🔬 增强漏洞扫描报告

https://pentest-ground.com:81 · 2026-04-29 11:00:05 · Autonomous Discovery

Critical

High

Medium

Low

Info

🚨 高优先级问题 (3个)

MEDIUM Missing Security Headers

URL: https://pentest-ground.com:81

缺少以下安全Header: X-Frame-Options (点击劫持防护), X-Content-Type-Options, Content-Security-Policy, Strict-Transport-Security (HSTS), X-XSS-Protection, Referrer-Policy, Permissions-Policy

MEDIUM CORS Misconfiguration (Wildcard)

URL: https://pentest-ground.com:81

CORS配置允许任意来源(*)，可能导致敏感数据被恶意网站访问

MEDIUM Potential Header Injection

URL: https://pentest-ground.com:81

URL可能允许HTTP头注入，需进一步验证

📋 完整发现 (5个)

点击展开

MEDIUM Missing Security Headers: 缺少以下安全Header: X-Frame-Options (点击劫持防护), X-Content-Type-Optio
LOW Server Technology Disclosure: 响应头泄露服务器技术信息: Server: nginx/1.29.8
MEDIUM CORS Misconfiguration (Wildcard): CORS配置允许任意来源(*)，可能导致敏感数据被恶意网站访问
LOW HTTP Verb OPTIONS Accepted: 服务器接受 OPTIONS 方法，可能存在配置错误或安全风险
MEDIUM Potential Header Injection: URL可能允许HTTP头注入，需进一步验证