jSNkCMTXHFgnxV5NvJgpGeh2Xg9ZNzWcMxoh0o8wu9kqGKpnZa9WGi8KPYlt7KlLzoSSRwp3jkQLWEIzoqEJar8jDgRaHSDtxtO6XGU_2aX
FNEsvbEZMBBROmHuYrJBbwCDn-Sxc51B05xsHkshOnLMtusFeKvP39OskgurwoWfmT2WWYhKf6ig0odnIxCxz46b6Asp4HpXiOpUhadws6_L0via7GWIkYcFCioSrrDXhOz5Xd8RiF0RkzASVeZOzgyUwn7E2qMwirbXu8h9qVMnsVosck80Q0wkN10UE6uqVAsUPSQRbGrDZT
QG2en1Gw; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed
%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample
%40email.tst&FirstName=S0FyZnY3SmVZ&LastName=worku&UserName=Endalamaw&__RequestVerificationToken=As4c8HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_
2ZfiAVRLLoQbGiDKD2bUHQ-1YrvaAJhHKy6QszJBYvo4FvZgwYiA2
Details
URL encoded POST input UserName was set to SXNCTGFobUE3
Request headers
Content-Length: 260
FNEsvbEZMBBROmHuYrJBbwCDn-Sxc51B05xsHkshOnLMtusFeKvP39OskgurwoWfmT2WWYhKf6ig0odnIxCxz46b6Asp4HpXiOpUhadws6_L0v-ia
18
7GWIkYcFCioSrrDXhOz5Xd8RiF0RkzASVeZOzgyUwn7E2qMwirbXu8h9qVMnsVosck80Q0wkN10UE6uqVAsUPSQRbGrDZTQ
G2en1Gw; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample
%40email.tst&FirstName=endalamaw&LastName=worku&UserName=SXNCTGFobUE3&__RequestVerificationToken=As4c8HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_
Details
URL encoded POST input LastName was set to cWhxWmZCaW1R
Request headers
POST /account/edit/zelalem HTTP/1.1
Content-Length: 259
(line truncated) ...5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnAVBpgUWs07VAAg57U2AePmNuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayzrGCTNEXe9QDzjZDnJ4usaRYZfscchlzB7F39AJ4dOnwb8beVrES8eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BBomYolVYqqy8qjhOEwEtRpsgtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1
oko_ADvYHSMyfwI85Bg75Mo78OboIVY3P0mSc0k9xVMgCXfc1B-9ZjkCJaQxH5kjh0ASBHu; _culture=en-us;
currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=info
%40awwwce.com&FirstName=Zelalem&LastName=cWhxWmZCaW1R&UserName=zelalem&__RequestVerificationToken=4YYO
qtabI3kC3wWcZ6AqiXvvT2lQewWko82j20pEbXIXQWP7r_k69SusTjwYWLKRVQW97dtHOFx_OhjyUcAOUik6IcFeRxOwEd2OrtJvF08gkRrTffEidVNnACwkCRSSyEs_eL-cyPSgRmTx2LEUA2
/account/login
Details
URL encoded POST input Password was set to S0NYNWRvajhK
Request headers
POST /account/login?ReturnUrl=/ HTTP/1.1
Content-Length: 173
Host: 192.168.1.3
Safari/537.21
Accept: */*
Password=S0NYNWRvajhK&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1id3_Fif9J_0ntZlX
EP2jeabU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
/account/usergroups/endalamaw
Details
POST (multipart) input UserName was set to RmN2c1RsckFS
Request headers
19
POST /account/usergroups/endalamaw HTTP/1.1

Content-Length: 2219
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_DWREWXOHXT
(line truncated) ...FvmPG24a-w-brBQvVb4hF5AVMfDPO1NZ3anCIwlVZEXBONCN7eUcONo4M8M3JKcHu2zwHlwukIbuZKsHMO1W4sXv9k3KHu8rJOPzEsvi35ECZ7RFKFBZ
g16PhKjeYGbARPzfvDLkOZIgSMxYvIl3QVVqVnmPbjvjFdUUWw3aNxmiM8CXHwvc_fe1LEXLjYcr7kJRw81P7gvXCpJBulFDNyvyt8tDdQnJAcdDf4sd8Kkn6S8LXF7v1AHMhjSHmGUJyOGfn3_oTSyKNSbM_UDOqIsAnj54auNBphOn
0QyW8jBdnag7ruZxSAfrMtCD6-xxZeQUc8J_zFnCwfdeWJorQZYRsDQA8_4Tc9_R8G38; _culture=en-us; currentNavLi=link246;
ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_DWREWXOHXT
Content-Disposition: form-data; name="Groups[0].GroupId"
1
Content-Disposition: form-data; name="Groups[0].Selected"
true
4
true
5
true
6
true
7
true
8
true
20

9
true
10
true
11
true
Content-Disposition: form-data; name="UserName"
RmN2c1RsckFS
Content-Disposition: form-data; name="__RequestVerificationToken"
5kcpYlqIXEhLtMQ3CUHxvFcy_lH2nYm14H5e-TfjTBWt92R-3RTuUtXIhQ8RjuCBwVJ56fmdWVKzmr50VbA8VtwQPBgCaWefS24PKZL5ANOW3BmbgLmGpHm8iANuuR7jymWN_ildjlN9jsa1PjTg2
-------AcunetixBoundary_DWREWXOHXT-/finance/bankaccounts/edit/10
Details
URL encoded POST input AccountName was set to RGVPR1d0cnB6bVVMSzNVaGlEbUJuY2ZGVTljNklWRVZPTDdDQk5Y
Request headers
POST /finance/bankaccounts/edit/10 HTTP/1.1
Content-Length: 507
(line truncated) ...B3PK0n0jy6yP-3kgxKpRlkXJfIhVqvf_wSm8or39cF_lC_YaQ1mf9C9tcNkjoN4zp3OrY7QkPqMlYvJav9pZuCJ8cTRgA8X78VUEt2D8wxWEALrMZFgJyPvCZipcD5vL3utff6Yl_gW5KBkvKXP_EK7tRRW3xl_yny11QOpLrtyuYTuUqDanVzm9VpvEebzTCf0puobKYSnO3g0l3wp8Xli1Jws4BmUx4Ih3_G6kZak0nXnTDrUCExFGG94NxJrYHamXQCIi_EUzjPb3p69TItm9bC3Evv8eRi_W2f8KRp0rbne
GGB7s_Hx9VI8e1MUrSosoie6Vrxbo-tFumxx3Gzyw-sSAFULWFIPaKGC; _culture=en-us; currentNavLi=link246; ace_settings=
%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...Code=11140-1-00-CB0025&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head
%20Office-No%20cost%20value-CBE%20Shimbiti%20branch
%20Act.No.1000138176499&AccountName=RGVPR1d0cnB6bVVMSzNVaGlEbUJuY2ZGVTljNklWRVZPTDdDQk5Y&Account
Number=1000138176499&AccountUse=4111111111111111&BankAccountID=10&BankAdress=Bahirdar&BankBranch=Shimbet&
BankName=CBE&Status=true&__RequestVerificationToken=RYv8AQpeT6Z3MBcwqqsvQ7sRSWl_FFKJOa5WdPz0eLrWcGK6NreLTLMq8y4JB_M3unm9P4nLqdDMSOrDia0VE9iMvhjk8qC5inMaFI4cbI1
21
Details
URL encoded POST input BankAdress was set to SzZWQlQ2UUE=
Request headers
Content-Length: 500
Host: 192.168.1.3
Safari/537.21
Accept: */*
AccountCode=11140-1-00-CB0025&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No
%20cost%20value-CBE%20Shimbiti%20branch%20Act.No.1000138176499&AccountName=CBE%20shimbet%20Branch
%20Working
%20Fund&AccountNumber=1000138176499&AccountUse=4111111111111111&BankAccountID=10&BankAdress=SzZWQlQ2UU
E
%3d&BankBranch=Shimbet&BankName=CBE&Status=true&__RequestVerificationToken=RYv8AQpeT6Z3MBcwqqsvQ7sRSWl_
FFKJOa5WdP-z0eLrWcGK6NreLTLMq8y4JB_M3unm9P4nLqdDMSOrDia0VE9iMvhjk8qC5inMaFI4cbI1
Details
URL encoded POST input AccountName was set to
NEc3UzNNZnJYcm9uR05mNUVYWmJ4OHNsYkt3M2VaZ2JxWkVEM1BhNWxnMjRnRDlWYXNBckdOTlJVNG9GeElEbTFpO
A==
Request headers
Content-Length: 608
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of%20Ethiopia%20WE/AM/CON/OFFICE
%20West
%20amhara&AccountName=NEc3UzNNZnJYcm9uR05mNUVYWmJ4OHNsYkt3M2VaZ2JxWkVEM1BhNWxnMjRnRDlWYXN
BckdOTlJVNG9GeElEbTFpOA%3d
%3d&AccountNumber=1000067107237&AccountUse=4111111111111111&BankAccountID=11&BankAdress=Bahirdar&BankBran
ch=Bahirdar
%20%20Branch&BankName=CBE&Status=true&__RequestVerificationToken=shFKwe07pO3NvIMWhIH0yRZVUMTVRg86pVO1C_XdhktcyHf4lNChuFH11MGJIAy0StwTL4ufn-QYKEgbnFEj3Dt0jzp2IQ6MtS5xSX9wSU1
22
Details
URL encoded POST input BankAdress was set to R0FkcU5ZUW0=
Request headers
Content-Length: 585
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...0Bank-Head%20Office-No%20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of
%20Ethiopia%20WE/AM/CON/OFFICE%20West%20amhara&AccountName=Comercial%20bank%20of%20Ethiopia
%20WE/AM/CON/OFFICE%20West
%20amhara&AccountNumber=1000067107237&AccountUse=4111111111111111&BankAccountID=11&BankAdress=R0FkcU5ZU
W0%3d&BankBranch=Bahirdar
%20%20Branch&BankName=CBE&Status=true&__RequestVerificationToken=shFKwe07pO3NvIMWhIH0yRZVUMTVRg86pVO1C_XdhktcyHf4lNChuFH11MGJIAy0StwTL4ufn-QYKEgbnFEj3Dt0jzp2IQ6MtS5xSX9wSU1
Details
URL encoded POST input BankBranch was set to WTRPOEFYemg2aW1ibkhTaUI1R3g=
Request headers
Content-Length: 589
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...k-Head%20Office-No%20cost%20value-Cash%20at%20bank%20-%20Comercial%20bank%20of%20Ethiopia
%20WE/AM/CON/OFFICE%20West%20amhara&AccountName=Comercial%20bank%20of%20Ethiopia
%20WE/AM/CON/OFFICE%20West
%20amhara&AccountNumber=1000067107237&AccountUse=4111111111111111&BankAccountID=11&BankAdress=Bahirdar&Ba
nkBranch=WTRPOEFYemg2aW1ibkhTaUI1R3g
%3d&BankName=CBE&Status=true&__RequestVerificationToken=shFKwe07pO3NvIMWhIH0yRZVUMTVRg86pVO1C_XdhktcyHf4lNChuFH11MGJIAy0StwTL4ufn-QYKEgbnFEj3Dt0jzp2IQ6MtS5xSX9wSU1
23
Details
dldaS09GSmZyYjdKUFJReG1LZngzbDEwa0NuU08zR0VacEFBWW9LY0lEMQ==
Request headers
Content-Length: 524
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...B0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost
%20value-Cash%20at%20Bank%20-%20CBE
%20Equipment&AccountName=dldaS09GSmZyYjdKUFJReG1LZngzbDEwa0NuU08zR0VacEFBWW9LY0lEMQ%3d
%3d&AccountNumber=1000067107644&AccountUse=4111111111111111&BankAccountID=12&BankAdress=Bahirdar&BankBran
ch=Bahirdar
%20%20Branch&BankName=CBE&Status=true&__RequestVerificationToken=I0IHEL2KWPoXoSs1XL1pMokqHePWMJxGZRXJ
WNeBp2Ds8BY1kc42SCFOYQ0EqTGHMMKzyr9_8-iLFr1p0cAG21JSQLyprh7sQ3slgRAoSDc1
Details
URL encoded POST input BankAdress was set to dkNJeHZHYU0=
Request headers

Content-Length: 509
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...de=11140-1-00-CB0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head
%20Office-No%20cost%20value-Cash%20at%20Bank%20-%20CBE%20Equipment&AccountName=Equipment%20Administrative
%20Working
%20Fund&AccountNumber=1000067107644&AccountUse=4111111111111111&BankAccountID=12&BankAdress=dkNJeHZHYU
0%3d&BankBranch=Bahirdar
%20%20Branch&BankName=CBE&Status=true&__RequestVerificationToken=I0IHEL2KWPoXoSs1XL1pMokqHePWMJxGZRXJ
WNeBp2Ds8BY1kc42SCFOYQ0EqTGHMMKzyr9_8-iLFr1p0cAG21JSQLyprh7sQ3slgRAoSDc1
24
Details
URL encoded POST input BankBranch was set to RnVRbE00ZGxxb3lRTHF2S1JGZjM=
Request headers
Content-Length: 513
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...1140-1-00-CB0002&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No
%20cost%20value-Cash%20at%20Bank%20-%20CBE%20Equipment&AccountName=Equipment%20Administrative%20Working
%20Fund&AccountNumber=1000067107644&AccountUse=4111111111111111&BankAccountID=12&BankAdress=Bahirdar&Bank
Branch=RnVRbE00ZGxxb3lRTHF2S1JGZjM
%3d&BankName=CBE&Status=true&__RequestVerificationToken=I0IHEL2KWPoXoSs1XL1pMokqHePWMJxGZRXJWNeBp2D
s8BY1kc42SCFOYQ0EqTGHMMKzyr9_8-iLFr1p0cAG21JSQLyprh7sQ3slgRAoSDc1
Details
URL encoded POST input BankAdress was set to SFRxMUZCNllZ
Request headers
Content-Length: 499
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20cost%20value-%20CBE%20PUB%20751%20Comb.&AccountName=CBE%20North%20East%20branch%20(combolcha)
%20Working
%20Fund&AccountNumber=1000022322714&AccountUse=4111111111111111&BankAccountID=13&BankAdress=SFRxMUZCNll
Z&BankBranch=combolcha&BankName=CBE&Status=true&__RequestVerificationToken=w9vTpqvzc4JHCA0h60XZh8eDcfPBt8P
M8fR9kGuX7HWdy8XwU7oSkEl7s0foDNIa1n0-Bb9MdX2ypAriXWQNOhFWJNW57Din2adeovnlZoY1
Details
URL encoded POST input BankBranch was set to a3paOUNoOFBX
Request headers
25

Content-Length: 499
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20cost%20value-%20CBE%20PUB%20751%20Comb.&AccountName=CBE%20North%20East%20branch%20(combolcha)
%20Working
%20Fund&AccountNumber=1000022322714&AccountUse=4111111111111111&BankAccountID=13&BankAdress=combolcha&Ba
nkBranch=a3paOUNoOFBX&BankName=CBE&Status=true&__RequestVerificationToken=w9vTpqvzc4JHCA0h60XZh8eDcfPBt8
PM8fR9kGuX7HWdy8XwU7oSkEl7s0foDNIa1n0-Bb9MdX2ypAriXWQNOhFWJNW57Din2adeovnlZoY1
Details
URL encoded POST input __RequestVerificationToken was set to
MlpBc3RPSzltc3JycDdZOUpIS0NEMVh1TjZuMFRoVXZwVUs1MHF3SFNRcFJzeFlDME13WXJFWXBsSWt1bFI5eDhYSFg0M
WZscHZvWnV2Wms2YzN1SXg4ZllienZta0NYMlZqSEc3U2V6RTNr
Request headers

Content-Length: 491
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20cost%20value-%20JAWIE&AccountName=Tana%20Belese%20Jawi%20Branch%20Working
%20Fund&AccountNumber=72s001000011&AccountUse=4111111111111111&BankAccountID=14&BankAdress=Jawi&BankBranc
h=Jawi&BankName=CBE&Status=true&__RequestVerificationToken=MlpBc3RPSzltc3JycDdZOUpIS0NEMVh1TjZuMFRoVXZw
VUs1MHF3SFNRcFJzeFlDME13WXJFWXBsSWt1bFI5eDhYSFg0MWZscHZvWnV2Wms2YzN1SXg4ZllienZta0NYMlZqSEc3U
2V6RTNr
Details
UlhSZ2ZUdlNnbXJnZ25pdXhvWVNrMHRuQWZXWEQwT2NSNVRGbXcxa2hoWFRjVg==
Request headers
Content-Length: 477
26
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20cost%20value%20JAWIE&AccountName=UlhSZ2ZUdlNnbXJnZ25pdXhvWVNrMHRuQWZXWEQwT2NSNVRGbXcxa2hoWFRjVg%3d
%3d&AccountNumber=72s001000011&AccountUse=4111111111111111&BankAccountID=14&BankAdress=Jawi&BankBranch=Ja
wi&BankName=CBE&Status=true&__RequestVerificationToken=AhpO61V4FqntCkH0fVjelEAf0wdJVIZVEBksqVy0TWSadMWz
CgWf67jvI2U0TH64MBKWMtJnJuMDWSyX6OkbXIAIUWib2bkbCl4Sdf0C3Ak1
Details
URL encoded POST input AccountNumber was set to dWFoTkEyRm1XSEpD
Request headers

Content-Length: 459
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20cost%20value-%20JAWIE&AccountName=Tana%20Belese%20Jawi%20Branch%20Working
%20Fund&AccountNumber=dWFoTkEyRm1XSEpD&AccountUse=4111111111111111&BankAccountID=14&BankAdress=Jawi&
BankBranch=Jawi&BankName=CBE&Status=true&__RequestVerificationToken=AhpO61V4FqntCkH0fVjelEAf0wdJVIZVEBksqV
y0TWSadMWzCgWf67jvI2U0TH64MBKWMtJnJuMDWSyX6OkbXIAIUWib2bkbCl4Sdf0C3Ak1
Details
URL encoded POST input BankAdress was set to VVZCU3V3dHdi
Request headers
Content-Length: 527
(line truncated)
...twr3VSr3Ljq2b7xef3Mot0Zd_s0KpKrUcg4MTSm2Qeaxj0HOsBOdwvu9e2EdaetEibPl2vGiMm4rLQ0r3LLFPjhxnLrk9F6o29vqT
aklFxUr_QImSozn0JtA1cj_01VOI7wm25r3KY3eI1_vVROouvLh2qopX5wy3BLjRbQyhJ6Lv7pJ1l3uB96ddkaDjV1qe0Gnw_n4eSbVqMnDe-e2y-1OBE4Z2ZqGSZswicF3iSRKaDWZDMqgGCEiIepva_Hkgrw
27
sVyUlak-mQoCGfY_mhG2d7hNRsabXDuirpBnWE4mL6S_OEdbEg46u6Eg_B33IDSz1VysDiEhDHgDeE7TJZwCSXG7neGpgotdyWsJD; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C

%22navbar-fixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...19&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost
%20value-%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20Branch
%20(Combolcha)%20Working
%20Fund&AccountNumber=2062111070072012&AccountUse=4111111111111111&BankAccountID=15&BankAdress=VVZCU3V
3dHdi&BankBranch=combolcha&BankName=Abay
%20bank&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnmHkvS3QE31RA-ca6y4kncPRZTUKDs0GzhW62UI2BsOiKzWqI9ZMZ3gVQpkOqAk1
Details
URL encoded POST input BankBranch was set to TjVGS1dyZFJ3
Request headers

