ZAP Scanning Report

Site: https://v4.lolagrove.com

Generated on Fri, 12 May 2023 15:56:05

Summary of Alerts

Risk Level Number of Alerts
High
1
Medium
7
Low
7
Informational
4
False Positives:
0

Alerts

Name Risk Level Number of Instances
Path Traversal High 1
Absence of Anti-CSRF Tokens Medium 4
Anti-CSRF Tokens Check Medium 4
Content Security Policy (CSP) Header Not Set Medium 15
Missing Anti-clickjacking Header Medium 6
Proxy Disclosure Medium 47
Relative Path Confusion Medium 3
Vulnerable JS Library Medium 1
Cookie Slack Detector Low 44
Cookie Without Secure Flag Low 4
Cookie without SameSite Attribute Low 2
Cross-Domain JavaScript Source File Inclusion Low 13
Timestamp Disclosure - Unix Low 464
X-AspNet-Version Response Header Low 11
X-Content-Type-Options Header Missing Low 21
Cookie Slack Detector Informational 1
Information Disclosure - Suspicious Comments Informational 24
Re-examine Cache-control Directives Informational 8
User Agent Fuzzer Informational 56

Alert Detail

High
Path Traversal
Description
The Path Traversal attack technique allows an attacker access to files, directories, and commands that potentially reside outside the web document root directory. An attacker may manipulate a URL in such a way that the web site will execute or reveal the contents of arbitrary files anywhere on the web server. Any device that exposes an HTTP-based interface is potentially vulnerable to Path Traversal.

Most web sites restrict user access to a specific portion of the file-system, typically called the "web document root" or "CGI root" directory. These directories contain the files intended for user access and the executable necessary to drive web application functionality. To access files or execute commands anywhere on the file-system, Path Traversal attacks will utilize the ability of special-characters sequences.

The most basic Path Traversal attack uses the "../" special-character sequence to alter the resource location requested in the URL. Although most popular web servers will prevent this technique from escaping the web document root, alternate encodings of the "../" sequence may help bypass the security filters. These method variations include valid and invalid Unicode-encoding ("..%u2216" or "..%c0%af") of the forward slash character, backslash characters ("..\") on Windows-based servers, URL encoded characters "%2e%2e%2f"), and double URL encoding ("..%255c") of the backslash character.

Even if the web server properly restricts Path Traversal attempts in the URL path, a web application itself may still be vulnerable due to improper handling of user-supplied input. This is a common problem of web applications that use template mechanisms or load static text from files. In variations of the attack, the original URL parameter value is substituted with the file name of one of the web application's dynamic scripts. Consequently, the results can reveal source code because the file is interpreted as text instead of an executable script. These techniques often employ additional special characters such as the dot (".") to reveal the listing of the current working directory, or "%00" NULL characters in order to bypass rudimentary file extension checks.
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter Name
Attack \ResetPassword
Evidence
Instances 1
Solution
Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use an allow list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. Do not rely exclusively on looking for malicious or malformed inputs (i.e., do not rely on a deny list). However, deny lists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if you are expecting colors such as "red" or "blue."

For filenames, use stringent allow lists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses, and exclude directory separators such as "/". Use an allow list of allowable file extensions.

Warning: if you attempt to cleanse your data, then do so that the end result is not in the form that can be dangerous. A sanitizing mechanism can remove characters such as '.' and ';' which may be required for some exploits. An attacker can try to fool the sanitizing mechanism into "cleaning" data into a dangerous form. Suppose the attacker injects a '.' inside a filename (e.g. "sensi.tiveFile") and the sanitizing mechanism removes the character resulting in the valid filename, "sensitiveFile". If the input data are now assumed to be safe, then the file may be compromised.

Inputs should be decoded and canonicalized to the application's current internal representation before being validated. Make sure that your application does not decode the same input twice. Such errors could be used to bypass allow list schemes by introducing dangerous inputs after they have been checked.

Use a built-in path canonicalization function (such as realpath() in C) that produces the canonical version of the pathname, which effectively removes ".." sequences and symbolic links.

Run your code using the lowest privileges that are required to accomplish the necessary tasks. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.

Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by your software.

OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For example, java.io.FilePermission in the Java SecurityManager allows you to specify restrictions on file operations.

This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
Reference http://projects.webappsec.org/Path-Traversal
http://cwe.mitre.org/data/definitions/22.html
CWE Id 22
WASC Id 33
Plugin Id 6
Medium
Absence of Anti-CSRF Tokens
Description
No Anti-CSRF tokens were found in a HTML submission form.

