SQL Injection, Database Error, www2.mcstate.com, CWE-89, CAPEC-66, DORK, GHDB Report REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler
Loading
Netsparker - Scan Report Summary
TARGET URL
 http://www2.mcstate.com/careers/
SCAN DATE
 4/30/2011 9:28:46 PM
REPORT DATE
 4/30/2011 9:30:47 PM
SCAN DURATION
 00:01:08
6
identified
1
confirmed
4
critical
0
informational

GHDB DORK Tests

DORK TESTS
PROFILE
 Previous Settings
ENABLED ENGINES
 Blind SQL Injection, Boolean SQL Injection, SQL Injection
Authentication
Scheduled

GHDB, DORK VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
CRITICAL
67 %
LOW
33 %

GHDB, DORK VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/careers/ Cookie Not Marked As HttpOnly Yes
/careers/jobs/ stateid POST [Probable] SQL Injection No
type POST [Probable] SQL Injection No
locales POST [Probable] SQL Injection No
Search POST [Probable] SQL Injection No
PHP Version Disclosure No
[Probable] SQL Injection

[Probable] SQL Injection
4 TOTAL
CRITICAL
SQL Injection occurs when data input for example by a user is interpreted as a SQL command rather than normal data by the backend database. This is an extremely common vulnerability and its successful exploitation can have critical implications. Even though Netsparker believes that there is a SQL Injection in here it could not confirm it. There can be numerous reasons for Netsparker not being able to confirm this. We strongly recommend investigating the issue manually to ensure that it is an SQL Injection and that it needs to be addressed. You can also consider sending the details of this issue to us, in order that we can address this issue for the next time and give you a more precise result.

Impact

Depending on the backend database, database connection settings and the operating system, an attacker can mount one or more of the following type of attacks successfully:

Actions to Take

  1. See the remedy for solution.
  2. If you are not using a database access layer (DAL) within the architecture consider its benefits and implement if appropriate. As a minimum the use of s DAL will help centralize the issue and its resolution. You can also use an ORM (object relational mapping). Most ORM systems use parameterized queries and this can solve many if not all SQL Injection based problems.
  3. Locate all of the dynamically generated SQL queries and convert them to parameterised queries. (If you decide to use a DAL/ORM, change all legacy code to use these new libraries)
  4. Monitor and review weblogs and application logs in order to uncover active or previous exploitation attempts.

Remedy

A very robust method for mitigating the threat of SQL Injection based vulnerabilities is to use parameterized queries (prepared statements). Almost all modern languages provide built in libraries for this. Wherever possible do not create dynamic SQL queries or SQL queries with string concatenation.

Required Skills for Successful Exploitation

There are numerous freely available tools to test for SQL Injection vulnerabilities. This is a complex area with many dependencies, however it should be noted that the numerous resources available in this area have raised both attacker awareness of the issues and their ability to discover and leverage them. SQL Injection is one of the most common web application vulnerabilities.

External References

Remedy References

- /careers/jobs/

/careers/jobs/

http://www2.mcstate.com/careers/jobs/

Parameters

Parameter Type Value
stateid POST %27
type POST all
locales POST 3
Search POST 3

Request

POST /careers/jobs/ HTTP/1.1
Referer: http://www2.mcstate.com/careers/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www2.mcstate.com
Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22f05818120256c6d3b3c584ff4e5a9d46%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+5.1%3B%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221304216905%22%3B%7D9c1f3829ea69d320dd0e8e72d07825ca; BIGipServerPOOL_74.205.64.161=4191858954.20480.0000
Content-Length: 41
Accept-Encoding: gzip, deflate

stateid=%2527&type=all&locales=3&Search=3

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 01 May 2011 02:29:05 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Content-Length: 1265
Connection: close
Content-Type: text/html; charset=UTF-8


