APPSCAN测试策略.docx

APPSCAN测试策略.docx

《APPSCAN测试策略.docx》由会员分享，可在线阅读，更多相关《APPSCAN测试策略.docx（81页珍藏版）》请在冰豆网上搜索。

APPSCAN测试策略

测试策略

作者：

amxking

QQ：

3633526

名称:

定制模板测试策略

描述:

ThispolicyincludesallHonkwintestsexceptportlistenertests.

测试（11483-58480种）：

名称

严重性

登录错误消息凭证枚举

High

IISlocalstart.asp可能的蛮力

High

不充分帐户封锁

High

可预测的登录凭证

High

phpMyAdmin控制台远程数据库管理

High

NetscapeAdministrationServer密码检索

High

HTTPPUT方法站点篡改

High

LotusDominoWeb服务器文件检索

High

MacromediaJRunAdministrationServer认证旁路

High

MacromediaDreamweaver远程数据库未授权的访问

High

NetscapeEnterpriseServer/SunONE未授权的管理特权和拒绝服务

High

ASP.NET表单认证旁路

High

使用SQL注入的认证旁路

High

EWS（ExciteforWebServers）特权升级

High

TektronixPhaserLinkWebserver远程管理认证旁路

High

JBossWeb管理控制台认证旁路

High

JBossJava管理扩展控制台认证旁路

High

MacromediaColdFusion弱会话Cookie

High

ApacheJServ弱令牌算法

High

未授权的PL/SQL管理页面访问

Medium

通过Cookie操纵的可能的垂直特权升级

Medium

MicrosoftFrontPageServerExtensions管理界面

Medium

BEAWebLogic管理界面

Medium

ApacheTomcatContextAdministrationTool无特权访问

Medium

LotusDominoWebAdministration模板访问

Medium

CobaltRaQ特权升级

Medium

OracleApplicationServer管理界面

Medium

BannerRotating01特权升级

Medium

AccountManagerCGI远程密码更改

Medium

LyrisListManager访问控制旁路

Medium

GWScriptsNewsPublisher访问控制旁路

Medium

新闻更新访问控制旁路

Medium

WWWboard.pl密码检索

Medium

PowerscriptsPlusMail密码更改

Medium

SubscribeMeMailingListManager特权升级

Medium

PCCSMySQL数据库管理工具管理员密码泄露

Medium

应用流程Subversion所用的Webevent管理权

Medium

MicrosoftFrontPageExtensions站点篡改

Medium

跨站点请求伪造

Medium

MicrosoftIISHitHighlighting认证旁路

Medium

永久Cookie包含敏感的会话信息

High

注销后会话未失效

High

外部会话标识实施

High

会话标识未更新

High

会话定置

High

HTTP响应分割

Medium

启用了不安全的HTTP方法

Medium

通过URL重定向钓鱼

Medium

通过框架钓鱼

Medium

SAPWebApplicationServerHTTP响应注入

Medium

Oracle10gHTTP响应分割

Medium

链接注入（便于跨站请求伪造）

Medium

phpPgAdminredirect.phpURL重定向

Medium

WebDAVMKCOL方法站点篡改

Medium

存储的响应分割

Medium

通过Flash钓鱼

Medium

Flash中的不安全直接对象引用

Medium

MicrosoftOutlookWebAccessforExchangeURL重定向

Medium

WoltLabBurningBoarddereferrer.phpURL重定向

Medium

跨站点脚本编制

High

基于DOM的跨站点脚本编制

High

主机允许从任何域进行flash访问

High

存储的跨站点脚本编制

High

OracleApplicationServerPL/SQL跨站点脚本编制

High

Microsoft.NETServer跨站点脚本编制

High

MicrosoftSQLXML跨站点脚本编制

High

ht:

