Pentest Report Template
\documentclass[11pt,oneside,a4paper]{article}
\usepackage[%
margin=0.5in,
a4paper,%
left = 16mm,%
right = 16mm,%
textwidth = 178mm,%
top = 20mm,%
bottom= 18mm,%
heightrounded,% to avoid spurious underfull messages
headheight=8mm,%
headsep=10mm,%
footskip=7mm,%
% showframe
]{geometry}
\usepackage{amsmath}
\usepackage{lastpage}
\usepackage{parskip}
\usepackage[utf8]{inputenc}
\usepackage{graphicx}
\usepackage{float}
\usepackage{fancyhdr}
\usepackage{xcolor}
\usepackage{color, colortbl}
\usepackage{colortbl}
\usepackage{xspace}
\usepackage{longtable}
\usepackage{tabularx}
\usepackage{hyperref}
\usepackage{listings}
\usepackage{enumitem}
\usepackage{soul}
\hypersetup{
colorlinks = true,
allcolors = link-blue,
}
%%%%%%%%%%%%%%%%%%%%%%%
% Font Definition %
%%%%%%%%%%%%%%%%%%%%%%%
%\usepackage[default]{sourcesanspro}
%\usepackage[scaled]{sourcesanspro}
%\setmainfont{Source Sans Pro}
%%%%%%%%%%%%%%%%%%%%%%%
% Colors Definition %
%%%%%%%%%%%%%%%%%%%%%%%
\definecolor{link-blue}{RGB}{6,69,173}
\definecolor{dark-green}{RGB}{52,133,62}
\definecolor{light-blue}{RGB}{127, 180, 240}
\definecolor{dark-blue}{RGB}{72, 120, 224}
\definecolor{heading-grey}{RGB}{67, 105, 182}
\definecolor{Critical}{RGB}{132, 68, 167}
\definecolor{High}{RGB}{252, 7, 3}
\definecolor{Medium}{RGB}{252, 144, 3}
\definecolor{Low}{RGB}{0,212,32}
\definecolor{Info}{RGB}{94,185,255}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Variable Definition - Change Here %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Name of the Company
\newcommand{\companyName}{COMPANY}
% Shortened name of the company (use \companyName if full name should be used)
\newcommand{\companyNameShort}{COMPANY}
% Name of the document
\newcommand{\reportName}{\textcolor{gray}{\companyName - Security Assessment Finding Report}}
% Name of pentesting company
\newcommand{\pentester}{PENTESTER}
% Shortened name of the pentesting company (use \pentester if full name should be used)
\newcommand{\pentesterShort}{PENTESTER}
% URL of pentesting company
\newcommand{\pentesterSite}{\url{WEBSITE}}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Main Header and Footer Configuration %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\pagestyle{fancy}
\fancyhf{}
%\fancyhfoffset[E,O]{10pt}
\renewcommand{\footrulewidth}{1.5pt}
\lhead{\includegraphics[height=1.2cm]{Logos/els-logo.png}}
\rhead{\includegraphics[height=1.2cm]{Logos/eCPPTv2-nobg.png}}
\chead{\textcolor{gray}{\reportName}}
\rfoot{\textcolor{gray}{Page \thepage\ of \pageref*{LastPage}}}
\lfoot{\textcolor{gray}{\pentester}}
\cfoot{\textcolor{gray}{\companyName} }
%%%%%%%%%%%%%%%%%%%%%%
% Document Content %
%%%%%%%%%%%%%%%%%%%%%%
\begin{document}
%----------------------------------------------------------
% TITLE PAGE
%----------------------------------------------------------
\begin{titlepage}
\centering
%-----------Heading--------------------
\textsc{\LARGE COMPANY}\\[1.5cm] % Name of your company
\includegraphics[width=0.6\textwidth]{Logos/els-logo.png}\par\vspace{1cm} %Company logo
\textsc{\Large Course name}\\[0.5cm] % Major heading such
%-----------Author--------------------
\begin{minipage}{0.75\textwidth}
\begin{flushleft} \large
\centering
First name \textsc{Last name}\\ % Your name
\end{flushleft}
\end{minipage}\\[0.5cm]
%-----------Title--------------------
\vspace{0.5cm}
\hline
{\huge \bfseries Security Assessment Finding Report}\\[0.4cm] % Title of your document
\hline
\vspace{0.5cm}
\textsc{\large BUSINESS CONFIDENTIAL}\\[0.5cm] % Minor heading such
\vspace{2cm}
%-----------Date--------------------
{\large \today}\\[2cm] % Date, change the \today to a set date if you want to be precise
\vfill % Fill the rest of the page with white space
\clearpage
\end{titlepage}
%----------------------------------------------------------
% Table of Contents
%----------------------------------------------------------
\tableofcontents
\clearpage
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Confidentiality Statement %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Confidentiality Statement}
This document is the property of \companyName and \pentester (PENTESTER). It contains confidential and proprietary information that should not be shared or reproduced without the consent of both parties. \par
\pentester may share this document with auditors who have signed non-disclosure agreements in order to prove compliance with penetration test requirements.