A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

CSRF attacks are effective in a number of situations, including:

* The victim has an active session on the target site.

* The victim is authenticated via HTTP auth on the target site.

* The victim is on the same local network as the target site.

CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
URL https://v4.lolagrove.com
Method GET
Parameter
Attack
Evidence <form action="/" class="validate smart-form client-form form-horizontal" id="smartValForm" method="post">
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack
Evidence <form action="/" class="validate smart-form client-form form-horizontal" id="smartValForm" method="post">
URL https://v4.lolagrove.com/Login
Method GET
Parameter
Attack
Evidence <form action="/" class="validate smart-form client-form form-horizontal" id="smartValForm" method="post">
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter
Attack
Evidence <form action="/ResetPassword" class="client-form validate smart-form" id="smartValForm" method="post">
Instances 4
Solution
Phase: Architecture and Design

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, use anti-CSRF packages such as the OWASP CSRFGuard.

Phase: Implementation

Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

Phase: Architecture and Design

Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

Note that this can be bypassed using XSS.

Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

Note that this can be bypassed using XSS.

Use the ESAPI Session Management control.

This control includes a component for CSRF.

Do not use the GET method for any request that triggers a state change.

Phase: Implementation

Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
Reference http://projects.webappsec.org/Cross-Site-Request-Forgery
http://cwe.mitre.org/data/definitions/352.html
CWE Id 352
WASC Id 9
Plugin Id 10202
Medium
Anti-CSRF Tokens Check
Description
A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf.

CSRF attacks are effective in a number of situations, including:

* The victim has an active session on the target site.

* The victim is authenticated via HTTP auth on the target site.

* The victim is on the same local network as the target site.

CSRF has primarily been used to perform an action against a target site using the victim's privileges, but recent techniques have been discovered to disclose information by gaining access to the response. The risk of information disclosure is dramatically increased when the target site is vulnerable to XSS, because XSS can be used as a platform for CSRF, allowing the attack to operate within the bounds of the same-origin policy.
URL https://v4.lolagrove.com
Method GET
Parameter
Attack
Evidence <form action="/" class="validate smart-form client-form form-horizontal" id="smartValForm" method="post">
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack
Evidence <form action="/" class="validate smart-form client-form form-horizontal" id="smartValForm" method="post">
URL https://v4.lolagrove.com/Login
Method GET
Parameter
Attack
Evidence <form action="/" class="validate smart-form client-form form-horizontal" id="smartValForm" method="post">
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter
Attack
Evidence <form action="/ResetPassword" class="client-form validate smart-form" id="smartValForm" method="post">
Instances 4
Solution
Phase: Architecture and Design

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, use anti-CSRF packages such as the OWASP CSRFGuard.

Phase: Implementation

Ensure that your application is free of cross-site scripting issues, because most CSRF defenses can be bypassed using attacker-controlled script.

Phase: Architecture and Design

Generate a unique nonce for each form, place the nonce into the form, and verify the nonce upon receipt of the form. Be sure that the nonce is not predictable (CWE-330).

Note that this can be bypassed using XSS.

Identify especially dangerous operations. When the user performs a dangerous operation, send a separate confirmation request to ensure that the user intended to perform that operation.

Note that this can be bypassed using XSS.

Use the ESAPI Session Management control.

This control includes a component for CSRF.

Do not use the GET method for any request that triggers a state change.

Phase: Implementation

Check the HTTP Referer header to see if the request originated from an expected page. This could break legitimate functionality, because users or proxies may have disabled sending the Referer for privacy reasons.
Reference http://projects.webappsec.org/Cross-Site-Request-Forgery
http://cwe.mitre.org/data/definitions/352.html
CWE Id 352
WASC Id 9
Plugin Id 20012
Medium
Content Security Policy (CSP) Header Not Set
Description
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
URL https://v4.lolagrove.com
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts/vendor/excanvas.js
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts/vendor/html5shiv.js
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/font-awesome/fontawesome-webfont.woff2?v=4.5.0
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/glyphicons-halflings-regular.woff2
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img/mybg.png
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Login
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/robots.txt
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Security
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/sitemap.xml
Method GET
Parameter
Attack
Evidence
Instances 15
Solution
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header, to achieve optimal browser support: "Content-Security-Policy" for Chrome 25+, Firefox 23+ and Safari 7+, "X-Content-Security-Policy" for Firefox 4.0+ and Internet Explorer 10+, and "X-WebKit-CSP" for Chrome 14+ and Safari 6+.
Reference https://developer.mozilla.org/en-US/docs/Web/Security/CSP/Introducing_Content_Security_Policy
https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
http://www.w3.org/TR/CSP/
http://w3c.github.io/webappsec/specs/content-security-policy/csp-specification.dev.html
http://www.html5rocks.com/en/tutorials/security/content-security-policy/
http://caniuse.com/#feat=contentsecuritypolicy
http://content-security-policy.com/
CWE Id 693
WASC Id 15
Plugin Id 10038
Medium
Missing Anti-clickjacking Header
Description
The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
URL https://v4.lolagrove.com
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://v4.lolagrove.com/
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://v4.lolagrove.com/Login
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter X-Frame-Options
Attack
Evidence
URL https://v4.lolagrove.com/Security
Method GET
Parameter X-Frame-Options
Attack
Evidence
Instances 6
Solution
Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.