//DigHtsearch跨站点脚本编制

High

MicrosoftContentManagementServer跨站点脚本编制

High

ZeusWeb服务器管理界面跨站点脚本编制

High

”IBMWebSphere“..”跨站点脚本编制

High

MicrosoftIndexServer.htw跨站点脚本编制

High

MicrosoftIIS.shtml和.stm文件跨站点脚本编制

High

HTTPReferer头跨站点脚本编制

High

LotusDomino图像标记跨站点脚本编制

High

多供应商JavaServlet容器跨站点脚本编制

High

ApacheTomcatServlet异常跨站点脚本编制

High

MicrosoftExchangeServer5.5OutlookWebAccess跨站点脚本编制

High

SunCobaltRaQ控制面板跨站点脚本编制

High

OracleHTTPServeriSQL*Plus跨站点脚本编制

High

SunONEWebServer搜索跨站点脚本编制

High

phpCMS跨站点脚本编制

High

ProfitCodePayProCart3.0跨站点脚本编制

High

RadBidsGoldv2跨站点脚本编制

High

PhotoPostPHPPro跨站点脚本编制

High

ESMIPayPalStorefront跨站点脚本编制

High

IatekPortalApp跨站点脚本编制

High

AlstraSoftEPayPro2.0跨站点脚本编制

High

phpMyAdmin跨站点脚本编制

High

BEAWebLogicAdministrationConsole跨站点脚本编制

High

OracleWebcache9i跨站点脚本编制

High

OracleReportsServer示例脚本跨站点脚本编制

High

MacromediaColdFusion错误页面跨站点脚本编制

High

ModernBill跨站点脚本编制

High

PostNukereadpmsg.php跨站点脚本编制

High

MetaCarte-Shop跨站点脚本编制

High

OpenBB跨站点脚本编制

High

UltimatePHPBoard（UPB）跨站点脚本编制

High

TOPo2.2跨站点脚本编制

High

PostNukeRSS模块跨站点脚本编制

High

HelpCenterLive跨站点脚本编制

High

Wordpress跨站点脚本编制

High

SiteMinder跨站点脚本编制

High

Comersus购物车跨站点脚本编制

High

Cartwiz跨站点脚本编制

High

VBZoom跨站点脚本编制

High

Naxtor购物车跨站点脚本编制

High

ColdfusionFusebox跨站点脚本编制

High

Web内容管理跨站点脚本编制

High

ATutor跨站点脚本编制

High

OracleReportsServer跨站点脚本编制

High

Annuaire1Two跨站点脚本编制

High

i-Gallery跨站点脚本编制

High

IBMLotusDomino跨站点脚本编制

High

PerlDiver“module”跨站点脚本编制

High

PHPAdvancedTransferManager跨站点脚本编制

High

vBulletin跨站点脚本编制

High

MicrosoftSiteServer跨站点脚本编制

High

PHPListMailingListManager跨站点脚本编制

High

ApacheStruts错误消息跨站点脚本编制

High

FileLister跨站点脚本编制

High

PerlCalWebCalendar跨站点脚本编制

High

DCForum跨站点脚本编制

High

AtlantPro跨站点脚本编制

High

OracleASDiscussionForumPortlet跨站点脚本编制

High

PHP-Fusionmembers.php跨站点脚本编制

High

OpenEdit跨站点脚本编制

High

DEVWebManagementSystem跨站点脚本编制

High

AquiferCMS“keyword”跨站点脚本编制

High

phpBB“AllowHTML”跨站点脚本编制

High

FogBugzdefault.asp跨站点脚本编制

High

InterspireTrackpointNXindex.php跨站点脚本编制

High

HelmForgotPassword.asp跨站点脚本编制

High

FAQ-O-Maticfom.cgi跨站点脚本编制

High

UltimateAuctionitemlist.pl和item.pl跨站点脚本编制

High

GTPiCommerceindex.php跨站点脚本编制

High

ApacheGeronimocal2.jsp跨站点脚本编制

High

CubeCartindex.php和cart.php跨站点脚本编制

High

SMBCMS站点搜索跨站点脚本编制

High

MyAmazonStoreManagersearch.php跨站点脚本编制

High

H-Spherepsoft.hsphere.CP跨站点脚本编制

High

Nuked-Klanindex.php跨站点脚本编制

High

sPaiz-Nukemodules.php跨站点脚本编制

High

phpBBRlink模块rlink.php跨站点脚本编制

High

MyBBsearch.php跨站点脚本编制

High

BrowserCRMresults.php跨站点脚本编制

High

SoftMakerShopresultat.asp跨站点脚本编制

High

cPanel多重跨站点脚本编制

High

Siteframesearch.php跨站点脚本编制

High

HiveMailindex.php跨站点脚本编制

High

PerlBlogweblog.pl跨站点脚本编制

High

Siteframe页面注释跨站点脚本编制

High

PostNukeadmin.php和user.php跨站点脚本编制

High

Runcms“lid”跨站点脚本编制

High

CPGDragonflyCMS跨站点脚本编制

High

MyBBmanagegroup.php跨站点脚本编制

High

V-webmailpreferences.personal.php跨站点脚本编制

High

XMBu2u.php跨站点脚本编制

High

myPHPNuke跨站点脚本编制

High

StoreBot2002StandardEditionmanage.asp跨站点脚本编制

High

phpCOIN跨站点脚本编制

High

phpArcadeScript跨站点脚本编制

High

DVGuestbook跨站点脚本编制

High

Game-Panellogin.php跨站点脚本编制

High

MyBB多重跨站点脚本编制

High

Mantis跨站点脚本编制

High

FlatNukeindex.php跨站点脚本编制

High

DRZESHMSlogin.php跨站点脚本编制

High

SugarSales多重跨站点脚本编制

High

MyBBmember.php跨站点脚本编制

High

phpMyAdminindex.php跨站点脚本编制

High

ContrexxCMSindex.php跨站点脚本编制

High

ExtCalendarcalendar.php跨站点脚本编制

High

Noah'sClassifiedsindex.php跨站点脚本编制

High

Verisign'shaydn.exeCGI脚本跨站点脚本编制

High

gCardsindex.php跨站点脚本编制

High

Firepass4100SSLVPNmy.support.php3跨站点脚本编制

High

PHPLive!

