POLITICA DE COOKIES

PENTEST-ONLINE.COM utiliza cookies técnicas, analíticas, de sesión y de publicidad con la finalidad de prestar un mejor servicio. No obstante, necesitamos su consentimiento explícito para poder utilizarlas. Así mismo puede cambiar la configuración de las cookies u obtener más información aquí .

CAJA GRIS

Ataque interno realista

Información del producto

Este servicio simula el comportamiento de un atacante con conocimiento limitado de tu sistema, combinando perspectivas externas y parciales internas. El objetivo es identificar vulnerabilidades en tu sitio web o API que podrían ser explotadas con acceso restringido, ofreciendo una visión realista de posibles amenazas internas o sistemas parcialmente expuestos.

  1. Simulación avanzada de ataques internos:

    • Replicamos el enfoque de un atacante con cierto conocimiento interno, como credenciales de acceso o información parcial del sistema, utilizando técnicas avanzadas de hacking ético.
    • Realizamos pruebas tanto automatizadas como manuales para identificar vulnerabilidades y debilidades en áreas restringidas.

  2. Compatibilidad universal:

    • Nuestro análisis es completamente adaptable a cualquier plataforma o tecnología, incluyendo:
      • Lenguajes de programación: PHP, Java, Python, C#, Node.js, Ruby, entre otros.
      • Frameworks: Django, Laravel, Spring, Express.js, entre otros.
      • CMS: WordPress, Joomla, Drupal, Magento, entre otros.
      • APIs: REST, GraphQL, SOAP.
      • Infraestructuras: Servidores en la nube, entornos híbridos o instalaciones on-premise.
    • Independientemente de cómo esté desarrollado tu sistema, adaptamos las pruebas para obtener resultados precisos y accionables.

  3. Cobertura exhaustiva del análisis:

    • Identificamos vulnerabilidades críticas y medias, tales como:
      • Fallos en la autenticación: Problemas en la gestión de credenciales o controles de acceso.
      • Escalamiento de privilegios: Explotación de configuraciones incorrectas o vulnerabilidades para obtener acceso no autorizado a privilegios más altos.
      • Endpoints API inseguros: APIs mal protegidas que podrían exponer datos sensibles o funciones críticas.
      • Configuraciones inseguras: Configuraciones débiles en redes, servidores o bases de datos.
      • Exposición de datos internos: Filtración de información o activos insuficientemente protegidos.
    • Incluimos análisis de áreas restringidas para detectar posibles amenazas internas.

  4. Escenario simulado:

    • Simulamos atacantes con acceso parcial interno:
      • Probamos roles y permisos de usuarios para identificar problemas de gestión de privilegios.
      • Intentamos realizar escalamiento de privilegios y movimiento lateral dentro del sistema.

Beneficios para tu organización

  1. Mejor comprensión de las amenazas internas:

    • Identifica riesgos que podrían surgir de cuentas internas comprometidas o malintencionadas.

  2. Detección de riesgos de escalamiento de privilegios:

    • Descubre vulnerabilidades que permiten a atacantes obtener control no autorizado sobre sistemas críticos.

  3. Protección de áreas restringidas y datos sensibles:

    • Asegúrate de que los sistemas internos, APIs y datos estén seguros contra un posible uso indebido.

  4. Cumplimiento normativo:

    • Ayudamos a cumplir con estándares de seguridad como ISO 27001, GDPR, PCI DSS, entre otros.

  5. Informe técnico completo:

    • Recibirás un informe detallado en PDF con descripciones, evidencias, niveles de criticidad y recomendaciones paso a paso para remediar cada vulnerabilidad.

Entrega en 72 Horas

  • Recibirás un análisis completo y un informe optimizado en tres días, listo para compartir con tu equipo técnico o de gestión y facilitar la resolución rápida de los riesgos identificados.




