Netsparker, Web Application Security Scanner

XSS, capdirect.lacapitale.com, GHDB, DORK REPORT SUMMARY

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Private Reporting of Security Research is preferred for Online Service Providers



Loading

Netsparker - Scan Report Summary
TARGET URL
https://capdirect.lacapitale.com/affelec/soum...
SCAN DATE
6/17/2011 9:54:09 AM
REPORT DATE
6/17/2011 10:09:53 AM
SCAN DURATION
00:04:02

Total Requests

Average Speed

req/sec.
3
identified
0
confirmed
0
critical
1
informational

SCAN SETTINGS

Scan Settings
PROFILE
Previous Settings
ENABLED ENGINES
Static Tests, Find Backup Files, Blind Command Injection, Blind SQL Injection, Boolean SQL Injection, Command Injection, HTTP Header Injection, Local File Inclusion, Open Redirection, Remote Code Evaluation, Remote File Inclusion, SQL Injection, Cross-site Scripting
Authentication
Scheduled

VULNERABILITIES

Vulnerabilities
Netsparker - Web Application Security Scanner
IMPORTANT
67 %
INFORMATION
33 %

VULNERABILITY SUMMARY

Vulnerability Summary
URL Parameter Method Vulnerability Confirmed
/affelec/soumission/VT/Vous/police/new E-mail Address Disclosure No
/affelec/soumission/VT/Vous/police/new/%22ns=%22alert(0x000011) URI-BASED Raw URI Cross-site Scripting No
/affelec/soumission/VT/Vous/police/new/%2522ns%253D%2522netsparker%25280x000012%2529) URI-BASED Raw URI Cross-site Scripting No
Cross-site Scripting

Cross-site Scripting

2 TOTAL
IMPORTANT
XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session of the user or changing the look of the page by changing the HTML on the fly to steal the user's credentials. This happens because the input entered by a user has been interpreted as HTML/Javascript/VbScript by the browser.

XSS targets the users of the application instead of the server. Although this is a limitation, since it allows attackers to hijack other users' session, an attacker might attack an administrator to gain full control over the application.

Impact

There are many different attacks that can be leveraged through the use of XSS, including:
  • Hi-jacking users' active session
  • Changing the look of the page within the victims browser.
  • Mounting a successful phishing attack.
  • Intercept data and perform man-in-the-middle attacks.

Remedy

The issue occurs because the browser interprets the input as active HTML, Javascript or VbScript. To avoid this, all input and output from the application should be filtered. Output should be filtered according to the output format and location. Typically the output location is HTML. Where the output is HTML ensure that all active content is removed prior to its presentation to the server.

Prior to sanitizing user input, ensure you have a pre-defined list of both expected and acceptable characters with which you populate a white-list. This list needs only be defined once and should be used to sanitize and validate all subsequent input.

There are a number of pre-defined, well structured white-list libraries available for many different environments, good examples of these include, OWASP Reform and Microsoft Anti Cross-site Scripting libraries are good examples.

Remedy References

External References

- /affelec/soumission/VT/Vous/police/new/%22ns=%22alert(0x000011)

/affelec/soumission/VT/Vous/police/new/%22ns=%22alert(0x000011)

https://capdirect.lacapitale.com/affelec/soumission/VT/Vous/police/new/%22ns=%22alert(0x000011)

Parameters

Parameter Type Value
locale GET en
URI-BASED Raw URI /"ns="alert(0x000011)

Request

GET /affelec/soumission/VT/Vous/police/new/%22ns=%22netsparker(0x000011) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: capdirect.lacapitale.com
Cookie: locale=fr-CA; _AffairesElectroniques_session=a1d654ee36a159c25e0aa5feac60d295
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 14:54:24 GMT
Server:
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.9
ETag: "c3f4e7f01cefa91b35d4b5fa80bc2814"
X-Runtime: 498
Cache-Control: private, max-age=0, must-revalidate
Status: 200
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 4923
Content-Type: text/html; charset=utf-8
Set-Cookie: _AffairesElectroniques_session=a1d654ee36a159c25e0aa5feac60d295; path=/; HttpOnly;HttpOnly;Secure


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA"><head> <!--current_intervenant = nil--> <!--Branche: Tags/V5.7.6 |
Revision: Inconnu |
Env: production |
DB: prodouvert--> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta http-equiv="pragma" content="no-cache" /> <meta http-equiv="expires" content="0" /> <title>La Capitale - Des économies? C'est réglé!</title> <link href="/affelec/stylesheets/soumission.css?1305171325" media="all" rel="stylesheet" type="text/css" /> <link href="/affelec/stylesheets/soumission-print.css?1305171325" media="print" rel="stylesheet" type="text/css" /> <link href="/affelec/stylesheets/datepicker-soumission.css?1305171325" media="all" rel="stylesheet" type="text/css" /> <script src="/affelec/javascripts/jquery.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/jquery-ui.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/jrails.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/application.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.jqModal.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.qtip.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.shadedborder.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.selectboxes.min.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.scrollto.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.datepicker.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.datepicker-fr.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.livequery.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.autocomplete.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.stylish-select.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.autotab.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.maskedinput.js?1305171325" type="text/javascript"></script> <!--[if lte IE 6]> <script src="/affelec/javascripts/ie6.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/DD_belatedPNG.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.bgiframe.js?1305171325" type="text/javascript"></script> <![endif]--> <!--[if !IE 7]> <style type="text/css"> #wrapper {display:table;height:100%} </style><![endif]--> <script src="/affelec/javascripts/public_soumission.js?1305171325" type="text/javascript"></script> <script src="https://webchat.lacapitale.com/webchat/jivelive.jsp" type="text/javascript"></script> <link rel="icon" type="image/png" href="/affelec/images/favicon.png" /> <!--[if IE]><link rel="shortcut icon" type="image/x-icon" href="/affelec/images/favicon.ico" /><![endif]--> <script type="text/javascript">
function noBack(){

window.history.forward();

