Reflection Report

 Scan Name: Webscantest-includeAPIs-reactjs
 Date: 8/24/2016 11:24:23 PM
 Authenticated User: testuser
 Total Links / Attackable Links: 416 / 416
 Target URL: http://webscantest.com
 Reports:

Reflections of Injected Content

URL: http://webscantest.com:80/myfiles/

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
Unnamed GET Reflected in response No Inside double-quoted attribute, Inside href attribute, Inside title body  

URL: http://webscantest.com:80/login.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
login_error GET Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/payment_analysis/checkdata_get.php?anything=test&number=3&strlen1=test&strlen2=test&strlen3=test&str_only=string&letters_only=string&alpha_only=string

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
number GET Reflected in response No Inside html page text

URL: http://webscantest.com:80/payment_analysis/checkdata.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
number POST Reflected in response No Inside html page text

URL: http://webscantest.com:80/infodb/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
fname POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/datastore/search_get_by_id.php?id=3

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id GET Reflected in response No Inside response header, Inside html page text  

URL: http://webscantest.com:80/datastore/search_double_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/datastore/search_single_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/datastore/search_get_by_id.php?id=5

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
last_search GET Reflected in response No Inside double-quoted attribute, Inside href attribute

URL: http://webscantest.com:80/soap/demo/api/

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
price POST Reflected in response No Inside html page text  
description POST Reflected in response No Inside html page text  
photo POST Reflected in response No Inside html page text  
name POST Reflected in response No Inside html page text  

URL: http://webscantest.com:80/shutterdb/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://www.webscantest.com:80/soap/demo/api/index.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id POST Reflected in response No Inside html page text  

URL: http://www.webscantest.com:80/soap/demo/api/index.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
description POST Reflected in response No Inside html page text  
photo POST Reflected in response No Inside html page text  
price POST Reflected in response No Inside html page text  
name POST Reflected in response No Inside html page text  

URL: http://webscantest.com:80/shutterdb/search_by_id.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/rest/demo/index.php/products/52904

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
price PUT Reflected in response No Inside html page text  
name PUT Reflected in response No Inside html page text  
description PUT Reflected in response No Inside html page text  
photo PUT Reflected in response No Inside html page text  

URL: http://webscantest.com:80/rest/demo/index.php/products/30

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
Directory[3] GET Reflected in response No Inside html page text  

URL: http://webscantest.com:80/shutterdb/filter_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
filter POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/rest/demo/index.php/products/56035

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
price PUT Reflected in response No Inside html page text  
photo PUT Reflected in response No Inside html page text  
name PUT Reflected in response No Inside html page text  
description PUT Reflected in response No Inside html page text  

URL: http://webscantest.com:80/crosstraining/linkout.php?name=Rake

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name GET Reflected in response No Inside double-quoted attribute, Inside href attribute < ' 

URL: http://webscantest.com:80/crosstraining/checkitem_lookup.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
q POST Reflected in response No Inside double-quoted attribute < ' " 

URL: http://webscantest.com:80/crosstraining/reservation_submit.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
arrive_date POST Reflected in response No Inside html page text < " ' 
departure_date POST Reflected in response No Inside html page text " ' 
email POST Reflected in response No Inside html page text ' " 
fname POST Reflected in response No Inside html page text

URL: http://webscantest.com:80/crosstraining/request.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
fname POST Reflected in response No Inside response header, Inside html page text < ' " 

URL: http://webscantest.com:80/crosstraining/blockedbyns.php?Comment=comment&submit=submit

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
Comment GET Reflected in response No Inside noscript body < ' " 

URL: http://webscantest.com:80/business/account.php?accountId=123456789-abcdef

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
accountId GET Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/bjax/servertime.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
msg POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/crosstraining/aboutyou2.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
nick POST Reflected in response No Inside html page text < ' " 
lname POST Reflected in response No Inside html page text  
fname POST Reflected in response No Inside html page text < ' " 
returnto POST Reflected in response No Inside double-quoted attribute, Inside href attribute < ' " 

URL: http://webscantest.com:80/crosstraining/aboutyou.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
nick POST Reflected in response No Inside html page text  
lname POST Reflected in response No Inside html page text
fname POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/csrf/token.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
token POST Reflected in response No Inside html page text < ' " 
property POST Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/csrf/session.php?jsession=123456789

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
jsession GET Reflected in response No Inside html page text < ' " 

URL: http://webscantest.com:80/datastore/search_by_name.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
name POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/datastore/search_by_id.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
id POST Reflected in response No Inside double-quoted attribute  

URL: http://webscantest.com:80/csrf/redirect.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
property POST Reflected in response No Inside response header, Inside html page text

URL: http://webscantest.com:80/crosstraining/sitereviews.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
email POST Reflected in response No Inside double-quoted attribute, Inside unquoted attribute, Inside href attribute ' " 
title POST Reflected in response No Inside html page text ' " 
description POST Reflected in response No Inside html page text < ' " 
name POST Reflected in response No Inside html page text

URL: http://webscantest.com:80/crosstraining/search.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
q POST Reflected in response No Inside double-quoted attribute ' " 

URL: http://webscantest.com:80/csrf/redirect.php?msg=test

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
msg GET Reflected in response No Inside html page text

URL: http://webscantest.com:80/csrf/csrfpost.php

Parameter Method Reflection URL Persistent HTML Context Dangerous Characters 
property POST Reflected in response No Inside html page text < ' "