yhdw安全检测

Generated on Mon, 30 Mar 2026 18:28:12

ZAP Version: 2.16.1

ZAP by Checkmarx

Summary of Alerts

Risk Level Number of Alerts
High
0
Medium
3
Low
3

Alerts

Name Risk Level Number of Instances
Content Security Policy (CSP) Header Not Set Medium 27
Hidden File Found Medium 5
Missing Anti-clickjacking Header Medium 15
Strict-Transport-Security Header Not Set Low 162
Timestamp Disclosure - Unix Low 48
X-Content-Type-Options Header Missing Low 146

Passing Rules

Name Rule Type Threshold Strength
Directory Browsing Active MEDIUM MEDIUM
CRLF Injection Active MEDIUM MEDIUM
Path Traversal Active MEDIUM MEDIUM
Remote File Inclusion Active MEDIUM MEDIUM
Parameter Tampering Active MEDIUM MEDIUM
Server Side Include Active MEDIUM MEDIUM
GET for POST Active MEDIUM MEDIUM
Cross Site Scripting (Reflected) Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) Active MEDIUM MEDIUM
Script Active Scan Rules Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) - Prime Active MEDIUM MEDIUM
Cross Site Scripting (Persistent) - Spider Active MEDIUM MEDIUM
SQL Injection Active MEDIUM MEDIUM
SQL Injection - MySQL Active MEDIUM MEDIUM
SQL Injection - Hypersonic SQL Active MEDIUM MEDIUM
SQL Injection - Oracle Active MEDIUM MEDIUM
SQL Injection - PostgreSQL Active MEDIUM MEDIUM
SQL Injection - SQLite Active MEDIUM MEDIUM
Cross Site Scripting (DOM Based) Active MEDIUM MEDIUM
SQL Injection - MsSQL Active MEDIUM MEDIUM
ELMAH Information Leak Active MEDIUM MEDIUM
Trace.axd Information Leak Active MEDIUM MEDIUM
XSLT Injection Active MEDIUM MEDIUM
.htaccess Information Leak Active MEDIUM MEDIUM
.env Information Leak Active MEDIUM MEDIUM
Server Side Code Injection Active MEDIUM MEDIUM
XPath Injection Active MEDIUM MEDIUM
Remote OS Command Injection Active MEDIUM MEDIUM
XML External Entity Attack Active MEDIUM MEDIUM
Generic Padding Oracle Active MEDIUM MEDIUM
Spring Actuator Information Leak Active MEDIUM MEDIUM
SOAP Action Spoofing Active MEDIUM MEDIUM
Log4Shell Active MEDIUM MEDIUM
SOAP XML Injection Active MEDIUM MEDIUM
Spring4Shell Active MEDIUM MEDIUM
Heartbleed OpenSSL Vulnerability Active MEDIUM MEDIUM
Buffer Overflow Active MEDIUM MEDIUM
Source Code Disclosure - CVE-2012-1823 Active MEDIUM MEDIUM
Format String Error Active MEDIUM MEDIUM
Server Side Template Injection Active MEDIUM MEDIUM
Remote Code Execution - CVE-2012-1823 Active MEDIUM MEDIUM
Cloud Metadata Potentially Exposed Active MEDIUM MEDIUM
External Redirect Active MEDIUM MEDIUM
Server Side Template Injection (Blind) Active MEDIUM MEDIUM
User Agent Fuzzer Active MEDIUM MEDIUM
Source Code Disclosure - /WEB-INF Folder Active MEDIUM MEDIUM
Session Management Response Identified Passive MEDIUM -
Verification Request Identified Passive MEDIUM -
Private IP Disclosure Passive MEDIUM -
Session ID in URL Rewrite Passive MEDIUM -
Script Served From Malicious Domain (polyfill) Passive MEDIUM -
Insecure JSF ViewState Passive MEDIUM -
Vulnerable JS Library (Powered by Retire.js) Passive MEDIUM -
Charset Mismatch Passive MEDIUM -
Cookie No HttpOnly Flag Passive MEDIUM -
Cookie Without Secure Flag Passive MEDIUM -
Re-examine Cache-control Directives Passive MEDIUM -
Cross-Domain JavaScript Source File Inclusion Passive MEDIUM -
Content-Type Header Missing Passive MEDIUM -
Application Error Disclosure Passive MEDIUM -
Information Disclosure - Debug Error Messages Passive MEDIUM -
Information Disclosure - Sensitive Information in URL Passive MEDIUM -
Information Disclosure - Sensitive Information in HTTP Referrer Header Passive MEDIUM -
Information Disclosure - Suspicious Comments Passive MEDIUM -
Open Redirect Passive MEDIUM -
Cookie Poisoning Passive MEDIUM -
User Controllable Charset Passive MEDIUM -
WSDL File Detection Passive MEDIUM -
User Controllable HTML Element Attribute (Potential XSS) Passive MEDIUM -
Loosely Scoped Cookie Passive MEDIUM -
Viewstate Passive MEDIUM -
Directory Browsing Passive MEDIUM -
Heartbleed OpenSSL Vulnerability (Indicative) Passive MEDIUM -
HTTP Server Response Header Passive MEDIUM -
Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) Passive MEDIUM -
X-Backend-Server Header Information Leak Passive MEDIUM -
Secure Pages Include Mixed Content Passive MEDIUM -
HTTP to HTTPS Insecure Transition in Form Post Passive MEDIUM -
HTTPS to HTTP Insecure Transition in Form Post Passive MEDIUM -
User Controllable JavaScript Event (XSS) Passive MEDIUM -
Big Redirect Detected (Potential Sensitive Information Leak) Passive MEDIUM -
Retrieved from Cache Passive MEDIUM -
X-ChromeLogger-Data (XCOLD) Header Information Leak Passive MEDIUM -
Cookie without SameSite Attribute Passive MEDIUM -
CSP Passive MEDIUM -
X-Debug-Token Information Leak Passive MEDIUM -
Username Hash Found Passive MEDIUM -
X-AspNet-Version Response Header Passive MEDIUM -
PII Disclosure Passive MEDIUM -
Script Passive Scan Rules Passive MEDIUM -
Stats Passive Scan Rule Passive MEDIUM -
Absence of Anti-CSRF Tokens Passive MEDIUM -
Hash Disclosure Passive MEDIUM -
Cross-Domain Misconfiguration Passive MEDIUM -
Weak Authentication Method Passive MEDIUM -
Reverse Tabnabbing Passive MEDIUM -
Modern Web Application Passive MEDIUM -
Authentication Request Identified Passive MEDIUM -

Sites

https://yhdw.ai.jiezidata.cn

Technology Version Categories Implies
Adobe Flash
Programming languages
Ant Design
UI frameworks
Nginx
Web servers
Reverse proxies
Tailwind CSS
UI frameworks