}
noBack();
</script>
</head><body onload="noBack();" onpageshow="if (event.persisted) noBack();" onunload=""><div id="wrapper"> <div id="main"> <div id="header"> <img alt="La Capitale assurances générales" class="logo" src="/affelec/images/soumissions/logo_LaCapitale_fr.gif?1305171325" /> <p class="slogan">Une soumission simple, rapide et à bon prix! <em>C'est réglé.</em></p> <a class="deconnect" href="/affelec/accueil_prospect?quitter=true&dect_id="ns="netsparker(0x000011)&prod_code=VT">Quitter cette soumission</a> </div> <div id="colonne-centre" class="clearfix"> <div id="ProcessTrain">
<img alt="Soumission automobile" class="icone" height="42" src="/affelec/images/soumissions/icones/ico_contexte_VT.png?1305171325" width="66" />
<ul>

<li class="CurrentStep " ><span>1.</span> VOUS</li>

<li class=" " ><span>2.</span> VÉHICULE</li>

<li class=" " ><span>3.</span> CONDUCTEUR(S)</li>

<li class=" " ><span>4.</span> PROTECTIONS / PRIME</li>

</ul>



<div class="BlocActionTop">



<a href="javascript:next();">
<img alt="Étape suivante" src="/affelec/images/soumissions/bt_Process_Next.png?1305171325" /></a>

</div>


</div>


<script type="text/javascript">

jQuery(document).ready(function($) {


$('#PopAvisRedirectEspaceClient .Annul').click( function() {


$('#soumission_form input[type=text], #soumission_form select').val("");
$('#PopAvisRedirectEspaceClient').jqmHide();
$('#btnNext').removeAttr('onclick');

});


$('input[name=send]').click( function() {

var url = '/affelec/soumission/VT/identification/police/requete_ajax_inscription_exist';


$('#Appliquer_spinner').show();
$('#btnNext').attr('onclick', 'return false;');
$.getJSON(url, $('#soumission_form').serialize(), function(data)
{

if (data.exist == "true")
{


$('#PopAvisRedirectEspaceClient').jqm({modal:true, overlay: 50, toTop: true}).jqmShow();


$('#Appliquer_spinner').hide();
}
else
{

serialize('after');
$('#soumission_form').submit();
}
});


return false;
});

});
</script>






<form action="/affelec/soumission/VT/identification/police/create/%22ns=%22netsparker(0x000011)" id="soumission_form" method="post"><div style="margin:0;padding:0;display:inline"><input name="authenticity_token" type="hidden" value="p8e/vYgpesFvpmMzdRQGyC1ton+fju649I9bFT1x+JM=" /></div>

<input name="send" style="display: none" type="submit" value="submit_button"/>
<div id="result" style="display:none;visibility:hidden;"></div>
<div id="error" style="display:none;visibility:hidden;"></div>
<div id="403" style="display:none;visibility:hidden;"></div>

<div style="display:none">
<a href="#" class="JQmodal" id="PopSaisirMotPasseTrigger" rel="PopSaisirMotPasse">[Saisir mot de passe
]</a>
</div>

<fieldset>
<h2>Parlez-nous de vous</h2>

<div class="BlocFieldset">

<!--Adresse �lectronique-->
<div id="adr_courrl" class="blocQuestion "><div class="blocLabel"><label for="individu_adr_courrl">Adresse électronique</label></div><div class="blocInput">
<input class="TxtBox" id="individu_adr_courrl" label="Adresse �lectronique" name="individu[adr_courrl]" size="30" type="text" />
<img alt="" class="IconeInfo InfoBulle" src="/affelec/images/icones-commun/ico_infobulle.png?1305171325" />
<span class="InfoBulleContent">Cette adresse électronique vous permettra de retrouver vos soumissions plus tard.</span>
</div></div>

<!--Pr�nom-->
<div class="blocQuestion " id="Prenom"><div class="blocLabel"><label for="individu_prenm">Prénom</label></div><div class="blocInput"><input class="TxtBox" id="individu_prenm" name="individu[prenm]" size="30" type="text" /></div></div>

<!--Nom-->
<div class="blocQuestion " id="Nom"><div class="blocLabel"><label for="individu_nom">Nom</label></div><div class="blocInput"><input class="TxtBox" id="individu_nom" name="individu[nom]" size="30" type="text" /></div></div>