%%%%%%%%%%%%%%%%
% Disclaimer %
%%%%%%%%%%%%%%%%
\section{Disclaimer}
A penetration test is considered a snapshot in time. The findings and recommendations reflect the information gathered during the assessment and not any changes or modifications made outside of that period.\par
Time-limited engagements do not allow for a full evaluation of all security controls. \pentesterShort\ prioritized the assessment to identify the weakest security controls an attacker would exploit. \pentesterShort\ recommends conducting similar assessments on an annual basis by internal or third-party assessors to ensure the continued success of the controls.
%%%%%%%%%%%%%%%%%%%%%%%%%
% Contact Information %
%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Contact Information}
\begin{table}[htpb]
\centering
\label{tab:contactInfo}
\begin{tabular}{|p{2cm}|p{2cm}|p{8.5cm}|}
\hline
\rowcolor{dark-blue}
{\textcolor{white}{\textbf{Name}}} & {\textcolor{white}{\textbf{Title}}} & {\textcolor{white}{\textbf{Contact Information}}} \\ \hline
\rowcolor{light-blue}
\multicolumn{2}{|l|}{\companyName} & {} \\ \hline
John Doe & CTO & Phone: 123456789\hfill\break Email: john@company.com \\ \hline
\rowcolor{light-blue}
\multicolumn{3}{|l|}{\pentester} \\ \hline
Sudneo & Pentester & Phone: 123456789\hfill\break Email: sudneo@sudneo.me \\ \hline
\end{tabular}
\end{table}
\clearpage
%%%%%%%%%%%%%%%%%%%%%%%%%
% Assessment Overview %
%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Assessment Overview}
From December 2nd, 2022 to December 9th, 2022, \pentesterShort\ engaged \companyNameShort\ to evaluate the security posture of its infrastructure compared to current industry best practices that included a penetration test. All testing performed is based on the NIST SP 800-115 Technical Guide to Information Security Testing and Assessment, OWASP Testing Guide (v4), and customized testing frameworks.
Phases of penetration testing activities include the following:
\begin{itemize}
\item Planning – Customer goals are gathered and rules of engagement obtained.
\item Discovery – Perform scanning and enumeration to identify potential vulnerabilities, weak areas, and exploits.
\item Attack – Confirm potential vulnerabilities through exploitation and perform additional discovery upon new access.
\item Reporting – Document all found vulnerabilities and exploits, failed attempts, and company strengths and weaknesses.
\end{itemize}
\begin{figure}[h]
\centering
\includegraphics[width=\textwidth]{Logos/flow.png}
\caption{Phases of penetration testing activities}
\label{fig:phases_of_penetration_testing_activities}
\end{figure}
%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Assessment Components %
%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Assessment Components}
\label{sec:assessment_components}
A penetration test emulates the role of an attacker attempting to gain access to an internal network without internal resources or inside knowledge. \pentester attempts to gather sensitive information through open-source intelligence (OSINT), including employee information, historical breached passwords, and more that can be leveraged against external systems to gain internal network access. \pentester also performs scanning and enumeration to identify potential vulnerabilities in hopes of exploitation.
