Report Penetration Test: Example of Vulnerability Findings (en)
Below is an example write-up to explain the Vulnerability Findings section in a penetration testing report:
Vulnerability Findings
1. SQL Injection Vulnerability (CVE-2021-22947)
Description: SQL Injection (SQLi) is an attack in which an attacker can insert or alter SQL queries executed by an application. In our testing, we found that the web application does not sanitize input on the search parameter, allowing attackers to execute malicious SQL queries.
Finding Details:
- Affected URL: `http://example.com/search`
- Vulnerable Input: Parameter `query`
- Payload Used: `1' OR '1'='1`
- Impact: Attackers can access sensitive data, such as user information and product details, which may lead to information disclosure or database modification.
2. Cross-Site Scripting (XSS) Vulnerability (CVE-2019-11043)
Description: Cross-Site Scripting (XSS) allows an attacker to insert malicious scripts into a webpage viewed by other users. In this application, we found that user input is not properly escaped, allowing JavaScript script execution.
Finding Details:
- Affected URL: `http://example.com/profile`
- Vulnerable Input: Parameter `username`
- Payload Used: `<script>alert('XSS')</script>`
- Impact: Attackers can steal user session cookies, conduct phishing, or distribute malware.
3. Remote Code Execution (RCE) Vulnerability (CVE-2020-12345)
Description: Remote Code Execution (RCE) occurs when an attacker can execute arbitrary code on the server. In this test, we discovered that one of the API endpoints lacks adequate input validation, allowing an attacker to exploit this vulnerability.
Finding Details:
- Affected URL: `http://example.com/api/upload`
- Vulnerable Input: File upload
- Payload Used: PHP file containing system command injections
- Impact: Attackers can take over the server, access sensitive data, or carry out further attacks on the system.
4. Insecure Direct Object References (IDOR) Vulnerability (CVE-2022-34567)
Description: IDOR occurs when an application provides direct access to a specific object using predictable input. We found that users could access other users' data by simply changing the ID in the URL.
Finding Details:
- Affected URL: `http://example.com/user/123`
- Vulnerable Input: Parameter `user_id`
- Payload Used: Changing `user_id` from `123` to `124`
- Impact: Users can access and modify other users' information without proper authorization.