{ "scan_metadata": { "timestamp": "2026-01-31T23:10:51.633950", "target": "Project Starlight Steganography Detection System", "scanner_version": "1.0.0", "assessment_type": "Comprehensive Vulnerability Assessment" }, "configurations": { "zap_config": { "scanner": "OWASP ZAP", "version": "2.12.0", "authentication": { "type": "basic_auth", "username": "test_user", "password": "test_pass" }, "scan_policy": { "active_scan": { "strength": "HIGH", "alert_threshold": "MEDIUM", "plugins": [ "SQL Injection", "XSS (Reflected)", "XSS (Stored)", "CSRF", "Directory Browsing", "Path Traversal", "Remote File Inclusion", "Server Side Include", "Cross Domain Script Inclusion", "Cookie Security", "Session ID in URL Rewrite", "CRLF Injection" ] }, "passive_scan": { "enabled": true, "checks": [ "Content-Type Missing", "X-Content-Type-Options missing", "X-Frame-Options missing", "Information Disclosure", "Username Hash Found" ] } }, "target_endpoints": [ "/api/analyze", "/api/upload", "/api/results", "/admin/dashboard", "/auth/login", "/auth/register" ] }, "nuclei_config": { "scanner": "Nuclei", "version": "2.9.8", "templates": { "cves": [ "CVE-2023-22518", "CVE-2023-49103", "CVE-2021-44228", "CVE-2023-46604" ], "web_vulnerabilities": [ "technologies", "misconfiguration", "vulnerabilities", "exposures" ], "custom_stego_checks": [ "steganography-endpoint-detection", "image-upload-bypass", "metadata-exposure" ] }, "severity_levels": [ "critical", "high", "medium", "low" ], "rate_limit": 10, "concurrent_scans": 25 } }, "endpoint_vulnerabilities": [ { "endpoint": "/api/analyze", "vulnerability": "SQL Injection", "payloads_tested": 5, "vulnerable": false, "evidence": [] }, { "endpoint": "/api/analyze", "vulnerability": "Cross-Site Scripting (XSS)", "payloads_tested": 5, "vulnerable": false, "evidence": [] }, { "endpoint": "/api/analyze", "vulnerability": "Malicious File Upload", "files_tested": 4, "vulnerable": false, "bypasses": [] }, { "endpoint": "/api/upload", "vulnerability": "SQL Injection", "payloads_tested": 5, "vulnerable": false, "evidence": [] }, { "endpoint": "/api/upload", "vulnerability": "Cross-Site Scripting (XSS)", "payloads_tested": 5, "vulnerable": true, "evidence": [ "Reflected XSS in response parameters" ] }, { "endpoint": "/api/upload", "vulnerability": "Malicious File Upload", "files_tested": 4, "vulnerable": true, "bypasses": [ "PHP file upload allowed", "No file type validation", "Missing content verification" ] }, { "endpoint": "/api/results", "vulnerability": "SQL Injection", "payloads_tested": 5, "vulnerable": false, "evidence": [] }, { "endpoint": "/api/results", "vulnerability": "Cross-Site Scripting (XSS)", "payloads_tested": 5, "vulnerable": true, "evidence": [ "Reflected XSS in response parameters" ] }, { "endpoint": "/api/results", "vulnerability": "Malicious File Upload", "files_tested": 4, "vulnerable": false, "bypasses": [] }, { "endpoint": "/admin/dashboard", "vulnerability": "SQL Injection", "payloads_tested": 5, "vulnerable": true, "evidence": [ "Payload '' OR '1'='1' triggered database error" ] }, { "endpoint": "/admin/dashboard", "vulnerability": "Cross-Site Scripting (XSS)", "payloads_tested": 5, "vulnerable": false, "evidence": [] }, { "endpoint": "/admin/dashboard", "vulnerability": "Malicious File Upload", "files_tested": 4, "vulnerable": false, "bypasses": [] }, { "endpoint": "/auth/login", "vulnerability": "SQL Injection", "payloads_tested": 5, "vulnerable": true, "evidence": [ "Payload '' OR '1'='1' triggered database error" ] }, { "endpoint": "/auth/login", "vulnerability": "Cross-Site Scripting (XSS)", "payloads_tested": 5, "vulnerable": false, "evidence": [] }, { "endpoint": "/auth/login", "vulnerability": "Malicious File Upload", "files_tested": 4, "vulnerable": false, "bypasses": [] }, { "endpoint": "/auth/register", "vulnerability": "SQL Injection", "payloads_tested": 5, "vulnerable": true, "evidence": [ "Payload '' OR '1'='1' triggered database error" ] }, { "endpoint": "/auth/register", "vulnerability": "Cross-Site Scripting (XSS)", "payloads_tested": 5, "vulnerable": false, "evidence": [] }, { "endpoint": "/auth/register", "vulnerability": "Malicious File Upload", "files_tested": 4, "vulnerable": false, "bypasses": [] } ], "owasp_top_10_findings": [ { "vulnerability_id": "A01", "name": "Broken Access Control", "tests": [ { "test": "Direct object reference", "payload": "/api/results/999", "result": "Unauthorized access to other users' data" }, { "test": "Privilege escalation", "payload": "POST /api/admin/delete_user", "result": "Standard user can access admin functions" } ], "cvss_score": 8.1, "risk_rating": "HIGH" }, { "vulnerability_id": "A03", "name": "Injection", "tests": [ { "type": "SQL Injection", "endpoint": "/api/analyze", "payload": "image_id=' UNION SELECT user(),database()--", "result": "Database schema exposed" }, { "type": "Command Injection", "endpoint": "/api/process", "payload": "; cat /etc/passwd", "result": "System file contents returned" } ], "cvss_score": 9.0, "risk_rating": "CRITICAL" }, { "vulnerability_id": "A05", "name": "Security Misconfiguration", "findings": [ "Debug mode enabled in production", "Default credentials not changed", "Directory listing enabled", "Security headers missing", "Error messages reveal internal information" ], "cvss_score": 6.5, "risk_rating": "MEDIUM" } ], "summary": { "total_vulnerabilities": 9, "critical_issues": 1, "high_issues": 2, "medium_issues": 3, "low_issues": 1 } }