If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
Reference https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
CWE Id 1021
WASC Id 15
Plugin Id 10020
Medium
Proxy Disclosure
Description
1 proxy server(s) were detected or fingerprinted. This information helps a potential attacker to determine

- A list of targets for an attack against the application.

- Potential vulnerabilities on the proxy servers that service the application.

- The presence or absence of any proxy-based components that might cause attacks against the application to be detected, prevented, or mitigated.
URL https://v4.lolagrove.com
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/content
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts/vendor
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts/vendor/excanvas.js
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts/vendor/html5shiv.js
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/css
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/css/font
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/css/font/fontawesome-webfont.woff?v=3.0.1
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/images
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/images/mybg.png
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/content/images
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/images/flags.png
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/content/images/lolagrove-logo.png
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/font-awesome
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/font-awesome/fontawesome-webfont.woff2?v=4.5.0
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/font-awesome/fontawesome-webfont.woff?v=4.5.0
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/glyphicons-halflings-regular.woff
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/glyphicons-halflings-regular.woff2
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/Static-SmartAdmin-plugin?v=Nk_BA4_D6QdprHYUmZjftJu7_FejdTkUj5AZuCHkBec1
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/Static-WebPage?v=5KK7b6lsRY84qIsnoxDrHQrsUFu1RAggJLdR79IanpI1
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img/mybg.png
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/favicon.ico
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Login
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/robots.txt
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Scripts
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Scripts/pdf
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Security
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/sitemap.xml
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Smart-Admin-Style?v=ulrGW1N23hVR-R0qXjJFmWpvLAER6FlF8K7rhcDxQZw1
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Static-Webpage?v=usXVu7g81Ous_JFAorPfuwz8Or6f1E6n8ObEYAY1DDo1
Method GET
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter
Attack TRACE, OPTIONS methods with 'Max-Forwards' header. TRACK method.
Evidence
Instances 47
Solution
Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server.

Disable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross Origin Resource Sharing).

Configure the web and application servers with custom error pages, to prevent 'fingerprintable' product-specific error pages being leaked to the user in the event of HTTP errors, such as 'TRACK' requests for non-existent pages.

Configure all proxies, application servers, and web servers to prevent disclosure of the technology and version information in the 'Server' and 'X-Powered-By' HTTP response headers.
Reference https://tools.ietf.org/html/rfc7231#section-5.1.2
CWE Id 200
WASC Id 45
Plugin Id 40025
Medium
Relative Path Confusion
Description
The web server is configured to serve responses to ambiguous URLs in a manner that is likely to lead to confusion about the correct "relative path" for the URL. Resources (CSS, images, etc.) are also specified in the page response using relative, rather than absolute URLs. In an attack, if the web browser parses the "cross-content" response in a permissive manner, or can be tricked into permissively parsing the "cross-content" response, using techniques such as framing, then the web browser may be fooled into interpreting HTML as CSS (or other content types), leading to an XSS vulnerability.
URL https://v4.lolagrove.com/favicon.ico
Method GET
Parameter
Attack https://v4.lolagrove.com/favicon.ico/xm3ib/196nm
Evidence <a class="fa-icon fa-lock" href="Register">Register</a>
URL https://v4.lolagrove.com/robots.txt
Method GET
Parameter
Attack https://v4.lolagrove.com/robots.txt/xm3ib/196nm
Evidence <a class="fa-icon fa-lock" href="Register">Register</a>
URL https://v4.lolagrove.com/sitemap.xml
Method GET
Parameter
Attack https://v4.lolagrove.com/sitemap.xml/xm3ib/196nm
Evidence <a class="fa-icon fa-lock" href="Register">Register</a>
Instances 3
Solution
Web servers and frameworks should be updated to be configured to not serve responses to ambiguous URLs in such a way that the relative path of such URLs could be mis-interpreted by components on either the client side, or server side.