<!--Date de naissance-->
<div id="date_naiss" class="blocQuestion "><div class="blocLabel"><label for="individu_date_naiss">Date de naissance</label></div><div class="blocInput">
<input class="TxtBox Num Format4Chiffres autotab placeholder" id="individu_date_naiss_3i" maxlength="2" name="individu[date_naiss(3i)]" placeholder="jour" size="2" type="text" />
<select class="FormatMois TxtBox" id="individu_date_naiss_2i" name="individu[date_naiss(2i)]"><option value="">mois</option><option value="1">janvier</option><option value="2">février</option><option value="3">mars</option><option value="4">avril</option><option value="5">mai</option><option value="6">juin</option><option value="7">juillet</option><option value="8">août</option><option value="9">septembre</option><option value="10">octobre</option><option value="11">novembre</option><option value="12">décembre</option></select>
<input class="TxtBox Num Format6Chiffres autotab placeholder" id="individu_date_naiss_1i" maxlength="4" name="individu[date_naiss(1i)]" placeholder="année" size="4" type="text" />
</div></div>

<div class="Intro NoteEspaceClient">Vous possédez un compte Espace client? En saisissant vos informations personnelles, notre système vous redirigera automatiquement vers la page d'accueil de ce service. Afin de ne pas avoir à remplir tous les champs de la soumission, il vous suffira simplement d'ouvrir une session et d'accéder à nouveau à la soumission en ligne via le site de Espace client, section <i>Assurances générales</i>.</div>

</div>

<script src="/affelec/javascripts/plugins/jquery.placeholder.js?1305171325" type="text/javascript"></script>

<script type="text/javascript">
jQuery(document).ready(function($) {
$('.placeholder').placeholder();
});
</script>
</fieldset>

<input type="hidden" id="serialized_data_before" name="serialized_data_before" /> <input type="hidden" id="serialized_data_after" name="serialized_data_after" /> <script type="text/javascript"> jQuery(document).ready(function(){ serialize("before"); }); </script>

</form>




<div class="BlocActionBottom">




<a id="btnNext" class="Action Principale" href="javascript:next();">Étape suivante</a><img alt="Img_spinnersmall" class="waitInscriptionExiste" id="Appliquer_spinner" src="/affelec/images/Img_SpinnerSmall.gif?1305171325" style="display:none" />

</div>
</div> <div id="colonne-support"> <div class="BlocSupport"> <div class="itemSupport Clavardage"> <a class="LiveChat" onclick="launchWin('framemain','https://webchat.lacapitale.com/webchat/start.jsp?workgroup=soumission_en_ligne@workgroup.im-prod-01.capitale.qc.ca',500, 400);return false;" href="#"><img src="https://webchat.lacapitale.com/webchat/live?action=isAvailable&amp;workgroup=soumission_en_ligne@workgroup.im-prod-01.capitale.qc.ca" alt="Clavardage en direct" border="0"/></a> <span class="itemSupportTop"></span> </div> <div class="itemSupport Tel"> <h3>1&nbsp;888&nbsp;522-5260</h3> <p class="TextCondense"> 8 h à 21 h en semaine<br/> 9 h 30 à 15 h le samedi </p> <span class="itemSupportTop"></span> </div> <div class="itemSupport itemResume">

<div class="rapporteProbleme">
<a href="/affelec/rapportez_probleme/new" class="JQmodal Lock" id="PopRapporterProblemeTrigger" onclick="return false" rel="PopRapporterProbleme"><strong>Rapportez-nous<br>un problème</strong></a>
</div> </div> <!-- <div class="itemSupport Promo"> <img alt="Économiser est un jeu d'enfant!" src="/affelec/images/soumissions/Img_Promo_Support.png" /> </div>--> </div> </div> <div class="clearer"></div> </div></div><div id="Footer"> <a class="securite" href="https://capdirect.lacapitale.com/capdirect/jspx/general/securite_garantie.jspx" rel="external_securite"> <img alt="Sécurité en ligne garantie" class="Ico_SecuriteEnLigne" src="/affelec/images/../images/img_cadenas_fr.gif?1305171325" /> </a>



<div id="VeriSign">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=capdirect.lacapitale.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=fr"></script>
<a class="Apropos"

href="http://www.verisign.fr/ssl/ssl-information-center/"

target="_blank">À propos des certificats SSL</a>
</div>
<div id="copyright"> <p>© La Capitale. Tous droits réservés</p> </div></div>
<div class="jqmWindowFlexible Pop Medium bgiframe" id="PopSaisirMotPasse">



</div>

<div class="jqmWindowFlexible Pop Medium bgiframe" id="PopAvisRedirectEspaceClient">
<div class="Content">
<h2>Un instant s'il vous plaît.</h2>
<h3>Vous êtes redirigé vers votre compte Espace client.</h3>
<h3>Afin de ne pas avoir à remplir tous les champs de la soumission, il vous suffira de vous connecter et d'accéder à nouveau à la soumission en ligne via Espace client, section <i>Assurances générales</i>.</h3>
<div class="BlocActionBottom Center">
<a class="Action Annul" title="Annuler" href="#">Annuler</a>
<a class="Action Principale" title="Continuer" href="javascript:document.forms['soumission_form'].submit();">Continuer</a>
</div>
</div>
</div>


<div class="jqmWindowFlexible Pop bgiframe" id="PopRapporterProbleme"></div>
<script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://ww..
- /affelec/soumission/VT/Vous/police/new/%2522ns%253D%2522netsparker%25280x000012%2529)

/affelec/soumission/VT/Vous/police/new/%2522ns%253D%2522netsparker%25280x000012%2529)

https://capdirect.lacapitale.com/affelec/soumission/VT/Vous/police/new/%2522ns%253D%2522netsparker%2..