<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Warning</p><p>Message: Invalid argument supplied for foreach()</p><p>Filename: controllers/careers.php</p><p>Line Number: 134</p></div><div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Notice</p><p>Message: Undefined variable: info</p><p>Filename: controllers/careers.php</p><p>Line Number: 146</p></div><html><head><title>Database Error</title><style type="text/css">body {background-color: #fff;margin: 40px;font-family: Lucida Grande, Verdana, Sans-serif;font-size: 12px;color: #000;}#content {border: #999 1px solid;background-color: #fff;padding: 20px 20px 12px 20px;}h1 {font-weight: normal;font-size: 14px;color: #990000;margin: 0 0 4px 0;}</style></head><body> <div id="content"> <h1>A Database Error Occurred</h1> <p>Error Number: 1064</p><p>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1</p><p>SELECT StateName FROM States WHERE StateID = LIMIT 1</p> </div></body></html>
- /careers/jobs/

/careers/jobs/

http://www2.mcstate.com/careers/jobs/

Parameters

Parameter Type Value
stateid POST 3
type POST %27
locales POST 3
Search POST 3

Request

POST /careers/jobs/ HTTP/1.1
Referer: http://www2.mcstate.com/careers/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www2.mcstate.com
Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22f05818120256c6d3b3c584ff4e5a9d46%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+5.1%3B%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221304216905%22%3B%7D9c1f3829ea69d320dd0e8e72d07825ca; BIGipServerPOOL_74.205.64.161=4191858954.20480.0000
Content-Length: 39
Accept-Encoding: gzip, deflate

stateid=3&type=%2527&locales=3&Search=3

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 01 May 2011 02:29:09 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Content-Length: 1265
Connection: close
Content-Type: text/html; charset=UTF-8


<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Warning</p><p>Message: Invalid argument supplied for foreach()</p><p>Filename: controllers/careers.php</p><p>Line Number: 134</p></div><div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Notice</p><p>Message: Undefined variable: info</p><p>Filename: controllers/careers.php</p><p>Line Number: 146</p></div><html><head><title>Database Error</title><style type="text/css">body {background-color: #fff;margin: 40px;font-family: Lucida Grande, Verdana, Sans-serif;font-size: 12px;color: #000;}#content {border: #999 1px solid;background-color: #fff;padding: 20px 20px 12px 20px;}h1 {font-weight: normal;font-size: 14px;color: #990000;margin: 0 0 4px 0;}</style></head><body> <div id="content"> <h1>A Database Error Occurred</h1> <p>Error Number: 1064</p><p>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1</p><p>SELECT StateName FROM States WHERE StateID = LIMIT 1</p> </div></body></html>
- /careers/jobs/

/careers/jobs/

http://www2.mcstate.com/careers/jobs/

Parameters

Parameter Type Value
stateid POST 3
type POST all
locales POST %27
Search POST 3

Request

POST /careers/jobs/ HTTP/1.1
Referer: http://www2.mcstate.com/careers/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www2.mcstate.com
Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22f05818120256c6d3b3c584ff4e5a9d46%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+5.1%3B%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221304216905%22%3B%7D9c1f3829ea69d320dd0e8e72d07825ca; BIGipServerPOOL_74.205.64.161=4191858954.20480.0000
Content-Length: 41
Accept-Encoding: gzip, deflate

stateid=3&type=all&locales=%2527&Search=3

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 01 May 2011 02:29:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Content-Length: 1265
Connection: close
Content-Type: text/html; charset=UTF-8


<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Warning</p><p>Message: Invalid argument supplied for foreach()</p><p>Filename: controllers/careers.php</p><p>Line Number: 134</p></div><div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Notice</p><p>Message: Undefined variable: info</p><p>Filename: controllers/careers.php</p><p>Line Number: 146</p></div><html><head><title>Database Error</title><style type="text/css">body {background-color: #fff;margin: 40px;font-family: Lucida Grande, Verdana, Sans-serif;font-size: 12px;color: #000;}#content {border: #999 1px solid;background-color: #fff;padding: 20px 20px 12px 20px;}h1 {font-weight: normal;font-size: 14px;color: #990000;margin: 0 0 4px 0;}</style></head><body> <div id="content"> <h1>A Database Error Occurred</h1> <p>Error Number: 1064</p><p>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1</p><p>SELECT StateName FROM States WHERE StateID = LIMIT 1</p> </div></body></html>
- /careers/jobs/