Within the application, the correct use of the "<base>" HTML tag in the HTTP response will unambiguously specify the base URL for all relative URLs in the document.

Use the "Content-Type" HTTP response header to make it harder for the attacker to force the web browser to mis-interpret the content type of the response.

Use the "X-Content-Type-Options: nosniff" HTTP response header to prevent the web browser from "sniffing" the content type of the response.

Use a modern DOCTYPE such as "<!doctype html>" to prevent the page from being rendered in the web browser using "Quirks Mode", since this results in the content type being ignored by the web browser.

Specify the "X-Frame-Options" HTTP response header to prevent Quirks Mode from being enabled in the web browser using framing attacks.
Reference http://www.thespanner.co.uk/2014/03/21/rpo/
https://hsivonen.fi/doctype/
http://www.w3schools.com/tags/tag_base.asp
CWE Id 20
WASC Id 20
Plugin Id 10051
Medium
Vulnerable JS Library
Description
The identified library jquery, version 2.1.1 is vulnerable.
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence /*! jQuery v2.1.1
Instances 1
Solution
Please upgrade to the latest version of jquery.
Reference https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
http://research.insecurelabs.org/jquery/test/
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://nvd.nist.gov/vuln/detail/CVE-2019-11358
https://nvd.nist.gov/vuln/detail/CVE-2015-9251
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://bugs.jquery.com/ticket/11974
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
CWE Id 829
WASC Id
Plugin Id 10003
Low
Cookie Slack Detector
Description
Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.
URL https://v4.lolagrove.com
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts/vendor
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts/vendor/excanvas.js
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts/vendor/html5shiv.js
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/css
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/css/font
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/css/font/fontawesome-webfont.woff?v=3.0.1
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/images
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/images/mybg.png
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/images
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/images/flags.png
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/content/images/lolagrove-logo.png
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/font-awesome
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/font-awesome/fontawesome-webfont.woff2?v=4.5.0
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/font-awesome/fontawesome-webfont.woff?v=4.5.0
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/glyphicons-halflings-regular.woff
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/glyphicons-halflings-regular.woff2
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/Static-SmartAdmin-plugin?v=Nk_BA4_D6QdprHYUmZjftJu7_FejdTkUj5AZuCHkBec1
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/Static-WebPage?v=5KK7b6lsRY84qIsnoxDrHQrsUFu1RAggJLdR79IanpI1
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img/mybg.png
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/favicon.ico
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Login
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Scripts
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Scripts/pdf
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Security
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Smart-Admin-Style?v=ulrGW1N23hVR-R0qXjJFmWpvLAER6FlF8K7rhcDxQZw1
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Static-Webpage?v=usXVu7g81Ous_JFAorPfuwz8Or6f1E6n8ObEYAY1DDo1
Method GET
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter
Attack
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter
Attack
Evidence
Instances 44
Solution
Reference http://projects.webappsec.org/Fingerprinting
CWE Id 200
WASC Id 45
Plugin Id 90027
Low
Cookie Without Secure Flag
Description
A cookie has been set without the secure flag, which means that the cookie can be accessed via unencrypted connections.
URL https://v4.lolagrove.com
Method GET
Parameter ASP.NET_SessionId
Attack
Evidence Set-Cookie: ASP.NET_SessionId
URL https://v4.lolagrove.com/
Method GET
Parameter ASP.NET_SessionId
Attack
Evidence Set-Cookie: ASP.NET_SessionId
URL https://v4.lolagrove.com/Register
Method GET
Parameter __RequestVerificationToken
Attack
Evidence Set-Cookie: __RequestVerificationToken
URL https://v4.lolagrove.com/registration
Method GET
Parameter __RequestVerificationToken
Attack
Evidence Set-Cookie: __RequestVerificationToken
Instances 4
Solution
Whenever a cookie contains sensitive information or is a session token, then it should always be passed using an encrypted channel. Ensure that the secure flag is set for cookies containing such sensitive information.
Reference https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes.html
CWE Id 614
WASC Id 13
Plugin Id 10011
Low
Cookie without SameSite Attribute
Description
A cookie has been set without the SameSite attribute, which means that the cookie can be sent as a result of a 'cross-site' request. The SameSite attribute is an effective counter measure to cross-site request forgery, cross-site script inclusion, and timing attacks.
URL https://v4.lolagrove.com/Register
Method GET
Parameter __RequestVerificationToken
Attack
Evidence Set-Cookie: __RequestVerificationToken
URL https://v4.lolagrove.com/registration
Method GET
Parameter __RequestVerificationToken
Attack
Evidence Set-Cookie: __RequestVerificationToken
Instances 2
Solution
Ensure that the SameSite attribute is set to either 'lax' or ideally 'strict' for all cookies.
Reference https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site
CWE Id 1275
WASC Id 13
Plugin Id 10054
Low
Cross-Domain JavaScript Source File Inclusion
Description
The page includes one or more script files from a third-party domain.
URL https://v4.lolagrove.com
Method GET
Parameter https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Attack
Evidence <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"></script>
URL https://v4.lolagrove.com
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-25670708-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-25670708-1"></script>
URL https://v4.lolagrove.com/
Method GET
Parameter https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Attack
Evidence <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"></script>
URL https://v4.lolagrove.com/
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-25670708-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-25670708-1"></script>
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-25670708-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-25670708-1"></script>
URL https://v4.lolagrove.com/Login
Method GET
Parameter https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Attack
Evidence <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"></script>
URL https://v4.lolagrove.com/Login
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-25670708-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-25670708-1"></script>
URL https://v4.lolagrove.com/Register
Method GET
Parameter https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Attack
Evidence <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"></script>
URL https://v4.lolagrove.com/Register
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-25670708-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-25670708-1"></script>
URL https://v4.lolagrove.com/registration
Method GET
Parameter https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Attack
Evidence <script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"></script>
URL https://v4.lolagrove.com/registration
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-25670708-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-25670708-1"></script>
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-25670708-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-25670708-1"></script>
URL https://v4.lolagrove.com/Security
Method GET
Parameter https://www.googletagmanager.com/gtag/js?id=UA-25670708-1
Attack
Evidence <script async src="https://www.googletagmanager.com/gtag/js?id=UA-25670708-1"></script>
Instances 13
Solution
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
Reference
CWE Id 829
WASC Id 15
Plugin Id 10017
Low
Timestamp Disclosure - Unix
Description
A timestamp was disclosed by the application/web server - Unix
URL https://v4.lolagrove.com
Method GET
Parameter
Attack
Evidence 25670708
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack
Evidence 13392005
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack
Evidence 25670708
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter
Attack
Evidence 05443168
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter
Attack
Evidence 25670708
URL https://v4.lolagrove.com/content/images/lolagrove-logo.png
Method GET
Parameter
Attack
Evidence 23921171
URL https://v4.lolagrove.com/Content/Static-SmartAdmin-plugin?v=Nk_BA4_D6QdprHYUmZjftJu7_FejdTkUj5AZuCHkBec1
Method GET
Parameter
Attack
Evidence 428571429
URL https://v4.lolagrove.com/Content/Static-WebPage?v=5KK7b6lsRY84qIsnoxDrHQrsUFu1RAggJLdR79IanpI1
Method GET
Parameter
Attack
Evidence 428571429
URL https://v4.lolagrove.com/Content/Static-WebPage?v=5KK7b6lsRY84qIsnoxDrHQrsUFu1RAggJLdR79IanpI1
Method GET
Parameter
Attack
Evidence 42857143
URL https://v4.lolagrove.com/Content/Static-WebPage?v=5KK7b6lsRY84qIsnoxDrHQrsUFu1RAggJLdR79IanpI1
Method GET
Parameter
Attack
Evidence 80000000
URL https://v4.lolagrove.com/Login
Method GET
Parameter
Attack
Evidence 25670708
URL https://v4.lolagrove.com/Register
Method GET
Parameter
Attack
Evidence 25670708
URL https://v4.lolagrove.com/registration
Method GET
Parameter
Attack
Evidence 25670708
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter
Attack
Evidence 25670708
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1019803690