Parameters

Parameter Type Value
locale GET en
URI-BASED Raw URI /%22ns%3D%22netsparker%280x000012%29)

Request

GET /affelec/soumission/VT/Vous/police/new/%2522ns%253D%2522netsparker%25280x000012%2529) HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: capdirect.lacapitale.com
Cookie: locale=fr-CA; _AffairesElectroniques_session=a1d654ee36a159c25e0aa5feac60d295
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 14:56:21 GMT
Server:
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.9
ETag: "ad5b16ef737da6fd1c7ba0a4415cf688"
X-Runtime: 547
Cache-Control: private, max-age=0, must-revalidate
Status: 200
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 4924
Content-Type: text/html; charset=utf-8
Set-Cookie: _AffairesElectroniques_session=a1d654ee36a159c25e0aa5feac60d295; path=/; HttpOnly;HttpOnly;Secure


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA"><head> <!--current_intervenant = nil--> <!--Branche: Tags/V5.7.6 |
Revision: Inconnu |
Env: production |
DB: prodouvert--> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta http-equiv="pragma" content="no-cache" /> <meta http-equiv="expires" content="0" /> <title>La Capitale - Des économies? C'est réglé!</title> <link href="/affelec/stylesheets/soumission.css?1305171325" media="all" rel="stylesheet" type="text/css" /> <link href="/affelec/stylesheets/soumission-print.css?1305171325" media="print" rel="stylesheet" type="text/css" /> <link href="/affelec/stylesheets/datepicker-soumission.css?1305171325" media="all" rel="stylesheet" type="text/css" /> <script src="/affelec/javascripts/jquery.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/jquery-ui.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/jrails.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/application.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.jqModal.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.qtip.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.shadedborder.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.selectboxes.min.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.scrollto.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.datepicker.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.datepicker-fr.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.livequery.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.autocomplete.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.stylish-select.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.autotab.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.maskedinput.js?1305171325" type="text/javascript"></script> <!--[if lte IE 6]> <script src="/affelec/javascripts/ie6.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/DD_belatedPNG.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.bgiframe.js?1305171325" type="text/javascript"></script> <![endif]--> <!--[if !IE 7]> <style type="text/css"> #wrapper {display:table;height:100%} </style><![endif]--> <script src="/affelec/javascripts/public_soumission.js?1305171325" type="text/javascript"></script> <script src="https://webchat.lacapitale.com/webchat/jivelive.jsp" type="text/javascript"></script> <link rel="icon" type="image/png" href="/affelec/images/favicon.png" /> <!--[if IE]><link rel="shortcut icon" type="image/x-icon" href="/affelec/images/favicon.ico" /><![endif]--> <script type="text/javascript">
function noBack(){

window.history.forward();

}
noBack();
</script>
</head><body onload="noBack();" onpageshow="if (event.persisted) noBack();" onunload=""><div id="wrapper"> <div id="main"> <div id="header"> <img alt="La Capitale assurances générales" class="logo" src="/affelec/images/soumissions/logo_LaCapitale_fr.gif?1305171325" /> <p class="slogan">Une soumission simple, rapide et à bon prix! <em>C'est réglé.</em></p> <a class="deconnect" href="/affelec/accueil_prospect?quitter=true&dect_id="ns="netsparker(0x000012))&prod_code=VT">Quitter cette soumission</a> </div> <div id="colonne-centre" class="clearfix"> <div id="ProcessTrain">
<img alt="Soumission automobile" class="icone" height="42" src="/affelec/images/soumissions/icones/ico_contexte_VT.png?1305171325" width="66" />
<ul>

<li class="CurrentStep " ><span>1.</span> VOUS</li>

<li class=" " ><span>2.</span> VÉHICULE</li>

<li class=" " ><span>3.</span> CONDUCTEUR(S)</li>

<li class=" " ><span>4.</span> PROTECTIONS / PRIME</li>

</ul>



<div class="BlocActionTop">



<a href="javascript:next();">
<img alt="Étape suivante" src="/affelec/images/soumissions/bt_Process_Next.png?1305171325" /></a>

</div>


</div>


<script type="text/javascript">

jQuery(document).ready(function($) {


$('#PopAvisRedirectEspaceClient .Annul').click( function() {


$('#soumission_form input[type=text], #soumission_form select').val("");
$('#PopAvisRedirectEspaceClient').jqmHide();
$('#btnNext').removeAttr('onclick');

});


$('input[name=send]').click( function() {

var url = '/affelec/soumission/VT/identification/police/requete_ajax_inscription_exist';


$('#Appliquer_spinner').show();
$('#btnNext').attr('onclick', 'return false;');
$.getJSON(url, $('#soumission_form').serialize(), function(data)
{

if (data.exist == "true")
{


$('#PopAvisRedirectEspaceClient').jqm({modal:true, overlay: 50, toTop: true}).jqmShow();