+281 Vulnerabilidades

+281 Vulnerabilidades
NOMBRE
GRAVEDAD
CLASIFICACIONES
OS command injection
High
CWE-77 CWE-78 CWE-116
SQL injection
High
CWE-89 CWE-94 CWE-116
SQL injection (second order)
High
CWE-89 CWE-94 CWE-116
ASP.NET tracing enabled
High
CWE-10 CWE-11
File path traversal
High
CWE-22 CWE-23 CWE-35 CWE-36
XML external entity injection
High
CWE-611
LDAP injection
High
CWE-90 CWE-116
XPath injection
High
CWE-94 CWE-116 CWE-159 CWE-643
XML injection
Medium
CWE-91 CWE-116 CWE-159 CWE-611 CWE-776
ASP.NET debugging enabled
Medium
CWE-11
Broken Access Control
Information
CWE-284
HTTP PUT method is enabled
High
CWE-650
Out-of-band resource load (HTTP)
High
CWE-610 CWE-918
File path manipulation
High
CWE-22 CWE-23 CWE-35 CWE-36
PHP code injection
High
CWE-94 CWE-116 CWE-159
Server-side JavaScript code injection
High
CWE-94 CWE-95 CWE-116
Perl code injection
High
CWE-94 CWE-95 CWE-116
Ruby code injection
High
CWE-94 CWE-95 CWE-116
Python code injection
High
CWE-94 CWE-95 CWE-116
Expression Language injection
High
CWE-116 CWE-159 CWE-917
Unidentified code injection
High
CWE-94 CWE-95 CWE-116
Server-side template injection
High
CWE-94 CWE-95 CWE-116
SSI injection
High
CWE-96 CWE-116 CWE-159
Cross-site scripting (stored)
High
CWE-79 CWE-80 CWE-116 CWE-159
HTTP request smuggling
High
CWE-444
Client-side desync
High
CWE-444
Web cache poisoning
High
CWE-436
HTTP response header injection
High
CWE-113
Cross-site scripting (reflected)
High
CWE-79 CWE-80 CWE-116 CWE-159
Client-side template injection
High
CWE-116 CWE-159
Cross-site scripting (DOM-based)
High
CWE-79 CWE-80 CWE-116 CWE-159
Cross-site scripting (reflected DOM-based)
High
CWE-79 CWE-80 CWE-116 CWE-159
Cross-site scripting (stored DOM-based)
High
CWE-79 CWE-80 CWE-116 CWE-159
Client-side prototype pollution
Information
CWE-1321
JavaScript injection (DOM-based)
High
CWE-94 CWE-95 CWE-116
JavaScript injection (reflected DOM-based)
High
CWE-94 CWE-95 CWE-116
JavaScript injection (stored DOM-based)
High
CWE-94 CWE-95 CWE-116
Path-relative style sheet import
Information
CWE-16
Client-side SQL injection (DOM-based)
High
CWE-89 CWE-116 CWE-159
Client-side SQL injection (reflected DOM-based)
High
CWE-89 CWE-116 CWE-159
Client-side SQL injection (stored DOM-based)
High
CWE-89 CWE-116 CWE-159
WebSocket URL poisoning (DOM-based)
High
CWE-345 CWE-346 CWE-441
WebSocket URL poisoning (reflected DOM-based)
High
CWE-345 CWE-346 CWE-441
WebSocket URL poisoning (stored DOM-based)
High
CWE-345 CWE-346 CWE-441
Local file path manipulation (DOM-based)
High
CWE-22 CWE-73
Local file path manipulation (reflected DOM-based)
High
CWE-22 CWE-73
Local file path manipulation (stored DOM-based)
High
CWE-22 CWE-73
Client-side XPath injection (DOM-based)
Low
CWE-79 CWE-116 CWE-159
Client-side XPath injection (reflected DOM-based)
Low
CWE-79 CWE-116 CWE-159
Client-side XPath injection (stored DOM-based)
Low
CWE-79 CWE-116 CWE-159
Client-side JSON injection (DOM-based)
Low
CWE-79 CWE-116 CWE-159
Client-side JSON injection (reflected DOM-based)
Low
CWE-79 CWE-116 CWE-159
Client-side JSON injection (stored DOM-based)
Low
CWE-79 CWE-116 CWE-159
Flash cross-domain policy
High
CWE-942
Silverlight cross-domain policy
High
CWE-942
Content security policy: allowlisted script resources
Information