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1044525330
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1069501632
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1073741824
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1094730640
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1120210379
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1126891415
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1163531501
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1200080426
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1236535329
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1272893353
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1309151649
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1416354905
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1444681467
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 145523070
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1473231341
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1502002290
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1530992060
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 155497632
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1560198380
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 165796510
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1700485571
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1732584193
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1732584194
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1735328473
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 176418897
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1770035416
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1804603682
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1839030562
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1873313359
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 187363961
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1894986606
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1926607734
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1958414417
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 198630844
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 1990404162
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 2022574463
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 2054922799
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 271733878
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 271733879
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 30611744
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 343485551
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 35309556
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 358537222
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 373897302
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 38016083
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 389564586
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 40341101
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 405537848
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 421815835
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 45705983
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 51403784
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 530742520
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 568446438
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 57434055
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 606105819
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 640364487
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 643717713
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 660478335
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 680876936
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 681279174
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 701558691
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 718787259
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 722521979
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 76029189
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence 995338651
URL https://v4.lolagrove.com/Security
Method GET
Parameter
Attack
Evidence 25670708
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 00777012
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 01234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 0123456789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 01441234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 0212345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 0549886377
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 06031234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 061234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 0669812345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 08001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 08123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 09123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1000000000
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1001234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 10112345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 10123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 101234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1012345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 10234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 111112345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 11234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 112345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1123456789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 120123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 121231234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1212345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 122044444
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 123123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 12345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 123456789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1234567890
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1300123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1312345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 13331234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1342177279
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1409305260
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 14567890
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1481256789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1520123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1523456789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 152450911
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1534456789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 15441234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1546012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1599123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1600123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1624756789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 16412345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 16711680
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 16812345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 17001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1700123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 17123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1781234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 18000000
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 18001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1800123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 18012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 181234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1812345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1850123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1900123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1919123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 1921234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 198794158
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 20012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 20123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 201234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 2012345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 2015550123
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 20201234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 202012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 20211234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 20212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 202123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 2023123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 203123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 2042345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 20491234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 21001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 2101234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 21123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 211234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 2121234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 21212862
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 21231234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 21234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 212345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 2123456789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 21360003
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 2147483647
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 21612345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 221234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22171234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22201234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 222123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22221234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 222345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22453300