$('#Appliquer_spinner').hide();
}
else
{

serialize('after');
$('#soumission_form').submit();
}
});


return false;
});

});
</script>






<form action="/affelec/soumission/VT/identification/police/create/%22ns=%22netsparker(0x000012))" id="soumission_form" method="post"><div style="margin:0;padding:0;display:inline"><input name="authenticity_token" type="hidden" value="p8e/vYgpesFvpmMzdRQGyC1ton+fju649I9bFT1x+JM=" /></div>

<input name="send" style="display: none" type="submit" value="submit_button"/>
<div id="result" style="display:none;visibility:hidden;"></div>
<div id="error" style="display:none;visibility:hidden;"></div>
<div id="403" style="display:none;visibility:hidden;"></div>

<div style="display:none">
<a href="#" class="JQmodal" id="PopSaisirMotPasseTrigger" rel="PopSaisirMotPasse">[Saisir mot de passe
]</a>
</div>

<fieldset>
<h2>Parlez-nous de vous</h2>

<div class="BlocFieldset">

<!--Adresse �lectronique-->
<div id="adr_courrl" class="blocQuestion "><div class="blocLabel"><label for="individu_adr_courrl">Adresse électronique</label></div><div class="blocInput">
<input class="TxtBox" id="individu_adr_courrl" label="Adresse �lectronique" name="individu[adr_courrl]" size="30" type="text" />
<img alt="" class="IconeInfo InfoBulle" src="/affelec/images/icones-commun/ico_infobulle.png?1305171325" />
<span class="InfoBulleContent">Cette adresse électronique vous permettra de retrouver vos soumissions plus tard.</span>
</div></div>

<!--Pr�nom-->
<div class="blocQuestion " id="Prenom"><div class="blocLabel"><label for="individu_prenm">Prénom</label></div><div class="blocInput"><input class="TxtBox" id="individu_prenm" name="individu[prenm]" size="30" type="text" /></div></div>

<!--Nom-->
<div class="blocQuestion " id="Nom"><div class="blocLabel"><label for="individu_nom">Nom</label></div><div class="blocInput"><input class="TxtBox" id="individu_nom" name="individu[nom]" size="30" type="text" /></div></div>

<!--Date de naissance-->
<div id="date_naiss" class="blocQuestion "><div class="blocLabel"><label for="individu_date_naiss">Date de naissance</label></div><div class="blocInput">
<input class="TxtBox Num Format4Chiffres autotab placeholder" id="individu_date_naiss_3i" maxlength="2" name="individu[date_naiss(3i)]" placeholder="jour" size="2" type="text" />
<select class="FormatMois TxtBox" id="individu_date_naiss_2i" name="individu[date_naiss(2i)]"><option value="">mois</option><option value="1">janvier</option><option value="2">février</option><option value="3">mars</option><option value="4">avril</option><option value="5">mai</option><option value="6">juin</option><option value="7">juillet</option><option value="8">août</option><option value="9">septembre</option><option value="10">octobre</option><option value="11">novembre</option><option value="12">décembre</option></select>
<input class="TxtBox Num Format6Chiffres autotab placeholder" id="individu_date_naiss_1i" maxlength="4" name="individu[date_naiss(1i)]" placeholder="année" size="4" type="text" />
</div></div>

<div class="Intro NoteEspaceClient">Vous possédez un compte Espace client? En saisissant vos informations personnelles, notre système vous redirigera automatiquement vers la page d'accueil de ce service. Afin de ne pas avoir à remplir tous les champs de la soumission, il vous suffira simplement d'ouvrir une session et d'accéder à nouveau à la soumission en ligne via le site de Espace client, section <i>Assurances générales</i>.</div>

</div>

<script src="/affelec/javascripts/plugins/jquery.placeholder.js?1305171325" type="text/javascript"></script>

<script type="text/javascript">
jQuery(document).ready(function($) {
$('.placeholder').placeholder();
});
</script>
</fieldset>

<input type="hidden" id="serialized_data_before" name="serialized_data_before" /> <input type="hidden" id="serialized_data_after" name="serialized_data_after" /> <script type="text/javascript"> jQuery(document).ready(function(){ serialize("before"); }); </script>

</form>




<div class="BlocActionBottom">




<a id="btnNext" class="Action Principale" href="javascript:next();">Étape suivante</a><img alt="Img_spinnersmall" class="waitInscriptionExiste" id="Appliquer_spinner" src="/affelec/images/Img_SpinnerSmall.gif?1305171325" style="display:none" />

</div>
</div> <div id="colonne-support"> <div class="BlocSupport"> <div class="itemSupport Clavardage"> <a class="LiveChat" onclick="launchWin('framemain','https://webchat.lacapitale.com/webchat/start.jsp?workgroup=soumission_en_ligne@workgroup.im-prod-01.capitale.qc.ca',500, 400);return false;" href="#"><img src="https://webchat.lacapitale.com/webchat/live?action=isAvailable&amp;workgroup=soumission_en_ligne@workgroup.im-prod-01.capitale.qc.ca" alt="Clavardage en direct" border="0"/></a> <span class="itemSupportTop"></span> </div> <div class="itemSupport Tel"> <h3>1&nbsp;888&nbsp;522-5260</h3> <p class="TextCondense"> 8 h à 21 h en semaine<br/> 9 h 30 à 15 h le samedi </p> <span class="itemSupportTop"></span> </div> <div class="itemSupport itemResume">