status_image.php跨站点脚本编制

High

EasyMoblogimg.php跨站点脚本编制

High

CoMoblogimg.php跨站点脚本编制

High

dotNetBBiforget.aspx跨站点脚本编制

High

ToastForumstoast.asp跨站点脚本编制

High

HelmWebHosting控制面板跨站点脚本编制

High

realestateZONEindex.cfm跨站点脚本编制

High

couponZONElocal.cfm跨站点脚本编制

High

ConnectDaily多重跨站点脚本编制

High

phpCOIN多重跨站点脚本编制

High

DCP-Portalindex.php跨站点脚本编制

High

InvisionPowerBoardindex.php跨站点脚本编制

High

MusicBox多重跨站点脚本编制

High

Mantisview_all_set.php跨站点脚本编制

High

WebAPPindex.cgi跨站点脚本编制

High

Namazunamazu.cgi跨站点脚本编制

High

lucidCMSindex.php跨站点脚本编制

High

SKForum多重跨站点脚本编制

High

vBulletinvBugTracker模块vbugs.php跨站点脚本编制

High

Clarolinerqmkhtml.php跨站点脚本编制（1.7.4及其以下的版本）

High

ShadowedPortal页面模块load.php跨站点脚本编制

High

CherokeeWebServer跨站点脚本编制

High

JetPhotoServer多重跨站点脚本编制

High

JupiterContentManagerindex.php跨站点脚本编制

High

PHPWebGallery多重跨站点脚本编制

High

Web+Shopwebplus.exe跨站点脚本编制

High

MicrosoftFrontPageServerExtensions跨站点脚本编制

High

ConfixxProallgemein_transfer.php跨站点脚本编制

High

Simploglogin.php跨站点脚本编制

High

Manila多重跨站点脚本编制

High

LifeTypeindex.php跨站点脚本编制

High

MODxindex.php跨站点脚本编制

High

Visale多重跨站点脚本编制

High

BannerFarmbanners.cgi跨站点脚本编制

High

AWStatsawstats.pl跨站点脚本编制

High

NetClubsPro多重跨站点脚本编制

High

phpLDAPadmin多重跨站点脚本编制

High

xFlowindex.cgi跨站点脚本编制

High

W2BOnlineBanking跨站点脚本编制

High

MKPortalpmpopup.php跨站点脚本编制（1.1RC1及其以下的版本）

High

Simplogimagelist.php跨站点脚本编制

High

phpFaberTopSitesindex.php跨站点脚本编制（1.9.1及其以下的版本）

High

Calendarixyearcal.php跨站点脚本编制

High

LinPHAstats_view.php跨站点脚本编制

High

Scryindex.php跨站点脚本编制

High

DCForumLitedcboard.cgi跨站点

High

InstantPhotoGallery多重跨站点脚本编制

High

NextAge购物车软件index.php跨站点脚本编制

High

SunShop购物车index.php跨站点脚本编制

High

NeoMailneomail.pl跨站点脚本编制

High

CPSpopup_image跨站点脚本编制

High

PinnacleCartindex.php跨站点脚本编制

High

VirtualHostingControlSystemserver_day_stats.php跨站点脚本编制

