You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have deployed Mamoto on our server and trying to use it with our research project. However, the security scan from our IT team reveal the following and I do not know how to fix it: https://www.tenable.com/plugins/nessus/42424
For more details:
Using the GET HTTP method, Nessus found that :
+ The following resources may be vulnerable to blind SQL injection :
+ The 'module' parameter of the / CGI :
/?form_password_bis=&form_rememberme=1&action=resetPassword&form_login=&
form_nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=&module=Loginz
z&form_rememberme=1&action=resetPassword&form_login=&form_nonce=920b32d3
daaac6cbd0d13a7d7ba242ba&form_password=&module=Loginyy
-------- output --------
-------- vs --------
<!DOCTYPE html>
<html>
<head>
------------------------
+ The 'action' parameter of the / CGI :
/?form_password_bis=&module=Login&form_rememberme=1&form_login=&form_non
ce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=&action=resetPasswordz
z&module=Login&form_rememberme=1&form_login=&form_nonce=920b32d3daaac6cb
d0d13a7d7ba242ba&form_password=&action=resetPasswordyy
-------- output --------
-------- vs --------
<!DOCTYPE html>
<html>
<head>
------------------------
+ The 'module' parameter of the /index.php CGI :
/index.php?form_password=&form_rememberme=1&form_password_bis=&action=ge
tCss&cb=162e00e057819d2d2a4ea3eabdf3ae8a&form_login=&form_nonce=920b32d3
daaac6cbd0d13a7d7ba242ba&module=Proxyzz&form_rememberme=1&form_password_
bis=&action=getCss&cb=162e00e057819d2d2a4ea3eabdf3ae8a&form_login=&form_
nonce=920b32d3daaac6cbd0d13a7d7ba242ba&module=Proxyyy
-------- output --------
/* compile_me_once=dc278d4d511b826867ed0f08395edd6a */
/* Matomo CSS file is compiled with Less. You may be interested in [...]
/*!
-------- vs --------
<!DOCTYPE html>
<html>
<head>
------------------------
Using the POST HTTP method, Nessus found that :
+ The following resources may be vulnerable to blind SQL injection :
+ The 'form_login' parameter of the / CGI :
/ [form_password_bis=&module=Login&form_rememberme=1&action=resetPasswor
d&form_nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=&form_login=
zz&module=Login&form_rememberme=1&action=resetPassword&form_nonce=920b32
d3daaac6cbd0d13a7d7ba242ba&form_password=&form_login=yy]
-------- output --------
noclear="true"
context="error">
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password required
-------- vs --------
noclear="true"
context="error">
<strong>Error</strong>: Password required
<br/>
<strong>Error</strong>: Password (repeat) required
------------------------
+ The 'form_password' parameter of the / CGI :
/ [form_password_bis=&module=Login&form_rememberme=1&action=resetPasswor
d&form_login=&form_nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=
zz&module=Login&form_rememberme=1&action=resetPassword&form_login=&form_
nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=yy]
-------- output --------
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password required
<br/>
<strong>Error</strong>: Password (repeat) required
-------- vs --------
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password (repeat) required
<br/>
</div>
------------------------
/ [form_password_bis=&module=Login&form_rememberme=1&action=resetPasswor
d&form_login=&form_nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=
zz&module=Login&form_rememberme=1&action=resetPassword&form_login=&form_
nonce=920b32d3daaac6cbd0d13a7d7ba242ba&form_password=yy] {2}
-------- output --------
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password required
<br/>
<strong>Error</strong>: Password (repeat) required
-------- vs --------
<strong>Error</strong>: Username or Email required
<br/>
<strong>Error</strong>: Password (repeat) required
<br/>
</div>
------------------------
The text was updated successfully, but these errors were encountered:
I have deployed Mamoto on our server and trying to use it with our research project. However, the security scan from our IT team reveal the following and I do not know how to fix it:
https://www.tenable.com/plugins/nessus/42424
For more details:
Using the GET HTTP method, Nessus found that :
The text was updated successfully, but these errors were encountered: