🔐 漏洞扫描报告

https://pentest-ground.com:81 · 2026-04-29 11:01:15 · 🔴 CRITICAL

Critical

High

Medium

Low

Info

🖥️ 技术栈

EmailHTTPServerIPJQueryScriptUncommonHeadersX-UA-Compatiblenginx

🚨 需要修复 (6个)

MEDIUMContent Security Policy (CSP) Header Not Set

[Medium] Content Security Policy (CSP) Header Not Set - ""

MEDIUMCross-Domain Misconfiguration

[Medium] Cross-Domain Misconfiguration - "Access-Control-Allow-Origin: *"

MEDIUMMissing Anti-clickjacking Header

[Medium] Missing Anti-clickjacking Header - "x-frame-options"

CRITICALSQL Injection

SQL injection detected in parameter 'SQLMap confirmed SQLi!'

MEDIUMMissing Security Headers

缺少以下安全Header: X-Frame-Options (点击劫持防护), X-Content-Type-Options, Content-Security-Policy, Strict-Transport-Security (HSTS), X-XSS-Protection, Referrer-Policy, Permissions-Policy

MEDIUMPotential Header Injection

URL可能允许HTTP头注入，需进一步验证

💡 低优先级 (25个)

点击展开

Sub Resource Integrity Attribute Missing (zap)
Sub Resource Integrity Attribute Missing (zap)
Sub Resource Integrity Attribute Missing (zap)
Cookie No HttpOnly Flag (zap)
Cookie Without Secure Flag (zap)
Cookie without SameSite Attribute (zap)
Cross-Domain JavaScript Source File Inclusion (zap)
Server Leaks Version Information via "Server" HTTP Response Header Field (zap)
Strict-Transport-Security Header Not Set (zap)
X-Content-Type-Options Header Missing (zap)
...还有 15 个

🛡️ 快速修复

Header	建议值
X-Frame-Options	`DENY`
Content-Security-Policy	`default-src 'self'`
X-Content-Type-Options	`nosniff`
Strict-Transport-Security	`max-age=31536000`