/careers/jobs/

http://www2.mcstate.com/careers/jobs/

Parameters

Parameter Type Value
stateid POST 3
type POST all
locales POST 3
Search POST %27

Request

POST /careers/jobs/ HTTP/1.1
Referer: http://www2.mcstate.com/careers/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www2.mcstate.com
Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22f05818120256c6d3b3c584ff4e5a9d46%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+5.1%3B%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221304216905%22%3B%7D9c1f3829ea69d320dd0e8e72d07825ca; BIGipServerPOOL_74.205.64.161=4191858954.20480.0000
Content-Length: 41
Accept-Encoding: gzip, deflate

stateid=3&type=all&locales=3&Search=%2527

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 01 May 2011 02:29:18 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Content-Length: 1265
Connection: close
Content-Type: text/html; charset=UTF-8


<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Warning</p><p>Message: Invalid argument supplied for foreach()</p><p>Filename: controllers/careers.php</p><p>Line Number: 134</p></div><div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Notice</p><p>Message: Undefined variable: info</p><p>Filename: controllers/careers.php</p><p>Line Number: 146</p></div><html><head><title>Database Error</title><style type="text/css">body {background-color: #fff;margin: 40px;font-family: Lucida Grande, Verdana, Sans-serif;font-size: 12px;color: #000;}#content {border: #999 1px solid;background-color: #fff;padding: 20px 20px 12px 20px;}h1 {font-weight: normal;font-size: 14px;color: #990000;margin: 0 0 4px 0;}</style></head><body> <div id="content"> <h1>A Database Error Occurred</h1> <p>Error Number: 1064</p><p>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'LIMIT 1' at line 1</p><p>SELECT StateName FROM States WHERE StateID = LIMIT 1</p> </div></body></html>
Cookie Not Marked As HttpOnly

Cookie Not Marked As HttpOnly
1 TOTAL
LOW
CONFIRMED
1
Cookie was not marked as HTTPOnly. HTTPOnly cookies can not be read by client-side scripts therefore marking a cookie as HTTPOnly can provide an additional layer of protection against Cross-site Scripting attacks..

Impact

During a Cross-site Scripting attack an attacker might easily access cookies and hijack the victim's session.

Actions to Take

  1. See the remedy for solution
  2. Consider marking all of the cookies used by the application as HTTPOnly (After these changes javascript code will not able to read cookies.

Remedy

Mark the cookie as HTTPOnly. This will be an extra layer of defence against XSS. However this is not a silver bullet and will not protect the system against Cross-site Scripting attacks. An attacker can use a tool such as XSS Tunnel to bypass HTTPOnly protection.

