@@ -235,7 +235,7 @@ Alerts
Base64 Disclosure |
Informational |
- 4 |
+ 2 |
Modern Web Application |
@@ -612,7 +612,7 @@ Alert Detail
Evidence |
- <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6277851622494904" crossorigin="anonymous" type="a68881df0ed70001dbdb97d0-text/javascript"></script> |
+ <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6277851622494904" crossorigin="anonymous" type="b2d22e1d7dbe7bdec2956ca2-text/javascript"></script> |
@@ -638,7 +638,7 @@ Alert Detail
Evidence |
- <script async src="https://www.googletagmanager.com/gtag/js?id=G-49J1J0GERX" type="a68881df0ed70001dbdb97d0-text/javascript"></script> |
+ <script async src="https://www.googletagmanager.com/gtag/js?id=G-49J1J0GERX" type="b2d22e1d7dbe7bdec2956ca2-text/javascript"></script> |
@@ -664,7 +664,7 @@ Alert Detail
Evidence |
- <script src="https://code.iconify.design/2/2.1.0/iconify.min.js" type="a68881df0ed70001dbdb97d0-text/javascript"></script> |
+ <script src="https://code.iconify.design/2/2.1.0/iconify.min.js" type="b2d22e1d7dbe7bdec2956ca2-text/javascript"></script> |
@@ -871,7 +871,7 @@ Alert Detail
Evidence |
- <script src="https://code.iconify.design/2/2.1.0/iconify.min.js" type="a68881df0ed70001dbdb97d0-text/javascript"></script> |
+ <script src="https://code.iconify.design/2/2.1.0/iconify.min.js" type="b2d22e1d7dbe7bdec2956ca2-text/javascript"></script> |
@@ -897,7 +897,7 @@ Alert Detail
Evidence |
- <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6277851622494904" crossorigin="anonymous" type="a68881df0ed70001dbdb97d0-text/javascript"></script> |
+ <script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6277851622494904" crossorigin="anonymous" type="b2d22e1d7dbe7bdec2956ca2-text/javascript"></script> |
@@ -923,7 +923,7 @@ Alert Detail
Evidence |
- <script async src="https://www.googletagmanager.com/gtag/js?id=G-49J1J0GERX" type="a68881df0ed70001dbdb97d0-text/javascript"></script> |
+ <script async src="https://www.googletagmanager.com/gtag/js?id=G-49J1J0GERX" type="b2d22e1d7dbe7bdec2956ca2-text/javascript"></script> |
@@ -1090,59 +1090,7 @@ Alert Detail
Evidence |
- J8lINplEDcoDVZkzq9aLsM1S1n4plPkg4Wm7uyuZEQ9y3E22oyDpJEudbbWMLgP9PAy58e4FGank |
-
-
-
- URL |
- https://www.matchid.io |
-
-
- Method |
- GET |
-
-
- Parameter |
- |
-
-
- Attack |
- |
-
-
- Evidence |
- 2BUopxO9CNNeBk1bKe5x1SzJRSQFNoFjXXIjnSnEMNYZuj7waCVCR8fxNECCSKdq2IfMdAs7Vyv97DvA2qtNWFv5xgF |
-
-
-
- URL |
- https://www.matchid.io/robots.txt |
-
-
- Method |
- GET |
-
-
- Parameter |
- |
-
-
- Attack |
- |
-
-
- Evidence |
- tozdLTBzP6HIK8V2J6eyhjskCfhiLxxg2Rzm1ry0IQqDj7j92zS0KyFL |
+ iemuyp11uytskOf9uprTxeN4FX0G6hPYho5qbd2ZkyJrw4pInr |
@@ -1168,12 +1116,12 @@ Alert Detail
Evidence |
- qemlv6y4s5Xte7vHTE4t6Wm8JoGzzh |
+ 2BloccgZ3A0nrS4JZWj0tcIu8JFCyaNrXAYiPVFf1mXHiJaOYML4bQLMCNVh22iIiA |
Instances |
- 4 |
+ 2 |
Solution |
@@ -1275,7 +1223,7 @@ Alert Detail
Evidence |