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22456789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 22501234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 23123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 231234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 234567890
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 23756789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 23821234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 249123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 250123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 25123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 26123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 262161234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 269601234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 27111234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 27123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 28012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 28212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 28901234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 294911911
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 30010000
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 300123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 301012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 30123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 301234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 30161234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 30212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 30234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 302345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 30241234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 310123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 311234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 312123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 31234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 312345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 32123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 321234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 322123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 32345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 323856789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 33123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 332021234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 333091234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 34101234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 35123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 35501234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 36001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 372123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 381234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 391234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 40001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 40041234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 401234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 40412345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 40612345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 41234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 412345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 43201234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 44123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 441234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 443201234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 470123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 48123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 50012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 500123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 50037123
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 50112345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 50123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 501234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 510012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 511234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 51234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 512345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 520123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 52512345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 528812345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 550123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 551234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 555123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 570123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 57123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 58001110
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 581234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 59012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 590201234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 590271234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 592401234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 594101234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 596301234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 599123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 600110000
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 600123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 600212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 601123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 601234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 602345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 60271234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 61123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 61221234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 61234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 612345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 62001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 62112345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 62123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 621234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 628123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 63012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 63123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 639012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 641234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 65012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 650123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 660234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 66123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 662123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 662345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 664123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 66661212
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 671234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 67622901
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 690001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 690123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 692123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 694201234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 696201234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 697861234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 700012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 70012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 700123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 70021234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 70123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 701234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 70341234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 706123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 70712345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 707123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 71123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 711234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 71171234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 712034567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 712123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 71234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 712345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 72001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 720123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 722123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 72345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 740123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 74123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 746612345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 75123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 751234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 760123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 76123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 761234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 770123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 77123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 771234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 77212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 77273012
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 77831001
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 780123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 78108780