CWE-79 CWE-80 CWE-116 CWE-159
Content security policy: allows untrusted script execution
Information
CWE-79 CWE-80 CWE-116 CWE-159
Content security policy: allows untrusted style execution
Information
CWE-116 CWE-159
Content security policy: malformed syntax
Information
Content security policy: allows clickjacking
Information
CWE-693 CWE-1021
Content security policy: allows form hijacking
Information
CWE-116
Content security policy: not enforced
Information
GraphQL endpoint found
Information
GraphQL endpoint discovered
Information
GraphQL introspection enabled
Low
CWE-200
GraphQL suggestions enabled
Low
CWE-200
GraphQL content type not validated
Low
CWE-352
Cross-origin resource sharing
Information
CWE-942
Cross-origin resource sharing: arbitrary origin trusted
High
CWE-942
Cross-origin resource sharing: unencrypted origin trusted
Low
CWE-942
Cross-origin resource sharing: all subdomains trusted
Low
CWE-942
Web cache deception
Medium
Cross-site request forgery
Medium
CWE-352
SMTP header injection
Medium
CWE-93 CWE-159
JWT signature not verified
High
CWE-345 CWE-347
JWT none algorithm supported
High
CWE-345
JWT self-signed JWK header supported
High
JWT weak HMAC secret
High
JWT arbitrary jku header supported
High
JWT arbitrary x5u header supported
High
Cleartext submission of password
High
CWE-319
External service interaction (DNS)
Information
CWE-918 CWE-406
External service interaction (HTTP)
High
CWE-918 CWE-406
External service interaction (SMTP)
Information
CWE-16 CWE-406
Referer-dependent response
Information
CWE-16 CWE-213
Spoofable client IP address
Information
CWE-16
User agent-dependent response
Information
CWE-16
Password returned in later response
Medium
CWE-204
Password submitted using GET method
Low
CWE-598
Password returned in URL query string
Low
CWE-598
SQL statement in request parameter
Medium
CWE-598
Cross-domain POST
Information
CWE-16
ASP.NET ViewState without MAC enabled
High
CWE-642
XML entity expansion
Medium
CWE-776
Long redirection response
Information
CWE-698
Serialized object in HTTP message
High
CWE-502
Duplicate cookies set
Information
CWE-16
Input returned in response (stored)
Information
CWE-20 CWE-116
Input returned in response (reflected)
Information
CWE-20 CWE-116
Suspicious input transformation (reflected)
Information
CWE-20
Suspicious input transformation (stored)
Information
CWE-20
Request URL override
Information
CWE-436
Vulnerable JavaScript dependency
Low
CWE-1104
Open redirection (reflected)
Low
CWE-601
Open redirection (stored)
Medium
CWE-601
Open redirection (DOM-based)
Low
CWE-601
Open redirection (reflected DOM-based)
Low
CWE-601
Open redirection (stored DOM-based)
Medium
CWE-601
TLS cookie without secure flag set
Medium
CWE-614
Cookie scoped to parent domain
Low
CWE-16
Cross-domain Referer leakage
Information
CWE-200
Cross-domain script include
Information
CWE-829
Cookie without HttpOnly flag set
Low
CWE-16
Session token in URL
Medium
CWE-200 CWE-384 CWE-598
Password field with autocomplete enabled
Low
CWE-200
Password value set in cookie
Medium
CWE-287
File upload functionality
Information
CWE-434
Frameable response (potential Clickjacking)
Information
CWE-693 CWE-1021
Browser cross-site scripting filter disabled
Information
CWE-16
HTTP TRACE method is enabled
Information