\clearpage
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Findings Severity Classification %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Findings Severity Classification}
\label{sec:findings_severity_classification}
The following table defines levels of severity and corresponding CVSS score range that are used throughout the document to assess vulnerability and risk impact.
\begin{table}[htpb]
\begin{tabular}{|p{2.5cm}|p{2.5cm}|p{9.5cm}|}
\hline
\rowcolor{heading-grey}\multicolumn{1}{|>{\centering\arraybackslash}m{25mm}|}{\textcolor{white}{\textbf{Severity}}} &
\multicolumn{1}{>{\centering\arraybackslash}m{25mm}|}{\textcolor{white}{\textbf{CVSS v3 Score Range}}} &
\multicolumn{1}{>{\centering\arraybackslash}m{95mm}|}{\textcolor{white}{\textbf{Definition}}} \\ \hline
\cellcolor{Critical}\textcolor{white}{\textbf{Critical}} & 9.0-10.0 & Exploitation is straightforward and usually results in system-level compromise. It is advised to form a plan of action and patch immediately. \\ \hline
\cellcolor{High}\textcolor{white}{\textbf{High}} & 7.0-8.9 & Exploitation is more difficult but could cause elevated privileges and potentially a loss of data or downtime. It is advised to form a plan of action and patch as soon as possible. \\ \hline
\cellcolor{Medium}\textcolor{white}{\textbf{Medium}} & 4.0-6.9 & Vulnerabilities exist but are not exploitable or require extra steps such as social engineering. It is advised to form a plan of action and patch after high-priority issues have been resolved. \\ \hline
\cellcolor{Low}\textcolor{white}{\textbf{Low}} & 0.1-3.9 & Vulnerabilities are non-exploitable but would reduce an organization’s attack surface. It is advised to form a plan of action and patch during the next maintenance window. \\ \hline \cellcolor{Info}\textcolor{white}{\textbf{Informational}} & N/A & No vulnerability exists. Additional information is provided regarding items noticed during testing, strong controls, and additional documentation. \\ \hline
\end{tabular}
\caption{Summary of the findings severity classification used.}
\label{tab:severityClassification}
\end{table}
%%%%%%%%%%%
% Scope %
%%%%%%%%%%%
\section{Scope}
\label{sec:scope}
The overview of the scope of the engagement is described in Table \ref{tab:scopeEngagement}.
\begin{table}[htpb]
\centering
\begin{tabular}{|p{5.5cm}|p{6.5cm}|}
\hline
\rowcolor{heading-grey}\textcolor{white}{\textbf{Assesment}} & \textcolor{white}{\textbf{Details}} \\ \hline
External Penetration Test & 10.10.10.0/24 \hfill\break random.com \\ \hline
\end{tabular}
\caption{Scope of the engagement}
\label{tab:scopeEngagement}
\end{table}
%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Scope:Scope Exclusion %
%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Scope Exclusion}
\label{sub:scope_exclusion}
Per client request, \pentesterShort\ did not perform any Denial of Service %attacks during testing.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Scope:Client Allowances %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Client Allowances}
\label{sub:client_allowances}
\companyNameShort\ did not provide any allowances to assist the testing.
%%%%%%%%%%%%%%%%%%%%%%%
% Executive Summary %
%%%%%%%%%%%%%%%%%%%%%%%
\clearpage
\section{Executive Summary}
\label{sec:executive_summary}
PENTESTER evaluated \companyName' external security posture through an external network penetration test from December 2nd to December 9th, 2022. The test consisted of a series of attacks designed to uncover vulnerabilities in \companyName' systems. Unfortunately, \pentester found several critical vulnerabilities that could allow an attacker to gain full access to \companyName' internal network and control of the DMZ. It is highly recommended that \companyName address these vulnerabilities as soon as possible, as they are easily discovered and exploited with minimal effort. Failure to address these vulnerabilities could result in a significant security breach for \companyName.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Executive Summary:Attack Summary %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Attack Summary}
\label{sub:attack_summary}
The following table describes how \pentesterShort\ gained internal network access, step by step.