Content-Length: 527
(line truncated)
aklFxUr_QImSozn0JtA1cj_01VOI7wm25r3KY3eI1_vVROouvLh2qopX5wy3BLjRbQyhJ6Lv7pJ1l3uB96ddkaDjV1qe0Gnw_n4eSbVqMnDe-e2y-1OBE4Z2ZqGSZswicF3iSRKaDWZDMqgGCEiIepva_HkgrwsVyUlakmQoCGfY_mhG2d7hNRsabXDuirpBnWE4mL6S_OEdbEg46u6Eg_B33IDSz1VysDiEhDHgDeE7TJ-ZwCSXG7neGpgotdyWsJD;
_culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C
%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20value-%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20Branch
%20(Combolcha)%20Working
%20Fund&AccountNumber=2062111070072012&AccountUse=4111111111111111&BankAccountID=15&BankAdress=combolcha
&BankBranch=TjVGS1dyZFJ3&BankName=Abay
%20bank&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnmHkvS3QE31RA-ca6y4kncPRZTUKDs0GzhW62UI2BsOiKzWqI9ZMZ3gVQpkOqAk1
Details
URL encoded POST input BankName was set to T0h6T3JCNU9hajE=
Request headers
Content-Length: 531
(line truncated)
%22sidebar-fixed
28
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...ccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value%20Abay%20bank%20Combolcha%20branch&AccountName=Abay%20Bank%20North%20East%20Branch%20(Combolcha)
%20Working
%20Fund&AccountNumber=2062111070072012&AccountUse=4111111111111111&BankAccountID=15&BankAdress=combolcha
&BankBranch=combolcha&BankName=T0h6T3JCNU9hajE
%3d&Status=true&__RequestVerificationToken=igDJLKdABmRgG9UkpZL7E5s-lDNf53VEbv_hH9V7K2vnm-HkvS3QE31RAca6y4kncPRZTUKDs0GzhW62UI2BsOiKzWqI9ZMZ3gVQpkOqAk1
Details
Q3A0a3dvN25mdFlNRjhsUFA3NW5zc084TXZGbzdWMHBKQ2Y2QUxHWHA5MEJRTGQzWWNnUEpUS2tsMFZwOGozRUls
OE9TYVhJbA==
Request headers
Content-Length: 570
(line truncated)
...M459u83vSh3ll15h8px9ed6YnSsSQTUVEvaFeAMSKPHzgicAs0N3_3cEuQ5VoyGfnfI63BHPtmvtA_GnS4zEjVb23G9kkkQTYb
WUlbyHY9dNV542vXzCwapDDvOVzMy0v2U02NoFxkE2cFqslIHLppw7VJ8vMPL_b5YjjWti3c2lfNa8KndAuqz2ApC4zSfNWLs
vhEru_3a7bdVHv0ENvb29o9v56H8bbWZ3qVBd4Ti8Y2Z81Mgjm_aQO5MZmKZavTg7rQ9QZvSi_7DWOOPDlO6WjKaGcgjg1DOgvkxEOw9ev8Vupshw8yF9srEqWqKjwFK3KsxEaOQ8_viGeejIwAvqFnzbuh_awwEJERBep; _culture=en-us;
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...esc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY%20BANK
%20WE/AM/CON/OFFICE&AccountName=Q3A0a3dvN25mdFlNRjhsUFA3NW5zc084TXZGbzdWMHBKQ2Y2QUxHWHA5ME
JRTGQzWWNnUEpUS2tsMFZwOGozRUlsOE9TYVhJbA%3d
%3d&AccountNumber=2012111007394028&AccountUse=4111111111111111&BankAccountID=16&BankAdress=Bahirdar&BankB
ranch=Bahirdar%20%20Branch&BankName=Abay
%20bank&Status=true&__RequestVerificationToken=tVdFhHTflp5UdfE6DfPc9eQ5dfLMclXqPGj05AsfFvk1YoV_sGxbRx6xIxXW
fpXmpGZ03lB4qnk2vMKHDHmLWqFw21VW13nzM7tJOiOd-0g1
Details
URL encoded POST input BankAdress was set to QjMzUlZoYWU=
Request headers
Content-Length: 545
(line truncated)
%22%3A-1%7D
29
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY
%20BANK%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%20Branch
%20Working
%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&BankAccountID=16&BankAdress=QjMzUlZo
YWU%3d&BankBranch=Bahirdar%20%20Branch&BankName=Abay
Details
URL encoded POST input BankBranch was set to dnZ6MFRIbmNkMHMwM1VFdVZTY1c=
Request headers

Content-Length: 549
(line truncated)
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY%20BANK
%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%20Branch%20Working
%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&BankAccountID=16&BankAdress=Bahirdar&B
ankBranch=dnZ6MFRIbmNkMHMwM1VFdVZTY1c%3d&BankName=Abay
Details
URL encoded POST input BankName was set to QUNiRGhSTzhUWHY=
Request headers
Content-Length: 546
(line truncated)
%22%3A-1%7D
Host: 192.168.1.3
30
Safari/537.21
Accept: */*
(line truncated) ...111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20ABAY
%20BANK%20WE/AM/CON/OFFICE&AccountName=Abay%20Bank%20West%20%20Amhara%20Contraction%20%20Branch
%20Working
%20Fund&AccountNumber=2012111007394028&AccountUse=4111111111111111&BankAccountID=16&BankAdress=Bahirdar&B
ankBranch=Bahirdar%20%20Branch&BankName=QUNiRGhSTzhUWHY
%3d&Status=true&__RequestVerificationToken=tVdFhHTflp5UdfE6DfPc9eQ5dfLMclXqPGj05AsfFvk1YoV_sGxbRx6xIxXWfpX
mpGZ03lB4qnk2vMKHDHmLWqFw21VW13nzM7tJOiOd-0g1
Details
cTE2RDlqV1MzcEJkNXRtMzZCbmdBeWxkcmRLYUVOdklaSGw1WkVpdGR1eEZWdWRITmJ0WTlKM1lReWZyY1M=
Request headers

Content-Length: 573
(line truncated) ...VFTKFOM1N73Fig93JYCIMG1iVT5XfCxGp5lK_R1O9MDTAAcUuJO3xNoqMmoOuPLIWysxuylQ6DajueMLRp5auYn2MyO67cPl04nIMqwhf0fzDVmZfHgxFbVXJpHvMqwL0qLW_1C8A8_lYMoVpfQepSwQloPskO-5euWiLGZgHXJGSsHWWUumFLU2ahA1WObgRS4_C1t6ee-v2C2ruwIfzSVjTdK1s8zWBIkwFq_PTyOmPH7sijAYYqR8DUYse8Y11etDJ3WIozbe4ZfbbYjNkZuHusTCjFNfuGtjDIqEjYum8Gae2fbF_zFVCvEQFZQCt-Zbn5Nol-9k2zHsITQGPonmXJdFaCs-2ju0Z2; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbarfixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20Adeyi%20abeba
%20branch
%20Act.No.1000135939858&AccountName=cTE2RDlqV1MzcEJkNXRtMzZCbmdBeWxkcmRLYUVOdklaSGw1WkVpdGR1eEZ
WdWRITmJ0WTlKM1lReWZyY1M
%3d&AccountNumber=1000135939858&AccountUse=4111111111111111&BankAccountID=17&BankAdress=Addis
%20Ababa&BankBranch=Adeyi
%20Ababa&BankName=CBE&Status=true&__RequestVerificationToken=fo3vA2qramHnQudSeC2VvD-1zGc5OeY7IQYy8gQBaWnSYGRyKIYDO6GtvasiW6ci2TFNLM_kuQNUZn5YUxGXTW9awLycEC8d8rYnD3b0IA1
Details
URL encoded POST input BankAdress was set to OGZiN1NSSmNlTVJ5eA==
Request headers
Content-Length: 560
(line truncated)
Host: 192.168.1.3
Safari/537.21
31
Accept: */*
(line truncated) ...1&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20Adeyi
%20abeba%20branch%20Act.No.1000135939858&AccountName=CBE%20Addis%20ababa%20Adeyi%20abeba%20branch
%20Working
%20Funds&AccountNumber=1000135939858&AccountUse=4111111111111111&BankAccountID=17&BankAdress=OGZiN1NSS
mNlTVJ5eA%3d%3d&BankBranch=Adeyi
%20Ababa&BankName=CBE&Status=true&__RequestVerificationToken=fo3vA2qramHnQudSeC2VvD-1zGc5OeY7IQYy8gQBaWnSYGRyKIYDO6GtvasiW6ci2TFNLM_kuQNUZn5YUxGXTW9awLycEC8d8rYnD3b0IA1
Details
URL encoded POST input BankBranch was set to Vm9CbG9TeHlLbzRycA==
Request headers

Content-Length: 560
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...1&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-CBE%20Addis%20ababa%20Adeyi
%20abeba%20branch%20Act.No.1000135939858&AccountName=CBE%20Addis%20ababa%20Adeyi%20abeba%20branch
%20Working
%20Funds&AccountNumber=1000135939858&AccountUse=4111111111111111&BankAccountID=17&BankAdress=Addis
%20Ababa&BankBranch=Vm9CbG9TeHlLbzRycA%3d
%3d&BankName=CBE&Status=true&__RequestVerificationToken=fo3vA2qramHnQudSeC2VvD-1zGc5OeY7IQYy8gQBaWnSYGRyKIYDO6GtvasiW6ci2TFNLM_kuQNUZn5YUxGXTW9awLycEC8d8rYnD3b0IA1
Details
dWVvV2R6TzlXRm9RbWUzZUZBRzl3aVBibW5TTGR0QldXbnQyb2VmYmVWbDYwUUpjMmFrQ1cxR1l5Y0NPQ3hXZ2hrV
ExBMDlCbVRodA==
Request headers
Content-Length: 588
(line truncated) ...-3qXSD0Q_VHN-nxXMePCuntZqQl2b64Y5BlVpGRTYkIJJPfgmJ7v-Y-aQvG8NMZHxJghToB5YokDwLy0elBYtY9XJ8Wny6hqzyw2Lc9462pZurtU1sK9mhzbsLwn1ONBbuIglmqsyXvDrhisQuczj5NR1zY6UbHDShTfQNVEWEVT6wgtDS3SxsdX0LnjH9EP17BFyEHocfJFQ9FfoFJfCvYfr1MIK7qyOP8TkXwW
LoLyjIFenifgqUEM-IZ0YkQp83IV66iLaklavyzeO0fOYkPFe17RyYhfpagOlhBFWKuD2QQxHw925garPcvrJbh4OCLNBnb6qIKxSFgcRT09bdhvyreTl7JNhTyysYX;
Host: 192.168.1.3
Safari/537.21
Accept: */*
32
(line truncated) ...nk-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%20Expenditure

%20Act.No.1000092795218&AccountName=dWVvV2R6TzlXRm9RbWUzZUZBRzl3aVBibW5TTGR0QldXbnQyb2VmYmVWb
DYwUUpjMmFrQ1cxR1l5Y0NPQ3hXZ2hrVExBMDlCbVRodA%3d
%3d&AccountNumber=1000092795218&AccountUse=4111111111111111&BankAccountID=6&BankAdress=Bahirdar&BankBranc
h=Bahirdar
%20%20Branch&BankName=CBE&Status=true&__RequestVerificationToken=l_KdTDXdUdnfPR_ekuVMn8b32M2k_dqUlF6soSp
J9slqdpgrmO7gbn5ixJYn93xI78MJGALVy_ulniw2I6BE1_5l7S4zpLjdtwZlgC6iHEw1
Details
URL encoded POST input BankAdress was set to Z08wdWFmdEU=
Request headers
Content-Length: 562
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.
%20Expenditure%20Act.No.1000092795218&AccountName=Working%20%20Fund%20bank%20account%20%5b%20Yewechi
%20Hisab%20Mankesakesha
%5d&AccountNumber=1000092795218&AccountUse=4111111111111111&BankAccountID=6&BankAdress=Z08wdWFmdEU
%3d&BankBranch=Bahirdar
%20%20Branch&BankName=CBE&Status=true&__RequestVerificationToken=l_KdTDXdUdnfPR_ekuVMn8b32M2k_dqUlF6soSp
J9slqdpgrmO7gbn5ixJYn93xI78MJGALVy_ulniw2I6BE1_5l7S4zpLjdtwZlgC6iHEw1
Details
URL encoded POST input BankBranch was set to cHV3SFd2bjlMaGZCN2xMM2dYYjE=
Request headers
Content-Length: 566
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...untDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%20Ex
33
penditure%20Act.No.1000092795218&AccountName=Working%20%20Fund%20bank%20account%20%5b%20Yewechi%20Hisab
%20Mankesakesha
%5d&AccountNumber=1000092795218&AccountUse=4111111111111111&BankAccountID=6&BankAdress=Bahirdar&BankBranc
h=cHV3SFd2bjlMaGZCN2xMM2dYYjE
%3d&BankName=CBE&Status=true&__RequestVerificationToken=l_KdTDXdUdnfPR_ekuVMn8b32M2k_dqUlF6soSpJ9slqdpgrm
O7gbn5ixJYn93xI78MJGALVy_ulniw2I6BE1_5l7S4zpLjdtwZlgC6iHEw1
Details
URL encoded POST input AccountName was set to YVJsN25lV1hscXMzWTBtZWFXczRUV2g2dGFBZg==
Request headers

Content-Length: 534
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...untControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value%20Abay%20Bank%20Bahir%20dar%20br.
%20Acct.2012111000109021&AccountName=YVJsN25lV1hscXMzWTBtZWFXczRUV2g2dGFBZg%3d
%3d&AccountNumber=2012111000109021&AccountUse=4111111111111111&BankAccountID=7&BankAdress=Bahirdar&BankBr
anch=Bahirdar%20%20Branch&BankName=Abay
%20Bank&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrKHSMoKiMj70n3W
F7izYNa_RZrI6B7jA7zcoDuVq252NFcav-fmGDaBCk8AjQUIY1
Details
URL encoded POST input BankAdress was set to eHhub2FaaFc=
Request headers
Content-Length: 524
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...B0009&AccountControl=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost
%20value-%20Abay%20Bank%20Bahir%20dar%20br.%20Acct.2012111000109021&AccountName=Abay%20Bank%20working
%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&BankAccountID=7&BankAdress=eHhub2FaaFc
%3d&BankBranch=Bahirdar%20%20Branch&BankName=Abay%20
34
Bank&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrKHSMoKiMj70n3WF7iz
YNa_RZrI6B7jA7zcoDuVq252NFcav-fmGDaBCk8AjQUIY1
Details
URL encoded POST input BankBranch was set to aXZ1V2hkZDR5a1Vqb051dHFsOEQ=
Request headers

Content-Length: 528
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&BankAccountID=7&BankAdress=Bahirdar&Ba
nkBranch=aXZ1V2hkZDR5a1Vqb051dHFsOEQ%3d&BankName=Abay
%20Bank&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrKHSMoKiMj70n3W
F7izYNa_RZrI6B7jA7zcoDuVq252NFcav-fmGDaBCk8AjQUIY1
Details
URL encoded POST input BankName was set to cnU3UWhyWU9BU0Q=
Request headers
Content-Length: 525
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20Fund&AccountNumber=2012111000109021&AccountUse=4111111111111111&BankAccountID=7&BankAdress=Bahirdar&Ba
nkBranch=Bahirdar%20%20Branch&BankName=cnU3UWhyWU9BU0Q
%3d&Status=true&__RequestVerificationToken=ZPswm3jC51NOPL2kF7O8dt7_l6ff4NlPFgtKupOGKdIrKHSMoKiMj70n3WF7iz
YNa_RZrI6B7jA7zcoDuVq252NFcav-fmGDaBCk8AjQUIY1

Details
UEdTNG1UTWpocFlWR2tIUmttUGtFYnU0eXNPSW40MnJkRkZBOW10ZHJRM1dPdllHaWU=
Request headers
35

Content-Length: 556
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...11111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%20bank%20A/A
%20Main
%20br.Act.No.1022111000109012&AccountName=UEdTNG1UTWpocFlWR2tIUmttUGtFYnU0eXNPSW40MnJkRkZBOW10ZHJ
RM1dPdllHaWU
%3d&AccountNumber=1022111000109012&AccountUse=4111111111111111&BankAccountID=8&BankAdress=Addis
%20Ababa&BankBranch=Addis%20Ababa&BankName=Abay
%20bank&Status=true&__RequestVerificationToken=l3JU9kWYJKu6EpPVCjdrdzrny4_c4LxD8nrKOLEVpWj_3ptYouSlmtBJczM
9lWn2_9sPfTFtp51xIRDBmgV9TR01p_RwjnOrX7Dtls-shFA1
Details
URL encoded POST input BankAdress was set to UkRDOUc1clZLSFlXOA==
Request headers
Content-Length: 547
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...11111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%20bank
%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20Office%20%20working
%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&BankAccountID=8&BankAdress=UkRDOUc1cl
ZLSFlXOA%3d%3d&BankBranch=Addis%20Ababa&BankName=Abay
Details
URL encoded POST input BankBranch was set to eUZKSHlTcFhRS1c4NQ==
Request headers
36

Content-Length: 547
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...11111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay%20bank
%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20Office%20%20working
%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&BankAccountID=8&BankAdress=Addis
%20Ababa&BankBranch=eUZKSHlTcFhRS1c4NQ%3d%3d&BankName=Abay
Details
URL encoded POST input BankName was set to ckVGbU1CUHE5QVU=
Request headers
Content-Length: 543
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...l=4111111111111111&AccountDesc=Cash%20at%20Bank-Head%20Office-No%20cost%20value-%20Abay
%20bank%20A/A%20Main%20br.Act.No.1022111000109012&AccountName=ABay%20Bank%20Laythen%20Office
%20%20working
%20fund&AccountNumber=1022111000109012&AccountUse=4111111111111111&BankAccountID=8&BankAdress=Addis
%20Ababa&BankBranch=Addis%20Ababa&BankName=ckVGbU1CUHE5QVU
%3d&Status=true&__RequestVerificationToken=l3JU9kWYJKu6EpPVCjdrdzrny4_c4LxD8nrKOLEVpWj_3ptYouSlmtBJczM9lWn
2_9sPfTFtp51xIRDBmgV9TR01p_RwjnOrX7Dtls-shFA1
Details
URL encoded POST input AccountName was set to emNaTHVxSHR3U05Ed3IyTlRXSDBtM2RSMk8wM2dz
Request headers
37

