-----------
void Application_PreSendRequestHeaders(object sender, EventArgs e)
{
HttpContext.Current.Response.Headers.Remove("Server");
Response.Headers.Set("Server", "My httpd server");
HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
Response.Headers.Set("X-AspNet-Version", "XXX");
HttpContext.Current.Response.Headers.Remove("X-AspNetMvc-Version");
Response.Headers.Set("X-AspNetMvc-Version", "XXX");
HttpContext.Current.Response.Headers.Remove("X-Powered-By");
Response.Headers.Set("X-Powered-By", "XXX");
}
https://portswigger.net/research/exploiting-cors-misconfigurations-for-bitcoins-and-bounties
https://portswigger.net/web-security/cors
Access-Control-Allow-Origin: https://www.drreddys.com/
Access-Control-Allow-Credentials: true
-------------
Cookies HttpOnly
<add name="strict-transport-security" value="max-age=31536000" />:
<compilation debug="false" targetFramework="4.7.1" numRecompilesBeforeAppRestart="2000">
--------
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0" />
<add name="Pragma" value="no-cache" />
<add name="Expires" value="0" />
<add name="X-Frame-Options" value="deny" />
<add name="X-content-type-options" value="nosniff" />
<add name="strict-transport-security" value="max-age=31536000" />
</customHeaders>
</httpProtocol>
</system.webServer>
1. XPath injection –Pramod -- done
5. Input returned in response (reflected) –Pramod -- Done
6. Suspicious input transformation (reflected) –Pramod –Done
7. Cross-domain Referer leakage -- Sudha --WIP
$("input[type='checkbox'][name='checkhlprof']:checked").length
$("input[type='checkbox'][name='checkhltermcond']:checked").length
1. XPath injection
WIP
2. SSL certificate
Nitin : please check the SSL certificate
3. Content type incorrectly stated
<add name="X-content-type-options" value="nosniff" />
4. Strict transport security not enforced
I have redirect from http to https
<rewrite>
<rules>
<rule name="HTTPS Rule behind AWS Elastic Load Balancer Rule" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions>
<add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" />
</conditions>
<action type="Redirect" url="https://{SERVER_NAME}{URL}" redirectType="Found" />
</rule>
</rules>
</rewrite>
5. Input returned in response (reflected)
WIP
6. Suspicious input transformation (reflected)
Error page Default redirect ot error page thus response is showing "error page" by Umbraco CMS
9. Frameable response (potential Clickjacking)
<add name="X-Frame-Options" value="deny" />sameorigin
10. Cacheable HTTPS response
<add name="Cache-Control" value="no-cache, no-store, must-revalidate, pre-check=0, post-check=0, max-age=0, s-maxage=0" />
<add name="Pragma" value="no-cache" />
<add name="Expires" value="0" />
7. Cross-domain Referer leakage
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
8. Cross-domain script include
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