- <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039" integrity="sha512-DI3rPuZDcpH/mSGyN22erN5QFnhl760f50/te7FTIYxodEF8jJnSFnfnmG/c+osmIQemvUrnBtxnMpNdzvx1/g==" data-cf-beacon='{"rayId":"7eb00a82afd23b3b","version":"2023.4.0","r":1,"b":1,"token":"2a9fe3aa012b4d008568071ef799dbed","si":100}' crossorigin="anonymous"></script> |
+ <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854" integrity="sha512-bjgnUKX4azu3dLTVtie9u6TKqgx29RBwfj3QXYt5EKfWM/9hPSAI/4qcV5NACjwAo8UtTeWefx6Zq5PHcMm7Tg==" data-cf-beacon='{"rayId":"7ee9ad97ca6e2b7b","version":"2023.7.0","r":1,"b":1,"token":"2a9fe3aa012b4d008568071ef799dbed","si":100}' crossorigin="anonymous"></script> |
@@ -1301,7 +1249,7 @@ Alert Detail
Evidence |
- <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039" integrity="sha512-DI3rPuZDcpH/mSGyN22erN5QFnhl760f50/te7FTIYxodEF8jJnSFnfnmG/c+osmIQemvUrnBtxnMpNdzvx1/g==" data-cf-beacon='{"rayId":"7eb00a82aa1a8f16","version":"2023.4.0","r":1,"b":1,"token":"2a9fe3aa012b4d008568071ef799dbed","si":100}' crossorigin="anonymous"></script> |
+ <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854" integrity="sha512-bjgnUKX4azu3dLTVtie9u6TKqgx29RBwfj3QXYt5EKfWM/9hPSAI/4qcV5NACjwAo8UtTeWefx6Zq5PHcMm7Tg==" data-cf-beacon='{"rayId":"7ee9ad97ca3408ca","version":"2023.7.0","r":1,"b":1,"token":"2a9fe3aa012b4d008568071ef799dbed","si":100}' crossorigin="anonymous"></script> |
@@ -1327,7 +1275,7 @@ Alert Detail
Evidence |
- <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v2cb3a2ab87c5498db5ce7e6608cf55231689030342039" integrity="sha512-DI3rPuZDcpH/mSGyN22erN5QFnhl760f50/te7FTIYxodEF8jJnSFnfnmG/c+osmIQemvUrnBtxnMpNdzvx1/g==" data-cf-beacon='{"rayId":"7eb00a82a901391c","version":"2023.4.0","r":1,"b":1,"token":"2a9fe3aa012b4d008568071ef799dbed","si":100}' crossorigin="anonymous"></script> |
+ <script defer src="https://static.cloudflareinsights.com/beacon.min.js/v8b253dfea2ab4077af8c6f58422dfbfd1689876627854" integrity="sha512-bjgnUKX4azu3dLTVtie9u6TKqgx29RBwfj3QXYt5EKfWM/9hPSAI/4qcV5NACjwAo8UtTeWefx6Zq5PHcMm7Tg==" data-cf-beacon='{"rayId":"7ee9ad97cda22abb","version":"2023.7.0","r":1,"b":1,"token":"2a9fe3aa012b4d008568071ef799dbed","si":100}' crossorigin="anonymous"></script> |
@@ -1513,7 +1461,7 @@ Alert Detail
Evidence |
- Age: 53 |
+ HIT |
diff --git a/results/aHR0cHM6Ly93d3cubWF0Y2hpZC5pbw==/zap.json b/results/aHR0cHM6Ly93d3cubWF0Y2hpZC5pbw==/zap.json
index 51f755e2..b13a0524 100644
--- a/results/aHR0cHM6Ly93d3cubWF0Y2hpZC5pbw==/zap.json
+++ b/results/aHR0cHM6Ly93d3cubWF0Y2hpZC5pbw==/zap.json
@@ -1,7 +1,7 @@
{
"@programName": "OWASP ZAP",
"@version": "2.13.0",
- "@generated": "Sun, 23 Jul 2023 01:10:02",
+ "@generated": "Sun, 30 Jul 2023 01:02:50",
"site":[
{
"@name": "https://www.matchid.io",
@@ -113,7 +113,7 @@
"method": "GET",
"param": "",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": ""
},
{
@@ -121,7 +121,7 @@
"method": "GET",
"param": "",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": ""
},
{
@@ -129,7 +129,7 @@
"method": "GET",