\begin{table}[htpb]
\centering
\label{tab:attackSummary}
\begin{tabular}{|p{1cm}|p{5cm}|p{6cm}|}
\hline
\rowcolor{heading-grey}\multicolumn{1}{|>{\centering\arraybackslash}m{10mm}|}{\textcolor{white}{\textbf{Step}}} &
\multicolumn{1}{>{\centering\arraybackslash}m{50mm}|}{\textcolor{white}{\textbf{Action}}} &
\multicolumn{1}{>{\centering\arraybackslash}m{60mm}|}{\textcolor{white}{\textbf{Recommendation}}} \\ \hline
1 & Perform port scan on \companyNameShort's infrastructure & Disable or protect ports which don't need to be public. \\ \hline
\end{tabular}
\caption{Attack Summary}
\end{table}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Executive Summary:Security Strengths %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Security Strengths}%
\label{sub:security_strengths}
\paragraph{SIEM alerts of vulnerability scan}%
\label{par:siem_alerts_of_vulnerability_scan}
During the assessment, the \companyNameShort\ security team alerted \pentesterShort\ engineers of detected vulnerability scanning against their systems. The team was successfully able to identify the \pentesterShort\ engineer’s attacker IP address within minutes of scanning and was capable of blacklisting \pentesterShort\ from further scanning actions.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Executive Summary:Security Weaknesses %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Security Weaknesses}
\label{sub:security_weaknesses}
\paragraph{Missing Password Policy}
\label{par:missing_password_policy}
\pentesterShort\ successfully performed password attacks using lists of common passwords. Several systems of \companyNameShort\ were compromised using this method. Enabling a password policy that requires a minimum password complexity could protect the organization from similar attacks.
\clearpage
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Vulnerabilities by Impact %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Vulnerabilities by Impact}
\label{sec:vulnerabilities_by_impact}
Figure \ref{fig:vulnerabilities_by_impact} illustrates the vulnerabilities found by impact.
%\begin{figure}[h]
% \caption{Vulnerabilities by Impact}
% \label{fig:vulnerabilities_by_impact}
% \includegraphics[width=\textwidth]{vulnsbyimpact.png}
%\end{figure}
\clearpage
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% External Penetration Test Findings %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{External Penetration Test Findings}%
\label{sec:external_penetration_test_findings}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Findings Subsections - Insert from HERE %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\subsection{Insufficient Lockout Policy - Outlook Web App (Critical)}%
\label{sub:insufficient_lockout_policy_outlook_web_app_critical_}
\begin{table}[htpb]
\centering
\begin{tabular}{|p{3cm}|p{9cm}|}
\hline
\cellcolor{heading-grey}\textbf{Description:} &
\companyNameShort\ allowed unlimited logon attempts against their Outlook Web App (OWA) services. This configuration allowed brute force and password guessing attacks in which \pentesterShort\ used to gain access to \companyNameShort ’s internal network. \\ \hline
\cellcolor{heading-grey}\textbf{Impact:} & \cellcolor{Critical}Critical \\ \hline
\cellcolor{heading-grey} \textbf{System:} &
10.100.0.1 \\ \hline
\cellcolor{heading-grey} \textbf{References:} &
\begin{itemize}
\item \href{https://nvd.nist.gov/800-53/Rev4/control/AC-17}{NIST SP800-53r4 AC-17} - Remote Access
\item \href{https://nvd.nist.gov/800-53/Rev4/control/AC-17}{NIST SP800-53r4 AC-7(1)} - Unsuccessful Logon Attempts; Automatic Account Lock
\end{itemize} \\ \hline
\end{tabular}
\end{table}
\subsubsection{Exploitation Proof of Concept}%
\label{ssub:exploitation_proof_of_concept}
\pentesterShort\ gathered historical breached data found in credentials dumps. The data amounted to 868 total account credentials (Note: A full list of compromised accounts can be found in “Demo Company-867-19 Full Findings.xslx”.).
\pentesterShort\ used the gathered credentials to perform a credential stuffing attack against the OWA login page. Credential stuffing attacks take previously known credentials and attempt to use them on login forms to gain access to company resources. \pentesterShort\ was unsuccessful in the attack but was able to gather additional sensitive information from the OWA server in the form of username enumeration.