Content-Length: 500
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub
%202977&AccountName=emNaTHVxSHR3U05Ed3IyTlRXSDBtM2RSMk8wM2dz&AccountNumber=1000012876177&Account
Use=4111111111111111&BankAccountID=9&BankAdress=Bahirdar&BankBranch=Bahirdar
%20%20Branch&BankName=CBE&Status=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21O
EnWTKhaUj_e9rESH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
Details
URL encoded POST input BankAdress was set to MzZKcm1DUHM=
Request headers
Content-Length: 496
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub%202977&AccountName=Revenue%20and%20Working
%20fund&AccountNumber=1000012876177&AccountUse=4111111111111111&BankAccountID=9&BankAdress=MzZKcm1DUH
M%3d&BankBranch=Bahirdar
%20%20Branch&BankName=CBE&Status=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21O
EnWTKhaUj_e9rESH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
Details
URL encoded POST input BankBranch was set to ZVZ2Qzg4Rk01N3JGRUNWc1dLWkE=
Request headers
Content-Length: 500
(line truncated)
38
...-3qXSD0Q_VHN-nxXMePCuntZqQl2b64Y5BlVpGRTYkIJJPfgmJ7v-Y-aQvG8NMZHxJghToB5YokDwLy0elBYtY9XJ8Wny6hqzyw2Lc9462pZurtU1sK9mhzbsLwn1ONBbuIglmqsyXvDrhisQuczj5NR1zY6UbHDShTfQNVEWEVT6wgtDS3SxsdX0LnjH9EP17BFyEHocfJFQ9FfoFJfCvYfr1MIK7qyOP8TkXwW
Host: 192.168.1.3
Safari/537.21
Accept: */*
%20cost%20value-%20CBE%20Bahir%20Dar%20br.%20pub%202977&AccountName=Revenue%20and%20Working
%20fund&AccountNumber=1000012876177&AccountUse=4111111111111111&BankAccountID=9&BankAdress=Bahirdar&BankB
ranch=ZVZ2Qzg4Rk01N3JGRUNWc1dLWkE
%3d&BankName=CBE&Status=true&__RequestVerificationToken=EOmlMCL2c9qNUDomAYaNvtsapc3_PZ5X1ib21OEnWTKha
Uj_e9rESH4SAFemEWGgArRGhevoq-mIVXlCSmGQEwBl47MtpkyGeGRUeWJsR9E1
Details
URL encoded POST input DisciplinayMeasureRank was set to NmhPT1ZpWWtySnNaSUJQbWRCaEZtdkM1dFdM
Request headers
POST /hr/disciplinaymeasureranks/edit/2 HTTP/1.1
Content-Length: 274
(line truncated)
...ZUE5WbAMAfPp8ge9nZRHawRIWHDYsTYEhKV8rsaTRJyA25JcixKeag7oHcs0mJ1oj3_ZeWOXUE32mZZZDGfLRdJ2ctP97F
PEVUTeD3Zx_2orZJ-7PcgQSE1JBN8edH_uAHqn1lJ81RXKtUuvKSt0lE6Z7G34rN9843W1ed9LGkXiR3nhXtqS9orr2ncCFm54SFvx22n4VaPnsVtDPV7EULu0OUNk5_6MEvV7ZahWWyHvyhi3QNWTA3vBvhqDqpWGxSiunVAlFthYfWqT1WRfQC7ZnKEgX0oZ-AwZAfKhLc8Hu40zlV6CheuCc11yM2wR174alIX_LHqnQCvb8ciKNwuGbvN7tGpFctOODIG; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed
%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:11:51%20PM&DisciplinayMeasureRank=NmhPT1ZpWWtySnNaSUJQbWRCaEZt
dkM1dFdM&DisciplinayMeasureRanksID=2&__RequestVerificationToken=0ZDr5YyDRzQmQWez_pEon7EeRC1N08k1VEqWfK47jxRtCSzo5r7DTImVoOAkk3dlLSJ7fYeEIipwC3d5lRAcYTcyeZGocLaWOHx6LfH
n7g1
Details
URL encoded POST input DisciplinayMeasureRank was set to SFdUVEo5Y3ZpTkJEd1hiQzBYQnQ5c3BoZG1W
Request headers
POST /hr/disciplinaymeasureranks/edit/3 HTTP/1.1
Content-Length: 274
(line truncated)
%22%3A-1%7D
39
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:12:12%20PM&DisciplinayMeasureRank=SFdUVEo5Y3ZpTkJEd1hiQzBYQnQ5c3
BoZG1W&DisciplinayMeasureRanksID=3&__RequestVerificationToken=iPJOsoRPU9nyzoGjozqIcvxU5NU6l3EV8bkU8RpkyBR6
ZfvTQv9KZhoIuR4AIcHY_qn83XKt6b-xWfnSI07quqgL_5lxLeyhuzqnGoMgvx81
Details
URL encoded POST input Measure was set to
UFNTMkFoRmJhc0RGaHljSmhjV241S2RJbzlxWFhKeFF3Z0xGZkFkbGFWbTI2dXJReVVpOHJiM3lDVXZSaGRITjYwSlQ5Mn
NkMGx0eU10Y3BFTUwzcm91bFY1Z3J6VVZINWZKc0lEVDBnRE9pWmRSZ001Wlh1TUI5M3V0MExxVm56ZTlsV0FVWXZr
VVYwdXpjREhLaVZEVVhiQ2Rq
Request headers
POST /hr/disciplinaymeasuretypes/edit/10 HTTP/1.1
Content-Length: 552
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated)
...isciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=10&ExpireYear=3.00&Measure=UFNTMkFoRmJhc0RGaHljSmhjV2
41S2RJbzlxWFhKeFF3Z0xGZkFkbGFWbTI2dXJReVVpOHJiM3lDVXZSaGRITjYwSlQ5MnNkMGx0eU10Y3BFTUwzcm91bFY
1Z3J6VVZINWZKc0lEVDBnRE9pWmRSZ001Wlh1TUI5M3V0MExxVm56ZTlsV0FVWXZrVVYwdXpjREhLaVZEVVhiQ2Rq&
PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5QRFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pNBV1CAxcDL22_Ptqg89W5lJHEjVMFy5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Details
SEtjb3VjbVhVN2RyZkw5dmVFekxiV3cwY1BGcW5FMnN2NnlUWXpoTmloaTRaTmpVYjNpQ0F2N1ZmTTAyU0w4MlFEODNp
QUV0MDdWT2dWSWRGSEZJN0hVM3RkVzZCa3FQd0lmQTJCN1h5RWNlVkFVZ1RJMzBpcWNET2E3SXBtUDllM1dS
Request headers
Content-Length: 520
40
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated)
...tedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=11&ExpireYear=0.00&Meas
ure=SEtjb3VjbVhVN2RyZkw5dmVFekxiV3cwY1BGcW5FMnN2NnlUWXpoTmloaTRaTmpVYjNpQ0F2N1ZmTTAyU0w4MlFEO
DNpQUV0MDdWT2dWSWRGSEZJN0hVM3RkVzZCa3FQd0lmQTJCN1h5RWNlVkFVZ1RJMzBpcWNET2E3SXBtUDllM1dS&
PercentageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E00t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ60MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Details
ZlZ6MGpUTGw1ZVg4OWxTN25ZNTE2Z0xUNkNmSFlzb1B0d2h5UXo1dGk2YmZvYU1QWml4QkZRMTE2bkJPeXpQN2Fod2
FOTUM4N3Vyb01QQ3ZvQjR6c0VxNDhzOGpUMUZzOWViRHU4Z0wxYTVZdFlxbFJQMElqWlFMOENrVUd3VFBVSlRoYzlB
YUJnV2xFNkdrdFBIUm5Ddm05Y2ZsTFhPNzNpRktNWnc4SnFrSDAzYU42bUZBSURFVTk1eGVSUVQ3b1ZWdEh3dlVFbWp2
Yjk1clhpQmtrMm9vQmMy
Request headers
Content-Length: 637
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated)
...GpUTGw1ZVg4OWxTN25ZNTE2Z0xUNkNmSFlzb1B0d2h5UXo1dGk2YmZvYU1QWml4QkZRMTE2bkJPeXpQN2Fod2FOT
UM4N3Vyb01QQ3ZvQjR6c0VxNDhzOGpUMUZzOWViRHU4Z0wxYTVZdFlxbFJQMElqWlFMOENrVUd3VFBVSlRoYzlBYUJ
nV2xFNkdrdFBIUm5Ddm05Y2ZsTFhPNzNpRktNWnc4SnFrSDAzYU42bUZBSURFVTk1eGVSUVQ3b1ZWdEh3dlVFbWp2Yjk1
clhpQmtrMm9vQmMy&PercentageEffectOnPromotion=10.00&__RequestVerificationToken=VGpWRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkYNetKhWQwI8sRBdZHYIdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Details
cU9rM2xIMHNycnA5VDlrNG9YU05zTWcxaVhIcTd5QUlpVGlyNUtzVlF4OHNtRXZidzZOdllERXVxMVZaSHdDaXNXelo3WH
FKVWk0eUg3MGZBcVduVkc0amQya0xQZ3Q4b0YyeVhrNmNhM01ZUk5kdVJxS0xIZWhFcGhQWlhsdU1RZGZTR3J0
Request headers

Content-Length: 523
(line truncated)
...lg_W4JZUZLzFcZ16WR4m2WqXMTcN_bT4OKJRROQLdc4IhjGMku4kEZkTCyWmgfq7UnaM3s0TNT2n1WyIGz9rWLUel3jOAJo4kifE9gh3sYw97zF0LcxBgK3eOVWqys5NnaR0495W2zh3lSrDMS16cGJxR3VIbiOqXOqyqtJTf9hiRt7gpfomAvLLP0u_WoyVDyrpPIS0hEIwLs1_tGq9qYcTLtokWrLUSGW0jjvsPBLdWtdUlZ2eVXoSV81FBLJdPX
41
qn1WEivbQKSlT4Q36uvnJn2fJJ3Dx8uPcdI0GeefZD8oCrKtU1yhNmfBmL0aeqEosUMW6fLQo4lZ9KCiYACy3oVgyPEkzbLNgBmcc; _culture=en-us;
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated)
...On=3/15/2016%204:14:46%20PM&DisciplinayMeasureRanksID=2&DisciplinayMeasureTypesID=8&ExpireYear=1.00&Measure
=cU9rM2xIMHNycnA5VDlrNG9YU05zTWcxaVhIcTd5QUlpVGlyNUtzVlF4OHNtRXZidzZOdllERXVxMVZaSHdDaXNXelo3W
HFKVWk0eUg3MGZBcVduVkc0amQya0xQZ3Q4b0YyeVhrNmNhM01ZUk5kdVJxS0xIZWhFcGhQWlhsdU1RZGZTR3J0&Perce
ntageEffectOnPromotion=4.00&__RequestVerificationToken=NLi1kWgdukA_IocakBMzSqmpMsAqECg1vYmVrTCWzM5TqbPCJ
G4_ZTZGKNDuZ_OzVgA6_5slWMY3WPqnbLpPqTh7dHXMtgSLi34RUT6NsZtQqABdKQJTKv2p6HjGzSKAfhJMOW7dO9sq6
-3DB8UX5A2
Details
YXJNRGkwMFJqdEtHRDR3OFJSSVpxUW5oN0ltS3hEVTRTNEt2ZXh5cndzQWpFNnlVeUJKSFpjbzdvZnk5Q2dvcU9BNUpGS2
xtdWdUNkVIeFFHTzFqZGxGa0VwT01EUmZtVzJybEdLRXJmcGNUYnQ1RGU2SGJONXpQTEJwOGpWMjdzSWZvQWZtYWc
0RmJ1Q2NYTzJta3RHVnBkTExGZ3V4VVVMTjU4WVFOc1FPcndWc1RrbDE4d1pxYnpFTUJDaVp0SExmTzFqbFhkQk5IaDZK
VHNZTnV6amNGbTJjMWR5NWpCRDJoUlV3SG91cVZMS05PdlMxSUUy
Request headers
Content-Length: 671
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated)
...VTRTNEt2ZXh5cndzQWpFNnlVeUJKSFpjbzdvZnk5Q2dvcU9BNUpGS2xtdWdUNkVIeFFHTzFqZGxGa0VwT01EUmZtVzJybE
dLRXJmcGNUYnQ1RGU2SGJONXpQTEJwOGpWMjdzSWZvQWZtYWc0RmJ1Q2NYTzJta3RHVnBkTExGZ3V4VVVMTjU4
WVFOc1FPcndWc1RrbDE4d1pxYnpFTUJDaVp0SExmTzFqbFhkQk5IaDZKVHNZTnV6amNGbTJjMWR5NWpCRDJoUlV3SG9
1cVZMS05PdlMxSUUy&PercentageEffectOnPromotion=6.00&__RequestVerificationToken=IMvtHO2YPqfFxw_3DKuLdurXdBD
0oKY-i2kBdSdSnvuOdwIGteyjj9uaGiRjdy80OEicUxQcj202sQDtawmnzKMQJxci5622aprMl5ldBnTpTyBJAbjQ49h17TPXwEKpnJU-IPJeWV5ql0j7mpQNw2
Details

ZmFYM0FNYnFJTzIwckw2bnB4VXdOb0s1S0RBZ0I4MVlCR0Q0OGRldGxEZU13ZGdFM3RVS01ZSEIxdExxRzY2Um5QRDN
TWmQ0Z09iOEw1akR6WTNYUzBTT2VYcXVlTkVUZTk5UkhNUzNLZU12
Request headers
POST /hr/empbscappraisalperiods/edit/1 HTTP/1.1
Content-Length: 357
(line truncated)
42
...-3qXSD0Q_VHN-nxXMePCuntZqQl2b64Y5BlVpGRTYkIJJPfgmJ7v-Y-aQvG8NMZHxJghToB5YokDwLy0elBYtY9XJ8Wny6hqzyw2Lc9462pZurtU1sK9mhzbsLwn1ONBbuIglmqsyXvDrhisQuczj5NR1zY6UbHDShTfQNVEWEVT6wgtDS3SxsdX0LnjH9EP17BFyEHocfJFQ9FfoFJfCvYfr1MIK7qyOP8TkXwW
Host: 192.168.1.3
Safari/537.21
Accept: */*
AppraisalPeriod=2007%20DECEMBER&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayFrom=17&DayTo=17&Em
pBSCAppraisalPeriodID=1&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationT
oken=ZmFYM0FNYnFJTzIwckw2bnB4VXdOb0s1S0RBZ0I4MVlCR0Q0OGRldGxEZU13ZGdFM3RVS01ZSEIxdExxRzY2Um5Q
RDNTWmQ0Z09iOEw1akR6WTNYUzBTT2VYcXVlTkVUZTk5UkhNUzNLZU12
Details
URL encoded POST input AppraisalPeriod was set to dndSTGY4S3RDRklHSmd3
Request headers
Content-Length: 326
Host: 192.168.1.3
Safari/537.21
Accept: */*
AppraisalPeriod=dndSTGY4S3RDRklHSmd3&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayFrom=17&DayTo=17
&EmpBSCAppraisalPeriodID=1&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificat
ionToken=b87XbMphJ3m7DXJsiRQmBmiv2FQxeaGgKGg7C0L4DdeANozG4rtxvZEE8AlzRgCM6Hmagnz8VQQg5si47UduMo2
WPddpilly5wWapbYPaEw1
Details
URL encoded POST input AppraisalPeriod was set to b2ZYN2JCaGhqSWg=
Request headers

Content-Length: 324
(line truncated)
...lg_W4JZUZLzFcZ16WR4m2WqXMTcN_bT4OKJRROQLdc4IhjGMku4kEZkTCyWmgfq7UnaM3s0TNT2n1WyIGz9rWLUel3jOAJo4kifE9gh3sYw97zF0LcxBgK3eOVWqys5NnaR0495W2zh3lSrDMS16cGJxR3VIbiOqXOqyqtJTf9hiRt7gpfomAvLLP0u_WoyVDyrpPIS0hEIwLs1_tGq9qYcTLtokWrLUSGW0jjvsPBLdWtdUlZ2eVXoSV81FBLJdPXqn1WEiv
bQKSlT4Q-36uvnJn2fJJ3Dx8uPcdI0GeefZD8oCrKtU1yhNmfBmL0aeqEosUMW6fLQo4lZ9KCiYACy3oVgyPEkzbLNgBmcc;
Host: 192.168.1.3
43
Safari/537.21
Accept: */*
AppraisalPeriod=b2ZYN2JCaGhqSWg
%3d&CreatedBy=&CreatedOn=1/1/1900%2012:00:00%20AM&DayFrom=17&DayTo=17&EmpBSCAppraisalPeriodID=2&IsClose
d=true&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationToken=GVVD3vTAEs8jB1QBmC0Su
bdqaPGi-tl8yMEa-QzV1Xv8Ww1tt_Bu9HHRl_5GBY-jRSd9fdZPa4Tc_reU5huBniTS-WppUjPo7oafUzKQGE81
Details
URL encoded POST input AppraisalPeriod was set to
TUdqd0dJSU5zWmt2UU1ZWjJTTk9FcXlmZWVLNGdQUmpoSzQ4eTREZlZMNmtVM3k4eTg1bTE0WFBOeG9VUkhUUUcwd0
dWbGFxb29aWjVZMjhQTmRrakpTbmNuMjJVT2piT1BrYjJk
Request headers
Content-Length: 448
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
AppraisalPeriod=TUdqd0dJSU5zWmt2UU1ZWjJTTk9FcXlmZWVLNGdQUmpoSzQ4eTREZlZMNmtVM3k4eTg1bTE0WFBOeG
9VUkhUUUcwd0dWbGFxb29aWjVZMjhQTmRrakpTbmNuMjJVT2piT1BrYjJk&CreatedBy=sirgut&CreatedOn=5/23/2016%205:1
5:56%20PM&DayFrom=17&DayTo=17&EmpBSCAppraisalPeriodID=4&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=
1967&YearTo=1967&__RequestVerificationToken=Mm8DX2wjJNy_ShNSgKK21jGIPg7I0je8bUFSeanoJ6KFetFZUZVzFk9XKaw-DNAA_sfesm95OVekUiAJTY1bB-wC7mgJSVntU37a5EpN_M1
Details
d1Bla0I4bVdpbW1QaWphUmhqR1pQdzBVRUlCRWNQdTJsOERzdEkybENjQ3BLdU9PZldpdEd1TVFjTE9zQjVrQTQ3MUYzb1
VWUG1XdG9zSjBKNmZxTXg2dzZHZkJpbEFRSHRiclhXRmFZZlZtMEVObnljU2Z1T1gxWm1PTTZFQUNDYmZsTWRNZGZt
Y0NNWDRWSmxnZjl0eVJo
Request headers

Content-Length: 516
Host: 192.168.1.3
44
Safari/537.21
Accept: */*
(line truncated)
...d1Bla0I4bVdpbW1QaWphUmhqR1pQdzBVRUlCRWNQdTJsOERzdEkybENjQ3BLdU9PZldpdEd1TVFjTE9zQjVrQTQ3MUYzb
1VWUG1XdG9zSjBKNmZxTXg2dzZHZkJpbEFRSHRiclhXRmFZZlZtMEVObnljU2Z1T1gxWm1PTTZFQUNDYmZsTWRNZGZ
tY0NNWDRWSmxnZjl0eVJo&CreatedBy=sirgut&CreatedOn=5/23/2016%205:17:18%20PM&DayFrom=17&DayTo=17&EmpBSC
AppraisalPeriodID=5&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationToken=
9ElV1skTkWCgQ0wZ8D1HDRq2A7BKSqHDEIhPijLArB4R1NLJBWmoSqfpcuSgZIkOF1c9p-WfO4csplMWb0ZzYAIFGI4dJdECQRcWhtUWbU1
Details
dDJmdDJtd3g3ekRZRkVNemxMbzBLeW5LbGttbk5YNjkwYnhud05HT0lZbWVkS240ck9DS3FjZmEwaE5wd1BJQjVxRmxiMTh
Nemt1QmNYSlBjMmVKeDluMnd2N1Y0dWR6RlN3OWNCdG5pWk9jVFpLV01Sb1B2TzRiOGJvQlJwdG9hWU0zVVZWOWF1
V2lta1V1VzhFc3RHN2xr
Request headers
Content-Length: 515
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated)
...=dDJmdDJtd3g3ekRZRkVNemxMbzBLeW5LbGttbk5YNjkwYnhud05HT0lZbWVkS240ck9DS3FjZmEwaE5wd1BJQjVxRmxiM
ThNemt1QmNYSlBjMmVKeDluMnd2N1Y0dWR6RlN3OWNCdG5pWk9jVFpLV01Sb1B2TzRiOGJvQlJwdG9hWU0zVVZWOW
F1V2lta1V1VzhFc3RHN2xr&CreatedBy=remrm&CreatedOn=5/26/2016%202:54:20%20PM&DayFrom=17&DayTo=17&EmpBSC
AppraisalPeriodID=6&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationToken=
6LemxGfUXSUerVdhZNeqai8WUsMHpW9HXXY5t9XS8TizsHq_sA7DEsZ92r_yzcJwEeAo6yTNFvyTvXgtAq7Rlm7XCXWqd2hd-MA982_-NU1
45
Error message on page