<div class="rapporteProbleme">
<a href="/affelec/rapportez_probleme/new" class="JQmodal Lock" id="PopRapporterProblemeTrigger" onclick="return false" rel="PopRapporterProbleme"><strong>Rapportez-nous<br>un problème</strong></a>
</div> </div> <!-- <div class="itemSupport Promo"> <img alt="Économiser est un jeu d'enfant!" src="/affelec/images/soumissions/Img_Promo_Support.png" /> </div>--> </div> </div> <div class="clearer"></div> </div></div><div id="Footer"> <a class="securite" href="https://capdirect.lacapitale.com/capdirect/jspx/general/securite_garantie.jspx" rel="external_securite"> <img alt="Sécurité en ligne garantie" class="Ico_SecuriteEnLigne" src="/affelec/images/../images/img_cadenas_fr.gif?1305171325" /> </a>



<div id="VeriSign">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=capdirect.lacapitale.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=fr"></script>
<a class="Apropos"

href="http://www.verisign.fr/ssl/ssl-information-center/"

target="_blank">À propos des certificats SSL</a>
</div>
<div id="copyright"> <p>© La Capitale. Tous droits réservés</p> </div></div>
<div class="jqmWindowFlexible Pop Medium bgiframe" id="PopSaisirMotPasse">



</div>

<div class="jqmWindowFlexible Pop Medium bgiframe" id="PopAvisRedirectEspaceClient">
<div class="Content">
<h2>Un instant s'il vous plaît.</h2>
<h3>Vous êtes redirigé vers votre compte Espace client.</h3>
<h3>Afin de ne pas avoir à remplir tous les champs de la soumission, il vous suffira de vous connecter et d'accéder à nouveau à la soumission en ligne via Espace client, section <i>Assurances générales</i>.</h3>
<div class="BlocActionBottom Center">
<a class="Action Annul" title="Annuler" href="#">Annuler</a>
<a class="Action Principale" title="Continuer" href="javascript:document.forms['soumission_form'].submit();">Continuer</a>
</div>
</div>
</div>


<div class="jqmWindowFlexible Pop bgiframe" id="PopRapporterProbleme"></div>
<script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://..
E-mail Address Disclosure

E-mail Address Disclosure

1 TOTAL
INFORMATION
Netsparker found e-mail addresses on the web site.

Impact

E-mail addresses discovered within the application can be used by both spam email engines and also brute force tools. Furthermore valid email addresses may lead to social engineering attacks .

Remedy

Use generic email addresses such as contact@ or info@ for general communications, remove user/people specific e-mail addresses from the web site, should this be required use submission forms for this purpose.

External References

- /affelec/soumission/VT/Vous/police/new

/affelec/soumission/VT/Vous/police/new

https://capdirect.lacapitale.com/affelec/soumission/VT/Vous/police/new?locale=en

Found E-mails

online_quotation@workgroup.im-prod-01.capitale.qc.ca

Request

GET /affelec/soumission/VT/Vous/police/new?locale=en HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Cache-Control: no-cache
Host: capdirect.lacapitale.com
Accept-Encoding: gzip, deflate
Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 17 Jun 2011 14:54:10 GMT
Server:
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.9
ETag: "ff0fa5a2e3171dcf0b611de853414c16"
X-Runtime: 113
Cache-Control: private, max-age=0, must-revalidate
Status: 200
Vary: Accept-Encoding
Content-Encoding:
Content-Length: 4757
Content-Type: text/html; charset=utf-8
Set-Cookie: locale=en-CA; path=/;HttpOnly;Secure,_AffairesElectroniques_session=734699bd7d8e10436317b3a3219dfa1e; path=/; HttpOnly;HttpOnly;Secure
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-CA" lang="fr-CA"><head> <!--current_intervenant = nil--> <!--Branche: Tags/V5.7.6 |
Revision: Inconnu |
Env: production |
DB: prodouvert--> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <meta http-equiv="pragma" content="no-cache" /> <meta http-equiv="expires" content="0" /> <title>La Capitale - Looking for savings? Consider it done.</title> <link href="/affelec/stylesheets/soumission.css?1305171325" media="all" rel="stylesheet" type="text/css" /> <link href="/affelec/stylesheets/soumission-print.css?1305171325" media="print" rel="stylesheet" type="text/css" /> <link href="/affelec/stylesheets/datepicker-soumission.css?1305171325" media="all" rel="stylesheet" type="text/css" /> <script src="/affelec/javascripts/jquery.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/jquery-ui.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/jrails.js?1305171325" type="text/javascript"></script><script src="/affelec/javascripts/application.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.jqModal.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.qtip.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.shadedborder.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.selectboxes.min.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.scrollto.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.datepicker.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.livequery.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.autocomplete.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.stylish-select.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.autotab.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.maskedinput.js?1305171325" type="text/javascript"></script> <!--[if lte IE 6]> <script src="/affelec/javascripts/ie6.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/DD_belatedPNG.js?1305171325" type="text/javascript"></script> <script src="/affelec/javascripts/plugins/jquery.bgiframe.js?1305171325" type="text/javascript"></script> <![endif]--> <!--[if !IE 7]> <style type="text/css"> #wrapper {display:table;height:100%} </style><![endif]--> <script src="/affelec/javascripts/public_soumission.js?1305171325" type="text/javascript"></script> <script src="https://webchat.lacapitale.com/webchat/jivelive.jsp" type="text/javascript"></script> <link rel="icon" type="image/png" href="/affelec/images/favicon.png" /> <!--[if IE]><link rel="shortcut icon" type="image/x-icon" href="/affelec/images/favicon.ico" /><![endif]--> <script type="text/javascript">
function noBack(){

window.history.forward();