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 78123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 781234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 790123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 79101234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 79123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 79561234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 800123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 800171234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80021234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 800223456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80071234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80080002
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80101234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80112345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 801123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 801234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80312345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 803123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 804123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80512345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 806123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 80812345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 808123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 810123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 81021234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 81101234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 81123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 811234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 81212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 81234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 812345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 816519475
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 818123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 82012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 82123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 821234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 83123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 840123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 84123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 848123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 85012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 850123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 851234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 85751234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 860123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 861123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 862345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 870012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 87012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 870123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 87123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 871234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 87761234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 878123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 88012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 88101234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 88123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 881234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 884123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 88612345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 891123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 891234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 891621234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 891641234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 899123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 90001234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 90011234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 90012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 900123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 900200123
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 900212345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 900223456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 900234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 90112345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 901123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 90123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 910123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 911231234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 911234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 912123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 91234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 912345678
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 917123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 920012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 92123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 921234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 923123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 93123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 933301234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 94151234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 94231234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 944567890
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 94515151
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 95181234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 955012345
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 955123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 95581234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 96123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 961234567
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 961456789
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 96961234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 972123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 977123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 983123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 98901234
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 990123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 99123456
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence 991234567
URL https://v4.lolagrove.com/Smart-Admin-Style?v=ulrGW1N23hVR-R0qXjJFmWpvLAER6FlF8K7rhcDxQZw1
Method GET
Parameter
Attack
Evidence 428571429
URL https://v4.lolagrove.com/Smart-Admin-Style?v=ulrGW1N23hVR-R0qXjJFmWpvLAER6FlF8K7rhcDxQZw1
Method GET
Parameter
Attack
Evidence 42857143
URL https://v4.lolagrove.com/Smart-Admin-Style?v=ulrGW1N23hVR-R0qXjJFmWpvLAER6FlF8K7rhcDxQZw1
Method GET
Parameter
Attack
Evidence 80000000
URL https://v4.lolagrove.com/Static-Webpage?v=usXVu7g81Ous_JFAorPfuwz8Or6f1E6n8ObEYAY1DDo1
Method GET
Parameter
Attack
Evidence 2147483647
URL https://v4.lolagrove.com/Static-Webpage?v=usXVu7g81Ous_JFAorPfuwz8Or6f1E6n8ObEYAY1DDo1
Method GET
Parameter
Attack
Evidence 999999999
Instances 464
Solution
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
Reference http://projects.webappsec.org/w/page/13246936/Information%20Leakage
CWE Id 200
WASC Id 13
Plugin Id 10096
Low
X-AspNet-Version Response Header
Description
Server leaks information via "X-AspNet-Version"/"X-AspNetMvc-Version" HTTP response header field(s).
URL https://v4.lolagrove.com
Method GET
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/Login
Method GET
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/Register
Method GET
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/registration
Method GET
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/Security
Method GET
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/
Method POST
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/Register
Method POST
Parameter
Attack
Evidence 5.2
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter
Attack
Evidence 5.2
Instances 11
Solution
Configure the server so it will not return those headers.
Reference https://www.troyhunt.com/shhh-dont-let-your-response-headers/
https://blogs.msdn.microsoft.com/varunm/2013/04/23/remove-unwanted-http-response-headers/
CWE Id 933
WASC Id 14
Plugin Id 10061
Low
X-Content-Type-Options Header Missing
Description
The Anti-MIME-Sniffing header X-Content-Type-Options was not set to 'nosniff'. This allows older versions of Internet Explorer and Chrome to perform MIME-sniffing on the response body, potentially causing the response body to be interpreted and displayed as a content type other than the declared content type. Current (early 2014) and legacy versions of Firefox will use the declared content type (if one is set), rather than performing MIME-sniffing.
URL https://v4.lolagrove.com
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/css/font/fontawesome-webfont.woff?v=3.0.1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Content/CustomFiles/images/mybg.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Content/images/flags.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/content/images/lolagrove-logo.png
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/font-awesome/fontawesome-webfont.woff?v=4.5.0
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Content/SmartAdmin/fonts/glyphicons-halflings-regular.woff
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Content/Static-SmartAdmin-plugin?v=Nk_BA4_D6QdprHYUmZjftJu7_FejdTkUj5AZuCHkBec1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Content/Static-WebPage?v=5KK7b6lsRY84qIsnoxDrHQrsUFu1RAggJLdR79IanpI1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/favicon.ico
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Login
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Security
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Smart-Admin-Style?v=ulrGW1N23hVR-R0qXjJFmWpvLAER6FlF8K7rhcDxQZw1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
URL https://v4.lolagrove.com/Static-Webpage?v=usXVu7g81Ous_JFAorPfuwz8Or6f1E6n8ObEYAY1DDo1
Method GET
Parameter X-Content-Type-Options
Attack
Evidence
Instances 21
Solution
Ensure that the application/web server sets the Content-Type header appropriately, and that it sets the X-Content-Type-Options header to 'nosniff' for all web pages.