Severity
Type
Reported by module
Medium
Validation
Scripting (Text_Search_File.script)
Description
Impact
Recommendation
References
Affected items
Details
Pattern found: Internal Server Error
Request headers
GET /finance/json/description HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/finance/bankaccounts/edit/16
Acunetix-Aspect-Password: *****
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
Details
Request headers
GET /fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory
Cookie:
__RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uELYgh-lzhQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; _culture=en-us
Host: 192.168.1.3
Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
Details
Request headers
46
GET /fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard
Cookie: __RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518uELYgh-lzhQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; _culture=en-us
Host: 192.168.1.3
Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
Details
Request headers
GET /fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype
Host: 192.168.1.3
Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Details
Request headers
GET /fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname
Host: 192.168.1.3
Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read
47
Details
Request headers
GET /fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
GET /fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
Host: 192.168.1.3
Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
Details
Request headers
GET /fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype
Host: 192.168.1.3
Safari/537.21
Accept: */*
48
/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Details
Request headers
GET /fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter
Host: 192.168.1.3
Safari/537.21
Accept: */*
/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Details
Request headers
GET /fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
GET /fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
49
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Pragma: no-cache
(line truncated) ...UISHYb75Myuir1JzwsC0FNA9nM7TBOL8DKPCwlySYeLOgcxJ-uYkTktkPKFhAh4lOppFWGZpMQ5S9OEKF8x5zdYA9dOkPP4NmkX071rFmHJATnasgOGDugGN5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnAVBpgUWs07VAA
g57U2A-ePmNuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayzrGCTNEXe9QDzjZDnJ4usaRYZfscchlzB7F39AJ4dOnwb8beVrES8eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BBomYolVYqqy8qjhOEwEtRpsgtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1
oko_ADvYHSMyfwI85Bg75Mo78OboIVY3P0mSc0k9xVMgCXfc1B-9ZjkCJaQxH5kjh0ASBHu; _culture=en-us
Host: 192.168.1.3
Safari/537.21
Accept: */*
/procurement/reportprocurement
Details
Request headers
GET /procurement/reportprocurement HTTP/1.1
Pragma: no-cache
(line truncated)
...a9ypgKQo4IresNGJH8_NRq5DiOP6Y2m0iecgt7NNnDylKHT5lRR2DVFqh0m54hGM42pc9D6jtqf6weLnqyI1FMOC8ah4KDIlxepuRhlSRKtGCkCyEY9yCpwdjJHsMAc4OyDw_KHB1Oafa_HTDW_reknckNNMEJDM1jv25SeOaqIGlDrfsB9APFBAe_oaYr6X9gCgenPqWwsWFCpqbczhPQvN_4Q62s33235rE9Z1dS_FEd_cTjmyCiVfqxLbhsknhbNm-5sMfEWq7chz_sh2zHcKGWBAkmZvpV-oOlc_RJu3vxFauBfPDIe6ZDCdRsr1XeCJYJOVcoXFDkqprTihRJVUjYZz4U6J48ONLzDUMMFCRr1qO39a8QQQG6FupR97RmNacgEkCW6Ez5c8kA3lDBOcfIF57aEgfbToZQTlEuoQCBtZgFD3uri91RhvgQGcpjmXnPnAX48
B7YLISvvBhQT8K7gzbUXh; _culture=en-us
Host: 192.168.1.3
Safari/537.21
Accept: */*
/procurement/reportprocurement/getlotdetails
Details
Request headers
GET /procurement/reportprocurement/getlotdetails HTTP/1.1
50
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
/upload
Details
Request headers
GET /upload HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated) ...p1B6fl3w1HuKBWpmtDDauU0_weIIyOCvMwqpQLC_8QjvuJVTUCXh5aG1-ajaVaMA7gNWy5cJzSbJopRnbTTQ3GZqyhzGZBza-oQDQawNvYSU-jLVbpS68bJwg5LzoOD0jQmyHeeF1sJGpi1biByeNwOsiAyVspyZK6WbEahtbm8_EComER7Ju_YO5clRIBbWTBOJhtbFpK9wyRrRbi3kDUCuqyw33D0Fszlp0lt31LfRn
g3L7YdnyxZglTpU7ljoT52H6DiS9bjtWnzcDq2uIc-fZjl5IN557E2pNyBh4Nnk-WDBbnn_lJY99cWBJpJBj_QRY8zjVdK9YoQKRDJhn2whwXNHNP-A8k42Mjn; _culture=en-us; currentNavLi=link246; ace_settings=%7B
Host: 192.168.1.3
Safari/537.21
Accept: */*
51
HTML form without CSRF protection

Severity
Type
Reported by module
Medium
Informational
Crawler
Description
This alert may be a false positive, manual confirmation is required.
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious
exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.
Acunetix WVS found a HTML form with no apparent CSRF protection implemented. Consult details for more information about the
affected HTML form.
Impact
An attacker may force the users of a web application to execute actions of the attacker''s choosing. A successful CSRF exploit can
compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can
compromise the entire web application.
Recommendation
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
Affected items
/
Details
Form name: <empty>
Form action: http://192.168.1.3/home/setculture
Form method: POST
Form inputs:
- culture [Radio]
Request headers
GET / HTTP/1.1
Referer: http://192.168.1.3/Account/Login?ReturnUrl=/
(line truncated) ...oDOFcOoz3AqF1FalpZl_SWT3FLPPFZnoSbp18e1eYm1KELqI461aOEgqSW6dGrMxiPzyXvsJTCYRPmcK8UVaDLK9eY6ahO3BxsGKaSFM8xhB
x5rkacvc_Q9QTBR7w9ZkVKXHuUesCpxmp4JUxJiru9csM3VTSLnOfpqvFzuKapU4p6wFA2rhu3vCxLOfbXRG7TpAA4HfRsl1lY5N6FYVtiGxufwAdQzR1
Na9waQPHyCJ0vB-K1ztjbD8Mr5hMCQZYGsVCO6m0Kj7gJlcpi7PcRTIimTgtPY10gCXI4mVvnG6G77BMrygTpTY6k1QsbDLfJxNrHa3VLCK1zIIkqKB09is5QmyIBBDRS9lLKZ9csw5Rz1cXsW4YCd4FhDbqy2wThl2u70vvPsCm_CCMrip0WHswFbpNS437EcivGC8ST1qhMZhYqvgpbyzQFOVR2O74ktxWQ0ij_
U4Hpb0znFvV8aKDQgDv3FKMNCv6WROL-age7fl
Safari/537.21
Accept: */*
Host: 192.168.1.3
/account
Details
Form name: <empty>
Form action: http://192.168.1.3/account
Form method: POST
Form inputs:
- SearchString [Text]
Request headers
52
GET /account HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account
Details
Form name: <empty>
Form action: http://192.168.1.3/account
Form method: POST
Form inputs:
- SearchString [Text]
Request headers
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/accountstransactions
Details
Form name: <empty>

Form action: http://192.168.1.3/finance/accountstransactions
Form method: POST
Form inputs:
- CategoryNames [Select]
- Period [Select]
- Source [Text]
- JournalReferences [Text]
- EffectiveDates [Text]
Request headers
GET /finance/accountstransactions HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/budgetagainstpreviousyear
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/budgetagainstpreviousyear
Form method: POST
Form inputs:
- period [Select]
Request headers
GET /finance/budgetagainstpreviousyear HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/budgetallocationandusage
Details
53
Form name: <empty>

Form action: http://192.168.1.3/finance/budgetallocationandusage
Form method: POST
Form inputs:
- BudgetYear [Select]
- BudgetMonth [Select]
Request headers
GET /finance/budgetallocationandusage HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Cookie: __RequestVerificationToken=e3M3FFaN4xn7_5JYT9bTO0ghoR1X0NvrSRJW9BSleFbsl2xeomBv0bUZ518u
54
ELYgh-lz-hQWX6qvi6oZD_Mo9JvxVQ7wbqYKsD2u40lIVQ81; _culture=en-us
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/json/fromaccountcode
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/json/fromaccountcode
Form method: POST
Form inputs:
- Accounts [Select]
- Location [Select]
- CostCenter [Select]
- SubAccount [Select]
Request headers
GET /finance/json/fromaccountcode HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/accountanalysis
Details
Form name: <empty>

Form action: http://192.168.1.3/finance/reportfinance/accountanalysis
Form method: POST
Form inputs:
- Category [Select]
- dt1 [Text]
- dt2 [Text]
Request headers
GET /finance/reportfinance/accountanalysis HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
55
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/accountanalysisbysegment
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
Form method: POST
Form inputs:
- acctFrom [Text]
- acctTo [Text]
- dt1 [Text]
- dt2 [Text]
Request headers
GET /finance/reportfinance/accountanalysisbysegment HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/aragingbyinvoice
Details
Form name: <empty>

Form action: http://192.168.1.3/finance/reportfinance/aragingbyinvoice
Form method: POST
Form inputs:
- agetype [Select]
Request headers
GET /finance/reportfinance/aragingbyinvoice HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/cashflow
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/cashflow
Form method: POST
Form inputs:
- branchCode [Select]
- dt2 [Text]
Request headers
GET /finance/reportfinance/cashflow HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/chartofaccount
Details
56
Form name: <empty>

Form action: http://192.168.1.3/finance/reportfinance/chartofaccount
Form method: POST
Form inputs:
- Account [Select]
- AccountType [Select]
Request headers
GET /finance/reportfinance/chartofaccount HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/customerlist
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/customerlist
Form method: POST
Form inputs:
- custype [Select]
Request headers
GET /finance/reportfinance/customerlist HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/incomestatement
Details
57
Form name: <empty>

Form action: http://192.168.1.3/finance/reportfinance/incomestatement
Form method: POST
Form inputs:
- branchCode [Select]
- dt1 [Text]
- dt2 [Text]
Request headers
GET /finance/reportfinance/incomestatement HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/incomestatementbyproject

Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/incomestatementbyproject
Form method: POST
Form inputs:
- costcenterCode [Select]
- dt1 [Text]
- dt2 [Text]
Request headers
58
GET /finance/reportfinance/incomestatementbyproject HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/supplierlist
Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/supplierlist
Form method: POST
Form inputs:
- supplierType [Select]
- businessType [Select]
Request headers
GET /finance/reportfinance/supplierlist HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/reportfinance/trialbalance

Details
Form name: <empty>
Form action: http://192.168.1.3/finance/reportfinance/trialbalance
Form method: POST
Form inputs:
- Branch [Select]
- dt1 [Text]
59
Request headers
GET /finance/reportfinance/trialbalance HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/hr/certificatesandletters
Details
Form name: <empty>
Form action: http://192.168.1.3/hr/certificatesandletters
Form method: POST
Form inputs:
- choice [Select]
- EmpID [Text]
- EmpFullName [Text]
Request headers
GET /hr/certificatesandletters HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
/hr/upload

Details
60
Form name: <empty>

Form action: http://192.168.1.3/hr/upload
Form method: POST
Form inputs:
- File [File]
Request headers
GET /hr/upload HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
/inventory/reportinventory/issueitem
Details
Form name: <empty>
Form action: http://192.168.1.3/inventory/reportinventory/issueitem
Form method: POST
Form inputs:
- dt1 [Text]
- dt2 [Text]
Request headers
GET /inventory/reportinventory/issueitem HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/inventory/reportinventory/stockbalance
61
Details
Form name: <empty>
Form action: http://192.168.1.3/inventory/reportinventory/stockbalance
Form method: POST
Form inputs:
- category [Select]
Request headers
GET /inventory/reportinventory/stockbalance HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
/payroll/payrollreports/bonusincometaxreport
Details
Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/bonusincometaxreport
Form method: POST
Form inputs:
- fyear [Select]
Request headers
GET /payroll/payrollreports/bonusincometaxreport HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
/payroll/payrollreports/monthlypensionreport
62
Details
Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/monthlypensionreport
Form method: POST
Form inputs:
- period [Select]
Request headers
GET /payroll/payrollreports/monthlypensionreport HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
/payroll/payrollreports/reportbycontributiontypelist
Details
Form name: <empty>
Form action: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelist
Form method: POST
Form inputs:
- period [Select]
- type [Select]
- source [Select]
Request headers
GET /payroll/payrollreports/reportbycontributiontypelist HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
63
Internal server error

Severity
Type
Reported by module
Medium
Validation
Scripting (Error_Message.script)
Description
Impact
Recommendation
References
Affected items
/
Details
Path Fragment input / was set to
Request headers
GET /account/delete/ HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
/
Details
Request headers
GET //accountstransactions/details/1098 HTTP/1.1

Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
64
Safari/537.21
Accept: */*
/
Details
Request headers
GET //appaybleinvoices HTTP/1.1
Referer: http://192.168.1.3:80/
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/delete/enanu
Details
Request headers
POST /account/delete/enanu HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
__RequestVerificationToken=
/account/delete/endalamaw
Details
Request headers
POST /account/delete/endalamaw HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated) ...B3PK0n0jy6yP-3kgxKpRlkXJfIhVqvf_wSm8or39cF_lC_YaQ1mf9C9tcNkjoN4zp3OrY7QkPqMlYvJav9pZuCJ8cTRgA8X78VUEt2D8wxWEALrMZFgJyPvCZipcD5vL3utff6Yl_gW5KBkvKXP_EK7tRRW3xl_yny11QOpLrt
65
yuYTuUqDanVzm9VpvEebzTCf0puobKYSnO3g0l3wp8Xli1Jws4BmUx4Ih3_G6kZak0nXnTDrUCExFGG94NxJrYHamXQCIi_EUzjPb3p69TItm9bC3Evv8eRi_W2f8KRp0rbne
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
POST /account/delete/zelalem HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/edit/enanu
Details
Request headers
POST /account/edit/enanu HTTP/1.1

Content-Length: 99
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=Mesfin&UserName=Enanu&__RequestVerifi
66
cationToken=
/account/edit/enanu
Details
URL encoded POST input Email was set to
Request headers
Content-Length: 232
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=&FirstName=Enanu&LastName=Mesfin&UserName=Enanu&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp
4blYlAllK7ownc_P3zecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_5s3vrxCwftq3P83diyQ13hEM-xw6k3oWyJJmHMO9S71ZLQ2
/account/edit/enanu
Details
URL encoded POST input FirstName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers

Content-Length: 287
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&LastName=Mesfin&UserName=Enanu&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7own
c_P3zecGP9815Xwluc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEMxw6k3oWyJJmHMO9S71ZLQ2
/account/edit/enanu
Details
URL encoded POST input LastName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
67
Content-Length: 286
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&UserName=Enanu&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7ownc_P3zecGP9815Xwl
uc9GAaaMUCBoQM07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEM-xw6k3oWyJJmHMO9S71ZLQ2
/account/edit/enanu
Details
URL encoded POST input UserName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers

Content-Length: 287
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=Enanu&LastName=Mesfin&UserName=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&__RequestVerificationToken=FAG9CdcaBEOXNRYXPdl2FZp4blYlAllK7ownc_P3zecGP9815Xwluc9GAaaMUCBoQ
M07yeX3kesgpbFksEU1h4rcFRP7Qih3XxaZbI_-5s3vrxCwftq3P83diyQ13hEM-xw6k3oWyJJmHMO9S71ZLQ2
Details
Request headers
Content-Length: 106
Referer: http://192.168.1.3:80/
FNEsvbEZMBBROmHuYrJBbwCDn-Sxc51B05xsHkshOnLMtusFeKvP39OskgurwoWfmT2WWYhKf6ig0odnIxCxz46b6Asp4HpXiOpUhadws6_L0v-ia
68
7GWIkYcFCioSrrDXhOz5Xd8RiF0RkzASVeZOzgyUwn7E2qMwirbXu8h9qVMnsVosck80Q0wkN10UE6uqVAsUPSQRbGrDZTQ
G2en1Gw; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=worku&UserName=Endalamaw&__RequestVerificationToken=
Details
URL encoded POST input Email was set to
Request headers

Content-Length: 239
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=&FirstName=endalamaw&LastName=worku&UserName=Endalamaw&__RequestVerificationToken=As4c8HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_
Details
URL encoded POST input FirstName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 290
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
69
Email=sample%40email.tst&FirstName=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&LastName=worku&UserName=Endalamaw&__RequestVerificationToken=As4c8HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_
Details
URL encoded POST input LastName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers

Content-Length: 294
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&UserName=Endalamaw&__RequestVerificationToken=As4c8HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_
Details
URL encoded POST input UserName was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 290
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Email=sample%40email.tst&FirstName=endalamaw&LastName=worku&UserName=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&__RequestVerificationToken=As4c8HE76KuLt6d_oQBFSYuNbE24OC6iWmQjE0yum7xzWzAeML020AKudVGT9M_uaLeSnrM8AKjxjvYYORMnAZo3PFgH9onO_
/account/login
Details
Request headers
70

Content-Length: 62
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Password=Password1&UserName=tester&__RequestVerificationToken=
/account/login
Details
Request headers
POST /account/login HTTP/1.1
Content-Length: 71
Referer: http://192.168.1.3:80/
(line truncated) ...RBDQdv0mbjXmSgSSpkVwfWC9RwYR43hNjfGxzdPMhg5Ysdz_0gcFwBTS4GteKd_mx9DRXdaeOkyuU6r5KHt8O1ibCO-0M9rVBFbODB2jFCfH5qld0c-LDHch_EwkoX3PaKlxf9DoMtgG4ASOH-cnXwdEX7nYFUdKFxyxW6G2K9sRhQigZKEp2H4SbVciAYk6QM0EFN8chZYn4ECOJhPgXeujeahL0kh6nHNcWJLoRTz9EKWBtM3pSx08zoQcWNAqISxqJ0m86Rm-xid-uO3ujIXQCLmErb0r83yGVGDOogOrQO0DqotCD6sTbTOKjn_lloKMZSAiSS_ufHdeX9DAi-Td9DyrasfuQyVXnh; _culture=en-us; currentNavLi=link246; ace_settings=%7B
Host: 192.168.1.3
Safari/537.21
Accept: */*
Password=g00dPa%24%24w0rD&UserName=sxdgcsyd&__RequestVerificationToken=
/account/login
Details
URL encoded POST input Password was set to
Request headers
Content-Length: 161
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Password=&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1id3_Fif9J_0ntZlXEP2jeabU3Y1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
/account/login

Details
URL encoded GET input ReturnUrl was set to
71
Request headers
POST /account/login?ReturnUrl= HTTP/1.1
Content-Length: 170
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Password=Password1&UserName=tester&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1id3_Fif9J_0ntZlXEP2jea
bU3Y-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
/account/login
Details
URL encoded POST input UserName was set to
Request headers
Content-Length: 164
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Password=Password1&UserName=&__RequestVerificationToken=SGXIF8XbL_wnZa_OjrJpEvSKp1id3_Fif9J_0ntZlXEP2jeabU3Y
-1SewIr5eoCiS7bN_zXyIkULstgkpeVQGUztcSP5HVVTnUHkyYzuMXU1
/account/logoff
Details
Request headers
POST /account/logoff HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
(line truncated)
...iDg8hb0NHslbwF2_YVhNn_1YHMf0CY7uXyqdZ_cX7AZsnXrvE6o7XHzqHQE2Z5I9OAPUTzd1I_Qp7uytzBpt75Ez0QBI6jfUohCNvCCWY0zeu0A1VcGzIpnn3U0Haa_iHN_asl2UI0rDzRpggMT3mfMeHrDDz2b9hZzJ7HxYaEwSXmn5ZDZ_MC81u
Y6YoiB43uCpphufDDpbyW8rIrUrblDlGuZVO7k8qdZC7_XdMOVAH4c8nUIHYDGrTiREQwek6mugQbM8KLMPHmBnjRvWXOC_uEBNqFLt0yLJANbO50pnBKmVtGELqIfF32huLwFxnjzqwanybjWY6zeJnkOe830Qb9
rOU3WVqb0cbopO; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbarfixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/register
Details
72

Request headers
POST /account/register HTTP/1.1
Content-Length: 166
Referer: http://192.168.1.3:80/
(line truncated) ...RBDQdv0mbjXmSgSSpkVwfWC9RwYR43hNjfGxzdPMhg5Ysdz_0gcFwBTS4GteKd_mx9DRXdaeOkyuU6r5KHt8O1ibCO-0M9rVBFbODB2jFCfH5qld0c-LDHch_EwkoX3PaKlxf9DoMtgG4ASOH-cnXwdEX7nYFUdKFxyxW6G2K9sRhQigZKEp2H4SbVciAYk6QM0EFN8chZYn4ECOJhPgXeujeahL0kh6nHNcWJLoRTz9EKWBtM3pSx08zoQcWNAqISxqJ0m86Rm-xid-uO3ujIXQCLmErb0r83yGVGDOogOrQO0DqotCD6sTbTOKjn_lloKMZSAiSS_ufHdeX9DAi-Td9DyrasfuQyVXnh; _culture=en-us; currentNavLi=link246; ace_settings=%7B
Host: 192.168.1.3
Safari/537.21
Accept: */*
ConfirmPassword=g00dPa%24%24w0rD&Email=sample
%40email.tst&FirstName=btwpdekw&LastName=btwpdekw&Password=g00dPa
%24%24w0rD&UserName=btwpdekw&__RequestVerificationToken=
/account/usergroups/enanu
Details
POST (multipart) input __RequestVerificationToken was set to
Request headers
POST /account/usergroups/enanu HTTP/1.1
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_RAUJOURFRB
Referer: http://192.168.1.3:80/
(line truncated) ...0WBH55ZC00EeRfbzXiwBivu6ArdjVOFwr8lDdiP2tMC1jplF-9TI8zQ3h-6GF0uN2yUenoMjxVQIqxvBhxEl6SilcMGC072lS2hnYOG-UKvHvw3GbzjsPvrABuQ40naiplhYVlDOelf1OLkZQTcvjXQ1NlkXBhMYbtmrXY_iumC_7T8GFIoY7PJ59WgjM-LeQ3rMz5Q61-FcOMIfjF9XrU_sD0sOgsZCHwmWOMMzASxIhy9TDTcbIZUC1muzXIBqXwF2g1elPPTFmU52vjD83PT41gWMJauef1e7KjdtlWrCM29OxOOPyAn2XRcNl8b56U1wQqCL3u91rNumArzqW7h
TfIOF6WB5-4bnKw; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbarfixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_RAUJOURFRB
1
false
4
5
73
false
6
true
7
true
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_RAUJOURFRB-/account/usergroups/enanu
Details
POST (multipart) input Groups[0].GroupId was set to 1
74
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_VEJPINKYXH
Referer: http://192.168.1.3:80/
(line truncated)
...Lu9oqJmnPHBFavIacie1xFtX1g8MmPCIAcinTl3koAYBSCb_bjlhVlSyWg4rcDXzJzEPICJoukYjWngZ6ykWuz6c4giemFeWbArl
AQEsfswhgQX7oxuMGQjO_MgNdraqhXI9zRxyx34RWdTOJ-oKtUUWHw-BfbJPe_QWW2hQfXtwPO84jcxsib7bt2_4Jrd5zVmi8vnz1YPo3OUBcM3Bgzq8Gj5w2WhT9Qb2Pde7T1S8kxo_9kFjsPPnmWeZv9C
e3CBhH6_wArZshAnUsx4tNxkx16f10fmmQfs78kqGwx2Rt3J08oh2GwK6ep23iy0TLCa4jFTnp_ElkTG8Yx9VS1T01UfBP2pBBs8
Vvd_m_; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_VEJPINKYXH
Content-Disposition: form-data; name="Groups[0].GroupId[]"
1
false
4
5
false
6
true
7
true
8
true
75
9
true
10
true
11
true
Enanu
id4F7HKEp2NoCOhw57NBlpZvNECOZtalrV62dIubpxQ0QMVYmeiX6EMxWyNt0yCsbwdxWaUR1huDrpuOu6CGNC0aauRQWG4ksGXIuI
GS4ZIezE8zze5i4rCulTLJ7xkD1pvhHfanh2M4bbr0At7QQ2
-------AcunetixBoundary_VEJPINKYXH-/account/usergroups/enanu
Details
Request headers