CWE-16
Cookie manipulation (DOM-based)
Low
CWE-565 CWE-829
Cookie manipulation (reflected DOM-based)
Low
CWE-565 CWE-829
Cookie manipulation (stored DOM-based)
Low
CWE-565 CWE-829
Ajax request header manipulation (DOM-based)
Low
CWE-116
Ajax request header manipulation (reflected DOM-based)
Low
CWE-116
Ajax request header manipulation (stored DOM-based)
Low
CWE-116
Denial of service (DOM-based)
Information
CWE-400
Denial of service (reflected DOM-based)
Information
CWE-400
Denial of service (stored DOM-based)
Low
CWE-400
HTML5 web message manipulation (DOM-based)
Information
CWE-20
HTML5 web message manipulation (reflected DOM-based)
Information
CWE-20
HTML5 web message manipulation (stored DOM-based)
Information
CWE-20
HTML5 storage manipulation (DOM-based)
Information
CWE-20
HTML5 storage manipulation (reflected DOM-based)
Information
CWE-20
HTML5 storage manipulation (stored DOM-based)
Information
CWE-20
Link manipulation (DOM-based)
Low
CWE-20
Link manipulation (reflected DOM-based)
Low
CWE-20
Link manipulation (stored DOM-based)
Low
CWE-20
Link manipulation (reflected)
Information
CWE-73 CWE-20
Link manipulation (stored)
Information
CWE-73 CWE-20
Document domain manipulation (DOM-based)
Medium
CWE-20
Document domain manipulation (reflected DOM-based)
Medium
CWE-20
Document domain manipulation (stored DOM-based)
Medium
CWE-20
DOM data manipulation (DOM-based)
Information
CWE-20
DOM data manipulation (reflected DOM-based)
Information
CWE-20
DOM data manipulation (stored DOM-based)
Information
CWE-20
CSS injection (reflected)
Medium
CWE-73 CWE-20
CSS injection (stored)
Medium
CWE-73 CWE-20
Client-side HTTP parameter pollution (reflected)
Low
CWE-233 CWE-20
Client-side HTTP parameter pollution (stored)
Low
CWE-233 CWE-20
Form action hijacking (reflected)
Medium
CWE-73 CWE-20
Form action hijacking (stored)
Medium
CWE-73 CWE-20
Database connection string disclosed
Medium
CWE-15 CWE-497
Source code disclosure
Low
CWE-18 CWE-200 CWE-388 CWE-540 CWE-541 CWE-615
Backup file
Information
CWE-530
Directory listing
Information
CWE-538 CWE-548
Email addresses disclosed
Information
CWE-200
Private IP addresses disclosed
Information
CWE-200
Social security numbers disclosed
Information
CWE-200
Credit card numbers disclosed
Information
CWE-200 CWE-388
Private key disclosed
Information
CWE-200 CWE-388
Robots.txt file
Information
CWE-200
Json Web Key Set disclosed
Information
CWE-200
JWT private key disclosed
High
CWE-200
Cacheable HTTPS response
Information
CWE-524 CWE-525
Base64-encoded data in parameter
Information
CWE-310 CWE-311
Multiple content types specified
Information
CWE-436
HTML does not specify charset
Information
CWE-16 CWE-436
HTML uses unrecognized charset
Information
CWE-16 CWE-436
Content type incorrectly stated
Low
CWE-16 CWE-436
Content type is not specified
Information
CWE-16
TLS certificate
Medium
CWE-295 CWE-326 CWE-327
Unencrypted communications
Low
CWE-326
Strict transport security not enforced
Low
CWE-523
Mixed content
Information
CWE-16 CWE-319
Hidden HTTP 2
Information
CWE-912
Extension generated issue
Information
BCheck generated issue
Information

Informe

Informe de ejemplo

Proceso

El proceso

CAJA GRIS
PENETRATION
TESTING

Todo incluido
399€
Enviado correctamente.

Gracias por confiar en Q2BStudio