If possible, ensure that the end user uses a standards-compliant and modern web browser that does not perform MIME-sniffing at all, or that can be directed by the web application/web server to not perform MIME-sniffing.
Reference http://msdn.microsoft.com/en-us/library/ie/gg622941%28v=vs.85%29.aspx
https://owasp.org/www-community/Security_Headers
CWE Id 693
WASC Id 15
Plugin Id 10021
Informational
Cookie Slack Detector
Description
Repeated GET requests: drop a different cookie each time, followed by normal request with all cookies to stabilize session, compare responses against original baseline GET. This can reveal areas where cookie based authentication/attributes are not actually enforced.
URL https://v4.lolagrove.com/Register
Method GET
Parameter
Attack
Evidence
Instances 1
Solution
Reference http://projects.webappsec.org/Fingerprinting
CWE Id 200
WASC Id 45
Plugin Id 90027
Informational
Information Disclosure - Suspicious Comments
Description
The response appears to contain suspicious comments which may help an attacker. Note: Matches made within script blocks or files are against the entire content not only comments.
URL https://v4.lolagrove.com
Method GET
Parameter
Attack
Evidence Admin
URL https://v4.lolagrove.com/
Method GET
Parameter
Attack
Evidence Admin
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter
Attack
Evidence Admin
URL https://v4.lolagrove.com/Login
Method GET
Parameter
Attack
Evidence Admin
URL https://v4.lolagrove.com/Register
Method GET
Parameter
Attack
Evidence Admin
URL https://v4.lolagrove.com/Register
Method GET
Parameter
Attack
Evidence user
URL https://v4.lolagrove.com/registration
Method GET
Parameter
Attack
Evidence Admin
URL https://v4.lolagrove.com/registration
Method GET
Parameter
Attack
Evidence user
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter
Attack
Evidence Admin
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence from
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence query
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence select
URL https://v4.lolagrove.com/Scripts/pdf/pdf.worker.js
Method GET
Parameter
Attack
Evidence XXX
URL https://v4.lolagrove.com/Security
Method GET
Parameter
Attack
Evidence Admin
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence db
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence from
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence later
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence query
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence select
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence TODO
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence user
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence username
URL https://v4.lolagrove.com/Smart-Admin-Script?v=rKLpEUoqdgm0GvZ08SKBLN9TLXgEDqO_1v1vH6rmi_A1
Method GET
Parameter
Attack
Evidence XXX
URL https://v4.lolagrove.com/Static-Webpage?v=usXVu7g81Ous_JFAorPfuwz8Or6f1E6n8ObEYAY1DDo1
Method GET
Parameter
Attack
Evidence user
Instances 24
Solution
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
Reference
CWE Id 200
WASC Id 13
Plugin Id 10027
Informational
Re-examine Cache-control Directives
Description
The cache-control header has not been set properly or is missing, allowing the browser and proxies to cache content. For static assets like css, js, or image files this might be intended, however, the resources should be reviewed to ensure that no sensitive content will be cached.
URL https://v4.lolagrove.com
Method GET
Parameter Cache-Control
Attack
Evidence private
URL https://v4.lolagrove.com/
Method GET
Parameter Cache-Control
Attack
Evidence private
URL https://v4.lolagrove.com/Agreements
Method GET
Parameter Cache-Control
Attack
Evidence private
URL https://v4.lolagrove.com/Login
Method GET
Parameter Cache-Control
Attack
Evidence private
URL https://v4.lolagrove.com/Register
Method GET
Parameter Cache-Control
Attack
Evidence private
URL https://v4.lolagrove.com/registration
Method GET
Parameter Cache-Control
Attack
Evidence private
URL https://v4.lolagrove.com/ResetPassword
Method GET
Parameter Cache-Control
Attack
Evidence private
URL https://v4.lolagrove.com/Security
Method GET
Parameter Cache-Control
Attack
Evidence private
Instances 8
Solution
For secure content, ensure the cache-control HTTP header is set with "no-cache, no-store, must-revalidate". If an asset should be cached consider setting the directives "public, max-age, immutable".
Reference https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#web-content-caching
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
CWE Id 525
WASC Id 13
Plugin Id 10015
Informational
User Agent Fuzzer
Description
Check for differences in response based on fuzzed User Agent (eg. mobile sites, access as a Search Engine Crawler). Compares the response statuscode and the hashcode of the response body with the original response.
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
URL https://v4.lolagrove.com/content/coreadmin
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
URL https://v4.lolagrove.com/content/coreadmin/javascripts
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
URL https://v4.lolagrove.com/Content/StaticWeb/img
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
URL https://v4.lolagrove.com/Register
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
URL https://v4.lolagrove.com/registration
Method GET
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
URL https://v4.lolagrove.com/
Method POST
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
URL https://v4.lolagrove.com/Register
Method POST
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter Header User-Agent
Attack Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter Header User-Agent
Attack Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Evidence
URL https://v4.lolagrove.com/ResetPassword
Method POST
Parameter Header User-Agent
Attack msnbot/1.1 (+http://search.msn.com/msnbot.htm)
Evidence
Instances 56
Solution
Reference https://owasp.org/wstg
CWE Id
WASC Id
Plugin Id 10104