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_FGDQVSWTNK
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_FGDQVSWTNK
1
false
76
4
5
false
6
true
7
true
8
true
9
true
10
true
11
true
Enanu
77
-------AcunetixBoundary_FGDQVSWTNK-/account/usergroups/enanu
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_CGJAHGVTBE
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_CGJAHGVTBE
1
false
4
5
false
6
true
7
true
8
78
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_CGJAHGVTBE-/account/usergroups/enanu
Details
Request headers

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_ISPFJXUXSR
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_ISPFJXUXSR
79
1
false
4
5
false
6
true
7
true
8
true
9
true
10
true
11
true
80
Enanu
-------AcunetixBoundary_ISPFJXUXSR-/account/usergroups/enanu
Details
POST (multipart) input Groups[3].Selected was set to
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_IWDXKLYMHS
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_IWDXKLYMHS
1
false
4
5
false
6
7
true
81

8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_IWDXKLYMHS-/account/usergroups/enanu
Details
Request headers

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_DNVDDGLXSV
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
82
-------AcunetixBoundary_DNVDDGLXSV
1
false
4
5
false
6
true
7
true
8
true
9
true
10
true
11
83
true
Enanu
-------AcunetixBoundary_DNVDDGLXSV-/account/usergroups/enanu
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_RJHNRTUOGK
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_RJHNRTUOGK
1
false
4
5
false
6
true
84
7
8
true
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_RJHNRTUOGK-/account/usergroups/enanu
Details
Request headers

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MVVBBEOTBY
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko)
85
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
-------AcunetixBoundary_MVVBBEOTBY
1
false
4
5
false
6
true
7
true
8
true
9
true
10
true
11
86
true
Enanu
-------AcunetixBoundary_MVVBBEOTBY-/account/usergroups/enanu
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_EKYISYPALU
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_EKYISYPALU
1
false
4
5
false
6
87
true
7
true
8
9
true
10
true
11
true
Enanu
-------AcunetixBoundary_EKYISYPALU-/account/usergroups/enanu
Details
Request headers

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_OHUOPLUDVW
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
88
Safari/537.21
Accept: */*
-------AcunetixBoundary_OHUOPLUDVW
1
false
4
5
false
6
true
7
true
8
true
9
true
10
true
89

11
true
Enanu
-------AcunetixBoundary_OHUOPLUDVW-/account/usergroups/enanu
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_SYTJYGTPBW
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_SYTJYGTPBW
1
false
4
5
false
6
90
true
7
true
8
true
9
10
true
11
true
Enanu
-------AcunetixBoundary_SYTJYGTPBW-/account/usergroups/enanu
Details
Request headers

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_WXCBGWKKYI
Referer: http://192.168.1.3:80/
TfIOF6WB5-4bnKw; _culture=en-us; currentNavLi=link246;
91
ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_WXCBGWKKYI
1
false
4
5
false
6
true
7
true
8
true
9
true
10
92
true
11
true
Enanu
-------AcunetixBoundary_WXCBGWKKYI-/account/usergroups/enanu
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MMEWNHJWYL
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_MMEWNHJWYL
1
false
4
5
false
93

6
true
7
true
8
true
9
true
10
11
true
Enanu
-------AcunetixBoundary_MMEWNHJWYL-/account/usergroups/enanu
Details
Request headers

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_QAWAULLAVY
Referer: http://192.168.1.3:80/
(line truncated) ...0WBH55ZC00EeRfbzXiwBivu6ArdjVOFwr8lDdiP2tMC1jplF-9TI8zQ3h-6GF0uN2yUenoMjxVQIqxvBhxEl6SilcMGC072lS2hnYOG-UKvHvw3GbzjsPvrABu-Q40naiplhYVlDOelf1OLkZQTcvjXQ1NlkXBhMYbtmrXY_ium
94
C_7T8GFIoY7PJ59WgjM-LeQ3rMz5Q61-FcOMIfjF9XrU-_sD0sOgsZCHwmWOMMzASxIhy9TDTcbIZUC1muzXIBqXwF2g1elPPTFmU52vjD83PT41gWMJauef1e7KjdtlWrCM29OxOOPyAn2XRcNl8b56U1wQqCL3u91rNumArzqW7h
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_QAWAULLAVY
1
false
4
5
false
6
true
7
true
8
true
9
true
95
10
true
11
true
Enanu
-------AcunetixBoundary_QAWAULLAVY-/account/usergroups/enanu
Details
Request headers
Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_MPVYSDWOXV
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_MPVYSDWOXV
1
false
4
5
96
false
6
true
7
true
8
true
9
true
10
true
11
Enanu
-------AcunetixBoundary_MPVYSDWOXV-/account/usergroups/enanu
Details
POST (multipart) input UserName was set to
Request headers

Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_KSYNUQKWLN
Referer: http://192.168.1.3:80/
97

Host: 192.168.1.3
Safari/537.21
Accept: */*
-------AcunetixBoundary_KSYNUQKWLN
1
false
4
5
false
6
true
7
true
8
true
9
true
98
10
true
11
true
-------AcunetixBoundary_KSYNUQKWLN-/finance/budgetallocationandusage/
Details
URL encoded POST input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
POST /finance/budgetallocationandusage HTTP/1.1
Content-Length: 68
Referer: http://192.168.1.3:80/
(line truncated)
...cgfpHKf3mTxPvQhVMoeEbYIPwitXutryiR7TgIECWncOX4Iwt9O3Ukf0nS6192tTze32YzdrONn9GSUt3bbDRZL2YOTYQ8Tj4
g3M6BNCDJZmW0jXdQtC_Qud1aoaas4CUdk4q6Blr_Y6ZxVRc8envb357QP7TJsj7IfwY37oGyqCmFq_mA9jZVWSDm0yF94ycq_lr5P1g5AlS5xiuq401t7uwW9E-bx8lfw8dYfSpm3sijtoc-C1B-vYvELplgB_kSxl6pzcnS28DP0GI4SEUNUbGUzbzCI5jtP8qKoe3abuGR9FpXsJL0JviyH34dbcU4yDd0rp5SSl6CSSo8DWk5QRBesd5YZ0
X4xXf7gZ; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbar-fixed
Host: 192.168.1.3
Safari/537.21
Accept: */*
BudgetMonth=NA&BudgetYear=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
/finance/budgetallocationandusage/budgetallocationandusageexcel
Details
URL encoded GET input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
GET /finance/budgetallocationandusage/budgetallocationandusageexcel?BudgetMonth=NA&BudgetYear=12345'"\'\");|]*%00{%0d
%0a<%00>%bf%27' HTTP/1.1
Referer: http://192.168.1.3:80/
(line truncated)
...lg_W4JZUZLzFcZ16WR4m2WqXMTcN_bT4OKJRROQLdc4IhjGMku4kEZkTCyWmgfq7UnaM3s0TNT2n1WyIGz9rWLUel3jOAJo4kifE9gh3sYw97zF0LcxBgK3eOVWqys5NnaR0495W2zh3lSrDMS16cGJxR3VIbiOqXOqyq-tJTf9
99
hiRt7gpfomAvLLP0u_WoyVDyrpPIS0hEIwLs1_tGq9qYcTLtokWrLUSGW0jjvsPBLdWtdUlZ2eVXoSV81FBLJdPXqn1WEivbQK
SlT4Q-36uvnJn2fJJ3Dx8uPcdI0GeefZD8oCrKtU1yhNmfBmL0aeqEosUMW6fLQo4lZ9KCiYACy3oVgyPEkzbLNgBmcc;
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/budgetallocationandusage/budgetallocationandusageprint
Details
URL encoded GET input BudgetYear was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
GET /finance/budgetallocationandusage/budgetallocationandusageprint?BudgetMonth=NA&BudgetYear=12345'"\'\");|]*%00{%0d
%0a<%00>%bf%27' HTTP/1.1
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
URL encoded POST input id was set to
Request headers
POST /finance/json/description HTTP/1.1
Content-Length: 3
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
id=
100
Details
URL encoded POST input filter was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
POST /fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
filter=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&group=&page=1&pageSize=10&sort=
Details
URL encoded POST input group was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
filter=&group=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'&page=1&pageSize=10&sort=
Details
URL encoded POST input page was set to
Request headers

Content-Length: 38
101
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
filter=&group=&page=&pageSize=10&sort=
Details
URL encoded POST input pageSize was set to
Request headers
Content-Length: 37
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
filter=&group=&page=1&pageSize=&sort=
Details
URL encoded POST input sort was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers

Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
102
Host: 192.168.1.3
Safari/537.21
Accept: */*
filter=&group=&page=1&pageSize=10&sort=12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
Details
Request headers
POST /fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read HTTP/1.1
Content-Length: 81
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers

Content-Length: 81
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
103
Request headers
Content-Length: 38
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers

Content-Length: 37
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 81
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
104
POST /fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read HTTP/1.1

Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
105

Content-Length: 38
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 37
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 81
Referer: http://192.168.1.3:80/
(line truncated)
106
Host: 192.168.1.3
Safari/537.21
Accept: */*
/home/setculture
Details
HTTP Header input Referer was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
GET /home/setculture HTTP/1.1
Referer: 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'
Safari/537.21
(line truncated) ...ko0xiMvFeQzjacUn1O6g3Xl1mWhg22l627J3nelrcROLeijhjRk9PemXcPG9lF_JhbKm3yUhpEzJIbVTHFYvkg1UYZaLCTd7WXlMQzJ8fiMn1NlbnSlZX9lVep3Z48RuiKGmSOyLMktaslgXisrr9S_iEEdno62dfAmWrL3Ilv7v
UGTtj_IeU9hNY4ey0a19GHtsnoGNjs6PJzOazyNsK7Bhk_DhOfSTcl8ne2fe71J3e4GIbdKiQMjTVkUE81n3mMRw38qiucTteXpqG
7rnns9IhthXvVyHZSHYK68awHdzG6UV34kBQ0vuSzQ0uke41s1OoHmKT1g_kTnoN8lWrMyyN8aKv8NKTtpeDsGUs;
Host: 192.168.1.3
Accept: */*
Details
Request headers
POST /hr/disciplinaymeasuretypes/delete/10 HTTP/1.1
Content-Length: 27
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 27
107
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 27
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 27
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
108
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 27
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
Content-Length: 349
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=10&
ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b
%88%e1%88%ad%20%e1%8b%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%89%85%e1%8c
%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=
Details
URL encoded POST input CreatedBy was set to
Request headers
109

Content-Length: 495
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=10&Expire
Year=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b
%a3%e1%89%b5&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5QRFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pNBV1CAxcDL22_Ptqg89W5lJHEjVMFy5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Details
URL encoded POST input CreatedOn was set to
Request headers
Content-Length: 476
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=10&ExpireYear=3.00&Measure=
%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b%88%e1%88%ad%20%e1%8b
%a8%e1%8b%b0%e1%88%98%e1%8b%88%e1%8b%9d%20%e1%89%85%e1%8c
Details
URL encoded POST input DisciplinayMeasureRanksID was set to
Request headers

Content-Length: 499
110
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=&DisciplinayMeasureTypesID=10&E
xpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b
Details
URL encoded POST input DisciplinayMeasureTypesID was set to
Request headers
Content-Length: 498
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:22:19%20PM&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=&Ex
pireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b
Details
URL encoded POST input ExpireYear was set to
Request headers

Content-Length: 496
Referer: http://192.168.1.3:80/
(line truncated) ...-3qXSD0Q_VHN-nxXMePCuntZqQl2b64Y5BlVpGRTYkIJJPfgmJ7v-Y-aQvG8NMZHxJghToB5YokDwLy0-elB
111
YtY9XJ8Wny6hqzyw2Lc9462pZurtU1sK9mhzbsLwn1ONBbuIglmqsyXvDrhisQuczj5NR1zY6UbHDShTfQNVEWEVT6wgtDS3SxsdX0LnjH9EP17BFyEHocfJFQ9FfoFJfCvYfr1MIK7qyOP8TkXwW
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b
Details
Request headers
Content-Length: 344
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=3.00&Measure=&PercentageEffectOnPromotion=8.00&__RequestVerificationToken=C5QRFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pNBV1CAxcDL22_Ptqg89W5lJHEjVMFy5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Details
URL encoded POST input PercentageEffectOnPromotion was set to
Request headers

Content-Length: 496
Referer: http://192.168.1.3:80/
%22sidebar-fixed
112
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=3.00&Measure=%e1%8a%a5%e1%88%b5%e1%8a%a8%20%e1%8a%a0%e1%8a%95%e1%8b%b5%20%e1%8b
%a3%e1%89%b5&PercentageEffectOnPromotion=&__RequestVerificationToken=C5QRFDCogqsKM2pGpKGcirHZFzX2mtwMouqK9Q9TVjdZc22fwU8j9E4pf60pNBV1CAxcDL22_Ptqg89W5lJHEjVMFy5ilhomiM3cNoyuOkhIIHK72Y3xURPDIRmPU9fmU6ERic6Z9rCiozy5zNxQ2
Details
Request headers
Content-Length: 325
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c
%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c
%a3%e1%89%b5&PercentageEffectOnPromotion=9.00&__RequestVerificationToken=
Details
Request headers

Content-Length: 471
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
113
Chrome/41.0.2228.0 Safari/537.21
Accept: */*
CreatedBy=&CreatedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=11&Expire
Year=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a
%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c
%a3%e1%89%b5&PercentageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E00t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ60MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Details
Request headers
Content-Length: 452
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=11&ExpireYear=0.00&Measure=
%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a
%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c
Details
Request headers

Content-Length: 475
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
114
CreatedBy=remrm&CreatedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=&DisciplinayMeasureTypesID=11&E
xpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c
%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c
Details
Request headers
Content-Length: 474
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
CreatedBy=remrm&CreatedOn=3/15/2016%204:23:00%20PM&DisciplinayMeasureRanksID=3&DisciplinayMeasureTypesID=&Ex
pireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a
%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c
Details
Request headers

Content-Length: 472
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a
%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c%a3%e1%89%b5&Pe
115
rcentageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E00t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ60MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Details
Request headers
Content-Length: 344
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=0.00&Measure=&PercentageEffectOnPromotion=9.00&__RequestVerificationToken=XPo4JqV7wpdXHlY2E00t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ60MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
Details
Request headers

Content-Length: 472
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=0.00&Measure=%e1%8b%a8%e1%8c%b9%e1%88%81%e1%8d%8d%20%e1%88%9b%e1%88%b5%e1%8c
%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab%20%e1%89%85%e1%8c
%a3%e1%89%b5&PercentageEffectOnPromotion=&__RequestVerificationToken=XPo4JqV7wpdXHlY2E00t08CqBP6DUjqTy3nnYpv_ougyK9yhvjhAmtgnVogTtuhjLiy39swzsHwpgtDQ60MsSenw6VGQZ69SNfkLZdEDEQ8tJ89Ec7VoX1EwDJqUP0QLe4MxCKQIRR-sRuRL8kJg2
116
Details
Request headers
Content-Length: 413
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=0.00&Measure=%e1%8b%a8%e1%89%83%e1%88%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a
%95%e1%89%80%e1%89%82%e1%8b%ab%e1%8a%93%20%e1%88%9d%e1%8a%95%e1%88%9d%20%e1%88%aa%e1%8a
%a8%e1%88%ad%e1%8b%b5%20%e1%8b%a8%e1%88%8c
%e1%88%88%e1%89%a0%e1%89%b5&PercentageEffectOnPromotion=10.00&__RequestVerificationToken=
Details
Request headers

Content-Length: 559
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...asureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b
%a8%e1%89%83%e1%88%8d%20%e1%88%9b%e1%88%b5%e1%8c%a0%e1%8a%95%e1%89%80%e1%89%82%e1%8b%ab
%e1%8a%93%20%e1%88%9d%e1%8a%95%e1%88%9d%20%e1%88%aa%e1%8a%a8%e1%88%ad%e1%8b%b5%20%e1%8b
%a8%e1%88%8c
%e1%88%88%e1%89%a0%e1%89%b5&PercentageEffectOnPromotion=10.00&__RequestVerificationToken=VGpWRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkYNetKhWQwI8sRBdZHYIdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Details
117
Request headers
Content-Length: 540
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...asureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b
%a8%e1%88%8c
Details
Request headers

Content-Length: 563
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...easureRanksID=&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b
%a8%e1%88%8c
Details
Request headers
118

Content-Length: 562
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...MeasureRanksID=3&DisciplinayMeasureTypesID=&ExpireYear=0.00&Measure=%e1%8b
%a8%e1%88%8c
Details
Request headers

Content-Length: 560
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...ayMeasureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=&Measure=%e1%8b
%a8%e1%88%8c
Details
Request headers
119
Content-Length: 345
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
ExpireYear=0.00&Measure=&PercentageEffectOnPromotion=10.00&__RequestVerificationToken=VGpWRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkYNetKhWQwI8sRBdZHYIdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Details
Request headers

Content-Length: 559
Referer: http://192.168.1.3:80/
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
(line truncated) ...nayMeasureRanksID=3&DisciplinayMeasureTypesID=12&ExpireYear=0.00&Measure=%e1%8b
%a8%e1%88%8c%e1%88%88%e1%89%a0%e1%89%b5&PercentageEffectOnPromotion=&__RequestVerificationToken=VGpWRTR11jxCFyyI2P684qNP_ETBsiDMUKZRBSzicUyrMUzsduU4dWJn8zIJVo93uTSkYNetKhWQwI8sRBdZHYIdkIuMZ45Y3hlj6M-J4toE6qCOejHhRLDqXd7sOxahG-8tdKg3yqY3iUWrupSg2
Details
Request headers
POST /hr/empbscappraisalperiods/create HTTP/1.1
Content-Length: 127
Referer: http://192.168.1.3:80/
(line truncated)
120
...5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnAVBpgUWs07VAAg57U2AePmNuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayzrGCTNEXe9QDzjZDnJ4usaRYZfscchlzB7F39AJ4dOnwb8beVrES8eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BBomYolVYqqy8qjhOEwEtRpsgtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
AppraisalPeriod=1&DayFrom=17&DayTo=17&IsClosed=true&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__R
equestVerificationToken=
Details
URL encoded POST input IsClosed was set to 12345'"\'\");|]*%00{%0d%0a<%00>%bf%27'??
Request headers
POST /hr/empbscappraisalperiods/create HTTP/1.1

Content-Length: 316
Referer: http://192.168.1.3:80/
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
AppraisalPeriod=1&DayFrom=17&DayTo=17&IsClosed=12345'"\'\");|]*%00{%0d%0a<%00>%bf
%27'&MonthFrom=7&MonthTo=7&YearFrom=1967&YearTo=1967&__RequestVerificationToken=kabWQ9lnQEM1_J4j_rodreT-oOM-rDJchFohTbUPN_eibwR9F8WL4wUjwMqBnsDxgzH-GoCpFBFKEGNwhuzameuBn8D0eB7DZovslPDx2sap9R4QlA63qkXK-alGvSkyownig3N--MmqP9Vgp7kg2
121
User credentials are sent in clear text