\subsubsection{Remediation}%
\label{ssub:remediation}
\begin{longtable}[htpb]{|p{2cm}|p{12cm}|}
\hline
\cellcolor{dark-green}\textbf{Who:} & IT Team \\ \hline
\cellcolor{dark-green}\textbf{Vector:} & Remote \\ \hline
\multicolumn{2}{|l|}{\cellcolor{dark-green} \textbf{Actions:}} \\ \hline
1 & VPN and OWA login with valid credentials did not require Multi-Factor Authentication (MFA). \pentesterShort\ recommends \companyNameShort\ implement and enforce MFA across all external-facing login services. \\ \hline
2 & OWA permitted unlimited login attempts. \pentesterShort\ recommends \companyNameShort\ restrict logon attempts against their service. \\ \hline
3 & \companyNameShort\ permitted a successful login via a password spraying attack, signifying a weak password policy. \pentesterShort\ recommends the following password policy, per the Center for Internet Security (CIS):
\begin{itemize}
\item 14 characters or longer
\item Use different passwords for each account accessed
\item Do not use words and proper names in passwords, regardless of language
\end{itemize} \\ \hline
4 & OWA permitted user enumeration.\pentesterShort\ recommends \companyNameShort\ synchronize valid and invalid account messages. Additionally, \pentesterShort\ recommends that \companyNameShort\ :
\begin{itemize}
\item Train employees on how to create a proper password
\item Check employee credentials against known breached passwords
\item Discourage employees from using work emails and usernames as login credentials to other services unless absolutely necessary
\end{itemize} \\ \hline
\end{longtable}
\pagebreak
% Subsection for finding Unprotected Backup File
\subsection{\textcolor{Low}{Unprotected Backup File (Low)}}
\begin{table}[htpb]
\centering
\begin{tabular}{|p{3cm}|p{9cm}|}
\hline
\cellcolor{heading-grey}\textbf{Description:} &
% Description ---
The file backup.zip is left unprotected on a server \\ \hline
% ---------------
\cellcolor{heading-grey}\textbf{Impact:} & \cellcolor{Low}Low \\ \hline
\cellcolor{heading-grey} \textbf{System:} &
% Affected Systems ---
10.100.0.10 \\ \hline
% --------------------
\cellcolor{heading-grey} \textbf{References:} &
% References ---
\begin{itemize}
\item \href{https://owasp.org}{Owasp} - Page on files permissions
\end{itemize} \\ \hline
% --------------
\end{tabular}
\end{table}
\subsubsection{Exploitation Proof of Concept}%
% PoC text ---
To find the file \pentesterShort\ accessed the machine 10.100.0.10 and verified the following:
\begin{verbatim}
file /var/backups/backups.zip
\end{verbatim}
% ------------
\subsubsection{Remediation}
\begin{longtable}[htpb]{|p{2cm}|p{12cm}|}
\hline
\cellcolor{dark-green}\textbf{Who:} &
% Responsible Team ---
Operations \\ \hline
% --------------------
\cellcolor{dark-green}\textbf{Vector:} &
% Vector ---
Local \\ \hline
% ----------
\multicolumn{2}{|l|}{\cellcolor{dark-green} \textbf{Actions:}} \\ \hline
% Actions ---
1 & Delete the file or restrict its permissions \\ \hline
% -----------
\end{longtable}
\pagebreak
% Subsection for finding Exposed service
\subsection{\textcolor{Moderate}{Exposed service (Moderate)}}
\begin{table}[htpb]
\centering
\begin{tabular}{|p{3cm}|p{9cm}|}
\hline
\cellcolor{heading-grey}\textbf{Description:} &
% Description ---
Some server's port is open and unprotected \\ \hline
% ---------------
\cellcolor{heading-grey}\textbf{Impact:} & \cellcolor{Moderate}Moderate \\ \hline
\cellcolor{heading-grey} \textbf{System:} &
% Affected Systems ---
10.100.0.11 \\ \hline
% --------------------
\cellcolor{heading-grey} \textbf{References:} &
% References ---
N/A \\ \hline
% --------------
\end{tabular}
\end{table}
\subsubsection{Exploitation Proof of Concept}%
% PoC text ---
All it takes is a Curl request:
\begin{verbatim}
curl -XPOST https://10.100.0.11/gimmefile.php -d 'file=test.txt'