High

Albinator多重跨站点脚本编制

High

CuteNewssearch.php跨站点脚本编制

High

ApacheTomcat“TomcatManager”跨站点脚本编制

High

CyberBuild多重跨站点脚本编制

High

ChartsMODforphpBBcharts.php跨站点脚本编制

High

phpODPodp.php跨站点脚本编制

High

ConfixxPro“login”参数跨站点脚本编制

High

Sphider多重跨站点脚本编制

High

boastMachine多重跨站点脚本编制

High

ApacheHost头跨站点脚本编制

High

ApacheExpect头跨站点脚本编制

High

MicrosoftIISidc文件扩展名跨站点脚本编制

High

OpenCmssearch.html跨站点脚本编制

High

phpwcmscnt6.inc.php跨站点脚本编制

High

CosmicShoppingCart多重跨站点脚本编制

High

ASPBBperform_search.asp跨站点脚本编制

High

ubb.threadsindex.php跨站点脚本编制

High

Geekloggetimage.php跨站点脚本编制

High

TikiWiki多重跨站点脚本编制（1.9.3.1及其以下的版本）

High

ASPBB多重跨站点脚本编制

High

Mambo多重跨站点脚本编制（版本4.6RC1）

High

Pixelpostindex.php跨站点脚本编制

High

KmitaFAQsearch.php跨站点脚本编制

High

MyBBprivate.php跨站点脚本编制

High

KAPhotoservice多重跨站点脚本编制

High

ViArtShop多重跨站点脚本编制

High

FiveStarReviewScript多重跨站点脚本编制

High

IBMWebSphereEdgeServer跨站点脚本编制

High

SPwizPlusindex.cfm跨站点脚本编制

High

bitweaver多重跨站点脚本编制

High

Confixx多重跨站点脚本编制

High

e107search.php跨站点脚本编制

High

MaximusSchoolMAXicue_login.asp跨站点脚本编制

High

Singaporeindex.php跨站点脚本编制

High

AssoCIateDindex.php跨站点脚本编制

High

vBulletinmember.php跨站点脚本编制

High

BlueDragonServer跨站点脚本编制

High

NamoDeepSearchmclient.cgi跨站点脚本编制

High

aeDating多重跨站点脚本编制

High

mvnForum“activatemember”跨站点脚本编制

High

H-Sphere“MassMail”菜单跨站点脚本编制

High

PHPphpinfo（）跨站点脚本编制（V4.4.2和5.1.2）

High

cPanelselect.html跨站点脚本编制

High

PHPiCalendarindex.php跨站点脚本编制

High

MoniWikiwiki.php跨站点脚本编制

High

Horde多重跨站点脚本编制

High

Pivot多重跨站点脚本编制

High

boastMachineadmin.php跨站点脚本编制

High

phpFaberTopSitesindex.php跨站点脚本编制（2.0.9及其以下的版本）

High

Phorumposting.php跨站点脚本编制

High

PleskControlPanelfilemanager.php跨站点脚本编制

High

MyBBusercp.php跨站点脚本编制

High

SAPWebApplicationServer跨站点脚本编制

High

CubeCart多重跨站点脚本编制（3.0.11及其以