Severity
Type
Reported by module
Medium
Configuration
Crawler
Description
User credentials are transmitted over an unencrypted channel. This information should always be transferred via an encrypted channel
(HTTPS) to avoid being intercepted by malicious users.
Impact
A third party may be able to read the user credentials by intercepting an unencrypted HTTP connection.
Recommendation
Because user credentials are considered sensitive information, should always be transferred to the server over an encrypted connection
(HTTPS).
Affected items
/account/login
Details
Form name: <empty>
Form action: http://192.168.1.3/account/login
Form method: POST
Form inputs:
- __RequestVerificationToken [Hidden]
- UserName [Text]
- Password [Password]
Request headers
GET /account/login HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/login (943495a8bf6f8beb8b22c44cf845bd3f)

Details
Form name: <empty>
Form action: http://192.168.1.3/account/login
Form method: POST
Form inputs:
- UserName [Text]
Request headers
122

Pragma: no-cache
Referer: http://192.168.1.3/account/login
Content-Length: 222
(line truncated) ...xnsdSs-WJm2vPKGIEmtDE-XKwOkXSFJ6DEW7R4pXv9V2r3EIVZ3a06CubQeDQlBX7aznpeHIoMPjDcyQ1vJxIR7On9Rqe1JKB4AgCTtqVSnoA7rw7m0I2YOzR9Q3AQ0bjb_EkD5sVyU3DJoFfFYq5D5p17_XV2k5QyskPeo28J3TxOFsvi2qKkKUjtz8oUqiSQ4JlMY8a2Ug8
0Fb9YUsdGQGORe42CwrMcRc068gs-XxlgDyxj1Gm2s33eQPQFw12dolvrBc6yDvykD_uF6sOtGPXCLiFNrjwTp5dTP8mJcWchnJMenky-fIiTvP_Hm_uDO6r33O6F73mdKSJxCmOQLgpYyNiZmTKgbDKXRnKTaMUOLYKzs0DAbk7NYarkSqqYc2plWuSJ7MJOnMI2IFiNNUsnLpGW03V8hv7XZn
0eociDXiOluNjnMHKM-JryeCxYTaqrb8Sg8wDvkmMpkAfMJvuhuSwCL8; _culture=en-us
Host: 192.168.1.3
Safari/537.21
Accept: */*
Password=g00dPa%24%24w0rD&UserName=glpscbtu&__RequestVerificationToken=pYa6dj2VyJop_m5Exsk2R3Ct821rXO6ASuxLaEOUjpM5gT_fIl_HaWhg9uZ5bW-QMQx9ae7oZvshfI_q25EQwm9FCmr4VYF3L34UBZbUxQndssCSydRmQ7cPytqX1_vGWfaK0vsHo4sjtmZlPu1w2
/account/register
Details
Form name: <empty>
Form action: http://192.168.1.3/account/register
Form method: POST
Form inputs:
- UserName [Text]
- ConfirmPassword [Password]
- LastName [Text]
- FirstName [Text]
- Email [Text]
Request headers
GET /account/register HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/account
oko_ADvYHSMyfwI85Bg75Mo78OboIVY3P0mSc0k9xVMgCXfc1B-9ZjkCJ
123
aQxH5kjh0ASBHu; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C%22navbarfixed%22%3A1%2C%22sidebar-fixed%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
124
ASP.NET version disclosure

Severity
Type
Reported by module
Description
Low
Configuration
Scripting (ASP_NET_Error_Message.script)
The HTTP responses returned by this web application include anheader named X-AspNet-Version. The value of this header is used by
Visual Studio to determine which version of ASP.NET is in use. It is not necessary for production sites and should be disabled.
Impact
The HTTP header may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Apply the following changes to the web.config file to prevent ASP.NET version disclosure:
<System.Web>
<httpRuntime enableVersionHeader="false" />
</System.Web>
References
HttpRuntimeSection.EnableVersionHeader Property
Affected items
/
Details
Version information found: 4.0.30319
Request headers
GET /|~.aspx HTTP/1.1
Host: 192.168.1.3
Safari/537.21
Accept: */*
125
Cookie without HttpOnly flag set

Severity
Type
Reported by module
Low
Informational
Crawler
Description
This cookie does not have the HTTPOnly flag set. When a cookie is set with the HTTPOnly flag, it instructs the browser that the
cookie can only be accessed by the server and not by client-side scripts. This is an important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the HTTPOnly flag for this cookie.
Affected items
/
Details
Cookie name: "currentNavLi"
Cookie domain: "192.168.1.3"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
/
Details
Cookie name: "_culture"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
126
Accept: */*
/
Details
Cookie name: "ace_settings"

Request headers
GET / HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
Cookie without Secure flag set
127
Severity
Type
Reported by module
Low
Informational
Crawler
Description
This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can
only be accessed over secure SSL channels. This is an important security protection for session cookies.
Impact
None
Recommendation
If possible, you should set the Secure flag for this cookie.
Affected items
/
Details
Cookie name: "__RequestVerificationToken"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
/
Details
Cookie name: "_culture"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
Acunetix
Website Audit
128
/
Details
Cookie name: "ace_settings"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
/
Details
Cookie name: "currentNavLi"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
/
Details
Cookie name: "awwce-MyCookieName-2016-erp"
Request headers
GET / HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
129
Accept: */*
130
File upload
Severity
Type
Reported by module
Low
Informational
Crawler
Description
This page allows visitors to upload files to the server. Various web applications allow users to upload files (such as pictures, images,
sounds, ...). Uploaded files may pose a significant risk if not handled correctly. A remote attacker could send a multipart/form-data
POST request with a specially-crafted filename or mime type and execute arbitrary code.
Impact
If the uploaded files are not safely checked an attacker may upload malicious files.
Recommendation
Restrict file types accepted for upload: check the file extension and only allow certain files to be uploaded. Use a whitelist approach
instead of a blacklist. Check for double extensions such as .php.png. Check for files without a filename like .htaccess (on ASP.NET,
check for configuration files like web.config). Change the permissions on the upload folder so the files within it are not executable. If
possible, rename the files that are uploaded.
Affected items
/hr/upload
Details
Form name: <empty>
Form action: http://192.168.1.3/hr/upload
Form method: POST
Form inputs:
- File [File]
Request headers
GET /hr/upload HTTP/1.1
Pragma: no-cache
(line truncated)
Host: 192.168.1.3
Safari/537.21
Accept: */*
131
Login page password-guessing attack

Severity
Type
Reported by module
Low
Validation
Scripting (Html_Authentication_Audit.script)
Description
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt
to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the
one correct combination that works.
This login page doesn't have any protection against password-guessing attacks (brute force attacks). It's recommended to implement
some type of account lockout after a defined number of incorrect password attempts. Consult Web references for more information
about fixing this problem.
Impact
An attacker may attempt to discover a weak password by systematically trying every possible combination of letters, numbers, and
symbols until it discovers the one correct combination that works.
Recommendation
It's recommended to implement some type of account lockout after a defined number of incorrect password attempts.
References
Blocking Brute Force Attacks
Affected items
/account/login
Details
The scanner tested 10 invalid credentials and no account lockout was detected.
Request headers
Content-Length: 214
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Password=4PBptj6n&UserName=lwir1kAu&__RequestVerificationToken=_uDCtrunIm4qmJUlyN2TRxSyzo-QQxlXf5sXQAyMB2eXDGfp16Nf_78l91wFgoGrZYn74Qbtyv7bL8oCsPGV4Ooi1fJmVyukcPReECkScFY3B8Q-gqLyoiz7aR0cpBrYCJ8gTzo1B_pGQQIzt8hg2
132
OPTIONS method is enabled

Severity
Type
Reported by module
Low
Validation
Scripting (Options_Server_Method.script)
Description
HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by
the web server, it represents a request for information about the communication options available on the request/response chain
identified by the Request-URI.
Impact
The OPTIONS method may expose sensitive information that may help an malicious user to prepare more advanced attacks.
Recommendation
It's recommended to disable OPTIONS Method on the web server.
References
Testing for HTTP Methods and XST (OWASP-CM-008)
Affected items
Web Server
Details
Methods allowed: OPTIONS, TRACE, GET, HEAD, POST
Request headers
OPTIONS / HTTP/1.1
Host: 192.168.1.3
Safari/537.21
Accept: */*
133
Slow response time

Severity
Type
Reported by module
Low
Informational
Crawler
Description
This page had a slow response time. This type of files can be targeted in denial of service attacks. An attacker can request this page
repeatedly from multiple computers until the server becomes overloaded.
Impact
Possible denial of service.
Recommendation
Investigate if it's possible to reduce the response time for this page.
Affected items
Details
The response time for this page was 5101 ms while the average response time for this site is 54.78 ms
Request headers

Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
/projectmanagement/projectestimationnames
Details
The response time for this page was 5710 ms while the average response time for this site is 54.78 ms
Request headers
GET /projectmanagement/projectestimationnames HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
(line truncated)
Host: 192.168.1.3
134
Safari/537.21
Accept: */*
135
Broken links
Severity
Informational
Type
Reported by module
Informational
Crawler
Description
A broken link refers to any link that should take you to a document, image or webpage, that actually results in an error. This page was
linked from the website but it is inaccessible.
Impact
Problems navigating the site.
Recommendation
Remove the links to this file or make it accessible.
Affected items
/content/kendo/2016.1.112/%23clip
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") > select
Referrers Tab from the bottom of the Information pane.
Request headers
GET /content/kendo/2016.1.112/%23clip HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/content/kendo/2016.1.112/kendo.mobile.all.min.css
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
Details
For a complete list of URLs linking to this file, go to Site Structure > Locate and select the file (marked as "Not Found") > select
Referrers Tab from the bottom of the Information pane.
Request headers
GET /finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0 HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/accountstransactions/details/1684
Host: 192.168.1.3
136
Safari/537.21
Accept: */*
137
Email address found

Severity
Type
Reported by module
Informational
Informational
Scripting (Text_Search_Dir.script)
Description
One or more email addresses have been found on this page. The majority of spam comes from email addresses harvested off the
internet. The spam-bots (also known as email harvesters and email extractors) are programs that scour the internet looking for email
addresses on any website they come across. Spambot programs look for strings like myname@mydomain.com and then record any
addresses found.
Impact
Email addresses posted on Web sites may attract spam.
Recommendation
Check references for details on how to solve this problem.
References
Email Address Disclosed on Website Can be Used for Spam
Affected items
/account
Details
Pattern found: info@awwwce.com
Request headers
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
GET /account/delete/zelalem HTTP/1.1
Pragma: no-cache
(line truncated) ...UISHYb75Myuir1JzwsC0FNA9nM7TBOL8DKPCwlySYeLOgcxJ-uYkTktkPKFhAh4lOppFWGZpMQ5S9OEKF8x5zdY-A9dOkPP4NmkX071rFmHJATnasgOGDugGN5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhn
138
AVBpgUWs07VAAg57U2AePmNuZAEnIgAEnwZZOyIQ69pGGddHzM5Kx3pr3Dlpz2nJoiASwlH01Uia7Qx38MoC2ayzrGCTNEXe9QDzjZDnJ4usaRYZfscchlzB7F39AJ4dOnwb8beVrES8eO_am2bq5WUVPVwOJOWY8tXgagLNjLV3BBomYolVYqqy8qjhOEwEtRpsgtft6k8q_UdoMLZ7vDqk_cQ60rGSCLCfI3lLSl_jS1
Host: 192.168.1.3
Safari/537.21
Accept: */*
Details
Request headers
GET /account/edit/zelalem HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
139
Microsoft IIS version disclosure

Severity
Type
Reported by module
Informational
Configuration
Scripting (ASP_NET_Error_Message.script)
Description
The HTTP responses returned by this web application include a header named Server. The value of this header includes the version of
Microsoft IIS server.
Impact
The HTTP header may disclose sensitive information. This information can be used to launch further attacks.
Recommendation
Microsoft IIS should be configured to remove unwanted HTTP response headers from the response. Consult web references for more
information.
References
Remove Unwanted HTTP Response Headers
Affected items
/
Details
Version information found: Microsoft-IIS/8.5
Request headers
GET /|~.aspx HTTP/1.1

Host: 192.168.1.3
Safari/537.21
Accept: */*
140
Password type input with auto-complete enabled

Severity
Type
Reported by module
Informational
Informational
Crawler
Description
When a new name and password is entered in a form and the form is submitted, the browser asks if the password should be
saved.Thereafter when the form is displayed, the name and password are filled in automatically or are completed as the name is
entered. An attacker with local access could obtain the cleartext password from the browser cache.
Impact
Recommendation
The password auto-complete should be disabled in sensitive applications.
To disable auto-complete, you may use a code similar to:
<INPUT TYPE="password" AUTOCOMPLETE="off">
Affected items
/account/login
Details
Password type input named Password from unnamed form with action /Account/Login has autocomplete enabled.
Request headers
GET /account/login HTTP/1.1
Pragma: no-cache
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/login (1f2dc0e26bedda9d5aebd00f748cb9d1)
Details
Password type input named Password from unnamed form with action /Account/Login?ReturnUrl=%2Froles has autocomplete
enabled.
Request headers
GET /account/login?ReturnUrl=/roles HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/roles
(line truncated) ...xnsdSs-WJm2vPKGIEmtDE-XKwOkXSFJ6DEW7R4pXv9V2r3EIVZ3a06CubQeDQlBX7aznpeHIoMPjDcyQ1vJxIR7On9Rqe1JKB4AgCTtqVSnoA7rw7m0I2YOzR9Q3AQ0bjb_EkD5sVyU3DJoFfFYq5D5p17_XV2k5QyskPeo28J
141
3TxOFsvi2qKkKUjtz8oUqiSQ4JlMY8a2Ug80Fb9YUsdGQGORe42CwrMcRc068gs-XxlgDyxj1Gm2s33eQPQFw12dolvrBc6yDvykD_uF6sOtGPXCLiFNrjwTp5dTP8mJcWchnJMenky-fIiTvP_Hm_uDO6r33O6F73mdKSJxCmOQLgpYyNiZmTKgbDKXRnKTaMUOLYKzs0DAbk7NYarkSqqYc2plWuSJ7MJOnMI2IFiNNUsnLpGW03V8hv7XZn
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/login (8f687fa47b22a02f27a3174aed84ccc0)
Details
Password type input named Password from unnamed form with action /Account/Login?ReturnUrl=%2Fhr%2Fallowances has
autocomplete enabled.
Request headers
GET /account/login?ReturnUrl=/hr/allowances HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/hr/allowances
(line truncated) ...xnsdSs-WJm2vPKGIEmtDE-XKwOkXSFJ6DEW7R4pXv9V2r3EIVZ3a06CubQeDQlBX7aznpeHIoMPjDcyQ1vJxIR7On9Rqe1JKB4AgCTtqVSnoA7rw7m0I2YOzR9Q3AQ0bjb_EkD5sVyU3DJoFfFYq5D5p17_XV2k5QyskPeo28J3TxOFsvi2qKkKUjtz8oUqiSQ4JlMY8a2Ug8
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/login (d4c7aaa78ab87dfcc2f6d60cf3c9605e)
Details
Password type input named Password from unnamed form with action /Account/Login?ReturnUrl=%2F has autocomplete enabled.
Request headers
GET /Account/Login?ReturnUrl=/ HTTP/1.1
Referer: http://192.168.1.3:80/
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/login (f679e9569fc981ca88e5e9c01ef99b87)
Details
Password type input named Password from unnamed form with action /Account/Login?ReturnUrl=%2Fhr%2Fcosigns has
autocomplete enabled.
Request headers
GET /account/login?ReturnUrl=/hr/cosigns HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/hr/cosigns
(line truncated) ...xnsdSs-WJm2vPKGIEmtDE-XKwOk-XSFJ6DEW7R4pXv9V2r3EIVZ3a06CubQeDQlBX7aznpeHIoMPjDcyQ1vJ
142
xIR7On9Rqe1JKB4AgCTtqVSnoA7rw7m0I2YOzR9Q3AQ0bjb_EkD5sVyU3DJoFfFYq5D5p17_XV2k5QyskPeo28J3TxOFsvi2qKkKUjtz8oUqiSQ4JlMY8a2Ug8
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/register
Details
Password type input named Password from unnamed form with action /Account/Register has autocomplete enabled.
Request headers
Pragma: no-cache
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
/account/register
Details
Password type input named ConfirmPassword from unnamed form with action /Account/Register has autocomplete enabled.
Request headers
Pragma: no-cache
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
143
Possible CSRF (Cross-site request forgery)

Severity
Type
Reported by module
Description
Informational
Validation
CSRF
Manual confirmation is required for this alert.

This script is possibly vulnerable to cross-site request forgery. Cross Site Reference Forgery (CSRF/XSRF) is a class of attack that
affects web based applications with a predictable structure for invocation. An attacker tricks the user into performing an action of the
attackers choosing by directing the victim's actions on the target application with a link or other content.
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to have
authenticated. Here is an example:
<img src="http://bank.example/withdraw?from=victim&amount=1000000&to=attacker">
If the bank keeps authentication information in a cookie, and if the cookie hasn't expired, then victim's browser's attempt to load the
image will submit the withdrawal form with his cookie.
This vulnerability is also known by several other names including Session Riding and One-Click Attack.
Impact
Depends on implementation.
Recommendation
Insert custom random tokens into every form and URL that will not be automatically submitted by the browser. Check References for
detailed information on protecting against this vulnerability.
References
The Cross-Site Request Forgery (CSRF/XSRF) FAQ
Cross-site request forgery
Cross Site Reference Forgery
Cross-Site Request Forgeries
Top 10 2007-Cross Site Request Forgery
Affected items
/finance/json/bankaccounts (6e57e52fb25f1aa27d063b6c42189ce6)
Details
Request headers
POST /finance/json/bankaccounts HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/json/bankaccounts
Content-Length: 71
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
Accounts=1001160141&CostCenter=1&Location=1&SubAccount=4111111111111111
/finance/json/description (c002f292f84915c9792f54c0abc710d4)
Details
144
Request headers
POST /finance/json/description HTTP/1.1
Accept: */*
Referer: http://192.168.1.3/finance/bankaccounts/edit/16
Origin: http://192.168.1.3
X-Requested-With: XMLHttpRequest
Safari/537.21
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 20
%22%3A-1%7D
Accept-Language: en-US,*
Host: 192.168.1.3
Pragma: no-cache
id=11140-1-00-CB0022
/finance/json/fromaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Details
Request headers
POST /finance/json/fromaccountcode HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/finance/json/fromaccountcode
Content-Length: 71
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
/finance/json/toaccountcode (6e57e52fb25f1aa27d063b6c42189ce6)
Details
Request headers
145
POST /finance/json/toaccountcode HTTP/1.1

Pragma: no-cache
Referer: http://192.168.1.3/finance/json/toaccountcode
Content-Length: 71
%22%3A-1%7D
Host: 192.168.1.3
Safari/537.21
Accept: */*
(11e076bff3d87afafd26c723d1fdc6a3)
Details
Request headers
Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer
Origin: http://192.168.1.3
Safari/537.21
Content-Length: 39
(line truncated) ...A9nM7TBOL8DKPCwlySYeLOgcxJ-uYkTktkPKFhAh4lOppFWGZpMQ5S9OE-KF8x5zdYA9dOkPP4NmkX071rFmHJATnasgOGDugGN5_p2_2qjiT1kJTD2Bu73jt9p7FzZJZTKAcG_ktKBT6Vt3cABhnAVBpgUWs07VAA
currentNavLi=link300
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=
(65ba3a10b77a6c16224ffc9314b599f2)
Details
Request headers
146

Accept: */*
Origin: http://192.168.1.3
Safari/537.21
Content-Length: 66
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=Manufacturer~isnotempty~'e'
(b585c40490c5c63ee711d1bbe6e3a118)
Details
Request headers
Accept: */*
Origin: http://192.168.1.3
Safari/537.21
Content-Length: 57
Host: 192.168.1.3
Pragma: no-cache
sort=&page=1&pageSize=10&group=&filter=Description~eq~'e'
/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read (11e076bff3d87afafd26c723d1fdc6a3)
Details
Request headers
147

Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
Origin: http://192.168.1.3
Safari/537.21
Content-Length: 39
Host: 192.168.1.3
Pragma: no-cache
/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read (11e076bff3d87afafd26c723d1fdc6a3)
Details
Request headers
Accept: */*
Referer: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
Origin: http://192.168.1.3
Safari/537.21
Content-Length: 39
Host: 192.168.1.3
Pragma: no-cache
148
Possible internal IP address disclosure