External References

- /careers/

/careers/ CONFIRMED

http://www2.mcstate.com/careers/

Identified Cookie

ci_session

Request

GET /careers/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Host: www2.mcstate.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sun, 01 May 2011 02:28:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22f05818120256c6d3b3c584ff4e5a9d46%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+5.1%3B%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221304216905%22%3B%7D9c1f3829ea69d320dd0e8e72d07825ca; expires=Sun, 01-May-2011 04:28:25 GMT; path=/,BIGipServerPOOL_74.205.64.161=4191858954.20480.0000; path=/
Content-Length: 7699
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE html><html lang="en"><head> <META HTTP-EQUIV="Expires" CONTENT="-1"> <!-- <meta charset="utf-8"> --> <title>McDonald's Jobs: Find a Career @ McDonald's</title> <link rel="stylesheet" type="text/css" href="/css/reset.css" media="all"> <link rel="stylesheet" type="text/css" href="/css/master.css" media="all"> <link rel="stylesheet" type="text/css" href="/css/menu.css" media="all"> <link rel="stylesheet" type="text/css" href="/css/careers.css" media="all"> <link rel="stylesheet" type="text/css" href="/css/jquery-ui.css" media="all"> <script type="text/javascript" src="/js/jquery-1.5.2.min.js"></script> <script type="text/javascript" src="/js/jquery.hoverIntent.minified.js"></script> <script type="text/javascript" src="/js/scripts.js"></script> <script type="text/javascript" src="/js/careers.js"></script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-1275495-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script></head><body id="careers" ><!-- <div class="background"><img src="/images/layout/bg.jpg" alt=""></div> --><!--start top div --> <div class="top"> <div class="inner"> <p><a href="http://www.mcstate.com/">McState</a>&nbsp; / &nbsp;Careers</p> <a href="#" class="top_rightLinks share">Share</a> <div id="share_div" style="display:none;top:0px;right:50px;position:absolute;width:150px;height:100px;padding-top:30px;padding-right:35px"> <div id="share_flyout" class="alt" > <a href="http://www.addtoany.com/add_to/twitter?linkurl=http://www2.mcstate.com/careers/&linkname=McDonald's Jobs: Find a Career @ McDonald's" class="external" id="share_twitter" title="Share Twitter">Share on Twitter</a> <a href="http://www.facebook.com/share.php?u=http://www2.mcstate.com/careers/&t=McDonald's Jobs: Find a Career @ McDonald's" class="external" id="share_facebook" title="Share Facebook">Share on Facebook</a> <a href="http://delicious.com/save?v=5&noui&jump=close&url=http://www2.mcstate.com/careers/&title=McDonald's Jobs: Find a Career @ McDonald's" class="external" id="share_delicious" title="Share Del.icio.us">Share on Delicious</a> <a href="http://digg.com/submit?url=http://www2.mcstate.com/careers/&title=McDonald's Jobs: Find a Career @ McDonald's" class="external" id="share_digg" title="Share Digg">Share on Digg</a> </div> </div> <!-- start menu--> <div class="menu"> <img src="/images/layout/logo.png" alt="" /> </div> </div> </div><!--end top div--><!-- start content div--><div class="content"> <div id="istory_container"> <img src="/images/careers/istory.png" alt=""> </div> <div id="mainContent"> <h2 id="career_header">We Believe</h2> <div class="LeftColumn"> <h2 id="career_path_header">What Career path will you choose</h2> <script type="text/javascript" src="/js/foul.js"></script> <div id="jobs-landing"> <div id="jobs-landing-search"> <script type="text/javascript"> // foul.when('~stateid~ is null','Please choose a state from the pulldown before continuing.'); //foul.when('~locales~ is null','Please choose at least one city to search in.'); </script> <form action="/careers/jobs/" method="post" accept-charset="utf-8" onSubmit="return checkform()" id="frm" name="frm"> <p> <label for="stateid" style="float:left">Search Your State:</label> <select style="float:left" id="stateid" name="stateid"> <option value="">- Choose A State -</option> <option value='1'>Alabama</option><option value='51'>Alaska</option><option value='2'>Arizona</option><option value='3'>Arkansas</option><option value='4'>California</option><option value='5'>Colorado</option><option value='6'>Connecticut</option><option value='7'>Delaware</option><option value='8'>District of Columbia</option><option value='9'>Florida</option><option value='10'>Georgia</option><option value='50'>Hawaii</option><option value='11'>Idaho</option><option value='12'>Illinois</option><option value='13'>Indiana</option><option value='14'>Iowa</option><option value='15'>Kansas</option><option value='16'>Kentucky</option><option value='17'>Louisiana</option><option value='18'>Maine</option><option value='19'>Maryland</option><option value='20'>Massachusetts</option><option value='21'>Michigan</option><option value='22'>Minnesota</option><option value='23'>Mississippi</option><option value='24'>Missouri</option><option value='25'>Montana</option><option value='26'>Nebraska</option><option value='27'>Nevada</option><option value='28'>New Hampshire</option><option value='29'>New Jersey</option><option value='30'>New Mexico</option><option value='31'>New York</option><option value='32'>North Carolina</option><option value='33'>North Dakota</option><option value='34'>Ohio</option><option value='35'>Oklahoma</option><option value='36'>Oregon</option><option value='37'>Pennsylvania</option><option value='38'>Rhode Island</option><option value='39'>South Carolina</option><option value='40'>South Dakota</option><option value='41'>Tennessee</option><option value='42'>Texas</option><option value='43'>Utah</option><option value='44'>Vermont</option><option value='45'>Virginia</option><option value='46'>Washington</option><option value='47'>West Virginia</option><option value='48'>Wisconsin</option><option value='49'>Wyoming</option> </select> </p> <p id="jobs-landing-type"> <ul id="job_type"> <li><input type="radio" name="type" value="0" > Crew </li> <li><input type="radio" name="type" value="1" > Management</li> <li><input type="radio" name="type" value="2"> Support</li> <li><input type="radio" name="type" value="all" checked> Any</li> </ul> </p> <div id="citylist"> <select multiple size="4" name="locales" id="jobs-landing-cities"> <option value="">Choose a state above.</option> </select> </div> <input type="submit" class="find_positions" name="Search" value=""> </form> </div> <div id="jobs-landing-opportunities"> <p id="careers-disclaimer">McDonald's Corporation and its independent franchisees are Equal Opportunity Employers committed to a diverse and inclusive workforce.</p> </div> <!--<p id="jobs-landing-alljobs"><a href="#" title="All McDonald's Jobs in Georgia">All Georgia Jobs</a></p>--> <div class="clearer"></div> </div> <script language="JavaScript"> $(document).ready(function() { reloadCities(0); }); </script> </div> </div> <span id="footerImg"></span> <div class="footerNav"> <span style="float:left"><a class="twitter" href="http://twitter.com/mcdonalds" target="_blank">Follow </a> <a class="facebook" href="http://www.facebook.com/mcdonalds" target="_blank">Like</a></span> <span style="float:right"><a href="http://www.mcdonalds.com/us/en/privacy.html" target="_blank"> Privacy |</a> <a href="http://www.mcdonalds.com/us/en/terms_conditions.html" target="_blank">Terms & Conditions |</a> <a href="http://www.mcdonalds.com/us/en/subscription.html" target="_blank">Subscribe / Unsubscribe</a> &copy;2010 McDonald's. All Rights Reserved</span> </div></div><!-- end content div --></body></html>
PHP Version Disclosure