\end{verbatim}
% ------------
\subsubsection{Remediation}
\begin{longtable}[htpb]{|p{2cm}|p{12cm}|}
\hline
\cellcolor{dark-green}\textbf{Who:} &
% Responsible Team ---
IT team \\ \hline
% --------------------
\cellcolor{dark-green}\textbf{Vector:} &
% Vector ---
Remote \\ \hline
% ----------
\multicolumn{2}{|l|}{\cellcolor{dark-green} \textbf{Actions:}} \\ \hline
% Actions ---
1 & Close the port if not public \\ \hline
% -----------
\end{longtable}
\pagebreak
% Subsection for finding Bad Server Name
\subsection{\textcolor{Informational}{Bad Server Name (Informational)}}
\begin{table}[htpb]
\centering
\begin{tabular}{|p{3cm}|p{9cm}|}
\hline
\cellcolor{heading-grey}\textbf{Description:} &
% Description ---
Some server names are hard to memorize \\ \hline
% ---------------
\cellcolor{heading-grey}\textbf{Impact:} & \cellcolor{Informational}Informational \\ \hline
\cellcolor{heading-grey} \textbf{System:} &
% Affected Systems ---
hjwowjsmc.example.org \\ \hline
% --------------------
\cellcolor{heading-grey} \textbf{References:} &
% References ---
N/A \\ \hline
% --------------
\end{tabular}
\end{table}
\subsubsection{Exploitation Proof of Concept}%
% PoC text ---
\begin{verbatim}
hostname
\end{verbatim}
% ------------
\subsubsection{Remediation}
\begin{longtable}[htpb]{|p{2cm}|p{12cm}|}
\hline
\cellcolor{dark-green}\textbf{Who:} &
% Responsible Team ---
IT Team \\ \hline
% --------------------
\cellcolor{dark-green}\textbf{Vector:} &
% Vector ---
Local \\ \hline
% ----------
\multicolumn{2}{|l|}{\cellcolor{dark-green} \textbf{Actions:}} \\ \hline
% Actions ---
1 & Rename the server \\ \hline
% -----------
\end{longtable}
\pagebreak
% Subsection for finding SQL Injection in Backoffice
\subsection{\textcolor{High}{SQL Injection in Backoffice (High)}}
\begin{table}[htpb]
\centering
\begin{tabular}{|p{3cm}|p{9cm}|}
\hline
\cellcolor{heading-grey}\textbf{Description:} &
% Description ---
The Backoffice site has multiple SQL Injections \\ \hline
% ---------------
\cellcolor{heading-grey}\textbf{Impact:} & \cellcolor{High}High \\ \hline
\cellcolor{heading-grey} \textbf{System:} &
% Affected Systems ---
backoffice.example.org \\ \hline
% --------------------
\cellcolor{heading-grey} \textbf{References:} &
% References ---
\begin{itemize}
\item \href{https://nist.gov}{Nist Reference} - Nist Input validation
\end{itemize} \\ \hline
% --------------
\end{tabular}
\end{table}
\subsubsection{Exploitation Proof of Concept}%
% PoC text ---
\pentesterShort\ managed to exploit several vulnerabilities
\begin{verbatim}
curl https://backoffice.example.org?id=1' OR '1'='1'\#
\end{verbatim}
% ------------
\subsubsection{Remediation}
\begin{longtable}[htpb]{|p{2cm}|p{12cm}|}
\hline
\cellcolor{dark-green}\textbf{Who:} &
% Responsible Team ---
Development Team \\ \hline
% --------------------
\cellcolor{dark-green}\textbf{Vector:} &
% Vector ---
Remote \\ \hline
% ----------
\multicolumn{2}{|l|}{\cellcolor{dark-green} \textbf{Actions:}} \\ \hline
% Actions ---
1 & Implement Input validation for the id parameter \\ \hline
2 & parameter \\ \hline
% -----------
\end{longtable}
\pagebreak
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% Additional Reports and Scans %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\newpage
\section{Additional Reports and Scans (Informational)}%
\label{sec:additional_reports_and_scans_informational}
\pentesterShort\ provides all clients with all report information gathered during testing. This includes vulnerability scans and a detailed findings spreadsheet. For more information, please see the following documents:
\begin{itemize}
\item Demo Company-867-19 Full Findings.xslx
\item Demo Company-867-19 Vulnerability Scan Summary.xslx
\item Demo Company-867-19 Vulnerability Scan by Host.pdf
\end{itemize}
\end{document}
\end{documentxLast updated