Severity
Type
Reported by module
Informational
Informational
Description
A string matching an internal IPv4 address was found on this page. This may disclose information about the IP addressing scheme of
the internal network. This information can be used to conduct further attacks.
Impact
Recommendation
Prevent this information from being displayed to the user.
Affected items
/home/setculture
Details
Pattern found: 192.168.1.3
Request headers
GET /home/setculture HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/
Host: 192.168.1.3
Safari/537.21
Accept: */*
149
Possible username or password disclosure

Severity
Type
Reported by module
Informational
Informational
Description
A username and/or password was found in this file. This information could be sensitive.
Impact
Recommendation
Remove this file from your website or change its permissions to remove access.
Affected items
/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
Details
Pattern found: pass:before
Request headers
GET /content/ace/font-awesome/4.2.0/css/font-awesome.min.css HTTP/1.1
Pragma: no-cache
Referer: http://192.168.1.3/account/login
Host: 192.168.1.3
Safari/537.21
Accept: */*
150
Scanned items (coverage report)

Scanned 792 URLs. Found 87 vulnerable.
URL: http://192.168.1.3/
Vulnerabilities have been identified for this URL
56 input(s) found for this URL
Inputs
Input scheme 1
Input name
/
/
Input type
Path Fragment
Path Fragment
Input scheme 2
Input name
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Input scheme 3
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 4
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 5
Input name
/
Input type
Path Fragment
Input scheme 6
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 7
Input name
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
151
/
/
Path Fragment
Path Fragment
Input scheme 8
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 9
Input name
/
/
/
/
Input scheme 10
Input name
/
/
/
/
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input type
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Path Fragment
Input scheme 11
Input name
Host
Input type
HTTP Header
URL: http://192.168.1.3/account
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
page
SearchString
Input type
URL encoded GET
URL encoded POST
152
URL: http://192.168.1.3/account/login
Inputs
Input scheme 1
Input name
ReturnUrl
Input type
URL encoded GET
Input scheme 2
Input name
ReturnUrl
__RequestVerificationToken
Password
UserName
Input type
URL encoded GET
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 3
Input name
Password
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/logoff
Inputs
Input scheme 1
Input name
URL: http://192.168.1.3/account/manage
No vulnerabilities have been identified for this URL
No input(s) found for this URL
Input type
URL encoded POST
URL: http://192.168.1.3/account/delete
URL: http://192.168.1.3/account/delete/bizuneh
URL: http://192.168.1.3/account/delete/abeje
URL: http://192.168.1.3/account/delete/admin
URL: http://192.168.1.3/account/delete/abiyu
URL: http://192.168.1.3/account/delete/meaza
153
URL: http://192.168.1.3/account/delete/animaw
URL: http://192.168.1.3/account/delete/abrham
URL: http://192.168.1.3/account/delete/abeyus
URL: http://192.168.1.3/account/delete/alemnew
URL: http://192.168.1.3/account/delete/birhanu
URL: http://192.168.1.3/account/delete/zelalem
Inputs
Input scheme 1
Input name
URL: http://192.168.1.3/account/delete/enanu
Inputs
Input scheme 1
Input type
URL encoded POST
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/delete/endalamaw
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/account/edit
URL: http://192.168.1.3/account/edit/admin
URL: http://192.168.1.3/account/edit/meaza
URL: http://192.168.1.3/account/edit/abeje
URL: http://192.168.1.3/account/edit/abiyu
URL: http://192.168.1.3/account/edit/animaw
URL: http://192.168.1.3/account/edit/abeyus
URL: http://192.168.1.3/account/edit/abrham
URL: http://192.168.1.3/account/edit/bizuneh
URL: http://192.168.1.3/account/edit/birhanu
URL: http://192.168.1.3/account/edit/alemnew
URL: http://192.168.1.3/account/edit/zelalem
Inputs
Input scheme 1
154
Input name
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/edit/enanu
Inputs
Input scheme 1
Input name
Email
FirstName
LastName
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/account/edit/endalamaw
Inputs
Input scheme 1
Input name
Input type

Email
FirstName
LastName
UserName
URL: http://192.168.1.3/account/usergroups
URL: http://192.168.1.3/account/usergroups/bizuneh
URL: http://192.168.1.3/account/usergroups/abeje
URL: http://192.168.1.3/account/usergroups/abiyu
URL: http://192.168.1.3/account/usergroups/meaza
URL: http://192.168.1.3/account/usergroups/admin
URL: http://192.168.1.3/account/usergroups/abrham
155
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST

URL: http://192.168.1.3/account/usergroups/animaw
URL: http://192.168.1.3/account/usergroups/birhanu
URL: http://192.168.1.3/account/usergroups/abeyus
URL: http://192.168.1.3/account/usergroups/alemnew
URL: http://192.168.1.3/account/usergroups/zelalem
Inputs
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)

Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
156
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/usergroups/endalamaw
Inputs
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/usergroups/enanu
Inputs
Input scheme 1
Input name
Groups[0].GroupId
Groups[0].Selected
Groups[1].GroupId
Groups[1].Selected
Input type
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)

Groups[2].GroupId
Groups[2].Selected
Groups[3].GroupId
Groups[3].Selected
Groups[4].GroupId
Groups[4].Selected
Groups[5].GroupId
Groups[5].Selected
Groups[6].GroupId
Groups[6].Selected
Groups[7].GroupId
Groups[7].Selected
Groups[8].GroupId
Groups[8].Selected
UserName
URL: http://192.168.1.3/account/userpermissions
URL: http://192.168.1.3/account/userpermissions/bizuneh
URL: http://192.168.1.3/account/userpermissions/meaza
157
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
POST (multipart)
URL: http://192.168.1.3/account/userpermissions/animaw
URL: http://192.168.1.3/account/userpermissions/birhanu
URL: http://192.168.1.3/account/userpermissions/abeje
URL: http://192.168.1.3/account/userpermissions/admin
URL: http://192.168.1.3/account/userpermissions/abeyus
URL: http://192.168.1.3/account/userpermissions/abrham
URL: http://192.168.1.3/account/userpermissions/abiyu
URL: http://192.168.1.3/account/userpermissions/alemnew
158
URL: http://192.168.1.3/account/userpermissions/zelalem
URL: http://192.168.1.3/account/userpermissions/endalamaw
URL: http://192.168.1.3/account/userpermissions/enanu
URL: http://192.168.1.3/account/register
Inputs
Input scheme 1
Input name
ConfirmPassword
Email
FirstName
LastName
Password
UserName
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/content/
URL: http://192.168.1.3/content/images/
URL: http://192.168.1.3/content/ace/
URL: http://192.168.1.3/content/ace/css/
URL: http://192.168.1.3/content/ace/css/ace.min.css
URL: http://192.168.1.3/content/ace/css/ace-rtl.min.css
URL: http://192.168.1.3/content/ace/css/bootstrap.min.css
URL: http://192.168.1.3/content/ace/css/images/

URL: http://192.168.1.3/content/ace/fonts/
URL: http://192.168.1.3/content/ace/fonts/fonts.googleapis.com.css
URL: http://192.168.1.3/content/ace/font-awesome/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/css/
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/css/font-awesome.min.css
URL: http://192.168.1.3/content/ace/font-awesome/4.2.0/fonts/
159
URL: http://192.168.1.3/content/ace/js/
URL: http://192.168.1.3/content/ace/js/jquery.2.1.1.min.js
URL: http://192.168.1.3/content/ace/js/ace-extra.min.js
URL: http://192.168.1.3/content/ace/js/bootstrap.min.js
URL: http://192.168.1.3/content/ace/js/jquery-ui.custom.min.js
URL: http://192.168.1.3/content/ace/js/jquery.ui.touch-punch.min.js
URL: http://192.168.1.3/content/ace/js/jquery.easypiechart.min.js
URL: http://192.168.1.3/content/ace/js/jquery.sparkline.min.js

URL: http://192.168.1.3/content/ace/js/jquery.flot.min.js
URL: http://192.168.1.3/content/ace/js/jquery.flot.pie.min.js
URL: http://192.168.1.3/content/ace/js/jquery.flot.resize.min.js
URL: http://192.168.1.3/content/ace/js/ace-elements.min.js
URL: http://192.168.1.3/content/ace/js/ace.min.js
URL: http://192.168.1.3/content/exceedstyle.css
URL: http://192.168.1.3/content/jqury-ui/
160

URL: http://192.168.1.3/content/jqury-ui/jquery-ui.css
URL: http://192.168.1.3/content/jqury-ui/jquery-ui.js
URL: http://192.168.1.3/content/jqury-ui/images
URL: http://192.168.1.3/content/jstree/
URL: http://192.168.1.3/content/jstree/themes/
URL: http://192.168.1.3/content/jstree/themes/default/
URL: http://192.168.1.3/content/jstree/themes/default/style.min.css
URL: http://192.168.1.3/content/jstree/jstree.min.js

URL: http://192.168.1.3/content/kendo/
URL: http://192.168.1.3/content/kendo/2016.1.112/
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.dataviz.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.bootstrap.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.mobile.all.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.common-bootstrap.min.css
URL: http://192.168.1.3/content/kendo/2016.1.112/kendo.dataviz.bootstrap.min.css
161

URL: http://192.168.1.3/content/kendo/2016.1.112/bootstrap/
URL: http://192.168.1.3/content/kendo/2016.1.112/%23clip
URL: http://192.168.1.3/content/kendo/2016.1.112/images/
URL: http://192.168.1.3/content/kendo/2016.1.112/textures/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/dejavu/
URL: http://192.168.1.3/content/kendo/2016.1.112/fonts/glyphs/
URL: http://192.168.1.3/home
162
URL: http://192.168.1.3/home/setculture
Inputs
Input scheme 1
Input name
culture
URL: http://192.168.1.3/home/index
URL: http://192.168.1.3/hr
URL: http://192.168.1.3/hr/cosigns
URL: http://192.168.1.3/hr/allowances
Input type
URL encoded POST

URL: http://192.168.1.3/hr/ranks
URL: http://192.168.1.3/hr/steps
URL: http://192.168.1.3/hr/discipline
URL: http://192.168.1.3/hr/leavetypes
URL: http://192.168.1.3/hr/attendance
URL: http://192.168.1.3/hr/orgcharts
URL: http://192.168.1.3/hr/assignment
URL: http://192.168.1.3/hr/orglocations
URL: http://192.168.1.3/hr/teamjobtitles

URL: http://192.168.1.3/hr/sexes
URL: http://192.168.1.3/hr/regions
URL: http://192.168.1.3/hr/nations
URL: http://192.168.1.3/hr/religions
URL: http://192.168.1.3/hr/fiscalyears
URL: http://192.168.1.3/hr/persontitles
163

URL: http://192.168.1.3/hr/nationalities
URL: http://192.168.1.3/hr/mothertongues
URL: http://192.168.1.3/hr/maritalstatus
URL: http://192.168.1.3/hr/trainingcourses
URL: http://192.168.1.3/hr/empleaveperiods
URL: http://192.168.1.3/hr/incomingletters
URL: http://192.168.1.3/hr/healthincidents
URL: http://192.168.1.3/hr/orginformations
URL: http://192.168.1.3/hr/empbscbehaviors

URL: http://192.168.1.3/hr/publicdocuments
URL: http://192.168.1.3/hr/salarystructures
URL: http://192.168.1.3/hr/employmentstatus
URL: http://192.168.1.3/hr/recruitmentplans
URL: http://192.168.1.3/hr/educationalfields
URL: http://192.168.1.3/hr/trainingproviders
164

URL: http://192.168.1.3/hr/educationallevels
URL: http://192.168.1.3/hr/outgoingletters
URL: http://192.168.1.3/hr/upload
Inputs
Input scheme 1
Input name
File
Input type
POST (multipart)
URL: http://192.168.1.3/hr/upload/download
URL: http://192.168.1.3/hr/employeeprofiles
URL: http://192.168.1.3/hr/sectionjobtitles
URL: http://192.168.1.3/hr/divisionjobtitles
URL: http://192.168.1.3/hr/terminationletters

URL: http://192.168.1.3/hr/orgglobaljobtitles
URL: http://192.168.1.3/hr/terminationreasons
URL: http://192.168.1.3/hr/retirementlauncher
URL: http://192.168.1.3/hr/reports
URL: http://192.168.1.3/hr/reports/detailreports
165
URL: http://192.168.1.3/hr/reports/summaryreports
URL: http://192.168.1.3/hr/supportingdocuments
URL: http://192.168.1.3/hr/transportallowances
URL: http://192.168.1.3/hr/departmentjobtitles
URL: http://192.168.1.3/hr/trainingapplications
URL: http://192.168.1.3/hr/empbscappraisalperiods
URL: http://192.168.1.3/hr/empbscappraisalperiods/edit
URL: http://192.168.1.3/hr/empbscappraisalperiods/edit/5
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST

EmpBSCAppraisalPeriodID
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
166
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
Input type
URL encoded POST
URL encoded POST
URL encoded POST
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AppraisalPeriod
CreatedBy
Input type
URL encoded POST
URL encoded POST
URL encoded POST

CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Inputs
Input scheme 1
167
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input name
AppraisalPeriod
CreatedBy
CreatedOn
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/empbscappraisalperiods/delete
URL: http://192.168.1.3/hr/empbscappraisalperiods/delete/2
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type

168
URL encoded POST
Inputs
Input scheme 1
Input name
Inputs
Input type
URL encoded POST
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/empbscappraisalperiods/details
URL: http://192.168.1.3/hr/empbscappraisalperiods/details/4
URL: http://192.168.1.3/hr/empbscappraisalperiods/create
Inputs
Input scheme 1
Input name
AppraisalPeriod
DayFrom
DayTo
IsClosed
MonthFrom
MonthTo
YearFrom
YearTo
URL: http://192.168.1.3/hr/retirementnotification
URL: http://192.168.1.3/hr/empleavetakenslauncher
URL: http://192.168.1.3/hr/trainingneedassesments
URL: http://192.168.1.3/hr/empbscperformanceplans
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
169

URL: http://192.168.1.3/hr/trainingreportbycourse
URL: http://192.168.1.3/hr/addallowancetoemployees
URL: http://192.168.1.3/hr/earlyretirementlauncher
URL: http://192.168.1.3/hr/disciplinaymeasureranks
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit/3
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
DisciplinayMeasureRank
DisciplinayMeasureRanksID
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/edit/2
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
DisciplinayMeasureRank
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
170
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete/3
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/delete/2
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details/3
URL: http://192.168.1.3/hr/disciplinaymeasureranks/details/2
URL: http://192.168.1.3/hr/trainingcoursetrackings
URL: http://192.168.1.3/hr/emppayrollnodaysworkeds
URL: http://192.168.1.3/hr/employeerequisitionforms
URL: http://192.168.1.3/hr/trainingreportbyemployee
URL: http://192.168.1.3/hr/outsourcecompanyprofiles
URL: http://192.168.1.3/hr/terminationotherslauncher
URL: http://192.168.1.3/hr/empannualleaveusagereport
URL: http://192.168.1.3/hr/outsourcecompanyworkeddays
URL: http://192.168.1.3/hr/applicantprobationslauncher
URL: http://192.168.1.3/hr/empbscperformanceevaluations
171
URL: http://192.168.1.3/hr/contractemployeerequisitions
URL: http://192.168.1.3/hr/disciplineemployeerecognition
URL: http://192.168.1.3/hr/empannualleavepaidincashes
URL: http://192.168.1.3/hr/annualleaveentitlementupdate
URL: http://192.168.1.3/hr/empdisciplinayrecognitiontypes
URL: http://192.168.1.3/hr/empannualleaveusagesingereport
URL: http://192.168.1.3/hr/empannualleavetransferonebyones
URL: http://192.168.1.3/hr/empterminationclearancelauncher
URL: http://192.168.1.3/hr/outsourcecompanyworkeddaysreport
URL: http://192.168.1.3/hr/recruitmentresultreportbyvacancy
URL: http://192.168.1.3/hr/certificatesandletters
Inputs
Input scheme 1
Input name
choice
EmpFullName
EmpID
URL: http://192.168.1.3/hr/certificatesandletters/experience
URL: http://192.168.1.3/hr/certificatesandletters/certificate
URL: http://192.168.1.3/hr/promotionandtransferapplicantlists
Input type
URL encoded POST
URL encoded POST
URL encoded POST
172

URL: http://192.168.1.3/hr/empannualleaveentitlementviewmodels
URL: http://192.168.1.3/hr/disciplinaymeasuretypes
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/edit
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/edit/9
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
DisciplinayMeasureTypesID
ExpireYear
Measure
PercentageEffectOnPromotion
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
173
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
ExpireYear
Measure
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
CreatedBy
CreatedOn
ExpireYear
Measure
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/delete
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/delete/9
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
174
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/details
URL: http://192.168.1.3/hr/disciplinaymeasuretypes/details/8

URL: http://192.168.1.3/roles
URL: http://192.168.1.3/groups
175

URL: http://192.168.1.3/inventory
URL: http://192.168.1.3/inventory/uoms
URL: http://192.168.1.3/inventory/items
URL: http://192.168.1.3/inventory/stores
URL: http://192.168.1.3/inventory/issues
URL: http://192.168.1.3/inventory/goodreceives
URL: http://192.168.1.3/inventory/storereturns
URL: http://192.168.1.3/inventory/itemcategories
URL: http://192.168.1.3/inventory/itemtransfers
URL: http://192.168.1.3/inventory/purchasereturns
URL: http://192.168.1.3/inventory/stockadjustments
URL: http://192.168.1.3/inventory/storerequisitions
URL: http://192.168.1.3/inventory/purchaserequisitions

URL: http://192.168.1.3/inventory/storeitemassignments
URL: http://192.168.1.3/inventory/departmentcostcenters
176

URL: http://192.168.1.3/inventory/reportinventory
URL: http://192.168.1.3/inventory/reportinventory/issueitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/transferitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/stockbalance
Inputs
Input scheme 1
Input name
category
Input type
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/goodsreceive
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitem
Inputs
Input scheme 1
Input name
dt1
dt2
URL: http://192.168.1.3/inventory/reportinventory/storereturnitem
Input type
URL encoded POST
URL encoded POST
177
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/inventory/reportinventory/issueitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/issueitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/transferitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
URL: http://192.168.1.3/inventory/reportinventory/transferitemexcel
Input type
URL encoded GET
URL encoded GET
178

Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/stockbalanceprint
Inputs
Input scheme 1
Input name
category
Input type
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/stockbalanceexcel
Inputs
Input scheme 1
Input name
category
Input type
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/goodsreceiveprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/goodsreceiveexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storereturnitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storereturnitemprint
Inputs
179
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/adjustmentitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/purchasereturnitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitemprint
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/reportinventory/storerequisitionitemexcel
Inputs
180
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/inventory/storekeeperassignments
URL: http://192.168.1.3/globaluseraccesslogs
URL: http://192.168.1.3/orgbranchusermappings
URL: http://192.168.1.3/finance
URL: http://192.168.1.3/finance/glledgerposting
URL: http://192.168.1.3/finance/glrecordjournals
URL: http://192.168.1.3/finance/arinvoices
URL: http://192.168.1.3/finance/bankaccounts
URL: http://192.168.1.3/finance/bankaccounts/edit
URL: http://192.168.1.3/finance/bankaccounts/edit/14
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
181
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST

BankBranch
BankName
Status
182
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST

AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
183
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
Input type
URL encoded POST
URL encoded POST
AccountControl
URL encoded POST

AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
184
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Inputs
Input scheme 1
Input name
AccountCode
AccountControl
AccountDesc
AccountName
AccountNumber
AccountUse
BankAccountID
BankAdress
BankBranch
BankName
Status
URL: http://192.168.1.3/finance/bankaccounts/delete
URL: http://192.168.1.3/finance/bankaccounts/delete/6
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST

185
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
186
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
Input type
URL encoded POST
Inputs
Input scheme 1
Input name
URL: http://192.168.1.3/finance/bankaccounts/details
URL: http://192.168.1.3/finance/bankaccounts/details/7
Input type
URL encoded POST

URL: http://192.168.1.3/finance/budgetusages
URL: http://192.168.1.3/finance/apsetupitems
URL: http://192.168.1.3/finance/budgetdefines
URL: http://192.168.1.3/finance/budgetmonthlies
URL: http://192.168.1.3/finance/arcustomertypes
URL: http://192.168.1.3/finance/arremitaddresses
187