}
noBack();
</script>
</head><body onload="noBack();" onpageshow="if (event.persisted) noBack();" onunload=""><div id="wrapper"> <div id="main"> <div id="header"> <img alt="La Capitale General Insurance" class="logo" src="/affelec/images/soumissions/logo_LaCapitale_en.gif?1305171325" /> <p class="slogan">A simple fast and competitive online request quote! <em>Consider it done.</em></p> <a class="deconnect" href="/affelec/accueil_prospect?quitter=true&dect_id=&prod_code=VT">Exit this quote</a> </div> <div id="colonne-centre" class="clearfix"> <div id="ProcessTrain">
<img alt="Auto quote" class="icone" height="42" src="/affelec/images/soumissions/icones/ico_contexte_VT.png?1305171325" width="66" />
<ul>

<li class="CurrentStep " ><span>1.</span> ABOUT YOU</li>

<li class=" " ><span>2.</span> VEHICLE</li>

<li class=" " ><span>3.</span> DRIVER(S)</li>

<li class=" " ><span>4.</span> COVERAGE / PREMIUM</li>

</ul>



<div class="BlocActionTop">



<a href="javascript:next();">
<img alt="Next" src="/affelec/images/soumissions/bt_Process_Next.png?1305171325" /></a>

</div>


</div>


<script type="text/javascript">

jQuery(document).ready(function($) {


$('#PopAvisRedirectEspaceClient .Annul').click( function() {


$('#soumission_form input[type=text], #soumission_form select').val("");
$('#PopAvisRedirectEspaceClient').jqmHide();
$('#btnNext').removeAttr('onclick');

});


$('input[name=send]').click( function() {

var url = '/affelec/soumission/VT/identification/police/requete_ajax_inscription_exist';


$('#Appliquer_spinner').show();
$('#btnNext').attr('onclick', 'return false;');
$.getJSON(url, $('#soumission_form').serialize(), function(data)
{

if (data.exist == "true")
{


$('#PopAvisRedirectEspaceClient').jqm({modal:true, overlay: 50, toTop: true}).jqmShow();


$('#Appliquer_spinner').hide();
}
else
{

serialize('after');
$('#soumission_form').submit();
}
});


return false;
});

});
</script>






<form action="/affelec/soumission/VT/identification/police/create" id="soumission_form" method="post"><div style="margin:0;padding:0;display:inline"><input name="authenticity_token" type="hidden" value="fmdkRWsI/Pm823NBdE/CheV92I3VxMIwc4SZ4LQfQZk=" /></div>

<input name="send" style="display: none" type="submit" value="submit_button"/>
<div id="result" style="display:none;visibility:hidden;"></div>
<div id="error" style="display:none;visibility:hidden;"></div>
<div id="403" style="display:none;visibility:hidden;"></div>

<div style="display:none">
<a href="#" class="JQmodal" id="PopSaisirMotPasseTrigger" rel="PopSaisirMotPasse">[Enter your password
]</a>
</div>

<fieldset>
<h2>Tell us about yourself</h2>

<div class="BlocFieldset">

<!--Adresse �lectronique-->
<div id="adr_courrl" class="blocQuestion "><div class="blocLabel"><label for="individu_adr_courrl">E-mail address</label></div><div class="blocInput">
<input class="TxtBox" id="individu_adr_courrl" label="Adresse �lectronique" name="individu[adr_courrl]" size="30" type="text" />
<img alt="" class="IconeInfo InfoBulle" src="/affelec/images/icones-commun/ico_infobulle.png?1305171325" />
<span class="InfoBulleContent">Your e-mail address will allow you to access your online quotes later.</span>
</div></div>

<!--Pr�nom-->
<div class="blocQuestion " id="Prenom"><div class="blocLabel"><label for="individu_prenm">First name</label></div><div class="blocInput"><input class="TxtBox" id="individu_prenm" name="individu[prenm]" size="30" type="text" /></div></div>

<!--Nom-->
<div class="blocQuestion " id="Nom"><div class="blocLabel"><label for="individu_nom">Last name</label></div><div class="blocInput"><input class="TxtBox" id="individu_nom" name="individu[nom]" size="30" type="text" /></div></div>