PHP Version Disclosure
1 TOTAL
LOW
Netsparker identified that the target web server is disclosing the PHP version in use through the HTTP response. This information can help an attacker to gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of PHP.

Impact

An attacker can look for specific security vulnerabilities for the version identified. Also the attacker can use this information in conjunction with the other vulnerabilities in the application or the web server.
- /careers/jobs/

/careers/jobs/

http://www2.mcstate.com/careers/jobs/

Extracted Version

PHP/5.2.17

Request

POST /careers/jobs/ HTTP/1.1
Referer: http://www2.mcstate.com/careers/
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
Host: www2.mcstate.com
Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22f05818120256c6d3b3c584ff4e5a9d46%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+5.1%3B%22%3Bs%3A13%3A%22last_activity%22%3Bs%3A10%3A%221304216905%22%3B%7D9c1f3829ea69d320dd0e8e72d07825ca; BIGipServerPOOL_74.205.64.161=4191858954.20480.0000
Content-Length: 23
Accept-Encoding: gzip, deflate

Search=&stateid=&type=0

Response

HTTP/1.1 302 Found
Date: Sun, 01 May 2011 02:28:25 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Location: http://www2.mcstate.com/careers
Content-Length: 258
Connection: close
Content-Type: text/html; charset=UTF-8


<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;"><h4>A PHP Error was encountered</h4><p>Severity: Notice</p><p>Message: Undefined variable: resultsql</p><p>Filename: controllers/careers.php</p><p>Line Number: 152</p></div>