188
URL: http://192.168.1.3/finance/appaybleinvoices
URL: http://192.168.1.3/finance/approcurementsuppliers
URL: http://192.168.1.3/finance/budgetallocationandusage
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/budgetallocationandusage/budgetallocationandusageexcel
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/budgetallocationandusage/budgetallocationandusageprint
Inputs
Input scheme 1
Input name
BudgetMonth
BudgetYear
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reconciliationschedules
URL: http://192.168.1.3/finance/reconcilationbankaccounts
URL: http://192.168.1.3/finance/budgetagainstpreviousyear
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/finance/budgetagainstpreviousyear/budgetyearlyprint
Inputs

Input scheme 1
Input name
period
189
Input type
URL encoded GET
URL: http://192.168.1.3/finance/budgetagainstpreviousyear/budgetyearlyexcel
Inputs
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reconcilationbookaccounts
URL: http://192.168.1.3/finance/arsetupreceiptbalanceaccounts
URL: http://192.168.1.3/finance/arsetupproductserviceaccounts
URL: http://192.168.1.3/finance/arcustomerprofiles
URL: http://192.168.1.3/finance/gljournalcategoriers
URL: http://192.168.1.3/finance/accountstransactions
Inputs
Input scheme 1
Input name
CategoryNames
EffectiveDates
JournalReferences
Period
Source
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
page
Input type
URL encoded GET
CategoryNames
EffectiveDates
JournalReferences
Period
Source

URL: http://192.168.1.3/finance/accountstransactions/details
URL: http://192.168.1.3/finance/accountstransactions/details/1684
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
190


191

192


193


194

195


196


URL: http://192.168.1.3/finance/accountstransactions/details/53105-1-00-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11350-1-00-ta0003
197
URL: http://192.168.1.3/finance/accountstransactions/details/18000-1-00-ba0003
URL: http://192.168.1.3/finance/accountstransactions/details/11110-1-00-ch0055
URL: http://192.168.1.3/finance/accountstransactions/details/11110%20-1-00-ch0055

URL: http://192.168.1.3/finance/accountstransactions/details/69050%20-1-00-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11110%20%c2%a0-1-00-ch0055
URL: http://192.168.1.3/finance/accountstransactions/details/11130-1-00-rf0020
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0021
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0001
URL: http://192.168.1.3/finance/accountstransactions/details/21370-1-00-tl0002
URL: http://192.168.1.3/finance/accountstransactions/details/11140-1-00-cb0001%20%c2%a0
URL: http://192.168.1.3/finance/accountstransactions/details/63120-1-fs-000000
URL: http://192.168.1.3/finance/accountstransactions/details/11120-1-00-pc0006
198


URL: http://192.168.1.3/finance/accountstransactions/details/12100-1-00-in0004
URL: http://192.168.1.3/finance/accountstransactions/details/30030-1-00-3060gn
URL: http://192.168.1.3/finance/accountstransactions/details/11110-1-00-ch0045
URL: http://192.168.1.3/finance/accountstransactions/details/11320-1-00-y00125
URL: http://192.168.1.3/finance/accountstransactions/details/11499-1-00-pi0000
URL: http://192.168.1.3/finance/accountstransactions/details/11350-1-00-ta0001
URL: http://192.168.1.3/finance/accountstransactions/details/11330-1-00-s00984
199

URL: http://192.168.1.3/finance/arstandardcollections
URL: http://192.168.1.3/finance/glchartofaccountaccounts
200
URL: http://192.168.1.3/finance/glchartofaccountlocations
URL: http://192.168.1.3/finance/armiscelaneouscollections
URL: http://192.168.1.3/finance/glchartofaccountsubaccounts
URL: http://192.168.1.3/finance/glchartofaccountcostcenters
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly/budgetmonthlyexcel
Inputs
Input scheme 1
Input name
period
URL: http://192.168.1.3/finance/budgetagainstpreviousyearmonthly/budgetmonthlyprint
Inputs
Input type
URL encoded GET
Input scheme 1
Input name
period
Input type
URL encoded GET
URL: http://192.168.1.3/finance/gltaxrates
URL: http://192.168.1.3/finance/paymentterms
URL: http://192.168.1.3/finance/glfiscalyears
URL: http://192.168.1.3/finance/glcountrytypes
URL: http://192.168.1.3/finance/paymentmethods
201
URL: http://192.168.1.3/finance/glvatwithholdings
URL: http://192.168.1.3/finance/finsetupcurrencies
URL: http://192.168.1.3/finance/reportfinance
URL: http://192.168.1.3/finance/reportfinance/cashflow
Inputs
Input scheme 1
Input name
branchCode
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/balancesheet
Inputs
Input scheme 1
Input name
branchCode
dt2
URL: http://192.168.1.3/finance/reportfinance/supplierlist
Inputs
Input type
URL encoded POST
URL encoded POST
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/customerlist
Inputs
Input scheme 1
Input name
custype
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET
Input scheme 3
Input name
custype
page
Input type
URL encoded GET
URL encoded GET
202
Input scheme 4
Input name
page
custype
Input type
URL encoded GET
URL encoded POST
Input scheme 5
Input name
custype
page
custype
Input type
URL encoded GET
URL encoded GET
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/trialbalance
Inputs
Input scheme 1
Input name
Branch
dt1
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/chartofaccount
Inputs
Input scheme 1
Input name
Account
AccountType
URL: http://192.168.1.3/finance/reportfinance/accountanalysis
Inputs
Input type
URL encoded POST
URL encoded POST
Input scheme 1
Input name
Category
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/incomestatement
Inputs
Input scheme 1
Input name
branchCode
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoice
Inputs
Input scheme 1
Input name
Input type

agetype
203
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomer
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/accountanalysisbysegment
Inputs
Input scheme 1
Input name
acctFrom
acctTo
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/reportfinance/incomestatementbyproject
Inputs
Input scheme 1
Input name
costcenterCode
dt1
dt2
URL: http://192.168.1.3/finance/reportfinance/chartofaccountexcel
Input type
URL encoded POST
URL encoded POST
URL encoded POST

Inputs
Input scheme 1
Input name
AccountType
Input type
URL encoded GET
Input scheme 2
Input name
Account
AccountType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/accountanalysisexcel
URL: http://192.168.1.3/finance/reportfinance/trialbalanceexcel
Inputs
Input scheme 1
Input name
CostCenter
dt1
Input type
URL encoded GET
URL encoded GET
204
URL: http://192.168.1.3/finance/reportfinance/trialbalanceprint
Inputs
Input scheme 1
Input name
CostCenter
dt1
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/incomestatementprint
Inputs
Input scheme 1
Input name
dt2
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/customerlistexcel
Inputs
Input scheme 1
Input name
custype
URL: http://192.168.1.3/finance/reportfinance/customerlistprint
Inputs
Input scheme 1
Input type
URL encoded GET
Input name
custype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/supplierlistexcel
Inputs
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/supplierlistprint
Inputs
Input scheme 1
Input name
businessType
supplierType
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoiceprint
Inputs
Input scheme 1
Input name
agetype
205
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbyinvoiceexcel
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomerprint
Inputs
Input scheme 1
Input name
agetype
Input type
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/aragingbycustomerexcel
Inputs
Input scheme 1
Input name
agetype
URL: http://192.168.1.3/finance/reportfinance/accountanalysisbysegmentexcel
Input type
URL encoded GET

URL: http://192.168.1.3/finance/reportfinance/incomestatementbyprojectprint
Inputs
Input scheme 1
Input name
costcenterCode
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/reportfinance/incomestatementbyprojectexcel
Inputs
Input scheme 1
Input name
costcenterCode
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/finance/finsetupcurrencyexchanges
206
URL: http://192.168.1.3/finance/finsetupcashflowconfigurations
URL: http://192.168.1.3/finance/json
URL: http://192.168.1.3/finance/json/fromaccountcode
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/json/toaccountcode
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/finance/json/description
Inputs
Input scheme 1
Input name
id
Input type
URL encoded POST
URL: http://192.168.1.3/finance/json/bankaccounts
Inputs
Input scheme 1
Input name
Accounts
CostCenter
Location
SubAccount
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/userprofile
URL: http://192.168.1.3/userprofile/mybranches
URL: http://192.168.1.3/payroll
URL: http://192.168.1.3/payroll/pensions
URL: http://192.168.1.3/payroll/payrollbonus
URL: http://192.168.1.3/payroll/payrollprocess
URL: http://192.168.1.3/payroll/emppayrollloans
URL: http://192.168.1.3/payroll/empcontributions
URL: http://192.168.1.3/payroll/emppayrolladavances
URL: http://192.168.1.3/payroll/emppayrolladditions
207
URL: http://192.168.1.3/payroll/empfixedcontributions
URL: http://192.168.1.3/payroll/emppayrolllabourunions
URL: http://192.168.1.3/payroll/emppayrollovertimetwoes
URL: http://192.168.1.3/payroll/emppayrollcalculatebonus
URL: http://192.168.1.3/payroll/emppayrollcreditassociations
URL: http://192.168.1.3/payroll/payrollpayslip
URL: http://192.168.1.3/payroll/payrollreports
208
URL: http://192.168.1.3/payroll/payrollreports/overtimehours
URL: http://192.168.1.3/payroll/payrollreports/bonusbanksliplist
URL: http://192.168.1.3/payroll/payrollreports/payrollbanksliplist
URL: http://192.168.1.3/payroll/payrollreports/detailreport
URL: http://192.168.1.3/payroll/payrollreports/summaryreport
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreport
Inputs
Input scheme 1
Input name
period
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreport
Input type
URL encoded POST

Inputs
Input scheme 1
Input name
fyear
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylist
Inputs
Input scheme 1
Input name
page
Input type
URL encoded GET
URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreport
Inputs
Input scheme 1
Input name
period
Input type
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelist
Inputs

Input scheme 1
Input name
period
source
type
209
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreport
Inputs
Input scheme 1
Input name
period
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreportprint
URL: http://192.168.1.3/payroll/payrollreports/bonusincometaxreportexcel
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlypensionreportexcel
Input type
URL encoded POST

URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlyincometaxreportexcel
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylistexcel
URL: http://192.168.1.3/payroll/payrollreports/payrollbasicsalarylistprint
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreportprint
URL: http://192.168.1.3/payroll/payrollreports/monthlylabourandcreditreportexcel
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelistprint
URL: http://192.168.1.3/payroll/payrollreports/reportbycontributiontypelistexcel
URL: http://192.168.1.3/payroll/payrollperiods
URL: http://192.168.1.3/payroll/overtimetypetwoes
URL: http://192.168.1.3/payroll/payrollpaymentbanks
URL: http://192.168.1.3/payroll/payrollemployeeaccounts
URL: http://192.168.1.3/payroll/payrollcontributiontypes
URL: http://192.168.1.3/payroll/payrollemployeebankaccounts
URL: http://192.168.1.3/globalbranchsetups
210
URL: http://192.168.1.3/fixedasset
URL: http://192.168.1.3/fixedasset/fixedassetgroups
URL: http://192.168.1.3/fixedasset/fixedassetdepreciationsetups
URL: http://192.168.1.3/fixedasset/fixedassetclearingaccountsetups
URL: http://192.168.1.3/fixedasset/usercards
URL: http://192.168.1.3/fixedasset/fixedassetcategories
URL: http://192.168.1.3/fixedasset/fixedassetsubcategories
URL: http://192.168.1.3/fixedasset/fixedassetregistrations

URL: http://192.168.1.3/scripts/
URL: http://192.168.1.3/scripts/etp/
URL: http://192.168.1.3/scripts/etp/jquery.calendars.picker.css
URL: http://192.168.1.3/scripts/etp/jquery.plugin.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.plus.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.picker.js
211

URL: http://192.168.1.3/scripts/etp/jquery.calendars.ethiopian.js
URL: http://192.168.1.3/scripts/etp/jquery.calendars.ethiopian-am.js
URL: http://192.168.1.3/scripts/kendo/
URL: http://192.168.1.3/scripts/kendo/2016.1.112/
URL: http://192.168.1.3/scripts/kendo/2016.1.112/jquery.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/jszip.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/kendo.all.min.js
URL: http://192.168.1.3/scripts/kendo/2016.1.112/kendo.aspnetmvc.min.js

URL: http://192.168.1.3/scripts/kendo.modernizr.custom.js
URL: http://192.168.1.3/scripts/jquery.unobtrusive-ajax.js
URL: http://192.168.1.3/scripts/jquery.validate.min.js
URL: http://192.168.1.3/scripts/jquery.validate.unobtrusive.js
URL: http://192.168.1.3/scripts/js.cookie.js
URL: http://192.168.1.3/scripts/matrixscript.js
URL: http://192.168.1.3/scripts/matrixscript1.js
212

URL: http://192.168.1.3/scripts/matrixcommon.js
URL: http://192.168.1.3/scripts/selector.js
URL: http://192.168.1.3/scripts/jquery-1.10.2.min.js
URL: http://192.168.1.3/procurement
URL: http://192.168.1.3/procurement/tenders
URL: http://192.168.1.3/procurement/purchaseorders
URL: http://192.168.1.3/procurement/itempriceindexes
URL: http://192.168.1.3/procurement/procurementplans

URL: http://192.168.1.3/procurement/purchasefollowups
URL: http://192.168.1.3/procurement/proformapurchases
URL: http://192.168.1.3/procurement/procurementsuppliers
URL: http://192.168.1.3/procurement/procurementlcmanagements
URL: http://192.168.1.3/procurement/procurementbankguarantees
URL: http://192.168.1.3/procurement/procurementcpomanagements
213
URL: http://192.168.1.3/procurement/reportprocurement
Inputs
Input scheme 1
Input name
page
Input type
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/tenderreport
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitem
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitem
Inputs
Input scheme 1
Input name
dt1
dt2
URL: http://192.168.1.3/procurement/reportprocurement/tenderdetails
URL: http://192.168.1.3/procurement/reportprocurement/tenderdetails/9
Input type
URL encoded POST
URL encoded POST
214

URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaseorderitemprint
Inputs
Input scheme 1
Input name
dt1
Input type
URL encoded GET

dt2
215
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitemexcel
Inputs
Input scheme 1
Input name
dt1
dt2
Input type
URL encoded GET
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/purchaserequisitionitemprint
Inputs
Input scheme 1
Input name
dt1
Input type
URL encoded GET
dt2
URL encoded GET
URL: http://192.168.1.3/procurement/reportprocurement/getlotdetails
URL: http://192.168.1.3/procurement/reportprocurement/getlotdetails/8

216
URL: http://192.168.1.3/procurement/procurementcontractmanagements
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
URL: http://192.168.1.3/procurement/procurementcontractmanagements/edit
URL: http://192.168.1.3/procurement/procurementcontractmanagements/edit/4

URL: http://192.168.1.3/procurement/procurementcontractmanagements/delete
URL: http://192.168.1.3/procurement/procurementcontractmanagements/delete/7
217

URL: http://192.168.1.3/procurement/procurementcontractmanagements/details
URL: http://192.168.1.3/procurement/procurementcontractmanagements/details/7
URL: http://192.168.1.3/procurement/procurementsuppliercategories
Inputs
Input scheme 1
Input name
SearchString

URL: http://192.168.1.3/procurement/procurementsuppliercategories/edit
URL: http://192.168.1.3/procurement/procurementsuppliercategories/edit/9
Input type
URL encoded POST
218

URL: http://192.168.1.3/procurement/procurementsuppliercategories/delete
URL: http://192.168.1.3/procurement/procurementsuppliercategories/delete/7

URL: http://192.168.1.3/procurement/procurementsuppliercategories/details
219
URL: http://192.168.1.3/procurement/procurementsuppliercategories/details/4
URL: http://192.168.1.3/procurement/procurementannualneedassesments
Inputs
Input scheme 1
Input name
SearchString
Input type
URL encoded POST
Input scheme 2
Input name
page
Input type
URL encoded GET

URL: http://192.168.1.3/procurement/procurementannualneedassesments/edit
URL: http://192.168.1.3/procurement/procurementannualneedassesments/edit/13
220

URL: http://192.168.1.3/procurement/procurementannualneedassesments/delete
URL: http://192.168.1.3/procurement/procurementannualneedassesments/delete/14

URL: http://192.168.1.3/procurement/procurementannualneedassesments/details
URL: http://192.168.1.3/procurement/procurementannualneedassesments/details/13
221

URL: http://192.168.1.3/globalorginformations
URL: http://192.168.1.3/fleetmanagement
URL: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype
222
URL: http://192.168.1.3/fleetmanagement/fleetsetuprepairtype/fleetsetuprepairtypes_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
Input type
filter
group
page
pageSize
sort
URL encoded POST

URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmenttype/fleetsetupequipmenttypes_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentname/fleetsetupequipmentnames_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype
URL: http://192.168.1.3/fleetmanagement/fleetsetupinsurancetype/fleetsetupinsurancetypes_read
Inputs
Input scheme 1
Input name
grid-mode
223
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentstatus/fleetsetupequipmentstatus_read

Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter
URL: http://192.168.1.3/fleetmanagement/fleetsetupmaintenancecenter/fleetsetupmaintenancecenters_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition
URL: http://192.168.1.3/fleetmanagement/fleetsetupoperatorposition/fleetsetupoperatorpositions_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfueltype/fleetsetupequipmentfueltypes_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetequipmentregistrations

URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentcategory/fleetsetupequipmentcategories_read
Inputs
224
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentmanufacturer/fleetsetupequipmentmanufacturers_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
Input scheme 2
Input name
filter
group
page
pageSize
sort
Input type
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL encoded POST
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard
URL: http://192.168.1.3/fleetmanagement/fleetsetupequipmentfuelstandard/fleetsetupequipmentfuelstandards_read
Inputs
Input scheme 1
Input name
grid-mode
Input type
URL encoded GET
URL: http://192.168.1.3/projectmanagement
URL: http://192.168.1.3/projectmanagement/projectestimationnames
URL: http://192.168.1.3/fonts/

URL: http://192.168.1.3/upload
225
226

Computer Generations

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Computer Generations

Caricato da

Copyright:

Formati disponibili

Acunetix Website Audit

Generated by Acunetix WVS Reporter (v10.0 Build 20150707)

Acunetix Website Audit

List of client scripts

Acunetix Website Audit

These files have at least one input (GET or POST).

List of external hosts

Acunetix Website Audit

Application error message

Acunetix Website Audit

Error message on page

Acunetix Website Audit

HTML form without CSRF protection

Acunetix Website Audit

Internal server error

Acunetix Website Audit

User credentials are sent in clear text

ASP.NET version disclosure

Cookie without HttpOnly flag set

Cookie without Secure flag set

Acunetix Website Audit

Login page password-guessing attack

- Access Vector: Network

OPTIONS method is enabled

Slow response time

Acunetix Website Audit

Email address found

Base Score: 5.0

- Access Vector: Network

Microsoft IIS version disclosure

Acunetix Website Audit

Password type input with auto-complete enabled

Possible CSRF (Cross-site request forgery)

Possible internal IP address disclosure

Acunetix Website Audit

Possible username or password disclosure

Acunetix Website Audit

Acunetix Website Audit

Application error message

POST /account/usergroups/endalamaw HTTP/1.1

Acunetix Website Audit

Content-Disposition: form-data; name="Groups[6].GroupId"

Acunetix Website Audit

Acunetix Website Audit

POST /finance/bankaccounts/edit/12 HTTP/1.1

Acunetix Website Audit

POST /finance/bankaccounts/edit/13 HTTP/1.1

POST /finance/bankaccounts/edit/14 HTTP/1.1

POST /finance/bankaccounts/edit/14 HTTP/1.1

sVyUlak-mQoCGfY_mhG2d7hNRsabXDuirpBnWE4mL6S_OEdbEg46u6Eg_B33IDSz1VysDiEhDHgDeE7TJZwCSXG7neGpgotdyWsJD; _culture=en-us; currentNavLi=link246; ace_settings=%7B%22sidebar-collapsed%22%3A1%2C

POST /finance/bankaccounts/edit/15 HTTP/1.1

POST /finance/bankaccounts/edit/16 HTTP/1.1

POST /finance/bankaccounts/edit/17 HTTP/1.1

POST /finance/bankaccounts/edit/17 HTTP/1.1

(line truncated) ...nk-Head%20Office-No%20cost%20value-%20CBE%20B%5cdar%20br.%20Expenditure

Acunetix Website Audit

POST /finance/bankaccounts/edit/7 HTTP/1.1

Acunetix Website Audit

POST /finance/bankaccounts/edit/7 HTTP/1.1

Acunetix Website Audit

POST /finance/bankaccounts/edit/8 HTTP/1.1

POST /finance/bankaccounts/edit/8 HTTP/1.1

POST /finance/bankaccounts/edit/9 HTTP/1.1

Acunetix Website Audit