<!--Date de naissance-->
<div id="date_naiss" class="blocQuestion "><div class="blocLabel"><label for="individu_date_naiss">Date of birth</label></div><div class="blocInput">
<input class="TxtBox Num Format4Chiffres autotab placeholder" id="individu_date_naiss_3i" maxlength="2" name="individu[date_naiss(3i)]" placeholder="day" size="2" type="text" />
<select class="FormatMois TxtBox" id="individu_date_naiss_2i" name="individu[date_naiss(2i)]"><option value="">month</option><option value="1">January</option><option value="2">February</option><option value="3">March</option><option value="4">April</option><option value="5">May</option><option value="6">June</option><option value="7">July</option><option value="8">August</option><option value="9">September</option><option value="10">October</option><option value="11">November</option><option value="12">December</option></select>
<input class="TxtBox Num Format6Chiffres autotab placeholder" id="individu_date_naiss_1i" maxlength="4" name="individu[date_naiss(1i)]" placeholder="year" size="4" type="text" />
</div></div>

<div class="Intro NoteEspaceClient">Do you have a Client Centre account? If so, the system will automatically direct you to the home page of Client Centre when you enter your personal information. When you log in, you will not have to fill in the quote fields in order to regain access to the online quote on the Client Centre site, under <i>General Insurance</i>.</div>

</div>

<script src="/affelec/javascripts/plugins/jquery.placeholder.js?1305171325" type="text/javascript"></script>

<script type="text/javascript">
jQuery(document).ready(function($) {
$('.placeholder').placeholder();
});
</script>
</fieldset>

<input type="hidden" id="serialized_data_before" name="serialized_data_before" /> <input type="hidden" id="serialized_data_after" name="serialized_data_after" /> <script type="text/javascript"> jQuery(document).ready(function(){ serialize("before"); }); </script>

</form>




<div class="BlocActionBottom">




<a id="btnNext" class="Action Principale" href="javascript:next();">&nbsp;&nbsp;&nbsp;&nbsp;Next&nbsp;&nbsp;&nbsp;</a><img alt="Img_spinnersmall" class="waitInscriptionExiste" id="Appliquer_spinner" src="/affelec/images/Img_SpinnerSmall.gif?1305171325" style="display:none" />

</div>
</div> <div id="colonne-support"> <div class="BlocSupport"> <div class="itemSupport Clavardage"> <a class="LiveChat" onclick="launchWin('framemain','https://webchat.lacapitale.com/webchat/start.jsp?workgroup=online_quotation@workgroup.im-prod-01.capitale.qc.ca',500, 400);return false;" href="#"><img src="https://webchat.lacapitale.com/webchat/live?action=isAvailable&amp;workgroup=online_quotation@workgroup.im-prod-01.capitale.qc.ca" alt="Online chat" border="0"/></a> <span class="itemSupportTop"></span> </div> <div class="itemSupport Tel"> <h3>1&nbsp;888&nbsp;522-5260</h3> <p class="TextCondense"> 8:00 am to 9:00 pm weekdays<br/> 9:30 am to 3:00 pm Saturdays </p> <span class="itemSupportTop"></span> </div> <div class="itemSupport itemResume">

<div class="rapporteProbleme">
<a href="/affelec/rapportez_probleme/new" class="JQmodal Lock" id="PopRapporterProblemeTrigger" onclick="return false" rel="PopRapporterProbleme"><strong>Report a problem</strong></a>
</div> </div> <!-- <div class="itemSupport Promo"> <img alt="Not used" src="/affelec/images/soumissions/Img_Promo_Support.png" /> </div>--> </div> </div> <div class="clearer"></div> </div></div><div id="Footer"> <a class="securite" href="https://capdirect.lacapitale.com/capdirect/jspx/general/securite_garantie.jspx" rel="external_securite"> <img alt="Online security guaranteed" class="Ico_SecuriteEnLigne" src="/affelec/images/../images/img_cadenas_en.gif?1305171325" /> </a>



<div id="VeriSign">
<script type="text/javascript" src="https://seal.verisign.com/getseal?host_name=capdirect.lacapitale.com&amp;size=S&amp;use_flash=NO&amp;use_transparent=NO&amp;lang=en"></script>
<a class="Apropos"

href="http://www.verisign.com/ssl-certificate"

target="_blank">About SSL certificates</a>
</div>
<div id="copyright"> <p>© La Capitale. All rights reserved</p> </div></div>
<div class="jqmWindowFlexible Pop Medium bgiframe" id="PopSaisirMotPasse">



</div>

<div class="jqmWindowFlexible Pop Medium bgiframe" id="PopAvisRedirectEspaceClient">
<div class="Content">
<h2>One moment please...</h2>
<h3>You are directed to your Client Centre account.</h3>
<h3>When you log in, you will not have to fill in all the quote fields. To regain access to the online quote on the Client Centre site, go under <i>General Insurance</i>.</h3>
<div class="BlocActionBottom Center">
<a class="Action Annul" title="Cancel" href="#">Cancel</a>
<a class="Action Principale" title="Continue" href="javascript:document.forms['soumission_form'].submit();">Continue</a>
</div>
</div>
</div>


<div class="jqmWindowFlexible Pop bgiframe" id="PopRapporterProbleme"></div>
<script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type="text/javascript"> try { var pageTracker = _gat._getTracker("UA-393542-1"); pageTracker._setDomainName(".lacapitale.com"); pageTracker._trackPageview(); } catch(err) {}</script><!--SiteCatalyst code version: H.20.3...