xalgorixXalgorix · Offensive Security · Engine xalgo v1.4.2
Security Assessment Report
- Prepared for
- pentest ground
- Target
- https://pentest-ground.com:9000
- Engagement mode
- SINGLE
- Assessment window
- 03 Jun 2026 · 43 min
- Methodology
- 22-phase offensive workflow
- Reference
- 9fb3ddfc
Overall risk rating
CRITICAL
One or more vulnerabilities pose immediate risk of compromise.
100 / 100
Severity distribution
The engine reported 6 verified findings — 3 critical and 3 high. Every finding was reproduced before inclusion.
critical
3
high
3
medium
0
low
0
info
0
Findings (6)
| ID | Severity | CVSS | Finding | |
|---|---|---|---|---|
| F-001 | critical | 9.8 | Remote Code Execution via Python eval Injection | View → |
| F-002 | critical | 9.8 | OS Command Injection via /uptime Endpoint - Remote Code Execution as Root | View → |
| F-003 | critical | 9.1 | OS Command Injection via /uptime Endpoint - Root Privilege Escalation | View → |
| F-004 | high | 8.6 | SQL Injection Authentication Bypass in /tokens Endpoint | View → |
| F-005 | high | 8.1 | Plaintext Password Storage in SQLite Database - Critical Data Exposure | View → |
| F-006 | high | 7.5 | Insecure Direct Object Reference - Password Exposure via User Endpoint | View → |
Get this for your own target
One credit runs the full 22-phase scan and produces a branded PDF like this. Credits from $1, never expire.