"param": "",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": ""
}
],
@@ -182,7 +182,7 @@
"reference": "",
"cweid": "201",
"wascid": "13",
- "sourceid": "8"
+ "sourceid": "6"
},
{
"pluginid": "10017",
@@ -199,7 +199,7 @@
"method": "GET",
"param": "https://code.iconify.design/2/2.1.0/iconify.min.js",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": ""
},
{
@@ -207,7 +207,7 @@
"method": "GET",
"param": "https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6277851622494904",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": ""
},
{
@@ -215,7 +215,7 @@
"method": "GET",
"param": "https://www.googletagmanager.com/gtag/js?id=G-49J1J0GERX",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": ""
}
],
@@ -269,37 +269,21 @@
"method": "GET",
"param": "",
"attack": "",
- "evidence": "J8lINplEDcoDVZkzq9aLsM1S1n4plPkg4Wm7uyuZEQ9y3E22oyDpJEudbbWMLgP9PAy58e4FGank",
- "otherinfo": "'\uFFFDH6\uFFFDD\r\uFFFD\\x0003U\uFFFD3\uFFFD\u058B\uFFFD\uFFFDR\uFFFD~)\uFFFD\uFFFD \uFFFDi\uFFFD\uFFFD+\uFFFD\\x0011\\x000fr\uFFFDM\uFFFD\uFFFD \uFFFD$K\uFFFDm\uFFFD\uFFFD.\\x0003\uFFFD<\\x000c\uFFFD\uFFFD\uFFFD\\x0005\\x0019\uFFFD\uFFFD"
- },
- {
- "uri": "https://www.matchid.io",
- "method": "GET",
- "param": "",
- "attack": "",
- "evidence": "2BUopxO9CNNeBk1bKe5x1SzJRSQFNoFjXXIjnSnEMNYZuj7waCVCR8fxNECCSKdq2IfMdAs7Vyv97DvA2qtNWFv5xgF",
- "otherinfo": "\uFFFD\\x0015(\uFFFD\\x0013\uFFFD\\x0008\uFFFD^\\x0006M[)\uFFFDq\uFFFD,\uFFFDE$\\x00056\uFFFDc]r#\uFFFD)\uFFFD0\uFFFD\\x0019\uFFFD>\uFFFDh%BG\uFFFD\uFFFD4@\uFFFDH\uFFFDj\u0607\uFFFDt\\x000b;W+\uFFFD\uFFFD;\uFFFD\u06ABMX[\uFFFD\uFFFD\\x0001"
- },
- {
- "uri": "https://www.matchid.io/robots.txt",
- "method": "GET",
- "param": "",
- "attack": "",
- "evidence": "tozdLTBzP6HIK8V2J6eyhjskCfhiLxxg2Rzm1ry0IQqDj7j92zS0KyFL",
- "otherinfo": "\uFFFD\uFFFD\uFFFD-0s?\uFFFD\uFFFD+\uFFFDv'\uFFFD\uFFFD\uFFFD;$\t\uFFFDb/\\x001c`\uFFFD\\x001c\uFFFD\u05BC\uFFFD!\n\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD4\uFFFD+!K"
+ "evidence": "iemuyp11uytskOf9uprTxeN4FX0G6hPYho5qbd2ZkyJrw4pInr",
+ "otherinfo": "\uFFFD\uFFFD\u029Du\uFFFD+l\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFDx\\x0015}\\x0006\uFFFD\\x0013\u0606\uFFFDjm\u0759\uFFFD\"k\u00CAH\uFFFD"
},
{
"uri": "https://www.matchid.io/sitemap.xml",
"method": "GET",
"param": "",
"attack": "",
- "evidence": "qemlv6y4s5Xte7vHTE4t6Wm8JoGzzh",
- "otherinfo": "\uFFFD\u997F\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD{\uFFFD\uFFFDLN-\uFFFDi\uFFFD&\uFFFD\uFFFD\uFFFD"
+ "evidence": "2BloccgZ3A0nrS4JZWj0tcIu8JFCyaNrXAYiPVFf1mXHiJaOYML4bQLMCNVh22iIiA",
+ "otherinfo": "\uFFFD\\x0019hq\uFFFD\\x0019\uFFFD\r'\uFFFD.\teh\uFFFD\uFFFD\uFFFD.\uFFFDB\u0263k\\\\x0006\"=Q_\uFFFDe\u01C8\uFFFD\uFFFD`\uFFFD\uFFFDm\\x0002\uFFFD\\x0008\uFFFDa\uFFFDh\uFFFD\uFFFD"
}
],
- "count": "4",
+ "count": "2",
"solution": "Manually confirm that the Base64 data does not leak sensitive information, and that the data cannot be aggregated/used to exploit other vulnerabilities.
