Vulnerabilities of web applications

One of the missions of the CIRT of ANTIC is the certification of the electronic platforms of cyberspace Cameroon. The certification of the electronic platform of a company will ensure that it does not present any flaw or danger for the various players in cyberspace Cameroon, the CIRT's expert engineers carries out assessments of the application logic and business applications web and mobile.

In the table below, we present the most common vulnerabilities in the assessment tests. We have not classified these vulnerabilities in terms of severity, impact, or prevalence, as these vulnerabilities can be a problem for a company in terms of data loss, private information sharing, or other areas that can be exploited by hackers.

VulnerabilityObservationSuggested solutions
1Directory listingThis vulnerability can allow an attacker to navigate the file system and gain access to files stored on the server.Adjust the configuration of the apache server or the .htaccess file by removing the +Indexes option
2Cross site scripting this vulnerability may allow hackers to inject malicious JavaScript code into a vulnerable application, in order to modify the content of the page presented to the user or to seize session cookies and thus control the accounts users.Filter meta characters from data entered by users via a validation procedure based on regular expressions.
3DNS zone transferThe remote DNS server allows zone transfers. A malicious user can obtain a copy of the entire DNS zone of the minesup.gov.cm domain, containing the complete list of all hosts in that domain.Configure the minesup.gov.cm zone to restrict the zone transfer to legitimate addresses using the directive « allow-transfer»
4HTML form without CSRF protectionThis vulnerability can allow a hacker to execute malicious actions to a legitimate user without his knowledge or to take control of his account. Add a nonce (large random number) for each transaction.
5SSL Self-Signed CertificateThe certificate used for secure connections on the server is self-signed and is not credible. Acquire a certificate from a certificate authority
6Clickjacking: X-Frame-Options header missingThis vulnerability can allow an attacker to hijack users' clicks on a button or link on a web page, to make them perform unwanted operations or take control of their computers.Configure the web server to automatically insert the headers X-Frame-Options.
7Session Cookie without HttpOnly flag setThis vulnerability may allow an attacker to obtain cookies via malicious client scripts.Insert the flag HttpOnly flag in the cookie description.
8Session Cookie without Secure flag setA session cookie with no secure flag has been detected. When a cookie is created with the secure flag, it tells the browser that the cookie can not be accessed via secure SSL channels. This is an important additional security protection for session cookies.Enable security flag for session cookies.
9Session token in URLSession tokens in the query parameters have been raised. Session tokens are sensitive information that should not be stored in the URL.Maintain sessions using secure cookies
10Slow HTTP Denial of Service AttackThe web server is vulnerable to Slow HTTP DoS attacks. These attacks could slow down or even block the responses of queries sent to the web server.Control customer requests through one of the following modules : • mod_reqtimeout • mod_qos • mod_security
11Basic authentication over HTTPThe credentials of users stored in the phpmyadmin directory are passed in clear, which can allow a hacker to intercept them by sniffing packets. Use an HTTPS connection for authentications.
12Blind SQL InjectionThis vulnerability can allow a hacker to alter and manipulate the data contained in the databaseUse parameterized SQL queries and process input data before execution.
13File uploadThis vulnerability can allow an attacker to send malicious files to the server, allowing it to take control of the server.• Restrict the extensions of the files to send. • Reconfigure the rights of users and files to prevent the execution of downloaded files.
14PHP open_basedir is not setThis vulnerability could allow a remote attacker to include files on the website. The open_basedir configuration directive limits the opening of files by php.Set the open_basedir directive in the file php.ini
15PHP code injectionPHP code injection is a vulnerability that allows an attacker to inject custom code into the server-side scripting engine. This vulnerability occurs when an attacker can control all or part of a string passed as a parameter to an Eval function call. This function will execute the argument as a code.Filter metacharacters from data entered by users through a validation procedure based on regular expressions.
16URL redirectionA remote attacker can exploit this vulnerability to redirect the users of your site to a specified URL, allowing him to lead Phishing attacks, or a Malware distribution.Filter the metacharacters from the data entered by users via a validation procedure based on regular expressions.
17Session fixationThe session management mechanism on the website allows users to set session identifiers in advance, which would allow a malicious user to authenticate a legitimate user with a predefined session ID, and to use it to usurp the established sessionGenerate a new session ID for each user authentication
18SSL 2.0 deprecated protocolThe server accepts encrypted connections through SSL 2.0 protocols that suffer from several security vulnerabilities. A cyber attacker might be able to exploit these weaknesses to intercept and decipher communications between the server and the clients.Disable secure connections through SSL 2.0 protocols. Use TLS for secure connections
19Insecure transition from HTTP to HTTPS in form postForm data is transmitted from an insecure page that could be diverted for malicious purposesServe the form from a secure page (https).
20.htaccess file readableThe content of the .htaccess file at the root of the website is accessible to site visitors. this file exposes sensitive information about the configurations that could allow a malicious user to prepare attacks against the website.Restrict access to the file .htaccess
21Backup filesBackup files can contain scripts, configuration files, or other sensitive information that a malicious user can use to prepare for attacks.Delete these files if they are not essential to the website.