",
- "otherinfo": "'\uFFFDH6\uFFFDD\r\uFFFD\\x0003U\uFFFD3\uFFFD\u058B\uFFFD\uFFFDR\uFFFD~)\uFFFD\uFFFD \uFFFDi\uFFFD\uFFFD+\uFFFD\\x0011\\x000fr\uFFFDM\uFFFD\uFFFD \uFFFD$K\uFFFDm\uFFFD\uFFFD.\\x0003\uFFFD<\\x000c\uFFFD\uFFFD\uFFFD\\x0005\\x0019\uFFFD\uFFFD
",
+ "otherinfo": "\uFFFD\uFFFD\u029Du\uFFFD+l\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFD\uFFFDx\\x0015}\\x0006\uFFFD\\x0013\u0606\uFFFDjm\u0759\uFFFD\"k\u00CAH\uFFFD
",
"reference": "http://projects.webappsec.org/w/page/13246936/Information%20Leakage
",
"cweid": "200",
"wascid": "13",
@@ -328,7 +312,7 @@
"method": "GET",
"param": "",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application."
},
{
@@ -336,7 +320,7 @@
"method": "GET",
"param": "",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application."
},
{
@@ -344,7 +328,7 @@
"method": "GET",
"param": "",
"attack": "",
- "evidence": "",
+ "evidence": "",
"otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application."
}
],
@@ -406,8 +390,8 @@
"method": "GET",
"param": "",
"attack": "",
- "evidence": "Age: 53",
- "otherinfo": "The presence of the 'Age' header indicates that that a HTTP/1.1 compliant caching server is in use."
+ "evidence": "HIT",
+ "otherinfo": ""
},
{
"uri": "https://www.matchid.io/sitemap.xml",
@@ -424,7 +408,7 @@
"reference": "https://tools.ietf.org/html/rfc7234
https://tools.ietf.org/html/rfc7231
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html (obsoleted by rfc7234)
",
"cweid": "-1",
"wascid": "-1",
- "sourceid": "8"
+ "sourceid": "6"
},
{
"pluginid": "90005",
@@ -467,7 +451,7 @@
"reference": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
",
"cweid": "352",
"wascid": "9",
- "sourceid": "8"
+ "sourceid": "6"
},
{
"pluginid": "90005",
@@ -510,7 +494,7 @@
"reference": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
",
"cweid": "352",
"wascid": "9",
- "sourceid": "8"
+ "sourceid": "6"
},
{
"pluginid": "90005",
@@ -553,7 +537,7 @@
"reference": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
",
"cweid": "352",
"wascid": "9",
- "sourceid": "8"
+ "sourceid": "6"
},
{
"pluginid": "90005",
@@ -596,7 +580,7 @@
"reference": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
",
"cweid": "352",
"wascid": "9",
- "sourceid": "8"
+ "sourceid": "6"
},
{
"pluginid": "10049",